Fresh installation core 160.
without static IP address pool
Below logs after first start OpenVPN server (without static address pool)
IPFire diagnostics
Section: openvpn
Date: October 26, 2021
14:24:31 openvpnserver[6588]: Initialization Sequence Completed
14:24:31 openvpnserver[6588]: IFCONFIG POOL LIST
14:24:31 openvpnserver[6588]: IFCONFIG POOL IPv4: base=10.45.168.4 size=62
14:24:31 openvpnserver[6588]: MULTI: multi_init called, r=256 v=256
14:24:31 openvpnserver[6588]: UID set to nobody
14:24:31 openvpnserver[6588]: GID set to nobody
14:24:31 openvpnserver[6588]: UDPv4 link remote: [AF_UNSPEC]
14:24:31 openvpnserver[6588]: UDPv4 link local (bound): [AF_INET][undef]:1194
14:24:31 openvpnserver[6588]: Socket Buffers: R=[212992->212992] S=[212992->212992]
14:24:31 openvpnserver[6588]: Could not determine IPv4/IPv6 protocol. Using AF_INET
14:24:31 openvpnserver[6588]: /sbin/ip route add 10.45.168.0/24 via 10.45.168.2
14:24:31 openvpnserver[6588]: /sbin/ip addr add dev tun0 local 10.45.168.1 peer 10.45.168.2
14:24:31 openvpnserver[6588]: /sbin/ip link set dev tun0 up
14:24:31 openvpnserver[6588]: /sbin/ip link set dev tun0 up mtu 1500
14:24:31 openvpnserver[6588]: TUN/TAP device tun0 opened
14:24:31 openvpnserver[6588]: ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=red0 HWADDR=08:00:27:cd:e2:aa
14:24:31 openvpnserver[6588]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
14:24:31 openvpnserver[6588]: Diffie-Hellman initialized with 2048 bit key
14:24:31 openvpnserver[6588]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
14:24:31 openvpnserver[6588]: WARNING: --keepalive option is missing from server config
14:24:31 openvpnserver[6587]: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
14:24:31 openvpnserver[6587]: OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 4 2021
14:24:31 openvpnserver[6587]: WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
14:24:31 openvpnserver[6587]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
After click stop OpenVPN server (without static address pool)
14:35:24 openvpnserver[8278]: SIGTERM[hard,] received, process exiting
14:35:24 openvpnserver[8278]: Linux ip addr del failed: external program exited with error status: 2
14:35:24 openvpnserver[8278]: /sbin/ip addr del dev tun0 local 10.45.168.1 peer 10.45.168.2
14:35:24 openvpnserver[8278]: Closing TUN/TAP interface
14:35:24 openvpnserver[8278]: ERROR: Linux route delete command failed: external program exited with error sta tus: 2
14:35:24 openvpnserver[8278]: /sbin/ip route del 10.45.168.0/24
14:35:24 openvpnserver[8278]: event_wait : Interrupted system call (code=4)
Below after add static address pool
and after click start OpenVPN server (with static address pool)
14:51:38 openvpnserver[11171]: Initialization Sequence Completed
14:51:38 openvpnserver[11171]: IFCONFIG POOL LIST
14:51:38 openvpnserver[11171]: IFCONFIG POOL IPv4: base=10.45.168.4 size=62
14:51:38 openvpnserver[11171]: MULTI: multi_init called, r=256 v=256
14:51:38 openvpnserver[11171]: UID set to nobody
14:51:38 openvpnserver[11171]: GID set to nobody
14:51:38 openvpnserver[11171]: UDPv4 link remote: [AF_UNSPEC]
14:51:38 openvpnserver[11171]: UDPv4 link local (bound): [AF_INET][undef]:1194
14:51:38 openvpnserver[11171]: Socket Buffers: R=[212992->212992] S=[212992->212992]
14:51:38 openvpnserver[11171]: Could not determine IPv4/IPv6 protocol. Using AF_INET
14:51:37 openvpnserver[11171]: /sbin/ip route add 10.45.168.0/24 via 10.45.168.2
14:51:37 openvpnserver[11171]: /sbin/ip route add 192.168.254.0/24 via 10.45.168.2
14:51:37 openvpnserver[11171]: /sbin/ip addr add dev tun0 local 10.45.168.1 peer 10.45.168.2
14:51:37 openvpnserver[11171]: /sbin/ip link set dev tun0 up
14:51:37 openvpnserver[11171]: /sbin/ip link set dev tun0 up mtu 1500
14:51:37 openvpnserver[11171]: TUN/TAP device tun0 opened
14:51:37 openvpnserver[11171]: ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=red0 HWADDR=08:00:27:cd:e2:aa
14:51:37 openvpnserver[11171]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
14:51:37 openvpnserver[11171]: Diffie-Hellman initialized with 2048 bit key
14:51:37 openvpnserver[11171]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
14:51:37 openvpnserver[11171]: WARNING: --keepalive option is missing from server config
14:51:37 openvpnserver[11170]: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
14:51:37 openvpnserver[11170]: OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINF O] [AEAD] built on Oct 4 2021
14:51:37 openvpnserver[11170]: WARNING: --topology net30 support for server configs with IPv4 pools will be rem oved in a future release. Please migrate to --topology subnet as soon as possibl e.
