Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to Run two OVPN servers

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xternal
      last edited by

      Does anyone else have this issue.
      Running 2.1-BETA0 (amd64)
      built on Tue Sep 25 12:35:17 EDT 2012
      FreeBSD 8.3-RELEASE-p4

      When two OVPN servers are setup on the same host, only one host remains up after awhile. If one of the ovpn services goes down for what ever reason, when you try and restart the service this is logged in syslog:

      Oct 8 15:29:16 kernel: ovpns3: link state changed to UP
      Oct 8 15:29:16 kernel: ifa_add_loopback_route: insertion failed
      Oct 8 15:29:16 check_reload_status: Reloading filter
      Oct 8 15:29:16 kernel: ovpns3: link state changed to DOWN

      I have tried on two different boxes with the same result.

      Many thanks!

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        Running 2.0.2  I do not.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Using the same tunnel network on both maybe? The same route(s) on both? Can't do either of those.

          1 Reply Last reply Reply Quote 0
          • X
            xternal
            last edited by

            So the Ovpnserver will fail if it has the same gateway at the next hop?

            How can I go about just setting it up for failover, so the VPN server will jump from WAN to WAN2 if WAN fails and vice versa?

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @xternal:

              How can I go about just setting it up for failover, so the VPN server will jump from WAN to WAN2 if WAN fails and vice versa?

              By removing the routes from OpenVPN on both sides and using OSPF. What you're attempting, trying to static route the same thing on multiple instances, isn't a valid configuration.

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                If you just have a simple network and don't want to install and setup OSPF, then you can:

                1. Port forward the OpenVPN server listening port (e.g. 1194 or whatever you use) on WAN1 and WAN2 to LAN.
                2. Set the OpenVPN server to listen on LAN.
                  Then clients can initiate connections into either WAN IP address and get through to the OpenVPN server. The client has to be setup to try both WAN addresses.
                  If a WAN goes down, then a client connected through that WAN will have to time out, then go through a cycle of trying to connect again to each WAN until it finds connectivity. So the failover takes a minute or 2 - you don't have multiple OpenVPN logical links running from real site A to B all the time.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • X
                  xternal
                  last edited by

                  I am using Quagga and the dual vpn connection works fine initally. Its only when one of the connection drops, that error appears.
                  Its looks like a potential bug when the loopback interface is trying to use a route already in use by the other VPN instance?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.