Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Not Running?

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 2 Posters 8.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhakattack
      last edited by

      Hey all,

      I've had OpenVPN working on 1.2.3 for a few months now, and was working on adding another interface today (having a different port only allow access to one machine).ย  For some reason or other, I couldn't get it working (handshake would fail after 60 seconds, but the firewall log claimed it passed the UDP connection from my machine, nothing appeared in the OpenVPN log about it)

      Out of curiosity, I installed the OpenVPN packages in the package manager, both Status and Enhancements.ย  I haven't touched any other configurations, but now things that were working this morning (both UDP and TCP port 1194 connections) now simply time out.ย  Trying to telnet into the port (which again, worked this morning) results in a time out, leading me to believe the OpenVPN service isn't running.ย  Again, the firewall log claims it passes the traffic on port 1194, so it's not being blocked there.

      I've tried restarting the machine twice, and now the OpenVPN log isn't displaying anything at all (I could usually at least get a SIGTERM if I disabled a tunnel).

      Is there any way to see if OpenVPN is running and way to start/restart it if is isn't running?

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        To should show any active processes, go to Diagnostics > Command, and enter "ps uxaww | grep openvpn"

        Telnet will not work if your server mode is set to UDP.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          dhakattack
          last edited by

          Yup, running that command just shows the command itself being run.ย  Running it in the shell returns nothing.

          Nothing in the starting logs indicate OpenVPN even tried to start, much less an error to work with, except the error described http://forum.pfsense.org/index.php?topic=24684.0 which looks like it wouldn't be the problem.

          Is there any way to force OpenVPN to start?

          About the telnet, I had both TCP and UDP 1194 running OpenVPN for different subnets, I was using NMAP to test just UDP ports connectivity (which is currently saying TCP is filtered, UDP is open|filtered).

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            There isn't a way to force OpenVPN to start as a whole, but editing and saving a tunnel should restart that one tunnel instance.

            Something should show up in the OpenVPN log at least, or the system log.

            If not it may not even be trying to run the tunnels, can you try to disable all but the one tunnel you had working before and then restart?

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              dhakattack
              last edited by

              Turning tunnels on and off produce no logs in either openvpn.log (which is a binary file when I try reading it) and system.log simply talks about ARP.

              Turning all but a known working tunnel off and restarting causes no changes.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                The logs are clog format, not plain text. I thought you were viewing them from the WebGUI, which handles this automatically.

                See here:
                http://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_%28clog%29

                Do you see the OpenVPN configuration files in /var/etc ?

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • D
                  dhakattack
                  last edited by

                  Ah, the WebGUI shows a blank page, which is why I started looking in the shell.

                  In /var/etc, I can see openvpn_csc, and the .ca/.cert/.conf/.dh/.key for all of my tunnels.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Can you try to run one of them by hand like so:

                    openvpn --config /var/etc/openvpn_server0.conf
                    

                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • D
                      dhakattack
                      last edited by

                      openvpn: Command not found

                      Well I'm sure that's part of the problem.ย  No clue how it got uninstalled, and no clue how to get it back :(

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        If you're running 1.2.3 full install, download a 1.2.3 full update image and then use it to upgrade. Since you're already on 1.2.3 it will just replace any missing files.

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • D
                          dhakattack
                          last edited by

                          Great!ย  That did the trick.

                          Now to figure out my other issues, but I'll post another thread if I get really stuck.

                          Thanks a bunch for your help.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.