Failed Up Bridge at boot

How to customize and extend your OpenVPN installation.
Post Reply
studyfranco
OpenVpn Newbie
Posts: 7
Joined: Tue Jul 11, 2017 6:44 am

Failed Up Bridge at boot

Post by studyfranco » Wed Jul 26, 2017 9:26 pm

Hello,

I continue to create a script for my proxmox.
My problem are initialization on boot. When I boot my up.sh give an error :

Code: Select all

Wed Jul 26 22:56:40 2017 us=335234 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 22 2017
Wed Jul 26 22:56:40 2017 us=335284 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Wed Jul 26 22:56:40 2017 us=335846 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Jul 26 22:56:40 2017 us=335917 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jul 26 22:56:40 2017 us=336753 Diffie-Hellman initialized with 2048 bit key
Wed Jul 26 22:56:40 2017 us=337966 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 26 22:56:40 2017 us=337992 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 26 22:56:40 2017 us=338011 TLS-Auth MTU parms [ L:1654 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Wed Jul 26 22:56:40 2017 us=338325 TUN/TAP device tap0 opened
Wed Jul 26 22:56:40 2017 us=338350 TUN/TAP TX queue length set to 100
Wed Jul 26 22:56:40 2017 us=338385 /etc/openvpn/up.sh tap0 1500 1654   init
vmbr1: ERROR while getting interface flags: No such device
bridge vmbr1 does not exist!
Wed Jul 26 22:56:40 2017 us=347860 WARNING: Failed running command (--up/--down): external program exited with error status: 1
Wed Jul 26 22:56:40 2017 us=347888 Exiting due to fatal error
So after when the boot are complete I start the server and this one initialize.

Code: Select all

Wed Jul 26 22:58:08 2017 us=467209 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 22 2017
Wed Jul 26 22:58:08 2017 us=467225 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Wed Jul 26 22:58:08 2017 us=467920 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Jul 26 22:58:08 2017 us=468024 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such a$
Wed Jul 26 22:58:08 2017 us=468046 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jul 26 22:58:08 2017 us=468347 Diffie-Hellman initialized with 2048 bit key
Wed Jul 26 22:58:08 2017 us=468881 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 26 22:58:08 2017 us=468901 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 26 22:58:08 2017 us=468916 TLS-Auth MTU parms [ L:1654 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Wed Jul 26 22:58:08 2017 us=469195 TUN/TAP device tap0 opened
Wed Jul 26 22:58:08 2017 us=469220 TUN/TAP TX queue length set to 100
Wed Jul 26 22:58:08 2017 us=469252 /etc/openvpn/up.sh tap0 1500 1654   init
Wed Jul 26 22:58:08 2017 us=476436 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Wed Jul 26 22:58:08 2017 us=477732 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Jul 26 22:58:08 2017 us=477790 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jul 26 22:58:08 2017 us=477824 UDPv4 link local (bound): [AF_INET]192.168.0.200:1200
Wed Jul 26 22:58:08 2017 us=477845 UDPv4 link remote: [AF_UNSPEC]
Wed Jul 26 20:58:08 2017 us=477888 chroot to '/etc/openvpn/jail' and cd to '/' succeeded
Wed Jul 26 20:58:08 2017 us=477924 GID set to nogroup
Wed Jul 26 20:58:08 2017 us=477948 UID set to nobody
Wed Jul 26 20:58:08 2017 us=477978 MULTI: multi_init called, r=256 v=256
Wed Jul 26 20:58:08 2017 us=478073 IFCONFIG POOL: base=10.0.1.1 size=2046, ipv6=0
Wed Jul 26 20:58:08 2017 us=478111 IFCONFIG POOL LIST
Wed Jul 26 20:58:08 2017 us=478177 Initialization Sequence Completed
I am on proxmox 5.

My up.sh :

Code: Select all

#!/bin/bash

/sbin/ifconfig vmbr1 promisc
/sbin/ifconfig tap0 up promisc
/sbin/brctl addif vmbr1 tap0
My network/interfaces are :

Code: Select all

auto lo
iface lo inet loopback

iface ens33 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.0.200
        netmask 255.255.255.0
        gateway 192.168.0.254
        bridge_ports ens33
        bridge_stp off
        bridge_fd 0
auto vmbr1
iface vmbr1 inet static
        address  10.0.0.1
        netmask  255.0.0.0
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0

I think it's openvpn run before bridge interface.

