• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How restart OpenVPN server

Scheduled Pinned Locked Moved OpenVPN
41 Posts 14 Posters 78.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B Offline
    Bredys
    last edited by Nov 16, 2006, 8:03 AM

    Greetings,

    i have same problem with OpenVPN
    Ill try many ports but with same result… When i restart pfsense, everything works fine, but when i try change settings in OpenVPN than openvpn shut down with this error message :

    TCP/UDP: Socket bind failed on local address [undef]:15888: Address already in use

    1 Reply Last reply Reply Quote 0
    • F Offline
      fernandotcl
      last edited by Nov 16, 2006, 12:19 PM

      OpenVPN isn't being killed properly. I don't know why, maybe the machines you're using are slower (specs?).

      If you want to help, please run this from a pfSense terminal (from the shell, not from the console menu):

      /usr/bin/time -h sh -c 'RUNNING=`ps ax | grep openvpn | grep -v grep`; while [ -n "$RUNNING" ]; do RUNNING=`ps ax | grep openvpn | grep -v grep`;  done' | & awk '{print $3}' & echo '' | php -q
      

      The output should be something like:

      [1] 87559 87560
      0.58s
      [1]  + Exit 1                        /usr/bin/time -h sh -c  ... |&
             Done                          awk {print $3}
      

      I'm interested in the second line, "0.58s" in this example.

      1 Reply Last reply Reply Quote 0
      • B Offline
        Bredys
        last edited by Nov 16, 2006, 1:11 PM

        [1] 1621 1622

        0.17s

        [1]    Exit 1                        /usr/bin/time -h sh -c  … |&
              Done                          awk {print $3}

        Computer configuration :
        Pentium 2 - 500 Mhz
        256 MBRam

        1 Reply Last reply Reply Quote 0
        • J Offline
          jakehathaway
          last edited by Nov 16, 2006, 3:35 PM

          Here are my specs:
          I have dual machines running a CARP config, but only one is running openvpn.
          Pentium D 915
          1GB RAM
          2x 80GB HD (SATA)
          2x Onboard Gb NIC
          2x Intel Pro 1000PT Nic

          Here is the output from the command at the shell:
          [1] 58131 58132
          0.00s
          [1]  + Done                          /usr/bin/time -h sh -c  … |& awk {print $3}

          Thanks for the help.

          1 Reply Last reply Reply Quote 0
          • F Offline
            fernandotcl
            last edited by Nov 16, 2006, 3:53 PM

            Thanks for the quick replies. We're studying what the best way to fix it is. In the meanwhile, if you need to restart OpenVPN after performing changes to the config screen, issue:

            echo "" | php -q
            
            1 Reply Last reply Reply Quote 0
            • B Offline
              Bredys
              last edited by Nov 16, 2006, 4:02 PM

              echo "" | php -q
              

              Same problem :( this dont help… i must restart whole box :(

              Ill try 3 boxes and clean installation. First time all appear ok and i can change openvpn config without problem and its restart without error... but after some hours happend this after changing options :(

              Nov 16 17:09:55 openvpn[14308]: Exiting
              Nov 16 17:09:55 openvpn[14308]: TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
              Nov 16 17:09:55 openvpn[14308]: Control Channel Authentication: using '/etc/tls_auth.key' as a OpenVPN static key file
              Nov 16 17:09:55 openvpn[14308]: WARNING: file '/etc/tls_auth.key' is group or others accessible
              Nov 16 17:09:55 openvpn[14308]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
              Nov 16 17:09:55 openvpn[14308]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006

              P.S. Sorry for my bad english :D But i think you understand me :)

              1 Reply Last reply Reply Quote 0
              • A Offline
                akula169
                last edited by Nov 23, 2006, 12:52 AM

                @bosko:

                This is log file and error. Why does this error, if reset computer OPENVPN server start normaly.

                Nov 15 23:45:50 openvpn[5569]: Exiting
                Nov 15 23:45:50 openvpn[5569]: TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
                Nov 15 23:45:50 openvpn[5569]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
                Nov 15 23:45:50 openvpn[5569]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006

                Yeah, same problem here… openvpn is not running when I run it from the command line:

                # /usr/local/sbin/openvpn --config /var/etc/openvpn_server0.conf 
                
                Nov 22 16:03:20 router openvpn[7506]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr  6 2006
                Nov 22 16:03:20 router openvpn[7506]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible
                Nov 22 16:03:20 router openvpn[7506]: TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
                Nov 22 16:03:20 router openvpn[7506]: Exiting
                

                I can't seem to find what is using 1194 when openvpn is not running.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  sullrich
                  last edited by Nov 24, 2006, 1:12 AM

                  From a shell issue a sockstat command to see what processes are listening on what ports.

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    Bredys
                    last edited by Nov 24, 2006, 1:37 PM Nov 24, 2006, 1:28 PM

                    @sullrich:

                    From a shell issue a sockstat command to see what processes are listening on what ports.

                    *root     check_relo 326   11 udp4   :1194                :

                    so something is wrong with check reload status… when i kill this process everything works fine!

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      sullrich
                      last edited by Nov 24, 2006, 6:47 PM

                      Eh, this doesn't make any sense.  check_reload_status doesn't even open a socket.

                      1 Reply Last reply Reply Quote 0
                      • A Offline
                        akula169
                        last edited by Nov 24, 2006, 10:58 PM

                        @sullrich:

                        From a shell issue a sockstat command to see what processes are listening on what ports.