14:51:37 openvpnserver[11170]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated deb ug feature that will be removed in OpenVPN 2.6
after click stop OpenVPN server (with static address pool)
14:55:51 openvpnserver[11171]: SIGTERM[hard,] received, process exiting
14:55:51 openvpnserver[11171]: Linux ip addr del failed: external program exited with error status: 2
14:55:51 openvpnserver[11171]: /sbin/ip addr del dev tun0 local 10.45.168.1 peer 10.45.168.2
14:55:51 openvpnserver[11171]: Closing TUN/TAP interface
14:55:51 openvpnserver[11171]: ERROR: Linux route delete command failed: external program exited with error sta tus: 2
14:55:51 openvpnserver[11171]: /sbin/ip route del 10.45.168.0/24
14:55:51 openvpnserver[11171]: ERROR: Linux route delete command failed: external program exited with error sta tus: 2
14:55:51 openvpnserver[11171]: /sbin/ip route del 192.168.254.0/24
14:55:51 openvpnserver[11171]: event_wait : Interrupted system call (code=4
Below after adding routing to subnet same as subnet static address pool (in Advanced client options)
Note: Obviously, such entry is incorrect.
after start OpenVPN server
15:40:37 openvpnserver[19096]: Initialization Sequence Completed
15:40:37 openvpnserver[19096]: IFCONFIG POOL LIST
15:40:37 openvpnserver[19096]: IFCONFIG POOL IPv4: base=10.45.168.4 size=62
15:40:37 openvpnserver[19096]: MULTI: multi_init called, r=256 v=256
15:40:37 openvpnserver[19096]: UID set to nobody
15:40:37 openvpnserver[19096]: GID set to nobody
15:40:37 openvpnserver[19096]: UDPv4 link remote: [AF_UNSPEC]
15:40:37 openvpnserver[19096]: UDPv4 link local (bound): [AF_INET][undef]:1194
15:40:37 openvpnserver[19096]: Socket Buffers: R=[212992->212992] S=[212992->212992]
15:40:37 openvpnserver[19096]: Could not determine IPv4/IPv6 protocol. Using AF_INET
15:40:37 openvpnserver[19096]: /sbin/ip route add 10.45.168.0/24 via 10.45.168.2
15:40:37 openvpnserver[19096]: ERROR: Linux route add command failed: external program exited with error status : 2
15:40:37 openvpnserver[19096]: /sbin/ip route add 192.168.254.0/24 via 10.45.168.2
15:40:37 openvpnserver[19096]: /sbin/ip route add 192.168.254.0/24 via 10.45.168.2
15:40:37 openvpnserver[19096]: /sbin/ip addr add dev tun0 local 10.45.168.1 peer 10.45.168.2
15:40:37 openvpnserver[19096]: /sbin/ip link set dev tun0 up
15:40:37 openvpnserver[19096]: /sbin/ip link set dev tun0 up mtu 1500
15:40:37 openvpnserver[19096]: TUN/TAP device tun0 opened
15:40:37 openvpnserver[19096]: ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=red0 HWADDR=08:00:27:cd:e2:aa
15:40:37 openvpnserver[19096]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
15:40:37 openvpnserver[19096]: Diffie-Hellman initialized with 2048 bit key
15:40:37 openvpnserver[19096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
15:40:37 openvpnserver[19096]: WARNING: --keepalive option is missing from server config
15:40:37 openvpnserver[19095]: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
15:40:37 openvpnserver[19095]: OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINF O] [AEAD] built on Oct 4 2021
15:40:37 openvpnserver[19095]: WARNING: --topology net30 support for server configs with IPv4 pools will be rem oved in a future release. Please migrate to --topology subnet as soon as possibl e.
