OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: Julien on July 12, 2016, 11:23:54 am
-
Hi Guys,
is there is away to start the openvpn daemon without have to reboot the firewall ?
i keep click on Play but it won't start.
thank you
-
Are you talking about the OpenVPN status page on 16.7.r1?
If yes, please apply this patch:
# opnsense-patch 0ba0986a
-
no i am on this production 16.1.
can i apply the same patch on 16.1 ?
i hope you can reply tonight so i can apply and if needed to reboot the firewall as there is no one on production.
thank you
-
No, this is for 16.7 only. The OpenVPN log file can help you pinpoint your issue. It won't start because it's misconfigured (setting missing or typo in one of the fields that is not caught by the GUI).
-
No, this is for 16.7 only. The OpenVPN log file can help you pinpoint your issue. It won't start because it's misconfigured (setting missing or typo in one of the fields that is not caught by the GUI).
if i disable the openvpn server the daemon stops, after i enable it it won't starts.
where can i see the logs ? maybe update to 16.7 would fix the issue ?
those are the logs i could find about the openvpn.
Jul 11 18:26:39 opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
Jul 11 18:26:34 opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'openvpn'' failed to execute
Jul 11 18:26:34 opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
Jul 11 18:26:28 opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'openvpn'' failed to execute
Jul 11 18:26:28 opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
Jul 11 18:26:22 opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'openvpn'' failed to execute
Jul 11 18:26:22 opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
Jul 11 18:26:17 opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'openvpn'' failed to execute
Jul 11 18:26:17 opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
Jul 11 18:26:11 opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'openvpn'' failed to execute
Jul 11 18:26:11 opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
Jul 11 18:26:10 opnsense: /index.php: The command `/usr/local/sbin/ifinfo 'openvpn'' failed to execute
Jul 11 18:26:10 opnsense: /index.php: The command `/sbin/ifconfig 'openvpn'' failed to execute
i noticed the Disable hardware checksum offload is not selected, do i have to select this or is just on a virtual appliance ?
i am using the A10 hardware .
-
This is the wrong log. It's under VPN: OpenVPN: Log file.
-
thank you Franco,
i thought i saved the log but somehow it didn't save the right log.
below is the correct log :
Jul 13 04:12:39 openvpn[71203]: Use --help for more information.
Jul 13 04:12:39 openvpn[71203]: Options error: --server directive network/netmask combination is invalid
Jul 13 04:10:37 openvpn[27735]: Use --help for more information.
Jul 13 04:10:37 openvpn[27735]: Options error: --server directive network/netmask combination is invalid
Jul 12 20:11:56 openvpn[64920]: Use --help for more information.
Jul 12 20:11:56 openvpn[64920]: Options error: --server directive network/netmask combination is invalid
Jul 12 19:36:25 openvpn[65363]: Use --help for more information.
Jul 12 19:36:25 openvpn[65363]: Options error: --server directive network/netmask combination is invalid
Jul 12 19:35:08 openvpn[17316]: Use --help for more information.
Jul 12 19:35:08 openvpn[17316]: Options error: --server directive network/netmask combination is invalid
i've noticed the tunnel IP was wrong, now is fixed .
thank you Franco,
one last questions,
i have 6 VLANS now, i want one VLAN5 to be blocked accessing the other VLANS,
i want to do the next
creating a group interfaces and add the VLANS 1,2,3,4,6 and call it Productions
Create a group interface and add VLAN5 to it and Call it guest.
on the firewall Production create a rules to block source production , destination Guest and the opposite
would fix this ?
thank you
-
Hi Julien,
Yes you can do "Interfaces: Other types: Groups" to do what you said and apply policies for these interface groupings.
Cheers,
Franco