OpenVPN not starting properly when failing over to backup router



  • I'm running a testlab to evaluate the use of two dedicated carp routers with OpenOSPFd, with an additional router used as an OpenVPN Client, also running OpenOSPFd. I have OSPF and everything working properly over the VPN link, but when testing failover regarding the OpenVPN connection, I'm running into an odd issue. The OpenVPN server starts just fine on the master, but after I fail over to the secondary router, the OpenVPN server fails to start. If I then restart the secondary router, the OpenVPN service starts properly and establishes a proper connection with the 3rd router (through the secondary router) and everything works. After reconnecting the master and then disconnecting it, the OpenVPN service won't start again on the secondary router. I'm at a loss for ideas, so I figured I'd ask here.

    Here's the contents of the OpenVPN Log:
    Aug 18 00:27:08  openvpn[11192]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
    Aug 18 00:27:08  openvpn[11382]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Aug 18 00:27:08  openvpn[11382]: TUN/TAP device ovpns1 exists previously, keep at program end
    Aug 18 00:27:08  openvpn[11382]: TUN/TAP device /dev/tun1 opened
    Aug 18 00:27:08  openvpn[11382]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Aug 18 00:27:08  openvpn[11382]: /sbin/ifconfig ovpns1 192.168.252.1 192.168.252.2 mtu 1500 netmask 255.255.255.255 up
    Aug 18 00:27:08  openvpn[11382]: FreeBSD ifconfig failed: external program exited with error status: 1
    Aug 18 00:27:08  openvpn[11382]: Exiting due to fatal error

    When executing "/sbin/ifconfig ovpns1 192.168.252.1 192.168.252.2 mtu 1500 netmask 255.255.255.255 up" on the secondary router over ssh I get:
    ifconfig: ioctl (SIOCAIFADDR): Address already in use

    ifconfig doesn't show any other interfaces configured with an address in the 192.168.252.* range, so I'm unsure why it thinks the address is in use, especially when everything works on a clean boot with this router running solo. Thanks for any help in advance!



  • Hi, have you find any suitable solution to this issue?
    I'm experiencing quite the same.

    I'm not using your configuration but the problem is that the route created for the Ovpn tunnel sometimes is not deleted when the tunnel goes down.

    So I have to change the IPv4 Tunnel Network if I want to recreate the tunnel as the previous address in not more usable.

    Many thanks.


Log in to reply