Openvpn try to restart all the time

louarn · Post by **louarn** » Wed Oct 21, 2020 2:52 pm

Hi all.

I'm writing here because I have two problems with my openvpn server.

First : It try to restart all the time.

Oct 21 16:27:30  bastion systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.
Oct 21 16:27:30  bastion systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 34065.
Oct 21 16:27:30  bastion systemd[1]: Stopped OpenVPN connection to server.
Oct 21 16:27:30  bastion systemd[1]: Starting OpenVPN connection to server...
Oct 21 16:27:30  bastion ovpn-server[23841]: Current Parameter Settings:
Oct 21 16:27:30  bastion ovpn-server[23841]:   config = '/etc/openvpn/server.conf'
Oct 21 16:27:30  bastion ovpn-server[23841]:   mode = 1
Oct 21 16:27:30  bastion ovpn-server[23841]:   persist_config = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   persist_mode = 1
Oct 21 16:27:30  bastion ovpn-server[23841]:   show_ciphers = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   show_digests = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   show_engines = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   genkey = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   key_pass_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   show_tls_ciphers = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   connect_retry_max = 0
Oct 21 16:27:30  bastion ovpn-server[23841]: Connection profiles [0]:
Oct 21 16:27:30  bastion ovpn-server[23841]:   proto = udp
Oct 21 16:27:30  bastion ovpn-server[23841]:   local = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   local_port = '1194'
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_port = '1194'
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_float = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   bind_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   bind_local = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   bind_ipv6_only = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   connect_retry_seconds = 5
Oct 21 16:27:30  bastion ovpn-server[23841]:   connect_timeout = 120
Oct 21 16:27:30  bastion ovpn-server[23841]:   socks_proxy_server = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   socks_proxy_port = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   tun_mtu = 1500
Oct 21 16:27:30  bastion ovpn-server[23841]:   tun_mtu_defined = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   link_mtu = 1500
Oct 21 16:27:30  bastion ovpn-server[23841]:   link_mtu_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   tun_mtu_extra = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   tun_mtu_extra_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   mtu_discover_type = -1
Oct 21 16:27:30  bastion ovpn-server[23841]:   fragment = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   mssfix = 1450
Oct 21 16:27:30  bastion ovpn-server[23841]:   explicit_exit_notification = 1
Oct 21 16:27:30  bastion ovpn-server[23841]: Connection profiles END
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_random = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   ipchange = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   dev = 'tun'
Oct 21 16:27:30  bastion ovpn-server[23841]:   dev_type = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   dev_node = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   lladdr = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   topology = 3
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_local = '10.8.0.1'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_remote_netmask = '255.255.0.0'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_noexec = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_nowarn = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_ipv6_local = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_ipv6_netbits = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_ipv6_remote = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   shaper = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   mtu_test = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   mlock = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   keepalive_ping = 10
Oct 21 16:27:30  bastion ovpn-server[23841]:   keepalive_timeout = 120
Oct 21 16:27:30  bastion ovpn-server[23841]:   inactivity_timeout = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   ping_send_timeout = 10
Oct 21 16:27:30  bastion ovpn-server[23841]:   ping_rec_timeout = 240
Oct 21 16:27:30  bastion ovpn-server[23841]:   ping_rec_timeout_action = 2
Oct 21 16:27:30  bastion ovpn-server[23841]:   ping_timer_remote = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   remap_sigusr1 = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   persist_tun = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   persist_local_ip = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   persist_remote_ip = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   persist_key = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   passtos = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   resolve_retry_seconds = 1000000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   resolve_in_advance = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   username = 'nobody'
Oct 21 16:27:30  bastion ovpn-server[23841]:   groupname = 'nogroup'
Oct 21 16:27:30  bastion ovpn-server[23841]:   chroot_dir = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   cd_dir = '/etc/openvpn'
Oct 21 16:27:30  bastion ovpn-server[23841]:   writepid = '/run/openvpn/server.pid'
Oct 21 16:27:30  bastion ovpn-server[23841]:   up_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   down_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   down_pre = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   up_restart = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   up_delay = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   daemon = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   inetd = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   log = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   suppress_timestamps = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   machine_readable_output = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   nice = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   verbosity = 5
Oct 21 16:27:30  bastion ovpn-server[23841]:   mute = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   gremlin = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   status_file = 'openvpn-status.log'
Oct 21 16:27:30  bastion ovpn-server[23841]:   status_file_version = 1
Oct 21 16:27:30  bastion ovpn-server[23841]:   status_file_update_freq = 10
