Text only | Text with Images

OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: Timotei79 on June 25, 2019, 11:36:02 AM

Title: OpenVPN:TCP/UDP: Socket bind failed on local address [AF_INET]
Post by: Timotei79 on June 25, 2019, 11:36:02 AM
Hi all,

hoping someone can point me in the right direction?

Have setup OpenVPN client to use ExpressVPN as per their instructions. It worked a couple of times but now I get the following errors:
Code Select
Jun 25 09:17:12 openvpn[38277]: Exiting due to fatal error
Jun 25 09:17:12 openvpn[38277]: TCP/UDP: Socket bind failed on local address [AF_INET]10.***.0.**:0: Can't assign requested address (errno=49)
Jun 25 09:17:12 openvpn[38277]: Socket Buffers: R=[42080->524288] S=[57344->524288]
Jun 25 09:17:12 openvpn[38277]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.***.110.***:1195
Jun 25 09:17:12 openvpn[38277]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:17:12 openvpn[38277]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:17:12 openvpn[38277]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 25 09:17:12 openvpn[38277]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jun 25 09:17:12 openvpn[15394]: library versions: OpenSSL 1.0.2s 28 May 2019, LZO 2.10
Jun 25 09:17:12 openvpn[15394]: OpenVPN 2.4.7 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 4 2019
Jun 25 09:17:12 openvpn[15394]: WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
Jun 25 09:17:12 openvpn[5889]: SIGTERM[hard,] received, process exiting
Jun 25 09:17:10 openvpn[5889]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1557 10.****.0.** 10.***.0.** init
Jun 25 09:17:10 openvpn[5889]: Closing TUN/TAP interface
Jun 25 09:15:10 openvpn[5889]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1557 10.***.0.** 10.***.0.** init
Jun 25 09:15:10 openvpn[5889]: /sbin/ifconfig ovpnc1 10.***.0.** 10.***.0.** mtu 1500 netmask 255.255.255.255 up
Jun 25 09:15:10 openvpn[5889]: TUN/TAP device /dev/tun1 opened
Jun 25 09:15:10 openvpn[5889]: TUN/TAP device ovpnc1 exists previously, keep at program end
Jun 25 09:15:10 openvpn[5889]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 25 09:15:10 openvpn[5889]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 25 09:15:10 openvpn[5889]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: data channel crypto options modified
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: adjusting link_mtu to 1629
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: peer-id set
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: compression parms modified
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 25 09:15:10 openvpn[5889]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jun 25 09:15:10 openvpn[5889]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jun 25 09:15:10 openvpn[5889]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 25 09:15:10 openvpn[5889]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.***.0.*,comp-lzo no,route 10.***.0.*,topology net30,ping 10,ping-restart 60,ifconfig 10.***.0.** 10.***.0.**,peer-id 26,cipher AES-256-GCM'
Jun 25 09:15:10 openvpn[5889]: SENT CONTROL [Server-4262-1a]: 'PUSH_REQUEST' (status=1)
Jun 25 09:15:08 openvpn[5889]: [Server-4262-1a] Peer Connection Initiated with [AF_INET]185.**.110.***:1195
Jun 25 09:15:08 openvpn[5889]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jun 25 09:15:08 openvpn[5889]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-4262-1a, emailAddress=support@expressvpn.com
Jun 25 09:15:08 openvpn[5889]: VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-4262-1a, emailAddress=support@expressvpn.com
Jun 25 09:15:08 openvpn[5889]: VERIFY EKU OK
Jun 25 09:15:08 openvpn[5889]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jun 25 09:15:08 openvpn[5889]: Validating certificate extended key usage
Jun 25 09:15:08 openvpn[5889]: VERIFY KU OK
Jun 25 09:15:08 openvpn[5889]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Jun 25 09:15:08 openvpn[5889]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 25 09:15:08 openvpn[5889]: TLS: Initial packet from [AF_INET]185.**.110.***:1195, sid=88eea284 5df0331e
Jun 25 09:15:08 openvpn[5889]: UDP link remote: [AF_INET]185.**.110.***:1195
Jun 25 09:15:08 openvpn[5889]: UDP link local: (not bound)
Jun 25 09:15:08 openvpn[5889]: Socket Buffers: R=[42080->524288] S=[57344->524288]
Jun 25 09:15:08 openvpn[5889]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.**.110.***:1195
Jun 25 09:15:08 openvpn[5889]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:15:08 openvpn[5889]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:15:08 openvpn[5889]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

IP addresses in above obfuscated.

Reading another post:https://forum.opnsense.org/index.php?topic=6376.0 (https://forum.opnsense.org/index.php?topic=6376.0) suggested restarting dpinger, however I cannot find any mention of dpinger in the services, I tried re-installing the package with no luck.

Here is a screenshot of the OpenVPN connection status page:
(https://i.ibb.co/sH40vwp/Open-VPN-Error.png) (https://ibb.co/3zbDyN5)

Completetly stuck and dont know what to do now? HELP!
Title: Re: OpenVPN:TCP/UDP: Socket bind failed on local address [AF_INET]
Post by: Timotei79 on June 25, 2019, 03:26:51 PM
Having had a further read from ExpressVPN, an article suggested clearing the Routing table, which I completed with no luck.

I have read this link: https://github.com/opnsense/core/issues/2610 (https://github.com/opnsense/core/issues/2610) and despite opevpn not running:

Code Select
root@OPNsense:~ # ps aux | grep openvpn
root@OPNsense:~ # ls -lah /var/etc/openvpn/*.sock
srwxrwxrwx  1 root  wheel     0B Jun 25 13:20 /var/etc/openvpn/client1.sock
root@OPNsense:~ #


I seem to have a socket created?

Further reading https://github.com/opnsense/core/issues/3223#issuecomment-465714685 (https://github.com/opnsense/core/issues/3223#issuecomment-465714685) explains the issue. I guess I'll have to wait for a fix... :-(
Title: Re: OpenVPN:TCP/UDP: Socket bind failed on local address [AF_INET]
Post by: franco on June 25, 2019, 04:40:05 PM
#3223 doesn't explain much given it was shipped in 19.1.9 not so long ago and is only about OpenVPN status mismatch when the GUI says it's not running but in fact it is.

Your OpenVPN outright refuses to start.

You can't bind to the IP because you likely try to bind to an address/port combination that is already taken.


Cheers,
Franco
Text only | Text with Images