Re: [pfSense] OpenVPN: Unable to contact daemon error

2015-01-19 Thread Chris Buechler
On Mon, Jan 19, 2015 at 3:56 PM, Jason McClung jason.mccl...@gmail.com wrote:
 On 1/19/2015 1:27 PM, Erik Anderson wrote:

 On Mon, Jan 19, 2015 at 3:16 PM, Oliver Hansen oliver.han...@gmail.com
 wrote:

 A bit of a guess but when I've had an issue with the OpenVPN GUI it was
 something in my OpenVPN Advanced Configuration section that I had added
 long
 ago and was no longer necessary or conflicting in some way.

 Thanks, Oliver. I double-checked that config section, and it's empty.

 -Erik
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

 Long ago I had to add a line something like
 'management 127.0.0.1 '
  was a port number I don't recall.


Anything along those lines would date back to the 1.2.x days when
people manually configured things to use the OpenVPN status package
(before it came built-in). After upgrading to any 2.x release, they'd
have to be removed.

OP's issue is likely this one that's fixed in 2.2.
https://redmine.pfsense.org/issues/3894
where if an OpenVPN client is delayed trying to do a DNS lookup (or
potentially other causes, that seemed to be the only replicable one),
OpenVPN doesn't respond to SIGTERM and would get started a second time
without stopping the first, which ends up breaking the status display.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] OpenVPN: Unable to contact daemon error

2015-01-19 Thread Erik Anderson
On Mon, Jan 19, 2015 at 7:46 PM, Chris Buechler c...@pfsense.com wrote:
 OP's issue is likely this one that's fixed in 2.2.
 https://redmine.pfsense.org/issues/3894
 where if an OpenVPN client is delayed trying to do a DNS lookup (or
 potentially other causes, that seemed to be the only replicable one),
 OpenVPN doesn't respond to SIGTERM and would get started a second time
 without stopping the first, which ends up breaking the status display.

Yep, that sounds like it could likely be the cause.

Thanks Chris!
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] OpenVPN: Unable to contact daemon error

2015-01-19 Thread Jason McClung

On 1/19/2015 1:27 PM, Erik Anderson wrote:

On Mon, Jan 19, 2015 at 3:16 PM, Oliver Hansen oliver.han...@gmail.com wrote:

A bit of a guess but when I've had an issue with the OpenVPN GUI it was
something in my OpenVPN Advanced Configuration section that I had added long
ago and was no longer necessary or conflicting in some way.

Thanks, Oliver. I double-checked that config section, and it's empty.

-Erik
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Long ago I had to add a line something like
'management 127.0.0.1 '
 was a port number I don't recall.
I looked inside one of my openvpn server conf file 
(/var/etc/openvpn/server1.conf) and saw the line

management /var/etc/openvpn/server1.sock unix

Make sure you have something similar in pfsense generated conf file.
Check logs for messages 'socket bind failed' .

--
Jason
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] OpenVPN: Unable to contact daemon error

2015-01-19 Thread Erik Anderson
On Mon, Jan 19, 2015 at 3:16 PM, Oliver Hansen oliver.han...@gmail.com wrote:
 A bit of a guess but when I've had an issue with the OpenVPN GUI it was
 something in my OpenVPN Advanced Configuration section that I had added long
 ago and was no longer necessary or conflicting in some way.

Thanks, Oliver. I double-checked that config section, and it's empty.

-Erik
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] OpenVPN: Unable to contact daemon error

2015-01-19 Thread Erik Anderson
Hello all -

Running 2.1.5-RELEASE on a Soekris net6501-50.

Since the 2.1.4 release, I've seen this error message appear
incessantly on the dashboard:

http://photos.smugmug.com/photos/i-qwQLZCV/0/O/i-qwQLZCV.png

Despite the web GUI being unable to determine OpenVPN status, clients
continue to be able to connect and exchange traffic through OpenVPN
without issue.

If I ssh in, kill the OpenVPN processes and then re-start them from
the web GUI, the error goes away temporarily, but will always return
within 24 hours or so.

As I mentioned, this seemed to start in 2.1.4, and I hoped that it
would be resolved in 2.1.5, but that didn't happen.

Any ideas on how to resolve this?

Thanks!
-Erik
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold