OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Oxygen61 on November 13, 2017, 10:15:43 pm

Title: [SOLVED / bug found] OpenVPN - unable to contact Daemon / device busy
Post by: Oxygen61 on November 13, 2017, 10:15:43 pm
Hi Guys,

i have a OpenVPN problem, which happens sometimes.
I have 3 OpenVPN connections at the same time.
All three Gateways are up and the failover Gateway is telling me that every Gateway is up and connected.
The problem is that only 1 of 3 OpenVPN services are running.
The other two are down, saying "Service not running? / unable to contact daemon"
The Log is saying the following when i try to reactivate one of these:

Code: [Select]
Nov 13 22:07:14 openvpn[81882]: Exiting due to fatal error
Nov 13 22:07:14 openvpn[81882]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Nov 13 22:07:14 openvpn[81882]: TUN/TAP device ovpnc1 exists previously, keep at program end
Why is OpenVPN not able to close the device and enable it again?

I am more than sure that just rebooting the system would solve the issue, but i don't like this kind of approach. :D
Is there anything i can check to get an idea why this is happening in the first place?
I am using OPNsense Ver 17.7.7_1-amd64 at the moment.

Best regards,
Title: Re: OpenVPN - unable to contact Daemon / device busy
Post by: Oxygen61 on November 13, 2017, 11:45:05 pm
I will answer myself instead, since i found a workaround and the bug/error which happened.

I searched the Web and found a pfSense article explaining the very same issue, which happened to me aswell:
Somehow the OpenVPN instance tried to be started again, and I think the PID file got updated. Then the process dies because it can't listen on the specified port (the other process has it already). The PID file now has the new (gone) process id. Now the system can't find the old process any more - it thinks the PID file is a reliable indicator to use to find the process. But, as you say, the VPN is happily running and working.
Source: https://forum.pfsense.org/index.php?topic=75502.0

1. Use SSH via PuTTY to connect to your OPNsense
2. Get into the Shell with root
3. Type: ps auxww | grep openvpn
4. Try to locate the OpenVPN TUN instances which are buggy "for example: client1.conf"
(you can look up all the buggy instance numbers whenever u try to activate them, in the OpenVPN log)
5. The first number is the PID (Process ID's)
6. Type: kill <PID number>
7. On the OPNsense GUI go to VPN > OpenVPN > Connection Status > Play button
8. Open the Dashboard and restart the apinger Daemon, as soon as you restarted all VPN daemons.
9. Finish!

@Franco / OPNsense Admins
Is there any way to fix this issue/behaviour? As far as i know, the VPN tunnels/daemons were active, but just the dashboard / service part of the GUI could not visualize correctly what was going on.

Best regards,

Title: Re: [SOLVED / bug found] OpenVPN - unable to contact Daemon / device busy
Post by: franco on November 14, 2017, 04:41:19 am
Hi oxy,

Can you please create a Github ticket for me? I will be back next week.

Looks like a PID file mangling. Are you sure all instances are up? If yes, this only happens when the old process as not yet released properly. Either we erroneously delete the PID file or the old process is still running by the time the new instance is being brought up.

Is his a problem of clients particularly or servers and clients alike?

Title: Re: [SOLVED / bug found] OpenVPN - unable to contact Daemon / device busy
Post by: Oxygen61 on November 14, 2017, 10:36:21 pm
Hi Franco :)

Nice to hear from you and hope you are doing good. :)
Here you go with the Github Ticket: https://github.com/opnsense/core/issues/1931
Hope that helps!