OpenVPN fails to start server every time WAN IP changes

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Khadanja

Senior Member
Just now rebooted the router and WAN IP changed, logs show OpenVPN unable to start and old WAN is shown in logs. What does socket bind failed mean and why is it trying to bind on old WAN IP port 889? WAN IP is highlighted in bold.
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: TCP/UDP: Socket bind failed on local address [AF_INET]47.xx.xx.xxx:889: Cannot assign requested address (errno=99)
Code:
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20333]: OpenVPN 2.5.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug  6 2021
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20333]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.08
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Diffie-Hellman initialized with 2048 bit key
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 20 21:10:08 RT-AC68U-20E0 syslog: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: TUN/TAP device tun22 opened
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: TUN/TAP TX queue length set to 1000
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip link set dev tun22 up mtu 1500
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip link set dev tun22 up
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip addr add dev tun22 10.16.0.1/24
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: ovpn-up 2 server tun22 1500 1621 10.16.0.1 255.255.255.0 init
Sep 20 21:10:09 RT-AC68U-20E0 custom_script: Running openvpn-event
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: TCP/UDP: Socket bind failed on local address [AF_INET]47.xx.xx.xxx:889: Cannot assign requested address (errno=99)
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Exiting due to fatal error
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Closing TUN/TAP interface
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip addr del dev tun22 10.16.0.1/24
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: ovpn-down 2 server tun22 1500 1621 10.16.0.1 255.255.255.0 init
Sep 20 21:10:09 RT-AC68U-20E0 custom_script: Running openvpn-event
 

Khadanja

Senior Member
After sometime it becomes ok and I see this in log -
What does this mean - Could not determine IPv4/IPv6 protocol. Using AF_INET?
Code:
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: UDPv4 link local (bound): [AF_INET]47.XX.XX.XX:889
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: UDPv4 link remote: [AF_UNSPEC]
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: MULTI: multi_init called, r=256 v=256
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: IFCONFIG POOL IPv4: base=10.16.0.2 size=252
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: Initialization Sequence Completed
 

eibgrad

Very Senior Member
The change in the WAN ip is irrelevant. Most likely the OpenVPN server couldn't start on reboot (at least initially) due to some other dependency not being met at the time. This is NOT uncommon, and why sometimes certain processes need to retry several times before they can be correctly established. But as you saw, eventually it does get established.

The message about IPv4/IPv6 is just the OpenVPN server telling you that it doesn't know if you want it to listen on IPv4, IPv6, or both, for connections. So it's defaulting to IPv4 (AF_INET). Since Merlin only supports IPv4 anyway, you can eliminate the message (if it bothers you) by adding the following to the OpenVPN server custom config field, which tells it explicitly what to use.

Code:
proto udp4
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top