[Bug 1689833] Re: OpenVPN server does not start properly on boot
** Tags added: network-online-ordering -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
** Changed in: openvpn (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
Note: the if the solution needs an ifupdown hook like shown in comment #12 in >=Bionic I'd ask you to take a look for networkd-dispatch (the final solution for almost all of these bugs is that the upstream project starts to listen o netlink to pick up late ready IP addresses) FYI: There seem to be a whole class of issues like this so Rbasak added it also to a card that tracks related work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
Do you have a pointer to the upstream discussion? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
Seems upstream kindly solved this bug, the solution is to: In /etc/default/openvpn AUTOSTART="none" In /etc/network/interfaces iface ethX inet static address XXX.XXX.XXX.XX netmask 255.255.255.0 openvpn my_vpn_name Where ethX is your interface (ex, eth0 for a regular interface, eth0:1 for an alias of an interface), my_vpn_name is the base filename without the .conf suffix of your /etc/openvpn/my_vpn_name.conf file. To explain, the above causes the script /etc/network/if-up.d/openvpn to get executed, this in turn executes systemctl --no-block start openvpn@my_vpn_name which starts the openvpn after the interface or alias is brought up. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
Also affected by this bug, fresh Ubuntu Ubuntu 16.04.6 LTS minimal server install + openvpn /var/log/openvpn-.log: Sun Mar 17 14:45:59 2019 us=746742 TCP/UDP: Socket bind failed on local address [AF_INET]XXX.XXX.XXX.131:1094: Cannot assign requested address Sun Mar 17 14:45:59 2019 us=746750 Exiting due to fatal error Where XXX.XXX.XXX.131 is an IP aliased to eth0 (aliased eth0:1) in /etc/network/interfaces: auto eth0:1 allow-hotplug eth0:1 iface eth0:1 inet static address XXX.XXX.XXX.131 netmask 255.255.255.224 None of the workarounds listed in this bug or here https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ work - occurs 100% every boot. I can repeat this reliably on a fresh minimal install + openvpn + alias on primary interface -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
It's the normal builtin NIC on a headless server. Tried with different hardware as well: *-network description: Ethernet interface product: 82574L Gigabit Network Connection vendor: Intel Corporation *-network description: Ethernet interface product: NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Broadcom Corporation *-network description: Ethernet interface product: Virtio network device vendor: Red Hat, Inc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
@jnx, the 192.168.11.254 address you are trying to bind to, is that the normal nic of that machine? Or something else, like a wifi interface, or something that would only come up after the user logs in, assuming this is a desktop? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
I tried your suggested settings on fresh installs including all updates but this still regularly fails to bind the address. I have those servers running as virtual machines with Qemu/KVM. If I do the same thing on bare metal, the binding will succeed in like 95% of boots. /var/log/openvpn.log: Tue Apr 10 11:40:44 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017 Tue Apr 10 11:40:44 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Tue Apr 10 11:40:44 2018 Diffie-Hellman initialized with 2048 bit key Tue Apr 10 11:40:44 2018 Control Channel Authentication: using './easy-rsa/keys/ta.key' as a OpenVPN static key file Tue Apr 10 11:40:44 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Apr 10 11:40:44 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Apr 10 11:40:44 2018 Socket Buffers: R=[212992->212992] S=[212992->212992] Tue Apr 10 11:40:44 2018 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.11.254:1194: Cannot assign requested address Tue Apr 10 11:40:44 2018 Exiting due to fatal error -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ is a good read about this -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
In fact, our current openvpn package in bionic is using just these After and Wants values: After=network-online.target Wants=network-online.target ** Changed in: systemd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
> My guess is that systemd starts OpenVPN too early before the network is > brought > up sufficiently. Running 'sudo systemctl edit --full openvpn' and adding > 'Wants=network-online.target' does not change that behaviour. I tried this to test: [Unit] (...) After=syslog.target network-online.target Wants=network-online.target It then worked. Can you give that a shot? Upstream adopted a mixed approach and split the services into a server and client part, and adopted different after/wants values for each (see https://github.com/OpenVPN/openvpn/commit/28bd79ac980488dbfce2e8136287e38c6f35a043) I don't think we can take an approach as the above for a stable release update, though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
Found these other bugs which look related: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1598522 https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356 (marked as dup of the above) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
A possible workaround would be to add "Restart=on-failure" in the "[Service]" section of the systemd unit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