Oct 21 16:27:30  bastion ovpn-server[23841]:   occ = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   rcvbuf = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   sndbuf = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   mark = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   sockflags = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   fast_io = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   comp.alg = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   comp.flags = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_default_gateway = '10.8.0.2'
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_default_metric = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_noexec = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_delay = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_delay_window = 30
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_delay_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_nopull = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   route_gateway_via_dhcp = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   allow_pull_fqdn = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   route 10.8.10.0/255.255.255.0/default (not set)/default (not set)
Oct 21 16:27:30  bastion ovpn-server[23841]:   route 10.8.4.0/255.255.255.0/default (not set)/default (not set)
Oct 21 16:27:30  bastion ovpn-server[23841]:   route 10.8.3.0/255.255.255.0/default (not set)/default (not set)
Oct 21 16:27:30  bastion ovpn-server[23841]:   route 10.8.2.0/255.255.255.0/default (not set)/default (not set)
Oct 21 16:27:30  bastion ovpn-server[23841]:   route 10.8.1.0/255.255.255.0/default (not set)/default (not set)
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_addr = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_port = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_user_pass = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_log_history_cache = 250
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_echo_buffer_size = 100
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_write_peer_info_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_client_user = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_client_group = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   management_flags = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   shared_secret_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   key_direction = not set
Oct 21 16:27:30  bastion ovpn-server[23841]:   ciphername = 'AES-256-CBC'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ncp_enabled = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Oct 21 16:27:30  bastion ovpn-server[23841]:   authname = 'SHA512'
Oct 21 16:27:30  bastion ovpn-server[23841]:   prng_hash = 'SHA1'
Oct 21 16:27:30  bastion ovpn-server[23841]:   prng_nonce_secret_len = 16
Oct 21 16:27:30  bastion ovpn-server[23841]:   keysize = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   engine = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   replay = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   mute_replay_warnings = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   replay_window = 64
Oct 21 16:27:30  bastion ovpn-server[23841]:   replay_time = 15
Oct 21 16:27:30  bastion ovpn-server[23841]:   packet_id_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   use_iv = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   test_crypto = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_server = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_client = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   key_method = 2
Oct 21 16:27:30  bastion ovpn-server[23841]:   ca_file = 'ca.crt'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ca_path = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   dh_file = 'dh.pem'
Oct 21 16:27:30  bastion ovpn-server[23841]:   cert_file = 'server.crt'
Oct 21 16:27:30  bastion ovpn-server[23841]:   extra_certs_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   priv_key_file = 'server.key'
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs12_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   cipher_list = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   cipher_list_tls13 = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_cert_profile = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_verify = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_export_cert = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   verify_x509_type = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   verify_x509_name = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   crl_file = 'crl.pem'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ns_cert_type = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_ku[i] = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   remote_cert_eku = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ssl_flags = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_timeout = 2
Oct 21 16:27:30  bastion ovpn-server[23841]:   renegotiate_bytes = -1
Oct 21 16:27:30  bastion ovpn-server[23841]:   renegotiate_packets = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   renegotiate_seconds = 3600
Oct 21 16:27:30  bastion ovpn-server[23841]:   handshake_window = 60
Oct 21 16:27:30  bastion ovpn-server[23841]:   transition_window = 3600
Oct 21 16:27:30  bastion ovpn-server[23841]:   single_session = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_peer_info = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_exit = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_auth_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   tls_crypt_file = 'tc.key'
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_protected_authentication = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_private_mode = 00000000
Oct 21 16:27:30  bastion systemd[1]: Started OpenVPN connection to server.
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion NetworkManager[626]: <info>  [1603290450.5525] manager: (tun2): new Tun device (/org/freedesktop/NetworkManager/Devices/34082)
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion systemd-udevd[23842]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_cert_private = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_pin_cache_period = -1
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_id = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   pkcs11_id_management = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_network = 10.8.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_netmask = 255.255.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_network_ipv6 = ::
