Error 9007

[Runenlyd]

Hi folks.

I'm a noob, and new user of openvpn. I installed it on an Openmediavault computer, but I can't access to the GUI and I got this message :

SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

I have no clues on how to fix it. I read the troubleshooting on OpenVpn site but I can't figure out what to do. thanks in advance

Seb.

[ahandrock]

I am having the same issue.

[asevans48]

I have the same issue just logging into the admin but can log into the client. Followed the recommendations for setting nameservers, checking datetime, and trying to force an install. Using the command line utils, I was able to authenticate the license but no dice.

[TiTex]

why not ask on their support channels?
on this site we mainly discuss running openvpn directly on a pc/server, third party vendor packages, implementations, configurations, gui's and related should be asked on their forums or mailing lists

[Pippin]

If you all installed OpenVPN Access Server on Openmediavault, like the topic starter, then I agree with Titex, seek their support.
If not then open your own topic under OpenVPN Access Server.

[wizdude]

I installed it on an Openmediavault computer, but I can't access to the GUI and I got this message :
SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

for anyone searching for this specific issue with OpenVPN-AS on Openmediavault, it's discussed here:

https://forum.openmediavault.org/index. ... cate-9007/

also here:
https://discourse.linuxserver.io/t/just ... admin/1162

summary:
Edit the container and under Capabilities enable NET_ADMIN

[tqb]

Me too. ip open logging page. ip:943/admin make this error.

Access server installed to cloud (jelastic), ubuntu 18.04.3 LTX x86. I take public static ip.

https://openvpn.net/for/site-to-site-vpn/ > https://openvpn.net/quick-start-guide/ > https://openvpn.net/vpn-software-packages/ and then ubuntu, 18, 64 bits. All commands go throu without problems. Then password.

After this, accessserverstaticip:943/admin, username openvpn + passwd, make this error.

In my opinion it is not clever idea concentrate Jelastic. It is similar platform as amazon etc. Of course it is possible found errors from it side, but much better is try check Ubuntu first.

https://forums.unraid.net/topic/79012-s ... s/page/73/
This tell "iptables", "capadd network admin", "wrong network method". I try search more information all of this, but "where is iptables" no clear answer. "capadd"- cannot found "how"--- is this any hidden config-file, "wrong network method"- how to adjust this. After 2 hour googling I found any "install docker"... but it also does not looks clear.

https://discourse.linuxserver.io/t/just ... admin/1162
This also speak this "cap add", but still no any manual does not tell where this "cap add is...". Also this speak any "portainer", is it any config file or any software?

In my opinion, problem must be very easy to solve. Ubuntu is new and clear. Openvpn access server installed using just step-by-step using clear information. So, maybe simply I must found any clear checklist "/etc/bin/xyz/configfile, check it" etc. Information I found was good, but "cap add network" etc is not informatic... even google cannot help "how to edit"...

[tqb]

Now works: found this and now this solve the problem. "How", I cannot know... but now works.

/usr/local/openvpn_as/scripts/sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

[aria]

Now works: found this and now this solve the problem. "How", I cannot know... but now works.

/usr/local/openvpn_as/scripts/sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

Hi, am new to this forum and found this as a suitable solution.

I went to test it on RHEL8.2 Server Minimal Install and met with ERROR 9007. This certainly solves the issue. Thank you.

[PaullJD]

I am having the same issue.

[gazoo60]

Hi all, new user to OpenVPN here!

Using OpenVPN Access Server V2.8.5 I had this issue twice and can explain what i think brought the issue on and how I fixed it on my side.
Note: My way to fix the issue might not apply to all cases but could help identify what's going wrong

-CONTEXT-
So I'm using OpenVPN AS in a reverse VPN situation where 2 remote devices are on their discrete network and are acting as VPN gateways for the network that they're on. So a total of 3 devices on this VPN setup: 1 main computer, 2 remote devices acting as VPN gateways (ex. beaglebone black). The goal is to be able to reach both remote networks individually and not simultaneously with the main computer.

each remote device are configured to act as VPN gateway with the specific network specified in the box ''Allow client to act as VPN gateway
for these client-side subnets:'' with the asked format of 192.168.0.0/24.

-PROBLEM-
Here is how I got into trouble. Using the UI, OpenVPN AS will let you configure 2 or more devices to act as VPN gateways with the same client-side subnets and will allow you to save the configuration and update the running server BUT will warn you at the top of the page with a message like below.

''Error:
openvpn_iptables_configure: client-side subnet collision between 192.168.1.0/255.255.255.0 'Client-owned subnets for RemoteDevice1' and [192.168.1.0/255.255.255.0 VALUE=u'Client-owned subnets for RemoteDevice2'] (EQUAL)
service failed to validate''

The warning didn't prevent me to go and continue to use the UI and change other settings. The Error 9007 happened when I went on and changed some VPN Routing settings like the ''Should clients be allowed to access network services on the VPN gateway IP address?'' button. Once I pressed Save Settings and updated the running server, that's when the Error 9007 page appeared. I wasn't able to reconnect on the Admin page further on but the User page was OK.

-SOLUTION-
From that point, the only way I found to get rid of the Error 9007 page and not starting the server config again from scratch while not being able to access the UI with the admin credentials was to use ./sacli commands and change the configurations of the remote devices used as VPN gateways so that they're different. At this point you can restart with ./sacli start and the server should be all good.

-COMMENTS-
Since there can't be two VPN gateways with the same subnet forwarding configuration in this situation, the only way I thought would work was to manually change the VPN Gateway settings for each device each time I'm switching from a remote networks to another instead of configuring each network over a specific IP address scheme.

Any other suggestion on how to avoid changing the subnet forwarding configuration would be appreciated. Thanks !

TLDR: having two or more VPN user profiles with some identical configuration parameters (ex. Forwarded IP addresses) can create an error message which block the server from updating/restarting when changing other VPN settings. This would bring you to the Error 9007 page if you try to connect again on the admin page using the credentials. Avoiding to have the same configuration by changing it with the ./sacli commands solved the issue.