Open yyfyfyang opened 2 months ago
The important line is probably: NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
So it tried to preserve the TUN but it could not. And then it was missing permissions to close and reopen it. At this point it can do nothing else than give up and some higher layer (like the user or an init system) will need to restart it completely.
https://community.openvpn.net/openvpn/ticket/649#no1
I found this but my version is 2.5.5,In theory, this problem should not arise
This is the same problem area, though trac 649 was ONLY related to peer-id. In your log, we see
Apr 28 04:46:02 ubuntu openvpn[740]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 28 04:46:02 ubuntu openvpn[740]: OPTIONS IMPORT: route options modified
so the server is sending different ifconfig/route statements in its PUSH_REPLY message (we can't check, as the log only shows the second PUSH_REPLY). If that happens, and the client has dropped privileges, there is nothing we can do but "exit".
You could upgrade to 2.6.10 + DCO (where OpenVPN needs to keep network privileges), do not use user
in your config (= keep root privs), ensure the server is not changing options, or just make sure OpenVPN gets restarted.
But for this combination "new IP config requested and not enough privileges to do that" there is nothing we can do in the software, except clearly log it (which we do).
This is my syslog,
power 735 1 0 16:52 ? 00:00:00 /usr/sbin/openvpn
this is Process user