"Unable to contact daemon"


  • Banned

    Hi again!

    As reported in the past…

    https://forum.pfsense.org/index.php?topic=64916.0

    https://forum.pfsense.org/index.php?topic=64916.0

    https://lists.pfsense.org/pipermail/list/2015-January/007871.html

    ..this error is even present for 2.2 (4GB nano serial)

    Interestingly, it didn't occur for months, even after an update to 2.2 via the GUI.

    But after changing the CF-card to a fresh copy of 2.2 and adding the config.xml, problems started within 1-2 hours and persist. After a reboot the error comes up with in 24 h...

    Really annoying, as the service watchguard tries to restart the openvpn again and again and again and agin, filling te log with nonsense...

    Nobody any idea what'S going on here?



  • I had one of these last week on 2.2-RELEASE, after a number of down/up events on WAN (the ISP network did actually go down and come back up 5 minutes later and quite a few times). Mine was in reaction to apinger packet loss, in this case genuine.
    The PID recorded in the PID file for the OpenVPN process gets wrong. Something tries to stop/start and at some point in the timing a new OpenVPN process is started and the PID for that written to the PID file. But there is already a previous process still running (or just started also or???) and the new process dies with some error (e.g. it cannot attach to port 1194 or …).

    The PID file gets left with a PID in it that does not exist. At that point the dashboard, status page... cannot contact the OpenVPN process, even though actually there is an OpenVPN process running fine and the users are all happy.

    Yes, the whole timing sequence of reactions to interface/apinger events needs to be looked through again. I also thought it was all good in 2.2 - but there is some issue still remaining.


  • Banned

    Hi phil!

    No apinger issues at that site, although I had to buy a "new" DSL modem (stoneage,  even lousier latencies as the old one, but no other provider available). Don't know where to start, as the whole thing was gone for months now (even with 2.2) and only started with the new CF-install….

    Nice weekend...

    chemlud



  • Yep I had a similar issue here.

    My WAN IP changed (due to a modem reboot), and then I lost control of openvpn via the web interface… restarting produced the following errors :

    Mar 16 16:01:00	openvpn[1656]: OpenVPN 2.3.6 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 1 2014
    Mar 16 16:01:00	openvpn[1656]: library versions: OpenSSL 1.0.1k-freebsd 8 Jan 2015, LZO 2.08
    Mar 16 16:01:00	openvpn[1790]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 16 16:01:00	openvpn[1790]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Mar 16 16:01:00	openvpn[1790]: TUN/TAP device ovpns1 exists previously, keep at program end
    Mar 16 16:01:00	openvpn[1790]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
    Mar 16 16:01:00	openvpn[1790]: Exiting due to fatal error
    

    A quick ssh login, pkill openvpn, then restart via the web gui and everything is working fine again.


Log in to reply