[RESOLV] 2 vpn and Management Daemon Unreachable
-
Hello,
i've configuring 2 vpn (VPN1 and VPN2) on pfsense 2.0.3 with 2 different ports (1194 and 1195). When i activing all vpn's (VPN1 in first and VPN2 in second) for the second i've this error in "Status / OpenVpn" Management Daemon Unreachable and it's impossible to deconnect this.
If inverse activation (first VPN2 and second VPN1) the VPN1 have the error "Management Daemon Unreachable".
After disable VPN1 and VPN2 in /var/etc/openvpn remains files serverX.sock.
P.S. : Sorry for my bad english.
-
Tell us more -
I guess they are both servers?
What are the server configs? (e.g. are they using using different tunnel networks…)
What hardware? (maybe you have a system low on memory)
What is in the logs? (hopefully the daemon that won't start, actually logs something) -
I guess they are both servers?
Yes and the client is roadwarrior
What are the server configs? (e.g. are they using using different tunnel networks…)
No identical, the unique it's the authentifcation method :
VPN1 : Remote Access (User Auth) + ldap
VPN2 : Remote Access (SSL/TLS + User Auth) + ldapWhat hardware? (maybe you have a system low on memory)
Memory : 2Gb
Mem: 50M Active, 17M Inact, 101M Wired, 32K Cache, 110M Buf, 814M Free Swap: 2048M Total, 2048M Free
What is in the logs? (hopefully the daemon that won't start, actually logs something)
/var/log/openvpn.log after active VPN1 and VPN2
Jul 10 14:13:09 svfir02 openvpn[13082]: OpenVPN 2.2.2 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] built on Apr 2 2013 Jul 10 14:13:09 svfir02 openvpn[13082]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want Jul 10 14:13:09 svfir02 openvpn[13082]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 14:13:09 svfir02 openvpn[13082]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate Jul 10 14:13:09 svfir02 openvpn[13082]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file Jul 10 14:13:09 svfir02 openvpn[13082]: TUN/TAP device /dev/tun1 opened Jul 10 14:13:09 svfir02 openvpn[13082]: /sbin/ifconfig ovpns1 192.168.x.1 192.168.x.2 mtu 1500 netmask 255.255.255.255 up Jul 10 14:13:09 svfir02 openvpn[13082]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1558 192.168.x.1 192.168.x.2 init Jul 10 14:13:09 svfir02 openvpn[15011]: UDPv4 link local (bound): zzz.26.133.zzz:1194 Jul 10 14:13:09 svfir02 openvpn[15011]: UDPv4 link remote: [undef] Jul 10 14:13:09 svfir02 openvpn[15011]: Initialization Sequence Completed Jul 10 14:13:13 svfir02 openvpn[38232]: OpenVPN 2.2.2 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] built on Apr 2 2013 Jul 10 14:13:13 svfir02 openvpn[38232]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 14:13:13 svfir02 openvpn[38232]: Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file Jul 10 14:13:13 svfir02 openvpn[38232]: TUN/TAP device /dev/tun2 opened Jul 10 14:13:13 svfir02 openvpn[38232]: /sbin/ifconfig ovpns2 192.168.x.1 192.168.x.2 mtu 1500 netmask 255.255.255.255 up Jul 10 14:13:13 svfir02 openvpn[38232]: FreeBSD ifconfig failed: external program exited with error status: 1 Jul 10 14:13:13 svfir02 openvpn[38232]: Exiting
/var/log/system.log
Jul 10 14:13:09 svfir02 check_reload_status: Reloading filter Jul 10 14:13:09 svfir02 kernel: ovpns1: link state changed to UP Jul 10 14:13:09 svfir02 check_reload_status: rc.newwanip starting ovpns1 Jul 10 14:13:09 svfir02 check_reload_status: Syncing firewall Jul 10 14:13:12 svfir02 php: : rc.newwanip: Informational is starting ovpns1. Jul 10 14:13:12 svfir02 php: : rc.newwanip: on (IP address: 192.168.x.1) (interface: ) (real interface: ovpns1). Jul 10 14:13:13 svfir02 kernel: ovpns2: link state changed to UP Jul 10 14:13:13 svfir02 kernel: ovpns2: link state changed to DOWN Jul 10 14:13:14 svfir02 ntpdate[36006]: adjust time server 88.190.227.30 offset -0.002549 sec Jul 10 14:13:14 svfir02 php: : pfSense package system has detected an ip change -> 192.168.x.1 ... Restarting packages. Jul 10 14:13:14 svfir02 check_reload_status: Starting packages Jul 10 14:13:16 svfir02 php: : Restarting/Starting all packages.
-
The problem is the identical IP address for the all vpn.
Thanks.