                        Yeah, I've got another whole mess attached apparently:

                        # sockstat | grep 1194
                        root     sleep      3078  10 udp4   *:1194                *:*
                        root     sh         1463  10 udp4   *:1194                *:*
                        _dhcp    dhclient   1306  10 udp4   *:1194                *:*
                        root     dhclient   1259  10 udp4   *:1194                *:*
                        root     check_relo 659   10 udp4   *:1194                *:*
                        
                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          Bredys
                          last edited by Nov 25, 2006, 9:21 AM

                          sockstat | grep 1194

                          root    check_relo 405  11 udp4  *:1194                :

                          i try this many times… but when i try change openvpn settings, check_reload_status block port 1194. When i kill it everything work fine and i can change openvpn settings without any problem until next restart...
                          After restart, openvpn run ok until i try change some options...

                          1 Reply Last reply Reply Quote 0
                          • D Offline
                            dairaen
                            last edited by Nov 26, 2006, 11:47 AM Nov 26, 2006, 11:45 AM

                            cheers,

                            verified this problem on all my embedded systems and 2 firewalls
                            with strong i386 hardware.

                            kind regards
                            dairaen

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              sullrich
                              last edited by Nov 26, 2006, 5:42 PM

                              Please upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-11-25-2006/ and see if the problem persists.

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                dairaen
                                last edited by Nov 27, 2006, 6:20 PM

                                cheers,

                                i am not at the office right now, so i can't test the
                                snapshot bevore next week; i will report if it fixes the bug.

                                kind regards
                                dairaen

                                1 Reply Last reply Reply Quote 0
                                • B Offline
                                  Bredys
                                  last edited by Nov 28, 2006, 1:04 PM

                                  @sullrich:

                                  Please upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-11-25-2006/ and see if the problem persists.

                                  Sorry but no change for me :(

                                  sockstat | grep 1194

                                  root    check_relo 387  11 udp4  *:1194                :

                                  Nov 28 14:14:45 openvpn[1558]: Exiting
                                  Nov 28 14:14:45 openvpn[1558]: TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
                                  Nov 28 14:14:45 openvpn[1558]: Control Channel Authentication: using '/etc/tls_auth.key' as a OpenVPN static key file
                                  Nov 28 14:14:45 openvpn[1558]: WARNING: file '/etc/tls_auth.key' is group or others accessible
                                  Nov 28 14:14:45 openvpn[1558]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
                                  Nov 28 14:14:45 openvpn[1558]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
                                  Nov 28 14:14:44 openvpn[381]: SIGTERM[hard,] received, process exiting
                                  Nov 28 14:14:41 openvpn[381]: /etc/rc.filter_configure tun0 1500 1542 192.168.50.1 192.168.50.2 init
                                  Nov 28 14:14:41 openvpn[381]: event_wait : Interrupted system call (code=4)
                                  ^^^^ After save openVPN config without any changes ^^^^

                                  Nov 28 14:13:04 openvpn[381]: Need IPv6 code in mroute_extract_addr_from_packet
                                  Nov 28 14:13:04 openvpn[381]: Initialization Sequence Completed
                                  Nov 28 14:13:04 openvpn[381]: UDPv4 link remote: [undef]
                                  Nov 28 14:13:04 openvpn[381]: UDPv4 link local (bound): [undef]:1194
                                  Nov 28 14:13:01 openvpn[302]: /etc/rc.filter_configure tun0 1500 1542 192.168.50.1 192.168.50.2 init
                                  Nov 28 14:13:01 openvpn[302]: /sbin/ifconfig tun0 192.168.50.1 192.168.50.2 mtu 1500 netmask 255.255.255.255 up
                                  Nov 28 14:13:01 openvpn[302]: TUN/TAP device /dev/tun0 opened
                                  Nov 28 14:13:01 openvpn[302]: gw 85.70.189.50
                                  Nov 28 14:13:01 openvpn[302]: Control Channel Authentication: using '/etc/tls_auth.key' as a OpenVPN static key file
                                  Nov 28 14:13:01 openvpn[302]: WARNING: file '/etc/tls_auth.key' is group or others accessible
                                  Nov 28 14:13:01 openvpn[302]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
                                  Nov 28 14:13:01 openvpn[302]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
                                  ^^^^ Normal RESTART ^^^^

                                  1 Reply Last reply Reply Quote 0
                                  • S Offline
                                    sullrich
                                    last edited by Nov 28, 2006, 4:50 PM

                                    At this point I am at a loss.  Will have to discuss it with the other devs.  We are all really confused on this one.

                                    1 Reply Last reply Reply Quote 0
                                    • T Offline
                                      tpepels
                                      last edited by Nov 29, 2006, 8:40 PM

                                      Same problem on my box ???.

                                      root    lighttpd  1785  10 tcp4  *:1194                :
                                      root    check_relo 339  10 tcp4  *:1194                :

                                      Hope you find the problem soon, good luck anyway!

                                      1 Reply Last reply Reply Quote 0
                                      • B Offline
                                        Bredys
                                        last edited by Jan 4, 2007, 2:49 PM

                                        Still nothing new about this problem ? I try every snapshot but without any progress :(

                                        1 Reply Last reply Reply Quote 0
                                        • S Offline
                                          Selective
                                          last edited by Jan 5, 2007, 12:16 PM

                                          The only thing you can do is to make your changes and save, click the disable box to disable tunnel and then restart pf, and when its up again, click box to enable tunnel again.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received