OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: mgiammarco on March 17, 2016, 03:07:12 pm

Title: [SOLVED] Just updated to 16.1.7 and openvpn does not work anymore
Post by: mgiammarco on March 17, 2016, 03:07:12 pm

Hello,
I had a fully working (and complex) openvpn configuration.
Today I upgraded to 16.1.7 and openvpn is clearly broken.
The error is:

openvpn[44971]: Options error: --client-config-dir fails with '/var/etc/openvpn-csc/1': No such file or directory

Can you help me?
It is urgent.

Thanks,
Mario

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: AdSchellevis on March 17, 2016, 04:36:54 pm

Hi Mario,

I'm not sure what version you came from, but the (optional) server select feature for csc was introduced in 16.1.5 for as far as I can find.

If your config uses the overrides for all servers and for some odd reason it didn't rebuild the files into the new location, you could try either a reboot (which triggers writing csc files) or save an existing server again, which should do the same.

In case that doesn't solve your issue, can you supply some additional information about your setup please? (the contents of /var/etc/openvpn-csc for example and the number of configured servers and overrides).

Best regards,

Ad

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: mgiammarco on March 17, 2016, 07:52:24 pm

Thanks for your prompt reply.
I tried with saving openvpn and rebooting without luck.
So I looked in /var/etc/openvpn-csc and I found my three CSO (client specific overrides).
I came back to gui and saved my three cso.
I see now that they are disappeared from openvpn-csc dir.
Started server again but without luck.
So I created "1" directory with mkdir.
This time the server starts, it seems to work, routes are ok but I cannot reach all my clients via openvpn.
Here it is a part of the log:


Mar 17 19:41:44    openvpn[21532]: sedearteparquet/188.11.117.201:51074 MULTI_sva: pool returned IPv4=172.22.23.3, IPv6=(Not enabled)
Mar 17 19:41:44    openvpn[21532]: 188.11.117.201:51074 [sedearteparquet] Peer Connection Initiated with [AF_INET]188.11.117.201:51074
Mar 17 19:41:44    openvpn[21532]: sedegiammar/109.168.24.130:35171 send_push_reply(): safe_cap=940
Mar 17 19:41:44    openvpn[21532]: sedegiammar/109.168.24.130:35171 MULTI_sva: pool returned IPv4=172.22.23.2, IPv6=(Not enabled)
Mar 17 19:41:44    openvpn[21532]: 109.168.24.130:35171 [sedegiammar] Peer Connection Initiated with [AF_INET]109.168.24.130:35171
Mar 17 19:41:43    openvpn[21532]: TCP connection established with [AF_INET]188.11.117.201:51074
Mar 17 19:41:43    openvpn[21532]: TCP connection established with [AF_INET]109.168.24.130:35171
Mar 17 19:41:38    openvpn[21532]: Initialization Sequence Completed
Mar 17 19:41:38    openvpn[21532]: TCPv4_SERVER link remote: [undef]
Mar 17 19:41:38    openvpn[21532]: TCPv4_SERVER link local (bound): [AF_INET]89.186.73.20:1195
Mar 17 19:41:38    openvpn[21532]: Listening for incoming TCP connection on [AF_INET]89.186.73.20:1195
Mar 17 19:41:38    openvpn[21532]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 17 19:41:38    openvpn[21532]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1559 172.22.23.1 255.255.255.0 init

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: mgiammarco on March 17, 2016, 07:58:33 pm

I forgot to say I updated from 16.1.1 I suppose

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: franco on March 17, 2016, 09:26:01 pm

I also saw this for fresh OpenVPN servers, no CSCs configured and just added a new one with the minimum fields and got this startup error.

The changes may have come in during 16.1.4, which means I have no more packages to revert to for the moment. We only keep three versions back and we're at 16.1.7 now.

Hopefully, this will be resolved some time tomorrow.

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: mgiammarco on March 17, 2016, 11:06:03 pm

Please note the making "1" folder is a workaround that does not solve the problem.

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: franco on March 18, 2016, 07:19:02 am

Is your server mode Peer to Peer (SSL/TLS)?

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: franco on March 18, 2016, 07:28:48 am

The change that caused this was pushed into 16.1.5 and it only affects this one OpenVPN mode. You can fix it by issuing the following on your box:

# cd /usr/local/etc/inc
# fetch https://raw.githubusercontent.com/opnsense/core/14ddef47/src/etc/inc/openvpn.inc

Let me know if that helps. :)

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: mgiammarco on March 18, 2016, 09:47:19 am

Quote from: franco on March 18, 2016, 07:19:02 am

Is your server mode Peer to Peer (SSL/TLS)?

YES

Title: Re: Just updated to 16.1.7 and openvpn does not work anymore
Post by: mgiammarco on March 18, 2016, 09:49:11 am

Quote from: franco on March 18, 2016, 07:28:48 am

Let me know if that helps. :)

Now it works! Thanks.
To make it working I had to save again my config and my three cso.
Now I see in /var/etc/openvpn-csc/ a folder "1" with inside my cso files.
Many many many thanks!
Mario

Title: Re: [SOLVED] Just updated to 16.1.7 and openvpn does not work anymore
Post by: franco on March 18, 2016, 10:26:12 am

Sorry about the hiccup and thanks for confirming it's back to normal. This fix will be added officially with 16.1.8 next week. :)