OPNsense Forum
English Forums => Virtual private networks => Topic started by: Alternativend on January 12, 2022, 06:19:59 pm
-
Hello community,
im quite new to OPNSENSE at all and i have a really annoying problem which i have never had before with Linux so far. No baiting, i just don´t know where to look or what to do.
The problem is, that i have a firewall appliance with Opnsense (recent release, everything up2date) on which the Openvpn server keeps crashing after a few days. Mostly it´s running for about one day. I cant even restart it from the WebUI, i must reboot in order to make it work again.
Here is the log on level 3:
2022-01-12T14:49:52 openvpn[65426] Exiting due to fatal error
2022-01-12T14:49:52 openvpn[65426] Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
2022-01-12T14:49:52 openvpn[65426] TUN/TAP device ovpns1 exists previously, keep at program end
2022-01-12T14:49:52 openvpn[65426] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-01-12T14:49:52 openvpn[65426] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-01-12T14:49:52 openvpn[65426] Diffie-Hellman initialized with 4096 bit key
2022-01-12T14:49:52 openvpn[65426] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-01-12T14:49:52 openvpn[65426] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
2022-01-12T14:49:52 openvpn[48746] library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-01-12T14:49:52 openvpn[48746] OpenVPN 2.5.4 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 14 2021
2022-01-12T14:49:52 openvpn[48746] DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-01-12T14:49:52 openvpn[48746] WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-01-12T14:49:50 openvpn[67672] Exiting due to fatal error
2022-01-12T14:49:50 openvpn[67672] Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
2022-01-12T14:49:50 openvpn[67672] TUN/TAP device ovpns1 exists previously, keep at program end
2022-01-12T14:49:50 openvpn[67672] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-01-12T14:49:50 openvpn[67672] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-01-12T14:49:50 openvpn[67672] Diffie-Hellman initialized with 4096 bit key
2022-01-12T14:49:50 openvpn[67672] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-01-12T14:49:50 openvpn[67672] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
Any ideas on this?
Regards!
-
After killing the service im able to start it again, but i need a more reliable solution :).
OPNSENSE:~ # ps auxwww | grep openvpn
root 89352 0.0 0.2 17352 7484 - Ss 18:31 0:02.81 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 37195 0.0 0.0 1616 836 0 R+ 06:45 0:00.00 grep openvpn
root@OPNSENSE:~ # kill 89352
-
...if you don't find the underlying cause, maybe something along the line of Example 2 here:
https://docs.opnsense.org/manual/monit.html