Any idea ?
Thank's !

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2830
Joined: Fri Jun 03, 2016 1:17 pm

Re: Failed Up Bridge at boot

Post by TinCanTech » Wed Jul 26, 2017 9:52 pm

Re: Failed Up Bridge at boot

Your Up Bridge script is not run at boot ..

studyfranco
OpenVpn Newbie
Posts: 7
Joined: Tue Jul 11, 2017 6:44 am

Re: Failed Up Bridge at boot

Post by studyfranco » Mon Aug 07, 2017 5:39 pm

My up script run with the config of my openvpn server.

my server.conf

Code: Select all

local $IPMachine
port $VPNPort
proto udp
dev tap0
ca ca.crt
cert $NomMachine.crt
key $NomMachine.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.0.0.1 255.0.0.0 10.0.1.1 10.0.8.254
client-config-dir cdd
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
mssfix
status openvpn-status.log
log-append openvpn.log
verb 4
mode server
tls-server
script-security 2
chroot /etc/openvpn/jail
up "/etc/openvpn/up.sh"
down "/etc/openvpn/down.sh"
push "explicit-exit-notify 3"

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2830
Joined: Fri Jun 03, 2016 1:17 pm

Re: Failed Up Bridge at boot

Post by TinCanTech » Mon Aug 07, 2017 7:39 pm

Make sure your network is configured before you start openvpn .. maybe with a service dependency.

studyfranco
OpenVpn Newbie
Posts: 7
Joined: Tue Jul 11, 2017 6:44 am

Re: Failed Up Bridge at boot

Post by studyfranco » Sat Aug 12, 2017 2:20 pm

I have already search this option. But don't know change that.

But I test this solution :

Code: Select all

update-rc.d -f openvpn disable
update-rc.d -f mysql disable
update-rc.d -f firewall disable
echo '#! /bin/sh
### BEGIN INIT INFO
# Provides:          LauchScript
# Required-Start:    $all
# Required-Stop:     $local_fs $remote_fs $syslog $network
# Should-Stop:       $named $time network-manager
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start/stop les services essenssiels de la machine
# Description:       Start/stop 
### END INIT INFO


command="$1"
case "$command" in
        start|force-start)
                sleep 40
                systemctl start openvpn
                sleep 2
                systemctl start mysql
                sleep 2
                systemctl start firewall
                return 0
                ;;

        restart|force-restart|reload|force-reload)
                systemctl stop firewall
                systemctl stop mysql
                systemctl stop openvpn
                sleep 3
                systemctl start openvpn
                sleep 2
                systemctl start mysql
                sleep 2
                systemctl start firewall
                return 0
                ;;
        stop)
                systemctl stop firewall
                systemctl stop mysql
                systemctl stop openvpn
                return 0  
                ;;
 
        status)
                systemctl status openvpn
                systemctl status mysql
                systemctl status firewall
                return 0
                ;;
        *)
esac' > /etc/init.d/lauchscript
chmod 700 /etc/init.d/lauchscript
update-rc.d lauchscript defaults
It's work fine. But it's not the best way I think.
Any other idea ?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2830
Joined: Fri Jun 03, 2016 1:17 pm

Re: Failed Up Bridge at boot

Post by TinCanTech » Sat Aug 12, 2017 2:22 pm

I would switch to systemd ..

studyfranco
OpenVpn Newbie
Posts: 7
Joined: Tue Jul 11, 2017 6:44 am

Re: Failed Up Bridge at boot

Post by studyfranco » Sun Aug 13, 2017 11:39 am

I used this solution. But now I have a another problem.
Multicast does not want run. I have only unicast signal.

studyfranco
OpenVpn Newbie
Posts: 7
Joined: Tue Jul 11, 2017 6:44 am

Re: Failed Up Bridge at boot

Post by studyfranco » Sun Aug 13, 2017 3:18 pm

This topic are solved.
Thank's for your help.

Post Reply