Restart OpenVPN over webgui

Virtual Private Networks OpenVPN
1

On 3 of my APUs with IPFire 2.25 (x86_64) - Core Update 153, i can’t restart openvpn over the webgui. Openvpn couldn’t bind the socket for port 1194:

    Feb 28 11:50:28 ipfire1 openvpnserver[25373]: OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 18 2020
    Feb 28 11:50:28 ipfire1 openvpnserver[25373]: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.09
    Feb 28 11:50:28 ipfire1 openvpnserver[25374]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Feb 28 11:50:28 ipfire1 openvpnserver[25374]: Diffie-Hellman initialized with 4096 bit key
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: ROUTE_GATEWAY 192.168.115.254/255.255.255.0 IFACE=red0 HWADDR=00:0d:b9:45:ca:c8
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: TUN/TAP device tun1 opened
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip link set dev tun1 up mtu 1472
    Feb 28 11:50:29 ipfire1 charon: 01[KNL] interface tun1 activated 
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip link set dev tun1 up
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip addr add dev tun1 local 10.97.111.1 peer 10.97.111.2
    Feb 28 11:50:29 ipfire1 charon: 11[KNL] 10.97.111.1 appeared on tun1 
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip route add 10.97.111.0/24 via 10.97.111.2
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Could not determine IPv4/IPv6 protocol. Using AF_INET
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Socket Buffers: R=[212992->212992] S=[212992->212992]
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Exiting due to fatal error
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip route del 10.97.111.0/24
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Closing TUN/TAP interface
    Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip addr del dev tun1 local 10.97.111.1 peer 10.97.111.2
    Feb 28 11:50:29 ipfire1 charon: 12[KNL] 10.97.111.1 disappeared from tun1 
    Feb 28 11:50:29 ipfire1 charon: 06[KNL] interface tun1 deactivated 
    Feb 28 11:50:29 ipfire1 charon: 10[KNL] interface tun1 deleted 
    Feb 28 11:50:29 ipfire1 root: Could not find a bridged zone for tun1
    Feb 28 11:50:29 ipfire1 codel: Codel AQM could not be enabled on 'tun1'. Error code: 1

The APUs must restart for a working openvpn service. Is it possible that the cgi script can’t delete the socket if i restart openvpn?

2

Hi @frickelpit

This seems the critical bit, where it says Address already in use. Is something else already listening on Port 1194

You could try

sudo netstat -tulpn

and see if something other than openvpn is associated with Port 1194

On my system I see with OpenVPN started

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           5127/openvpn

and 1194 is not shown at all if OpenVPN is turned off.

3

Aaah… same subnet but with another pc, there is no issue to start and stop openvpn :see_no_evil:
Yesterday i tried several browser (FF, IE, Chrome) with no luck. I think there is a problem with the VM from which i tested this :thinking: