My OpenVPN client version 2.4.4 connection is getting stuck after reboot. It started stucking after I configured the OpenVPN Server to pass a list of DNS servers for the OpenVPN clients.
I have already added to client.conf the following lines for allowing linux/ubuntu to use the DNS servers informed by the OpenVPN Server
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
The connection is getting stuck at startup in Ubuntu 18 clients. Windows and Android clients works fine.
What I mean by connection stuck is that no communication can be made inside the VPN. When checking systemctl status [email protected] I realized the service status stays eternally at "Pre-connection initialization successful".
One quick solution was restarting the service with
systemctl restart [email protected]
but that is a workaround and I am concerned with the cause of this error.
Is there a proper fix for this?
Here are the logs: Log when the OpenVPN Client is started as soon as the computer boots:
● [email protected] - OpenVPN connection to client
Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
Active: active (running) since Wed 2018-09-26 14:42:51 -03; 9min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 908 (openvpn)
Status: "Pre-connection initialization successful"
Tasks: 9 (limit: 1750)
CGroup: /system.slice/system-openvpn.slice/[email protected]
├─ 908 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid
├─1167 /bin/bash /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
├─1172 run-parts --arg=-a --arg=tun0.openvpn /etc/resolvconf/update.d
├─1178 run-parts /etc/resolvconf/update-libc.d
├─1209 /bin/sh /usr/lib/avahi/avahi-daemon-check-dns.sh
└─1221 host -t soa local.
Sep 26 14:42:49 ubuntu-server-vbox systemd[1]: Starting OpenVPN connection to client...
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sep 26 14:42:51 ubuntu-server-vbox systemd[1]: Started OpenVPN connection to client.
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 26 14:42:52 ubuntu-server-vbox ovpn-client[908]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:52 ubuntu-server-vbox ovpn-client[908]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:xxxx [nonblock]
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: TCP_CLIENT link local: (not bound)
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: [xxxx.xxxx.xxxx] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: TUN/TAP device tun0 opened
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /sbin/ip link set dev tun0 up mtu 1500
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /sbin/ip addr add dev tun0 xxx.xxx.xxx.xxx/16 broadcast xxx.xxx.xxx.xxx
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /sbin/ip -6 addr add xxxx::xx/xx dev tun0
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
Sep 26 14:42:54 ubuntu-server-vbox openvpn[908]: dhcp-option DOMAIN xxxxxx
Sep 26 14:42:54 ubuntu-server-vbox openvpn[908]: dhcp-option DOMAIN xxxxxx
Sep 26 14:42:54 ubuntu-server-vbox openvpn[908]: dhcp-option DNS xxx.xxx.xxx.xxx
Log when the OpeVPN Client is restarted:
● [email protected] - OpenVPN connection to client
Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
Active: active (running) since Wed 2018-09-26 14:39:15 -03; 55s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 1590 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 9 (limit: 1750)
CGroup: /system.slice/system-openvpn.slice/[email protected]
├─1060 /bin/bash /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
├─1086 run-parts --arg=-a --arg=tun0.openvpn /etc/resolvconf/update.d
├─1093 run-parts /etc/resolvconf/update-libc.d
├─1107 /bin/sh /usr/lib/avahi/avahi-daemon-check-dns.sh
├─1120 host -t soa local.
└─1590 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Main process exited, code=killed, status=9/KILL
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Failed with result 'timeout'.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: Stopped OpenVPN connection to client.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1060 (update-resolv-c) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1086 (run-parts) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1093 (run-parts) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1107 (avahi-daemon-ch) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1120 (host) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: Starting OpenVPN connection to client...
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: Started OpenVPN connection to client.
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:xxxx [nonblock]
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: TCP_CLIENT link local: (not bound)
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: [xxx.xxx.xxx] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: TUN/TAP device tun0 opened
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /sbin/ip link set dev tun0 up mtu 1500
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /sbin/ip addr add dev tun0 xxx.xxx.xxx.xxx/xx broadcast xxx.xxx.xxx.xxx
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /sbin/ip -6 addr add xxxx::xx/xx dev tun0
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
Sep 26 14:39:17 ubuntu-server-vbox openvpn[1590]: dhcp-option DOMAIN xxxx
Sep 26 14:39:17 ubuntu-server-vbox openvpn[1590]: dhcp-option DNS xxx.xxx.xxx.xxx
Sep 26 14:39:17 ubuntu-server-vbox openvpn[1590]: RTNETLINK answers: File exists
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: ERROR: Linux route add command failed: external program exited with error status: 2
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: add_route_ipv6(xxxx::/xx -> xxxx::x metric -1) dev tun0
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: add_route_ipv6(fdbb::/64 -> xxxx::x metric -1) dev tun0
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: Initialization Sequence Completed
0 Answers