I finally got to confirm this. I had to install ntp to see the same problem in my vm. Before that, openvpn was always running after a reboot. The moment I installed ntp and rebooted, I got the issue: Mon Nov 20 19:17:41 2017 TCP/UDP: Socket bind failed on local address [AF_INET]10.0.6.10:1194: Cannot assign requested address Mon Nov 20 19:17:41 2017 Exiting due to fatal error root@04-57:~# systemctl status openvpn@server.service ● openvpn@server.service - OpenVPN connection to server Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2017-11-20 19:17:41 UTC; 1min 30s ago Docs: man:openvpn(8) https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage https://community.openvpn.net/openvpn/wiki/HOWTO Process: 577 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited, sta Main PID: 612 (code=exited, status=1/FAILURE) Nov 20 19:17:41 04-57 systemd[1]: Starting OpenVPN connection to server... Nov 20 19:17:41 04-57 systemd[1]: Started OpenVPN connection to server. Nov 20 19:17:41 04-57 systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE Nov 20 19:17:41 04-57 systemd[1]: openvpn@server.service: Unit entered failed state. Nov 20 19:17:41 04-57 systemd[1]: openvpn@server.service: Failed with result 'exit-code'. lines 1-14/14 (END) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
Thank you for reporting this bug. I will add it to the server team backlog, as it does appear to be a real issue. ** Changed in: openvpn (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689833 Title: OpenVPN server does not start properly on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1689833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689833] Re: OpenVPN server does not start properly on boot
** Description changed: OpenVPN intermittently fails to bind to local address during boot on Ubuntu Server 16.04.2 LTS. Sometimes it succeeds, sometimes it does not. /var/log/openvpn.log Wed May 10 15:42:02 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016 Wed May 10 15:42:02 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed May 10 15:42:02 2017 Diffie-Hellman initialized with 2048 bit key Wed May 10 15:42:02 2017 Control Channel Authentication: using './easy-rsa/keys/ta.key' as a OpenVPN static key file Wed May 10 15:42:02 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 10 15:42:02 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 10 15:42:02 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] Wed May 10 15:42:02 2017 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.4.254:1194: Cannot assign requested address Wed May 10 15:42:02 2017 Exiting due to fatal error - - In case it does not start, running 'sudo service openvpn start' fixes that problem. + In case it does not start, running 'sudo service openvpn start' fixes + that problem. /var/log/openvpn.log Wed May 10 15:42:43 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016 Wed May 10 15:42:43 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed May 10 15:42:43 2017 Diffie-Hellman initialized with 2048 bit key Wed May 10 15:42:43 2017 Control Channel Authentication: using './easy-rsa/keys/ta.key' as a OpenVPN static key file Wed May 10 15:42:43 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 10 15:42:43 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 10 15:42:43 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] Wed May 10 15:42:43 2017 ROUTE_GATEWAY 192.168.4.1/255.255.255.0 IFACE=ens4 HWADDR=52:54:00:f0:26:0c Wed May 10 15:42:43 2017 TUN/TAP device tun0 opened Wed May 10 15:42:43 2017 TUN/TAP TX queue length set to 100 Wed May 10 15:42:43 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed May 10 15:42:43 2017 /sbin/ip link set dev tun0 up mtu 1500 Wed May 10 15:42:43 2017 /sbin/ip addr add dev tun0 local 172.16.1.1 peer 172.16.1.2 Wed May 10 15:42:43 2017 /sbin/ip route add 172.16.1.0/24 via 172.16.1.2 Wed May 10 15:42:43 2017 GID set to nogroup Wed May 10 15:42:43 2017 UID set to nobody Wed May 10 15:42:43 2017 UDPv4 link local (bound): [AF_INET]192.168.4.254:1194 Wed May 10 15:42:43 2017 UDPv4 link remote: [undef] Wed May 10 15:42:43 2017 MULTI: multi_init called, r=256 v=256 Wed May 10 15:42:43 2017 IFCONFIG POOL: base=172.16.1.4 size=62, ipv6=0 Wed May 10 15:42:43 2017 IFCONFIG POOL LIST Wed May 10 15:42:43 2017 Initialization Sequence Completed - - My guess is that systemd starts OpenVPN too early before the network is brought up sufficiently. Running 'sudo systemctl edit --full openvpn' and adding 'Wants=network-online.target' does not change that behaviour. + My guess is that systemd starts OpenVPN too early before the network is + brought up sufficiently. Running 'sudo systemctl edit --full openvpn' + and adding 'Wants=network-online.target' does not change that behaviour. user@server:~$ sudo systemd-analyze critical-chain graphical.target @2.160s └─multi-user.target @2.159s - └─ntp.service @2.054s +104ms - └─remote-fs.target @2.052s - └─remote-fs-pre.target @2.052s - └─open-iscsi.service @1.993s +57ms - └─iscsid.service @1.942s +47ms - └─network-online.target @1.941s - └─network.target @1.929s - └─networking.service @1.793s +134ms - └─apparmor.service @1.140s +395ms - └─local-fs.target @1.140s - └─local-fs-pre.target @1.139s - └─lvm2-monitor.service @602ms +536ms - └─lvm2-lvmetad.service @773ms - └─systemd-journald.socket @574ms - └─-.slice @500ms + └─ntp.service @2.054s +104ms + └─remote-fs.target @2.052s + └─remote-fs-pre.target @2.052s + └─open-iscsi.service @1.993s +57ms + └─iscsid.service @1.942s +47ms + └─network-online.target @1.941s + └─network.target @1.929s + └─networking.service @1.793s +134ms + └─apparmor.service @1.140s +395ms + └─local-fs.target @1.140s + └─local-fs-pre.target @1.139s + └─lvm2-monitor.service @602ms +536ms + └─lvm2-lvmetad.service @773ms +
