I have a RaspPi running OpenVPN client, connecting to another RaspPi running server. The client is in my house in Germany, the server is back in the US. I don't have easy access to the server.
Everything runs fine, and has been for over a 1 year. I have the client service configured to run at system startup, using --askpass in the config file. That works correctly. I can start the client service with 'sudo systemctl start openvpn-client@client.service' and that works correctly. The problem is, if there is ever a network problem that causes the VPN connection to stop, it will NOT restart automatically. I have keep-alive and ping-restart setup.
The error when the client service is trying to restart is
Code: Select all
Failed to query password: Time expired
ERROR: Failed retrieving username or password
What am I doing wrong? Should the client service be able to restart just like it does at system startup or systemctl start?
I have provided a truncated log file that shows the error; I can post the entire 700 line log file, if it's needed.
thanks,
Rick
My info below.
Code: Select all
openvpn --version
OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Code: Select all
uname -a
Linux TannenPi 5.10.63-v7+ #1496 SMP Wed Dec 1 15:58:11 GMT 2021 armv7l GNU/Linux
Server
Server conf not available
Client
client
dev tun
proto udp
remote x.y.z.171 19840
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name xxxxx name
cipher AES-256-CBC
auth SHA256
auth-nocache
askpass /etc/openvpn/client/xxxx.pw
keepalive 10 120
verb 4
<ca>
-----BEGIN CERTIFICATE-----
-----END OpenVPN Static key V1-----
</tls-crypt>
auth-user-pass login.conf
Code: Select all
Sun Feb 13 11:02:11 2022 us=840123 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 13 11:02:11 2022 us=852744 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Sun Feb 13 11:02:11 2022 us=865048 /sbin/ip route add x.y.z.171/32 via 192.168.1.1
Sun Feb 13 11:02:11 2022 us=876625 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Feb 13 11:02:11 2022 us=887588 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Feb 13 11:02:11 2022 us=898619 Initialization Sequence Completed
Sun Feb 13 11:41:31 2022 us=433641 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:41:46 2022 us=879904 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:42:01 2022 us=165009 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:42:16 2022 us=525133 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:42:31 2022 us=776100 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:42:46 2022 us=918005 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:43:02 2022 us=141964 Recursive routing detected, drop tun packet to [AF_INET]x.y.z.171:19840
Sun Feb 13 11:43:17 2022 us=533874 [xxxxx] Inactivity timeout (--ping-restart), restarting
Sun Feb 13 11:43:17 2022 us=535044 TCP/UDP: Closing socket
Sun Feb 13 11:43:17 2022 us=535347 /sbin/ip route del x.y.z.171/32
RTNETLINK answers: No such process
Sun Feb 13 11:43:17 2022 us=545899 ERROR: Linux route delete command failed: external program exited with error status: 2
Sun Feb 13 11:43:17 2022 us=546125 /sbin/ip route del 0.0.0.0/1
Sun Feb 13 11:43:17 2022 us=556368 /sbin/ip route del 128.0.0.0/1
Sun Feb 13 11:43:17 2022 us=566628 Closing TUN/TAP interface
Sun Feb 13 11:43:17 2022 us=566901 /sbin/ip addr del dev tun0 10.8.0.3/24
Sun Feb 13 11:43:17 2022 us=700295 SIGUSR1[soft,ping-restart] received, process restarting
Sun Feb 13 11:43:17 2022 us=700468 Restart pause, 5 second(s)
Failed to query password: Timer expired
Sun Feb 13 11:44:52 2022 us=841485 ERROR: Failed retrieving username or password
Sun Feb 13 11:44:52 2022 us=841721 Exiting due to fatal error