OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: kug1977 on October 24, 2018, 06:48:06 am

Title: OpenVPN failed to start after reboot
Post by: kug1977 on October 24, 2018, 06:48:06 am

Hi,

due to the PPPoE reconnect issue, I have to restart the OPNsense (v18.7.5_1) on a daily base and I see, that OpenVPN failed to start in these procedure. This is a fresh installation. By the way, I'm able to connect to the OpenVPN Gateway, even if it shows, it's not up. So I guess these is a mismatch between GUI and real world.

These is, how it looks in bash:
root@fw:~ # ps aux | grep openvpn
root    13532   0.0  0.2 1085792   6404  -  Ss   06:38    0:00.17 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf


Oct 24 06:38:28   openvpn[13532]: Initialization Sequence Completed
Oct 24 06:38:28   openvpn[13532]: IFCONFIG POOL: base=10.4.6.2 size=252, ipv6=0
Oct 24 06:38:28   openvpn[13532]: MULTI: multi_init called, r=256 v=256
Oct 24 06:38:28   openvpn[13532]: UDPv4 link remote: [AF_UNSPEC]
Oct 24 06:38:28   openvpn[13532]: UDPv4 link local (bound): [AF_INET]89.247.XXX.XX0:1194
Oct 24 06:38:28   openvpn[13532]: Socket Buffers: R=[42080->42080] S=[57344->57344]
Oct 24 06:38:28   openvpn[13532]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct 24 06:38:27   openvpn[13863]: Exiting due to fatal error
Oct 24 06:38:27   openvpn[13863]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Oct 24 06:38:27   openvpn[13863]: TUN/TAP device ovpns1 exists previously, keep at program end
Oct 24 06:38:27   openvpn[13863]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 24 06:38:27   openvpn[13863]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 24 06:38:27   openvpn[13863]: Diffie-Hellman initialized with 4096 bit key
Oct 24 06:38:27   openvpn[13863]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 24 06:38:27   openvpn[13863]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Oct 24 06:38:27   openvpn[13863]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
Oct 24 06:38:27   openvpn[13532]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpns1 1500 1622 10.4.6.1 255.255.255.0 init
Oct 24 06:38:27   openvpn[13532]: /sbin/route add -net 10.4.6.0 10.4.6.2 255.255.255.0
Oct 24 06:38:27   openvpn[13532]: /sbin/ifconfig ovpns1 10.4.6.1 10.4.6.2 mtu 1500 netmask 255.255.255.0 up
Oct 24 06:38:27   openvpn[13532]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Oct 24 06:38:27   openvpn[13532]: TUN/TAP device /dev/tun1 opened
Oct 24 06:38:27   openvpn[13532]: TUN/TAP device ovpns1 exists previously, keep at program end
Oct 24 06:38:27   openvpn[13532]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 24 06:38:27   openvpn[13532]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 24 06:38:27   openvpn[13532]: Diffie-Hellman initialized with 4096 bit key
Oct 24 06:38:27   openvpn[13532]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 24 06:38:27   openvpn[13532]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Oct 24 06:38:27   openvpn[13532]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
Oct 24 06:38:27   openvpn[12925]: library versions: LibreSSL 2.7.4, LZO 2.10
Oct 24 06:38:27   openvpn[12925]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018
Oct 24 06:38:27   openvpn[13058]: library versions: LibreSSL 2.7.4, LZO 2.10
Oct 24 06:38:27   openvpn[13058]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018

The service button stays red and any restart try fails with these logs:

Oct 24 06:45:57   openvpn[50915]: Exiting due to fatal error
Oct 24 06:45:57   openvpn[50915]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Oct 24 06:45:57   openvpn[50915]: TUN/TAP device ovpns1 exists previously, keep at program end
Oct 24 06:45:57   openvpn[50915]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 24 06:45:57   openvpn[50915]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 24 06:45:57   openvpn[50915]: Diffie-Hellman initialized with 4096 bit key
Oct 24 06:45:57   openvpn[50915]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 24 06:45:57   openvpn[50915]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Oct 24 06:45:57   openvpn[50915]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
Oct 24 06:45:57   openvpn[50391]: library versions: LibreSSL 2.7.4, LZO 2.10
Oct 24 06:45:57   openvpn[50391]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018

I see no difference in behaviour between OpenSSL and LibreSSL installs. Only way to get a match between GUI and bash, is killing the running OpenVPN process and start by hand.

Kind regards,
kug1977