Bug #13602
closedOpenVPN fails to start again if it crashes with DCO enabled
0%
Description
If OpenVPN crashes with DCO enabled, it doesn't remove the interface which prevents it from starting again. The interface must be manually destroyed first with e.g. ifconfig ovpnc1 destroy
.
Oct 27 16:58:13 openvpn 28323 Failed to create interface ovpns1 (SIOCSIFNAME): File exists (errno=17) Oct 27 16:58:13 openvpn 28323 DCO device ovpns1 already exists, won't be destroyed at shutdown Oct 27 16:58:13 openvpn 28323 /sbin/ifconfig ovpns1 172.25.1.1/24 mtu 1500 up Oct 27 16:58:13 openvpn 28323 FreeBSD ifconfig failed: external program exited with error status: 1 Oct 27 16:58:13 openvpn 28323 Exiting due to fatal error
Updated by Kristof Provost 3 months ago
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/81
Your analysis is spot on. We can resolve this problem by always destroying the interface just before we start openvpn.
Arguably we could also teach openvpn to not create the interface if it already exists, but Linux has the same behaviour as the current freebsd behaviour, so it's less likely to be acceptable to upstream.
Updated by Marcos M 2 months ago
- Status changed from Resolved to New
I think it'd be preferred to implement part of this in both CE and Plus to avoid unnecessary code differences.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/963
Updated by Kristof Provost 2 months ago
- Assignee changed from Kristof Provost to Jim Pingle
Jim is beter qualified to review these changes than I am.
Updated by Jim Pingle about 1 month ago
- Status changed from Pull Request Review to Resolved
The commit that's in place now is already tested and working. Let's move that other change to the next release so we aren't unnecessarily changing too much at this point.
Updated by Dean Arnold 29 days ago
I have the same issue. I have to run ifconfig ovpns3 destroy to allow the DCO enabled OpenVPN server to restart.
Jim, Any chance this could be added as a Recommended System Patch? against 22.05?
Updated by Jim Pingle 27 days ago
- Subject changed from OpenVPN fails to start again if it crashes with DCO enabled. to OpenVPN fails to start again if it crashes with DCO enabled
There have been lots of other changes in the code, so patches would need to be crafted from scratch just for 22.05 if that were the case since they wouldn't directly apply. 23.01 is close to release, so it's not likely to be worth the effort given how uncommon it is for most people to encounter.