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_netbits_ipv6 = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_bridge_ip = 0.0.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_bridge_netmask = 0.0.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_bridge_pool_start = 0.0.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   server_bridge_pool_end = 0.0.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'dhcp-option DNS 8.8.8.8'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'dhcp-option DNS 208.67.222.22'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'dhcp-option DNS 208.67.220.220'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'route 10.9.0.1 255.255.255.255'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'route 10.10.0.1 255.255.255.255'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'route 10.7.0.1 255.255.255.255'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'route 10.6.0.1 255.255.255.255'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'route-gateway 10.8.0.1'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'topology subnet'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'ping 10'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_entry = 'ping-restart 120'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_pool_defined = ENABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_pool_start = 10.8.0.2
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_pool_end = 10.8.255.253
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_pool_netmask = 255.255.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_pool_persist_filename = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_pool_persist_refresh_freq = 600
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_ipv6_pool_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_ipv6_pool_base = ::
Oct 21 16:27:30  bastion ovpn-server[23841]:   ifconfig_ipv6_pool_netbits = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   n_bcast_buf = 256
Oct 21 16:27:30  bastion ovpn-server[23841]:   tcp_queue_limit = 64
Oct 21 16:27:30  bastion ovpn-server[23841]:   real_hash_size = 256
Oct 21 16:27:30  bastion ovpn-server[23841]:   virtual_hash_size = 256
Oct 21 16:27:30  bastion ovpn-server[23841]:   client_connect_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   learn_address_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   client_disconnect_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   client_config_dir = '/etc/openvpn/ccd'
Oct 21 16:27:30  bastion ovpn-server[23841]:   ccd_exclusive = ENABLED
Oct 21 16:27:30  bastion openvpn[23841]: RTNETLINK answers: File exists
Oct 21 16:27:30  bastion ovpn-server[23841]:   tmp_dir = '/tmp'
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_ifconfig_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_ifconfig_local = 0.0.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_ifconfig_remote_netmask = 0.0.0.0
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_ifconfig_ipv6_defined = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_ifconfig_ipv6_local = ::/0
Oct 21 16:27:30  bastion ovpn-server[23841]:   push_ifconfig_ipv6_remote = ::
Oct 21 16:27:30  bastion ovpn-server[23841]:   enable_c2c = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   duplicate_cn = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   cf_max = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   cf_per = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   max_clients = 1024
Oct 21 16:27:30  bastion openvpn[23841]: RTNETLINK answers: File exists
Oct 21 16:27:30  bastion ovpn-server[23841]:   max_routes_per_client = 256
Oct 21 16:27:30  bastion ovpn-server[23841]:   auth_user_pass_verify_script = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   auth_user_pass_verify_script_via_file = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   auth_token_generate = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   auth_token_lifetime = 0
Oct 21 16:27:30  bastion ovpn-server[23841]:   port_share_host = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   port_share_port = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]:   client = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   pull = DISABLED
Oct 21 16:27:30  bastion ovpn-server[23841]:   auth_user_pass_file = '[UNDEF]'
Oct 21 16:27:30  bastion ovpn-server[23841]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Oct 21 16:27:30  bastion ovpn-server[23841]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Oct 21 16:27:30  bastion ovpn-server[23841]: Diffie-Hellman initialized with 2048 bit key
Oct 21 16:27:30  bastion ovpn-server[23841]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 16:27:30  bastion ovpn-server[23841]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 16:27:30  bastion ovpn-server[23841]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 16:27:30  bastion ovpn-server[23841]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 16:27:30  bastion openvpn[23841]: RTNETLINK answers: File exists
Oct 21 16:27:30  bastion ovpn-server[23841]: TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Oct 21 16:27:30  bastion ovpn-server[23841]: ROUTE_GATEWAY 54.38.40.1
Oct 21 16:27:30  bastion ovpn-server[23841]: TUN/TAP device tun2 opened
Oct 21 16:27:30  bastion ovpn-server[23841]: TUN/TAP TX queue length set to 100
Oct 21 16:27:30  bastion ovpn-server[23841]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip link set dev tun2 up mtu 1500
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip addr add dev tun2 10.8.0.1/16 broadcast 10.8.255.255
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip route add 10.8.1.0/24 via 10.8.0.2
Oct 21 16:27:30  bastion ovpn-server[23841]: ERROR: Linux route add command failed: external program exited with error status: 2
Oct 21 16:27:30  bastion openvpn[23841]: RTNETLINK answers: File exists
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip route add 10.8.2.0/24 via 10.8.0.2
Oct 21 16:27:30  bastion ovpn-server[23841]: ERROR: Linux route add command failed: external program exited with error status: 2
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip route add 10.8.3.0/24 via 10.8.0.2
Oct 21 16:27:30  bastion ovpn-server[23841]: ERROR: Linux route add command failed: external program exited with error status: 2
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip route add 10.8.4.0/24 via 10.8.0.2
Oct 21 16:27:30  bastion openvpn[23841]: RTNETLINK answers: File exists
Oct 21 16:27:30  bastion ovpn-server[23841]: ERROR: Linux route add command failed: external program exited with error status: 2
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip route add 10.8.10.0/24 via 10.8.0.2
Oct 21 16:27:30  bastion ovpn-server[23841]: ERROR: Linux route add command failed: external program exited with error status: 2
Oct 21 16:27:30  bastion ovpn-server[23841]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 21 16:27:30  bastion ovpn-server[23841]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct 21 16:27:30  bastion ovpn-server[23841]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Oct 21 16:27:30  bastion ovpn-server[23841]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Oct 21 16:27:30  bastion ovpn-server[23841]: Exiting due to fatal error
Oct 21 16:27:30  bastion ovpn-server[23841]: Closing TUN/TAP interface
Oct 21 16:27:30  bastion ovpn-server[23841]: /sbin/ip addr del dev tun2 10.8.0.1/16
Oct 21 16:27:30  bastion systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Oct 21 16:27:30  bastion systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

