How restart OpenVPN server

dairaen

cheers,

verified this problem on all my embedded systems and 2 firewalls
with strong i386 hardware.

kind regards
dairaen

sullrich

Please upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-11-25-2006/ and see if the problem persists.

dairaen

cheers,

i am not at the office right now, so i can't test the
snapshot bevore next week; i will report if it fixes the bug.

kind regards
dairaen

Bredys

@sullrich:

Please upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-11-25-2006/ and see if the problem persists.

Sorry but no change for me :(

sockstat | grep 1194

root    check_relo 387  11 udp4  *:1194                :

Nov 28 14:14:45 openvpn[1558]: Exiting
Nov 28 14:14:45 openvpn[1558]: TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
Nov 28 14:14:45 openvpn[1558]: Control Channel Authentication: using '/etc/tls_auth.key' as a OpenVPN static key file
Nov 28 14:14:45 openvpn[1558]: WARNING: file '/etc/tls_auth.key' is group or others accessible
Nov 28 14:14:45 openvpn[1558]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
Nov 28 14:14:45 openvpn[1558]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
Nov 28 14:14:44 openvpn[381]: SIGTERM[hard,] received, process exiting
Nov 28 14:14:41 openvpn[381]: /etc/rc.filter_configure tun0 1500 1542 192.168.50.1 192.168.50.2 init
Nov 28 14:14:41 openvpn[381]: event_wait : Interrupted system call (code=4)
^^^^ After save openVPN config without any changes ^^^^

Nov 28 14:13:04 openvpn[381]: Need IPv6 code in mroute_extract_addr_from_packet
Nov 28 14:13:04 openvpn[381]: Initialization Sequence Completed
Nov 28 14:13:04 openvpn[381]: UDPv4 link remote: [undef]
Nov 28 14:13:04 openvpn[381]: UDPv4 link local (bound): [undef]:1194
Nov 28 14:13:01 openvpn[302]: /etc/rc.filter_configure tun0 1500 1542 192.168.50.1 192.168.50.2 init
Nov 28 14:13:01 openvpn[302]: /sbin/ifconfig tun0 192.168.50.1 192.168.50.2 mtu 1500 netmask 255.255.255.255 up
Nov 28 14:13:01 openvpn[302]: TUN/TAP device /dev/tun0 opened
Nov 28 14:13:01 openvpn[302]: gw 85.70.189.50
Nov 28 14:13:01 openvpn[302]: Control Channel Authentication: using '/etc/tls_auth.key' as a OpenVPN static key file
Nov 28 14:13:01 openvpn[302]: WARNING: file '/etc/tls_auth.key' is group or others accessible
Nov 28 14:13:01 openvpn[302]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
Nov 28 14:13:01 openvpn[302]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
^^^^ Normal RESTART ^^^^

sullrich

At this point I am at a loss.  Will have to discuss it with the other devs.  We are all really confused on this one.

tpepels

Same problem on my box ???.

root    lighttpd  1785  10 tcp4  *:1194                :
root    check_relo 339  10 tcp4  *:1194                :

Hope you find the problem soon, good luck anyway!

Bredys

Still nothing new about this problem ? I try every snapshot but without any progress :(

Selective

The only thing you can do is to make your changes and save, click the disable box to disable tunnel and then restart pf, and when its up again, click box to enable tunnel again.

trendchiller

Same problem here and at a friends system and at work, too… even switching to another port did not work (only for one day - using 1195 now) and the system at work... still no changes  :'(

thinair

I have the same issue (and have had for a while now), the OpenVPN server tells me whatever port number I'm using is already in use.  I've tried with the latest snapshot (Jan 7/06), same issue.

sullrich

Known issue. It's covered in 3-4 other threads but there is no solution as of yet.

wdbacker

I'm having the same problem with my server in UDP mode. TCP mode works perfectly for me. Looking at the listening server processes with "sockstat -l" reveals:

_dhcp    dhclient  794  10 udp4  *:1194                :
root    dhclient  697  10 udp4  *:1194                :

Apparently, the dhclient process is listening on UDP port 1194 …  ???

FYI, my box is connected at the WAN side through DHCP to my ISP. In the OpenVPN server, I enabled dynamic dns clients.

sullrich

There is some kind of bug where processes are inheriting other socket descriptors.

wdbacker

Thanks for the information Scott!

I did some more testing and I saw the same problem now with the OpenVPN server in TCP mode. Hence I think it doesn't matter if the connection is through TCP or UDP, the same problem shows up. Rebooting solves the problem. The problem also seems to happen at random.

If there is anything I can do to help you finding the problem (socket descriptors being reused?), I'll be happy to do more testing!

wdbacker

Hi Scott,

I noticed your Check-In 16202 on the CVS trac and I modified my /etc/inc/filter.inc as shown. Now in my case, OpenVPN is again (re)starting normally without the socket descriptors being reused by other processes! It works in both TCP and UDP server mode now (I use TCP for roadwarriors and UDP for site to site).

I will do some more extensive testing one of these days.

Thanks for the nice solution! :)

sullrich

Great!  Glad to hear that it has solved the issues.

thinair

I'm testing the updated filter.inc file as well.  I'll let you know in 24h if the OpenVPN tunnel is still up.  It usually dies after a couple hours for me.

Bredys

I tried last snapshot from 22.01.07 and openVPN work great !

Thanks for this fix !

Selective

it´s working for me aswell !!! :D

trendchiller

Y E A H

Scott you rule !

Happy to see this bug to be gone  ;D