Server Version Upgrade (Failure)

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
kennethy
OpenVpn Newbie
Posts: 6
Joined: Sun Sep 19, 2021 4:10 am

Server Version Upgrade (Failure)

Post by kennethy » Sun Sep 19, 2021 4:14 am

Hi Everyone,

I just upgraded our company OpenVPN Server form 2.8.8 to 2.9.4 following these steps:

apt update && apt -y install ca-certificates wget net-tools gnupg
wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
echo "deb http://as-repository.openvpn.net/as/debian bionic main">/etc/apt/sources.list.d/openvpn-as-repo.list
apt update && apt -y install openvpn-as

Now after the upgrade I cant access the Admin UI or even connect using the OpenVPN Connect. When I try my ip for the adminUI what it was before it takes me to the download page for the OpenVPN Connect but not the admin portal. I click admin portal and it takes me to the license agreement which I click agree but then it goes back to the download page.

I can see all our user profiles and groups are still on the server as well. I have all my db files backed up here: /usr/local/openvpn_as/etc/backup

What file or what should I do to bring back the UI? I am using Ubuntu 18.04 LTS and the IP with interfaces are all still the same.

Best,
Kenneth

kennethy
OpenVpn Newbie
Posts: 6
Joined: Sun Sep 19, 2021 4:10 am

Re: Server Version Upgrade (Failure)

Post by kennethy » Sun Sep 19, 2021 4:26 am

Also tried stopping the service. Then replace all the current files in the db folder with our ones I backed up. Then started the service again and still not working properly.

kennethy
OpenVpn Newbie
Posts: 6
Joined: Sun Sep 19, 2021 4:10 am

Re: Server Version Upgrade (Failure)

Post by kennethy » Sun Sep 19, 2021 4:39 am

Okay I have this page load up https://192.168.168.53:943/admin/status_overview and then I click agree for the license agreement but then it takes me back here instead: https://192.168.168.53:943/?src=connect

Before the upgrade we use to go to the admin UI via this link https://192.168.168.53/admin

kennethy
OpenVpn Newbie
Posts: 6
Joined: Sun Sep 19, 2021 4:10 am

Re: Server Version Upgrade (Failure)

Post by kennethy » Sun Sep 19, 2021 4:45 am

OKay another note tried this command to set the IP: root@vpn1:/usr/local/openvpn_as/scripts# sudo ./sacli --key "admin_ui.https.192.168.168.53" --value eth0 ConfigPut

When I check the config with sudo ./sacli ConfigQuery
I see the ip is
"admin_ui.https.0": "943",
"admin_ui.https.192.168.168.0": "eth0",
"admin_ui.https.192.168.168.1": "eth0",
"admin_ui.https.192.168.168.2": "eth0",
"admin_ui.https.ip_address": "eth0",

Everytime I try the add the ip I get another line 192.168.168... as you can see it went from 0 to 2 now but no .53.

kennethy
OpenVpn Newbie
Posts: 6
Joined: Sun Sep 19, 2021 4:10 am

Re: Server Version Upgrade (Failure)

Post by kennethy » Sun Sep 19, 2021 4:45 am

OKay another note tried this command to set the IP: root@vpn1:/usr/local/openvpn_as/scripts# sudo ./sacli --key "admin_ui.https.192.168.168.53" --value eth0 ConfigPut

When I check the config with sudo ./sacli ConfigQuery
I see the ip is
"admin_ui.https.0": "943",
"admin_ui.https.192.168.168.0": "eth0",
"admin_ui.https.192.168.168.1": "eth0",
"admin_ui.https.192.168.168.2": "eth0",
"admin_ui.https.ip_address": "eth0",

Everytime I try the add the ip I get another line 192.168.168... as you can see it went from 0 to 2 now but no .53.

It is the correct adapter as well eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.168.53 netmask 255.255.255.0 broadcast 192.168.168.255

I do see this when I execute ./sacli start an output.

