Cant start ovpn strange error in log

Hi i have configured ovpn but i cant start the service and the start button is greyed out, tried to se the log but it is filled with this message

less /var/log/messages | grep openvpn

when last update time is 1714228804 (minimum one second step)
Apr 27 16:40:33 artemis collectd[20932]: rrdtool plugin: rrd_update_r failed: /var/log/rrd/collectd/localhost/processes-openvpn/ps_cputime.rrd: /var/log/rrd/collectd/localhost/processes-openvpn/ps_cputime.rrd: illegal attempt to update using time 1714228803 when last update time is 1714228804 (minimum one second step)
[root@artemis ~]#

I do suspect something regarding this might be the problem , anyone have any idea what to try ?

@hahnson Not an expert at all, however, looking at those entries, it looks for all the world like the time on your IPFire is out somehow.

1 Like

Yeah that sorry was the first thing i checked, date gives the same date and time as is correct


i also see in the log it is continously spamming the error about every minute,

Perhaps i should try reinstalling the ipfirebox, as i remember it is not very hard nor consuming exporting the config

The log message shown is about a problem related to creating the data for the openvpn cpu time graph.

The message shown has nothing in it about why openvpn is not starting.

The best approach is first to try and start openvpn and then go to the WUI menu Logs - System Logs. Then in the drop down box labelled Section: select OpenVPN and press the Update button.

Then post the logs using the Preformatted text option on the forum post menu bar, which is the symbol </>
Those logs should give some hint as to what is stopping openvpn from starting.

1 Like


Thanks, i checked there and there are som entrys from when i rebooted this morning

IPFire diagnostics
Section: openvpn
Date: April 28, 2024

10:41:38 openvpnserver[2525]:  DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
10:41:38 openvpnserver[2525]:  Options error: --server directive network/netmask combination is invalid
10:41:38 openvpnserver[2525]:  Use --help for more information.

Have i configured wrong maybe? This is what my config looks like

for external IP i have entered my public IP

The first DEPRECATED OPTION warning is because IPFire currently is still using the ncp-disable option. So that can be ignored.

The second line is the problem. The network/netmask of is said to be invalid.

Have you used as the subnet for your green or blue or orange networks?

The OpenVPN subnet has to be a unique subnet not overlapping with any other subnet you are already using in IPFire.

See the documentation on the OpenVPN subnet entry

Hi thanks, yes i dont use that subnet on any interface , just to be perfectly sure i set it to now, but still same problem / message int the log

Can you show the contents of


[root@artemis ~]# cat /var/ipfire/ovpn/server.conf
#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/
#DAN prepare OpenVPN for listening on blue and orange
dev tun
proto udp
port 1195
script-security 3
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /etc/ssl/ffdhe4096.pem
tun-mtu 1400
mssfix 0
keepalive 10 60
status-version 1
status /var/run/ovpnserver.log 30
cipher AES-256-GCM
auth SHA256
tls-version-min 1.2
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
reneg-sec 86400
user nobody
group nobody
verb 3

Log clients connecting/disconnecting

client-connect “/usr/sbin/openvpn-metrics client-connect”
client-disconnect “/usr/sbin/openvpn-metrics client-disconnect”

Enable Management Socket

management /var/run/openvpn.sock unix


There is nothing in that server.conf that should cause a problem.

I just tried the subnet of on my vm testbed system and OpernVPN started without any problem.

Searching on that log message it is saying that the OpenVPN server has found that the subnet overlaps, however small, with another subnet used somewhere on your IPFire.

Can you please show the output from this command, excluding the lo and red0 results.

ip address show

I am presuming that your red0 interface has a public IP and not a private range IP but can you please confirm this.