search

angristan / openvpn-install

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
https://stanislas.blog
MIT License
13.73k stars 2.98k forks source link

unbound not cleanly removed #602

Open HenryNe opened 4 years ago

HenryNe commented 4 years ago

After cleaning and re-installing openvn with unbound (DNS=2) unbound configuration hangs in an endless loop without changeing unbound config, or with double config.

  1. Start without openvpn installed, and without unbound installed
  2. Run install, choose DNS=2, the all the rest defaults: 
    APPROVE_INSTALL=y \
APPROVE_IP=y \
IPV6_SUPPORT=n \
PORT_CHOICE=1 \
PROTOCOL_CHOICE=1 \
DNS=2 \
COMPRESSION_ENABLED=n \
CUSTOMIZE_ENC=n \
CLIENT=clientname \
PASS=1 \
./openvpn-install.sh
  3. Remove openvpn, start ./openvpn-install.sh again and choose menu 3. There is no question about removing unbound.
  4. Run openvpn-install.sh to install it again, select DNS=2, for all others questions Enter default
  5. It would detect "Unbound is already installed."
  6. If you say "n" for "Apply configuration changes to Unbound?", you came again to question DNS. Select 2 for DNS. This goes endless.
  7. Choose "y" for "Apply configuration changes to Unbound?"
  8. Enter defaults for the rest

As result the VPN configuration in /etc/unbound/unbound.conf exist two times. Ones in /etc/unbound/unbound.conf and second via the

include: /etc/unbound/openvpn.conf

For now unbound not works and failed with

unbound[15550:0] error: can't bind socket: Address already in use for 10.8.0.1
unbound[15550:0] fatal error: could not open ports

I suggest do not put values into /etc/unbound/unbound.conf, only use one config in all cases, for example /etc/unbound/openvpn.conf, or better /etc/unbound/unbound.conf.d/openvpn.conf and detect the include, before add the include again.

OS: Debian 9 unbound 1.6.0-3+deb9u2

The same error in #427, also Debian 9.

HenryNe commented 4 years ago

Why the /etc/unbound/unbound.conf in arch is differ and starts with "server:" in top line? Or more the question is, why the "server:" is missing in fresh installation on Debian? In other case, if unbound is installed before openvpn-install, then the new created file /etc/unbound/openvpn.conf starts with "server:".

randshell commented 4 years ago

Why the /etc/unbound/unbound.conf in arch is differ and starts with "server:" in top line?

The unbound configuration starts with server: and on Debian and other distros a basic configuration with the server: line is included at install ~but on Arch this doesn't happen and you need to write everything.~

Or more the question is, why the "server:" is missing in fresh installation on Debian?

It's not missing. /etc/unbound/unbound.conf has an include with value /etc/unbound/unbound.conf.d/*.conf and you can find server: inside one of this files, for example /etc/unbound/unbound.conf.d/qname-minimisation.conf.

I think editing the script to work only with /etc/unbound/unbound.conf.d/openvpn.conf solves most of the problems and it's best practice anyway instead of working on the default file.

Thanks for raising this issue.

randshell commented 4 years ago

@HenryNe I was wrong, there is an unbound.conf file on Arch but for some reason @angristan chose to rename it and write everything again. I don't use Arch so only he knows why. https://github.com/angristan/openvpn-install/blob/7ed9cac8d78e630b0f68c4446074d19725e1c4f9/openvpn-install.sh#L140

EDIT: Looks like it has only comments. unbound.conf.txt

HenryNe commented 4 years ago

EDIT: Looks like it has only comments. unbound.conf.txt

It's nice to see. We can do the same things on Arch, and simple include our config.