OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: sol on February 19, 2019, 06:13:29 pm

Title: openvpn working but connection status shows unable to contact daemon
Post by: sol on February 19, 2019, 06:13:29 pm

Hi there,

since the update to 19.1.1 I have a weird issue.
Openvpn works. I can connect to my lan and browse the web from an external wlan.
But the status under vpn / openvpn / connection status shows this:

Code: [Select]

OpenVPN Status
OpenVPN Privat UDP:1194 Client connections
Common Name Real Address Virtual Address Connected Since Bytes Sent Bytes Received
[error] Unable to contact daemon Service not running? 0 0 bytes 0 bytes


System: Diagnostics: Services also shows that openvpn isnt running, although it works. Restarting the firewall or just the service doesnt solve the issue.

This is the openvpn log

Code: [Select]

Date Message
Feb 19 17:51:49 openvpn[3190]: Exiting due to fatal error
Feb 19 17:51:49 openvpn[3190]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 17:51:49 openvpn[3190]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 17:51:49 openvpn[3190]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 17:51:49 openvpn[22887]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 17:51:49 openvpn[22887]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 19 17:13:06 openvpn[52155]: MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
Feb 19 17:13:06 openvpn[52155]: 46.xxx.xx.49:56646 [stefan] Peer Connection Initiated with [AF_INET]46.xxx.28.49:56646
Feb 19 17:13:06 openvpn: user 'stefan' authenticated using 'TOTP VPN Access Server'
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_TCPNL=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_COMP_STUBv2=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_COMP_STUB=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZO=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZ4v2=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZ4=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_NCP=2
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_PROTO=2
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_PLAT=mac
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_VER=2.4.6
Feb 19 16:13:07 openvpn[52155]: stefan/46.xxx.xx.xx:53468 MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 [stefan] Peer Connection Initiated with [AF_INET]46.xxx.xx.xx:53468
Feb 19 16:13:07 openvpn: user 'stefan' authenticated using 'TOTP VPN Access Server'
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_TCPNL=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_COMP_STUBv2=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_COMP_STUB=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZO=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZ4v2=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZ4=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_NCP=2
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_PROTO=2
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_PLAT=mac
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_VER=2.4.6
Feb 19 13:57:15 openvpn[97551]: Exiting due to fatal error
Feb 19 13:57:15 openvpn[97551]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 13:57:15 openvpn[97551]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 13:57:15 openvpn[97551]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 13:57:15 openvpn[92632]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 13:57:15 openvpn[92632]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 19 13:57:13 openvpn[93621]: Exiting due to fatal error
Feb 19 13:57:13 openvpn[93621]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 13:57:13 openvpn[93621]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 13:57:13 openvpn[93621]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 13:57:13 openvpn[28853]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 13:57:13 openvpn[28853]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 18 22:21:32 openvpn[52155]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]185.200.118.66:53610
Feb 18 13:27:13 openvpn[15599]: Exiting due to fatal error
Feb 18 13:27:13 openvpn[15599]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 18 13:27:13 openvpn[15599]: TUN/TAP device ovpns1 exists previously, keep at program end

Looking forward to your replies.
Thx.

PS
what does this mean
TLS Error: cannot locate HMAC in incoming packet from [AF_INET]185.200.118.66:53610

I get this from time to time from ip of the 185.200.118.xx range?
Is someone trying to connect to my openvpn using a port scan?

Title: Re: openvpn working but connection status shows unable to contact daemon
Post by: skyeci2018 on February 19, 2019, 10:33:25 pm

whilst I cant help fix it I too have the same issue as you with the daemon message. A friend is trying to help so fingers crossed he  can work out why it's happening.

Title: Re: openvpn working but connection status shows unable to contact daemon
Post by: skyeci2018 on February 23, 2019, 07:00:58 pm

Thought it might be of interest but I found a work around to clear the issue. My initial 19.1 build was like yours an upgrade which gave me the same issue as you. I since built a clean build and then restored a full back up which again left my vpn status widget being unable to contact the service etc. So I did another clean build but only restored my firewall rules and some other custom settings but not a full restore. I then configured the vpn section fresh and the vpn widget now works for me just fine.

It appears for me that the in place upgrade to 19.1 and the full restore of my working config both seemed to break the vpn status widget but doing above has resolved it  :)

Title: Re: openvpn working but connection status shows unable to contact daemon
Post by: Mks on February 24, 2019, 05:46:25 am

Hi.

See

https://forum.opnsense.org/index.php?topic=11562

Br

Title: Re: openvpn working but connection status shows unable to contact daemon
Post by: marjohn56 on February 24, 2019, 06:35:38 am

The thing is @SkyECI is one of my 'testers' and we've been trying various things, some of which I have posted on that Github issues link. None of them fixed his problem. A clean install and setup with only a rule import appears to have solved it. Watch this space.