15:40:37 openvpnserver[19095]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated deb ug feature that will be removed in OpenVPN 2.6
after click stop OpenVPN server
15:42:29 openvpnserver[19096]: SIGTERM[hard,] received, process exiting
15:42:29 openvpnserver[19096]: Linux ip addr del failed: external program exited with error status: 2
15:42:29 openvpnserver[19096]: /sbin/ip addr del dev tun0 local 10.45.168.1 peer 10.45.168.2
15:42:29 openvpnserver[19096]: Closing TUN/TAP interface
15:42:29 openvpnserver[19096]: ERROR: Linux route delete command failed: external program exited with error sta tus: 2
15:42:29 openvpnserver[19096]: /sbin/ip route del 10.45.168.0/24
15:42:29 openvpnserver[19096]: ERROR: Linux route delete command failed: external program exited with error sta tus: 2
15:42:29 openvpnserver[19096]: /sbin/ip route del 192.168.254.0/24
15:42:29 openvpnserver[19096]: ERROR: Linux route delete command failed: external program exited with error sta tus: 2
15:42:29 openvpnserver[19096]: /sbin/ip route del 192.168.254.0/24
15:42:29 openvpnserver[19096]: event_wait : Interrupted system call (code=4)
I guess the above data explains “when” (When the OpenVPN server stops)
and maybe it will help in the analysis for smarter folks than me, to answer “why”.
Edit
I made another test:
I stopped the OpenVPN server.
I deleted “user nobody”, “group nobody” in /var/ipfire/openvpn/server.conf file.
After start OpenVPN server
16:48:13 openvpnserver[6819]: Initialization Sequence Completed
16:48:13 openvpnserver[6819]: IFCONFIG POOL LIST
16:48:13 openvpnserver[6819]: IFCONFIG POOL IPv4: base=10.45.168.4 size=62
16:48:13 openvpnserver[6819]: MULTI: multi_init called, r=256 v=256
16:48:13 openvpnserver[6819]: UDPv4 link remote: [AF_UNSPEC]
16:48:13 openvpnserver[6819]: UDPv4 link local (bound): [AF_INET][undef]:1194
16:48:13 openvpnserver[6819]: Socket Buffers: R=[212992->212992] S=[212992->212992]
16:48:13 openvpnserver[6819]: Could not determine IPv4/IPv6 protocol. Using AF_INET
16:48:13 openvpnserver[6819]: /sbin/ip route add 10.45.168.0/24 via 10.45.168.2
16:48:13 openvpnserver[6819]: /sbin/ip route add 192.168.254.0/24 via 10.45.168.2
16:48:13 openvpnserver[6819]: /sbin/ip addr add dev tun0 local 10.45.168.1 peer 10.45.168.2
16:48:13 openvpnserver[6819]: /sbin/ip link set dev tun0 up
16:48:13 openvpnserver[6819]: /sbin/ip link set dev tun0 up mtu 1500
16:48:13 openvpnserver[6819]: TUN/TAP device tun0 opened
16:48:13 openvpnserver[6819]: ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=red0 HWADDR=08:00:27:cd:e2:aa
16:48:13 openvpnserver[6819]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
16:48:13 openvpnserver[6819]: Diffie-Hellman initialized with 2048 bit key
16:48:13 openvpnserver[6819]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
16:48:13 openvpnserver[6819]: WARNING: --keepalive option is missing from server config
16:48:13 openvpnserver[6818]: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
16:48:13 openvpnserver[6818]: OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINF O] [AEAD] built on Oct 4 2021
16:48:13 openvpnserver[6818]: WARNING: --topology net30 support for server configs with IPv4 pools will be rem oved in a future release. Please migrate to --topology subnet as soon as possibl e.
16:48:13 openvpnserver[6818]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated deb ug feature that will be removed in OpenVPN 2.6
After stop OpenVPN server
16:55:24 openvpnserver[6819]: SIGTERM[hard,] received, process exiting
16:55:24 openvpnserver[6819]: /sbin/ip addr del dev tun0 local 10.45.168.1 peer 10.45.168.2
16:55:24 openvpnserver[6819]: Closing TUN/TAP interface
16:55:24 openvpnserver[6819]: /sbin/ip route del 10.45.168.0/24
16:55:24 openvpnserver[6819]: /sbin/ip route del 192.168.254.0/24
16:55:24 openvpnserver[6819]: event_wait : Interrupted system call (code=4)
No errors
As I wrote above - I leave the conclusions to those smarter than me.