[SOLVED] 21.1.8 openvpn server startup failure

Started by agh1701, July 09, 2021, 02:46:10 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 09, 2021, 02:46:10 AM Last Edit: July 12, 2021, 03:50:15 PM by agh1701
Hi All,

I jus upgraded from 21.1.7 to 21.1.8 and my openvpn server faild to start with the below log.

My subnet is a /29 so the startup command should be
Code Select
/sbin/ifconfig ovpns1 192.168.1.241 192.168.1.246 mtu 1500 netmask 255.255.255.255 up

But this is what is happening.
Code Select
2021-07-08T20:16:53 openvpn[5628] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpns1 1500 1622 192.168.1.241 192.168.1.242 init
2021-07-08T20:16:53 openvpn[5628] Exiting due to fatal error
2021-07-08T20:16:53 openvpn[5628] IPv4 pool size is too small (1), must be at least 2
2021-07-08T20:16:53 openvpn[5628] UDPv4 link remote: [AF_UNSPEC]
2021-07-08T20:16:53 openvpn[5628] UDPv4 link local (bound): [AF_INET]65.185.18.45:1194
2021-07-08T20:16:53 openvpn[5628] Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-07-08T20:16:51 openvpn[5628] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpns1 1500 1622 192.168.1.241 192.168.1.242 init
2021-07-08T20:16:51 openvpn[5628] /sbin/ifconfig ovpns1 192.168.1.241 192.168.1.242 mtu 1500 netmask 255.255.255.255 up
2021-07-08T20:16:51 openvpn[5628] TUN/TAP device /dev/tun1 opened
2021-07-08T20:16:51 openvpn[5628] TUN/TAP device ovpns1 exists previously, keep at program end
2021-07-08T20:16:51 openvpn[5628] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-07-08T20:16:51 openvpn[94954] library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-07-08T20:16:51 openvpn[94954] OpenVPN 2.5.3 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 6 2021
2021-07-08T20:16:51 openvpn[94954] DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2021-07-08T20:16:51 openvpn[94954] WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2021-07-08T20:16:51 openvpn[94954] WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

Please note the 192.168.1.241 instead of 192.168.1.246.

Thanks
July 09, 2021, 06:21:48 AM #1
Do you have anything in Advanced Options?
July 09, 2021, 02:30:24 PM #2
Yes
Code Select
push "route 192.168.100.0 255.255.255.0"
July 09, 2021, 07:23:33 PM #3
you really need to use '--topology net30' with /29 tunnel?
can you change tunnel  network to /28 or (its better imho) switch to '--topology subnet'?

July 10, 2021, 05:21:57 PM #4
@mimugmail it makes no difference if ii remove the advance command or not.  Parsing problem?
July 12, 2021, 03:49:50 PM #5
@Fright, Thank you checking the topology box solved the problem.  I'm getting slow in my old age.
Print
Go Up Pages1
User actions