I stopped it, restarted it, killed the process, but it still does the same thing, it loops continuously like in the attached logs.
That said, I can go up the tunnel on my side and join the applications behind it. Including an apache.
Which is precisely my second concern. I sometimes lose my connection via the vpn, a sort of timeout. Whereas if I test live I never lose the connection.

Is there a connection test time option that I should put on the server? (knowing that the vpn server is also a client of another vpn server on which the apache is located)

Thank you

TinCanTech · Post by **TinCanTech** » Wed Oct 21, 2020 2:58 pm

louarn wrote: ↑
Wed Oct 21, 2020 2:52 pm
Oct 21 16:27:30 bastion ovpn-server[23841]: TCP/UDP: Socket bind failed on local address [AF_INET][undef] Address already in use (errno=98)
Oct 21 16:27:30 bastion ovpn-server[23841]: Exiting due to fatal error

OpenVPN server is already running and you try to start it again..

louarn wrote: ↑
Wed Oct 21, 2020 2:52 pm
openvpn@server.service

This is an old systemd unit file, you should use openvpn-server@server.service

louarn · Post by **louarn** » Wed Oct 21, 2020 4:03 pm

I stopped openvpn@server.service. It's ok. Thanks.

While I'm here, do you have an idea for my second problem ?

Here is my last log (my server is client of the dashboard)

Code: Select all

Oct 21 17:56:54  bastion ovpn-client.dashboard.server[9367]: [dashboard] Inactivity timeout (--ping-restart), restarting
Oct 21 17:56:54  bastion ovpn-client.dashboard.server[9367]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 21 17:56:54  bastion ovpn-client.dashboard.server[9367]: Restart pause, 5 second(s)
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:1194
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: UDP link local: (not bound)
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, sid=14e8417b e950aea9
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: VERIFY OK: depth=1, CN=dashboard
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: VERIFY OK: nsCertType=SERVER
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: VERIFY OK: depth=0, CN=dashboard
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Oct 21 17:56:59  bastion ovpn-client.dashboard.server[9367]: [dashboard] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: SENT CONTROL [dashboard]: 'PUSH_REQUEST' (status=1)
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.6.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.6.0.6 10.6.0.5,peer-id 0,cipher AES-256-GCM'
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: OPTIONS IMPORT: route options modified
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: OPTIONS IMPORT: peer-id set
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: OPTIONS IMPORT: adjusting link_mtu to 1624
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: OPTIONS IMPORT: data channel crypto options modified
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: Preserving previous TUN/TAP instance: tun1
Oct 21 17:57:00  bastion ovpn-client.dashboard.server[9367]: Initialization Sequence Completed

I set :
persist-key
persist-tun
and
keepalive 10 300.
Maybe an error ?

TinCanTech · Post by **TinCanTech** » Wed Oct 21, 2020 4:19 pm

louarn wrote: ↑
Wed Oct 21, 2020 2:52 pm
I'm writing here because I have two problems with my openvpn server.

louarn wrote: ↑
Wed Oct 21, 2020 2:52 pm
First : It try to restart all the time

Fixed.

Second:

louarn wrote: ↑
Wed Oct 21, 2020 2:52 pm
knowing that the vpn server is also a client of another vpn server

Every time your server connects to the other server then your client disconnects..

louarn · Post by **louarn** » Wed Oct 21, 2020 4:56 pm

It's curious. I took over the old architecture (adapting the openvpn version), and this is something that never happened.
Once the tunnel was set up to the VPN server, it remained fixed once and for all and it worked.

louarn · Post by **louarn** » Thu Oct 22, 2020 4:37 pm

Silly question, because I still have not found a solution and I have nothing in the logs.

Does the fact that the two servers are in different openvpn versions have any effect? Maybe the negotiation, I don't know, of ciphers, ssl or other could for a moment cause this blockage?

TinCanTech · Post by **TinCanTech** » Thu Oct 22, 2020 4:47 pm

louarn wrote: ↑
Wed Oct 21, 2020 4:56 pm
I took over the old architecture

I suggest you contact the person who setup your VPN.

louarn · Post by **louarn** » Thu Oct 22, 2020 6:06 pm

He left our society several months ago ...

TinCanTech · Post by **TinCanTech** » Thu Oct 22, 2020 7:26 pm

Your society will be needing some professional network support.

If all else fails you can contact me privately: tincanteksup <at> gmail dot com

zxun · Post by **zxun** » Mon Jan 04, 2021 10:45 am

keepalive 10 300
= If no packets received within 300 seconds, start over.

OpenVPN Support Forum

Openvpn try to restart all the time

Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time

Re: Openvpn try to restart all the time