I'm running an OpenVPN server on a Pi4 with Buster. It has worked correctly for several years (first configured in 2022)
The OpenVPN installation is based on PiVPN.io
Pi version:Openvpn reports:
The system if fully updated (auto-upgrade is on)The server has stopped working (I've tried two clients that previously worked, one Android and one OpenWRT).
The Android client (OpenVPN Connect, latest version 3.6.0 10461) gives the error "cannot acquire tun interface socket"
The OpenWRT client gives the error:
The server log in /var/log/openvpn.log has this during the connection attempt from Android:
The server seems to be proceeding normally, until the unexpected Inactivity timeout at the bottom.
Can anyone provide any insights on what is wrong?
The OpenVPN installation is based on PiVPN.io
Pi version:
Code:
Linux pi4-vpn-server 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/LinuxCode:
$ openvpn --versionOpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10Code:
Calculating upgrade... Done0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.The Android client (OpenVPN Connect, latest version 3.6.0 10461) gives the error "cannot acquire tun interface socket"
The OpenWRT client gives the error:
Code:
2025-02-26 OpenVPN 2.5.2 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]library versions: OpenSSL 1.1.1k 25 Mar 2021NOTE: the current --script-security setting may allow this configuration to call user-defined scriptsneither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.Exiting due to fatal errorCode:
Mar 8 16:47:48 pi4-vpn-server ovpn-server[504]: MULTI: multi_create_instance calledMar 8 16:47:48 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Re-using SSL/TLS contextMar 8 16:47:48 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]Mar 8 16:47:48 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]Mar 8 16:47:48 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'Mar 8 16:47:48 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'Mar 8 16:47:48 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 TLS: Initial packet from [AF_INET]172.59.77.143:62220, sid=8d4635f5 126aeaa6Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 PID_ERR replay-window backtrack occurred [1] [TLS_WRAP-0] [0_0011] 1741474069:6 1741474069:5 t=1741474069[0] r=[-1,64,15,1,1] sl=[58,6,64,272]Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 VERIFY OK: depth=1, CN=ChangeMeMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 VERIFY KU OKMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Validating certificate extended key usageMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client AuthenticationMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 VERIFY EKU OKMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 VERIFY OK: depth=0, CN=TimMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_VER=3.10.1Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_PLAT=androidMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_NCP=2Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_TCPNL=1Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_PROTO=2974Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_MTU=1600Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_AUTO_SESS=1Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_GUI_VER=net.openvpn.connect.android_3.5.1-10255Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 peer info: IV_SSO=webauth,crtextMar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: 172.59.77.143:62220 [Tim] Peer Connection Initiated with [AF_INET]172.59.77.143:62220Mar 8 16:47:49 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/TimMar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_04607f7a260e9507.tmpMar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 MULTI: Learn: 10.8.0.2 -> Tim/172.59.77.143:62220Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 MULTI: primary virtual IP for Tim/172.59.77.143:62220: 10.8.0.2Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 PUSH: Received control message: 'PUSH_REQUEST'Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 SENT CONTROL [Tim]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 Data Channel: using negotiated cipher 'AES-256-GCM'Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit keyMar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit keyMar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 PUSH: Received control message: 'PUSH_REQUEST'Mar 8 16:47:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 PUSH: Received control message: 'PUSH_REQUEST'Mar 8 16:51:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 [Tim] Inactivity timeout (--ping-restart), restartingMar 8 16:51:53 pi4-vpn-server ovpn-server[504]: Tim/172.59.77.143:62220 SIGUSR1[soft,ping-restart] received, client-instance restartingThe server seems to be proceeding normally, until the unexpected Inactivity timeout at the bottom.
Can anyone provide any insights on what is wrong?
Statistics: Posted by timg11 — Sat Mar 08, 2025 11:34 pm — Replies 0 — Views 21