Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] Just updated to 16.1.7 and openvpn does not work anymore
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Just updated to 16.1.7 and openvpn does not work anymore (Read 9149 times)
mgiammarco
Jr. Member
Posts: 56
Karma: 3
[SOLVED] Just updated to 16.1.7 and openvpn does not work anymore
«
on:
March 17, 2016, 03:07:12 pm »
Hello,
I had a fully working (and complex) openvpn configuration.
Today I upgraded to 16.1.7 and openvpn is clearly broken.
The error is:
openvpn[44971]: Options error: --client-config-dir fails with '/var/etc/openvpn-csc/1': No such file or directory
Can you help me?
It is urgent.
Thanks,
Mario
«
Last Edit: March 18, 2016, 10:24:40 am by franco
»
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #1 on:
March 17, 2016, 04:36:54 pm »
Hi Mario,
I'm not sure what version you came from, but the (optional) server select feature for csc was introduced in 16.1.5 for as far as I can find.
If your config uses the overrides for all servers and for some odd reason it didn't rebuild the files into the new location, you could try either a reboot (which triggers writing csc files) or save an existing server again, which should do the same.
In case that doesn't solve your issue, can you supply some additional information about your setup please? (the contents of /var/etc/openvpn-csc for example and the number of configured servers and overrides).
Best regards,
Ad
Logged
mgiammarco
Jr. Member
Posts: 56
Karma: 3
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #2 on:
March 17, 2016, 07:52:24 pm »
Thanks for your prompt reply.
I tried with saving openvpn and rebooting without luck.
So I looked in /var/etc/openvpn-csc and I found my three CSO (client specific overrides).
I came back to gui and saved my three cso.
I see now that they are disappeared from openvpn-csc dir.
Started server again but without luck.
So I created "1" directory with mkdir.
This time the server starts, it seems to work, routes are ok but I cannot reach all my clients via openvpn.
Here it is a part of the log:
Mar 17 19:41:44 openvpn[21532]: sedearteparquet/188.11.117.201:51074 MULTI_sva: pool returned IPv4=172.22.23.3, IPv6=(Not enabled)
Mar 17 19:41:44 openvpn[21532]: 188.11.117.201:51074 [sedearteparquet] Peer Connection Initiated with [AF_INET]188.11.117.201:51074
Mar 17 19:41:44 openvpn[21532]: sedegiammar/109.168.24.130:35171 send_push_reply(): safe_cap=940
Mar 17 19:41:44 openvpn[21532]: sedegiammar/109.168.24.130:35171 MULTI_sva: pool returned IPv4=172.22.23.2, IPv6=(Not enabled)
Mar 17 19:41:44 openvpn[21532]: 109.168.24.130:35171 [sedegiammar] Peer Connection Initiated with [AF_INET]109.168.24.130:35171
Mar 17 19:41:43 openvpn[21532]: TCP connection established with [AF_INET]188.11.117.201:51074
Mar 17 19:41:43 openvpn[21532]: TCP connection established with [AF_INET]109.168.24.130:35171
Mar 17 19:41:38 openvpn[21532]: Initialization Sequence Completed
Mar 17 19:41:38 openvpn[21532]: TCPv4_SERVER link remote: [undef]
Mar 17 19:41:38 openvpn[21532]: TCPv4_SERVER link local (bound): [AF_INET]89.186.73.20:1195
Mar 17 19:41:38 openvpn[21532]: Listening for incoming TCP connection on [AF_INET]89.186.73.20:1195
Mar 17 19:41:38 openvpn[21532]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 17 19:41:38 openvpn[21532]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1559 172.22.23.1 255.255.255.0 init
Logged
mgiammarco
Jr. Member
Posts: 56
Karma: 3
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #3 on:
March 17, 2016, 07:58:33 pm »
I forgot to say I updated from 16.1.1 I suppose
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #4 on:
March 17, 2016, 09:26:01 pm »
I also saw this for fresh OpenVPN servers, no CSCs configured and just added a new one with the minimum fields and got this startup error.
The changes may have come in during 16.1.4, which means I have no more packages to revert to for the moment. We only keep three versions back and we're at 16.1.7 now.
Hopefully, this will be resolved some time tomorrow.
Logged
mgiammarco
Jr. Member
Posts: 56
Karma: 3
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #5 on:
March 17, 2016, 11:06:03 pm »
Please note the making "1" folder is a workaround that does not solve the problem.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #6 on:
March 18, 2016, 07:19:02 am »
Is your server mode Peer to Peer (SSL/TLS)?
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #7 on:
March 18, 2016, 07:28:48 am »
The change that caused this was pushed into 16.1.5 and it only affects this one OpenVPN mode. You can fix it by issuing the following on your box:
# cd /usr/local/etc/inc
# fetch
https://raw.githubusercontent.com/opnsense/core/14ddef47/src/etc/inc/openvpn.inc
Let me know if that helps.
Logged
mgiammarco
Jr. Member
Posts: 56
Karma: 3
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #8 on:
March 18, 2016, 09:47:19 am »
Quote from: franco on March 18, 2016, 07:19:02 am
Is your server mode Peer to Peer (SSL/TLS)?
YES
Logged
mgiammarco
Jr. Member
Posts: 56
Karma: 3
Re: Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #9 on:
March 18, 2016, 09:49:11 am »
Quote from: franco on March 18, 2016, 07:28:48 am
Let me know if that helps.
Now it works! Thanks.
To make it working I had to save again my config and my three cso.
Now I see in /var/etc/openvpn-csc/ a folder "1" with inside my cso files.
Many many many thanks!
Mario
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: [SOLVED] Just updated to 16.1.7 and openvpn does not work anymore
«
Reply #10 on:
March 18, 2016, 10:26:12 am »
Sorry about the hiccup and thanks for confirming it's back to normal. This fix will be added officially with 16.1.8 next week.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] Just updated to 16.1.7 and openvpn does not work anymore