On 3 of my APUs with IPFire 2.25 (x86_64) - Core Update 153, i can’t restart openvpn over the webgui. Openvpn couldn’t bind the socket for port 1194:
Feb 28 11:50:28 ipfire1 openvpnserver[25373]: OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 18 2020
Feb 28 11:50:28 ipfire1 openvpnserver[25373]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.09
Feb 28 11:50:28 ipfire1 openvpnserver[25374]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 28 11:50:28 ipfire1 openvpnserver[25374]: Diffie-Hellman initialized with 4096 bit key
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: ROUTE_GATEWAY 192.168.115.254/255.255.255.0 IFACE=red0 HWADDR=00:0d:b9:45:ca:c8
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: TUN/TAP device tun1 opened
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip link set dev tun1 up mtu 1472
Feb 28 11:50:29 ipfire1 charon: 01[KNL] interface tun1 activated
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip link set dev tun1 up
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip addr add dev tun1 local 10.97.111.1 peer 10.97.111.2
Feb 28 11:50:29 ipfire1 charon: 11[KNL] 10.97.111.1 appeared on tun1
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip route add 10.97.111.0/24 via 10.97.111.2
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Exiting due to fatal error
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip route del 10.97.111.0/24
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: Closing TUN/TAP interface
Feb 28 11:50:29 ipfire1 openvpnserver[25374]: /sbin/ip addr del dev tun1 local 10.97.111.1 peer 10.97.111.2
Feb 28 11:50:29 ipfire1 charon: 12[KNL] 10.97.111.1 disappeared from tun1
Feb 28 11:50:29 ipfire1 charon: 06[KNL] interface tun1 deactivated
Feb 28 11:50:29 ipfire1 charon: 10[KNL] interface tun1 deleted
Feb 28 11:50:29 ipfire1 root: Could not find a bridged zone for tun1
Feb 28 11:50:29 ipfire1 codel: Codel AQM could not be enabled on 'tun1'. Error code: 1
The APUs must restart for a working openvpn service. Is it possible that the cgi script can’t delete the socket if i restart openvpn?