search

opnsense / core

OPNsense GUI, API and systems backend
https://opnsense.org/
BSD 2-Clause "Simplified" License
3.24k stars 722 forks source link

OpenVPN crashes when <auth-gen-token/> is not empty #7690

Open stuart-edge opened 1 month ago

stuart-edge commented 1 month ago

|| || |Version|24.7_9|

If I configure anything in VPN --> OpenVPN --> Instances --> Instance --> Auth Token Lifetime The OpenVPN service will not start or restart. If I remove the value (blank) the OpenVPN service will start. Also fails with the value set to 0 The value looks OK in the backup file.

36000

OpenVPN will not start with this config

      <keepalive_interval/>
      <keepalive_timeout/>
      <reneg-sec>0</reneg-sec>
      <auth-gen-token>60</auth-gen-token>
      <redirect_gateway/>
      <route_metric/>

OpenVPN will run with this config

      <keepalive_interval/>
      <keepalive_timeout/>
      <reneg-sec>0</reneg-sec>
      <auth-gen-token/>
      <redirect_gateway/>
      <route_metric/>

opnsense Version | 24.7_9 |   Architecture | amd64 |   Commit | 0d38c7804 |   Mirror | https://pkg.opnsense.org/FreeBSD:14:amd64/24.7 |   Repositories | OPNsense |   Updated on | Tue Jul 30 13:51:49 AEST 2024

OPNsense-bot commented 1 month ago

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

fichtner commented 1 month ago

Same thing I posted here and got no response https://www.reddit.com/r/opnsense/comments/1efq0cg/openvpn_crashes_when_authgentoken_is_not_empty/

This might clash with another setting that the OpenVPN daemon complains about and refuses to start. Can you check your log?

stuart-edge commented 1 month ago

I thinks this is the error. I gave up on OpenVPN and started using WireGuard. /usr/local/opnsense/scripts/openvpn/ovpn_service_control.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/instance-226a3474-1caa-4f0a-9cf1-e0cb671bb1d3.conf'' returned exit code '1', the output was ''

fichtner commented 1 month ago

I think we know the service didn't start. The question is what OpenVPN service itself logged when it decided not to start ;)