Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Openvpn acting weird on Debian 8, ignoring edited configs.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Openvpn acting weird on Debian 8, ignoring edited configs.

I am using Openvpn on debian 8 by digitalocean and Online.net I am having a very weird problem.

I installed openvpn, it is fine. Then I grab configs from my dropbox and start openvpn, it is still fine. After that I edited 1 of the config and now Openvpn ignoring that config and start without it.

It wasted 1 hour of my time searching cluelessly with no result. The weirder thing is, this problem fixed by rebooting the server. Yeeaaa!!, it is fixed, but I can't afford to reboot the server each time I added or edited any config.

Is there anybody had this problem before? Do you know what might causes it and how to fix it?

I might not found the answer on the search engine because I dont really know how to describe it. Even when I start openvpn manually with a specific edited config, the process will just hang forever. Also log didnt tell anything about it. Openvpn treated those edited config as not exist.

Comments

  • hzrhzr Member

    How are you running it? You have to start the service [email protected] I think

  • @hzr said:
    How are you running it? You have to start the service [email protected] I think

    I know

  • mlimli Member

    You'll have to use "systemctl daemon-reload" to make systemd reload OpenVPN configs

  • @psycholyzern said:

    @hzr said:
    How are you running it? You have to start the service [email protected] I think

    I know

    Wow. I wrote longer than this. Why only "I know" shows up?

  • @mli said:
    You'll have to use "systemctl daemon-reload" to make systemd reload OpenVPN configs

    So, stopping and starting the openvpn doesnt help?
    Btw, I created debian 7 droplet on DO, at first all went ok, but at some point, the same problem happened. I had to reboot the server to make sure openvpn read those edited configs.

    The weird thing is, if I start openvpn like this openvpn --config 80tcp.conf, it just hanging/freezing and had to CTRL+C to stop it.

  • edited October 2016

    You need to stop and restart the Openvpn after a change in config.

    /etc/init.d/openvpn restart

  • @AlphaNinevps_com said:
    You need to stop and restart the Openvpn after a change in config.

    /etc/init.d/openvpn restart

    Duhh.. I know. The problem is, openvpn wont read any edited config.

  • This looks interesting. Can you double check that the perms on the edited config file are correct/consistent (i.e. readable by whatever openvpn runs as)? Just compare with the other configs that it is reading OK to see if that helps. Also, in case it is in a different directory check that all the parents have appropriate r-x perms so that openvpn can read the file. Of course an easy way to double check is to put a bad config entry and see that openvpn chokes on it. Another option is to run the openvpn process without the --daemon setting to see if anything is happening. Also try the --errors-to-stderr option.

    Also, one other point, since you mentioned the source is dropbox - are there any ACLs or funny business like that which is making openvpn kind of ignore the file?

    I can't think of anything right off the bat but here are some things to check just in case you haven't already done so:

    tun device (or tap as the case may be) perms and can you create it etc.
    --echo (to dump all the options etc.)
    --verb [whatever]
    --test-crypto
    

    There are probably some more useful options in man.

    HTH.

  • mlimli Member

    @psycholyzern said:

    So, stopping and starting the openvpn doesnt help?
    Btw, I created debian 7 droplet on DO, at first all went ok, but at some point, the same problem happened. I had to reboot the server to make sure openvpn read those edited configs.

    The weird thing is, if I start openvpn like this openvpn --config 80tcp.conf, it just hanging/freezing and had to CTRL+C to stop it.

    Now that I think of this again systemctl reload-daemon is probably only needed if you change the value of "AUTOSTART=" at /etc/default/openvpn. Without that all of the OpenVPN services are not added to or removed from systemd.

  • @nullnothere said:
    This looks interesting. Can you double check that the perms on the edited config file are correct/consistent (i.e. readable by whatever openvpn runs as)? Just compare with the other configs that it is reading OK to see if that helps. Also, in case it is in a different directory check that all the parents have appropriate r-x perms so that openvpn can read the file. Of course an easy way to double check is to put a bad config entry and see that openvpn chokes on it. Another option is to run the openvpn process without the --daemon setting to see if anything is happening. Also try the --errors-to-stderr option.

    Also, one other point, since you mentioned the source is dropbox - are there any ACLs or funny business like that which is making openvpn kind of ignore the file?

    I can't think of anything right off the bat but here are some things to check just in case you haven't already done so:

    tun device (or tap as the case may be) perms and can you create it etc.
    --echo (to dump all the options etc.)
    --verb [whatever]
    --test-crypto
    

    There are probably some more useful options in man.

    HTH.

    I created a config manually by typing. Openvpn ignored it too. Seems that openvpn only read configs that I extract from backup archive that I made 2 years ago, which I store in dropbox.
    Those configs have permission of 755. The weird thing is, those edited config will be read if I rebooted the server.
    Seems that is nothing wrong with dropbox because those unedited configs extracted were able to be read because that was the first time openvpn running after the installation.

    Btw, no matter what parameter I put when running openvpn, it just hang without any output.

  • @mli said:

    @psycholyzern said:

    So, stopping and starting the openvpn doesnt help?
    Btw, I created debian 7 droplet on DO, at first all went ok, but at some point, the same problem happened. I had to reboot the server to make sure openvpn read those edited configs.

    The weird thing is, if I start openvpn like this openvpn --config 80tcp.conf, it just hanging/freezing and had to CTRL+C to stop it.

    Now that I think of this again systemctl reload-daemon is probably only needed if you change the value of "AUTOSTART=" at /etc/default/openvpn. Without that all of the OpenVPN services are not added to or removed from systemd.

    I didnt change anything other than things I should do to make openvpn running and the configs themselves.

    Idk what is the real issue because it happend on my 2 different servers and from different providers. It would be great is someone could test it for me to confirm the issue.

    Btw, I moved to debian7, so I am not bother to take a look into this seriously, but I really want to know why this happened only on debian 8

  • Can you post your config file (masking the IPs/private stuff etc.)?

    Also, from the looks of it, my hunch is that it is something to do with the device (I assume tun) that is being used - because the reboot makes things work again.

    Are you running as a different user (--user nobody) for eg? Can you try to disable this setting so that openvpn runs as root (to test)?

    Don't have many other ideas.

Sign In or Register to comment.