Code: Select all

root@vpn1:/usr/local/openvpn_as/scripts# sudo ./sacli start
RunStart warm None
{
  "errors": {
    "iptables_live": [
      [
        "error",
        "NetInfoLinux: cannot determine which network interface owns the default route: svc/svc:675,sagent/wpsvc:184,sagent/iptlive:59,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,sagent/saccess:84,sagent/runxml:161,sagent/runxml:169,internet/defer:322,internet/defer:311,internet/defer:654,sagent/runxml:96,sagent/runxml:55,sagent/runxml:74,sagent/runxml:55,svc/svc:281,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:675,sagent/wpsvc:184,sagent/iptlive:59,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,util/error:105,util/error:86 (SVC_RUN_EXCEPT)"
      ]
    ],
    "iptables_openvpn": [
      [
        "error",
        "Service deferred error: NetInfoLinux: cannot determine which network interface owns the default route: internet/defer:654,sagent/ipts:159,sagent/iptvpn:178,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,sagent/runxml:161,sagent/runxml:169,internet/defer:322,internet/defer:311,internet/defer:654,sagent/runxml:96,sagent/runxml:55,sagent/runxml:74,sagent/runxml:55,svc/svc:281,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:675,sagent/ipts:210,sagent/ipts:150,internet/defer:322,internet/defer:311,internet/defer:654,sagent/ipts:159,sagent/iptvpn:178,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,util/error:105,util/error:86"
      ]
    ],
    "openvpn_0": [
      [
        "error",
        "NetInfoLinux: cannot determine which network interface owns the default route: svc/svc:675,sagent/vpnsvc:492,sagent/vpnsvc:88,sagent/vpnconfig:302,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,sagent/runxml:161,sagent/runxml:169,internet/defer:322,internet/defer:311,internet/defer:654,sagent/runxml:96,sagent/runxml:55,sagent/runxml:74,sagent/runxml:55,svc/svc:281,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:675,sagent/vpnsvc:492,sagent/vpnsvc:88,sagent/vpnconfig:302,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,util/error:105,util/error:86 (SVC_RUN_EXCEPT)"
      ]
    ],
    "openvpn_1": [
      [
        "error",
        "NetInfoLinux: cannot determine which network interface owns the default route: svc/svc:675,sagent/vpnsvc:492,sagent/vpnsvc:88,sagent/vpnconfig:302,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,internet/defer:654,sagent/runxml:96,sagent/runxml:55,sagent/runxml:74,sagent/runxml:55,svc/svc:281,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:675,sagent/vpnsvc:492,sagent/vpnsvc:88,sagent/vpnconfig:302,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,util/error:105,util/error:86 (SVC_RUN_EXCEPT)"
      ]
    ],
    "user": [
      [
        "error",
        "NetInfoLinux: cannot determine which network interface owns the default route: svc/svc:675,sagent/usersvc:1341,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,xml/authrpc:282,sagent/saccess:84,sagent/runxml:161,sagent/runxml:169,internet/defer:322,internet/defer:311,internet/defer:654,sagent/runxml:96,sagent/runxml:55,sagent/runxml:74,sagent/runxml:55,svc/svc:281,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:713,internet/defer:322,internet/defer:311,internet/defer:654,svc/svc:675,sagent/usersvc:1341,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,util/error:105,util/error:86 (SVC_RUN_EXCEPT)"
      ]
    ]
  },
  "last_restarted": "Sun Sep 19 03:46:53 2021",
  "service_status": {
    "api": "on",
    "auth": "on",
    "bridge": "on",
    "client_query": "on",
    "crl": "off. Error: [Error: service failed to start due to unresolved dependencies: {'user'}.]",
    "daemon_pre": "on",
    "db_push": "on",
    "ip6tables_live": "on",
    "ip6tables_openvpn": "on",
    "iptables_live": "off. Error: [Error: service failed to start due to unresolved dependencies: {'iptables_openvpn'}.]",
    "iptables_openvpn": "off. Error: [Error: Service deferred error: NetInfoLinux: cannot determine which network interface owns the default route: internet/defer:654,sagent/ipts:159,sagent/iptvpn:178,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,internet/_baseprocess:64,svc/pp:133,svc/svcnotify:42,internet/defer:460,internet/defer:568,internet/defer:654,util/defer:10,internet/defer:460,internet/defer:568,internet/defer:654,internet/defer:1116,internet/defer:460,internet/defer:568,internet/defer:654,svc/svc:675,sagent/ipts:210,sagent/ipts:150,internet/defer:322,internet/defer:311,internet/defer:654,sagent/ipts:159,sagent/iptvpn:178,sagent/vpnconfig:297,sagent/vpnconfig:290,sagent/vpnconfig:285,sagent/vpnconfig:281,sagent/vpnconfig:274,net/net:481,net/net:535,net/net:337,util/error:105,util/error:86.]",
    "iptables_web": "on",
    "log": "on",
    "openvpn_0": "off. Error: [Error: service failed to start due to unresolved dependencies: {'iptables_openvpn', 'iptables_live', 'user'}.]",
    "openvpn_1": "off. Error: [Error: service failed to start due to unresolved dependencies: {'iptables_openvpn', 'iptables_live', 'user'}.]",
    "subscription": "off. Error: [Error: service failed to start due to unresolved dependencies: {'user'}.]",
    "user": "off. Error: [Error: service failed to start due to unresolved dependencies: {'iptables_openvpn', 'iptables_live'}.]",
    "web": "on"
  }
}
WILL_RESTART []
ERROR: restart failed (ERRBACK)

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Server Version Upgrade (Failure)

Post by openvpn_inc » Sun Sep 19, 2021 9:26 am

Hello kennethy,

You have more than one network adapter configured with a default gateway. A default gateway implies there being only one - the default. You have a network configuration that has more than one default gateway. Please correct this by looking at your network interface configuration and removing the default gateway setting from all network interfaces except the main one that has Internet access. Then it should work alright.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

kennethy
OpenVpn Newbie
Posts: 6
Joined: Sun Sep 19, 2021 4:10 am

Re: Server Version Upgrade (Failure)

Post by kennethy » Mon Sep 20, 2021 3:34 am

Hello Johan.

Thank you for your reply. We have one adapter for our local network access within the office and the other adapter being used for public network access incoming.

I was able to get the server back up by downgrading back to 2.8.8. Will have to attempt this again when we are less busy again. Ah I had a feeling it went back to default. So I did not change anything just did an OpenVPN server upgrade is that what changed during the upgrade? As I was able to downgrade to the previous version. Then replaced all the db files and as.conf which brought it all back to normal. I thought that process would work as well right after the upragde.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Server Version Upgrade (Failure)

Post by openvpn_inc » Mon Sep 20, 2021 6:46 am

Hello kennethy,

The error message already indicates the problem. You have a default gateway configured one more than one network interface. Solve that issue and you can run latest version of Access Server without problems.

The downgrade process you followed will likely cause problems. The database format changed since 2.9. Now you may get error messages when running on 2.8 with the 2.9 databases. If you really wanted to a do a proper downgrade, you would have restored backups from the backup directory so that you can run 2.8 with 2.8 databases.

But really, all you need to do, is go into your network configuration, and fix the mistake with the default gateway being present on both network interfaces. Just go to that secondary network interface for local network access within the office, and remove the gateway setting from that network adapter, and either restart or trigger netplan apply or such to make the changes take effect. The gateway setting must only be on the network interface that has Internet access. If you correct this mistake, upgrade to 2.9.4 again, the problems will be gone.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply