Bug #13602
closed
OpenVPN fails to start again if it crashes with DCO enabled
Added by Marcos M about 2 years ago.
Updated almost 2 years ago.
Release Notes:
Force Exclusion
Affected Plus Version:
22.05
Affected Architecture:
All
Description
If OpenVPN crashes with DCO enabled, it doesn't remove the interface which prevents it from starting again. The interface must be manually destroyed first with e.g. ifconfig ovpnc1 destroy.
Oct 27 16:58:13 openvpn 28323 Failed to create interface ovpns1 (SIOCSIFNAME): File exists (errno=17)
Oct 27 16:58:13 openvpn 28323 DCO device ovpns1 already exists, won't be destroyed at shutdown
Oct 27 16:58:13 openvpn 28323 /sbin/ifconfig ovpns1 172.25.1.1/24 mtu 1500 up
Oct 27 16:58:13 openvpn 28323 FreeBSD ifconfig failed: external program exited with error status: 1
Oct 27 16:58:13 openvpn 28323 Exiting due to fatal error
- Description updated (diff)
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/81
Your analysis is spot on. We can resolve this problem by always destroying the interface just before we start openvpn.
Arguably we could also teach openvpn to not create the interface if it already exists, but Linux has the same behaviour as the current freebsd behaviour, so it's less likely to be acceptable to upstream.
- Status changed from New to Resolved
Tested and it works well - thanks!
- Status changed from Resolved to New
- Status changed from New to Pull Request Review
- Project changed from pfSense to pfSense Plus
- Category changed from OpenVPN to OpenVPN
- Assignee set to Kristof Provost
- Target version set to 23.01
- Release Notes changed from Default to Force Exclusion
- Affected Plus Version set to 22.05
- Affected Architecture All added
- Assignee changed from Kristof Provost to Jim Pingle
Jim is beter qualified to review these changes than I am.
- Status changed from Pull Request Review to Resolved
The commit that's in place now is already tested and working. Let's move that other change to the next release so we aren't unnecessarily changing too much at this point.
I have the same issue. I have to run ifconfig ovpns3 destroy to allow the DCO enabled OpenVPN server to restart.
Jim, Any chance this could be added as a Recommended System Patch? against 22.05?
- Subject changed from OpenVPN fails to start again if it crashes with DCO enabled. to OpenVPN fails to start again if it crashes with DCO enabled
There have been lots of other changes in the code, so patches would need to be crafted from scratch just for 22.05 if that were the case since they wouldn't directly apply. 23.01 is close to release, so it's not likely to be worth the effort given how uncommon it is for most people to encounter.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by