What's new

OpenVPN fails to start server every time WAN IP changes

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Khadanja

Senior Member
Just now rebooted the router and WAN IP changed, logs show OpenVPN unable to start and old WAN is shown in logs. What does socket bind failed mean and why is it trying to bind on old WAN IP port 889? WAN IP is highlighted in bold.
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: TCP/UDP: Socket bind failed on local address [AF_INET]47.xx.xx.xxx:889: Cannot assign requested address (errno=99)
Code:
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20333]: OpenVPN 2.5.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug  6 2021
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20333]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.08
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Diffie-Hellman initialized with 2048 bit key
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 20 21:10:08 RT-AC68U-20E0 syslog: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: TUN/TAP device tun22 opened
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: TUN/TAP TX queue length set to 1000
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip link set dev tun22 up mtu 1500
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip link set dev tun22 up
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip addr add dev tun22 10.16.0.1/24
Sep 20 21:10:08 RT-AC68U-20E0 ovpn-server2[20334]: ovpn-up 2 server tun22 1500 1621 10.16.0.1 255.255.255.0 init
Sep 20 21:10:09 RT-AC68U-20E0 custom_script: Running openvpn-event
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: TCP/UDP: Socket bind failed on local address [AF_INET]47.xx.xx.xxx:889: Cannot assign requested address (errno=99)
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Exiting due to fatal error
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: Closing TUN/TAP interface
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: /usr/sbin/ip addr del dev tun22 10.16.0.1/24
Sep 20 21:10:09 RT-AC68U-20E0 ovpn-server2[20334]: ovpn-down 2 server tun22 1500 1621 10.16.0.1 255.255.255.0 init
Sep 20 21:10:09 RT-AC68U-20E0 custom_script: Running openvpn-event
 
After sometime it becomes ok and I see this in log -
What does this mean - Could not determine IPv4/IPv6 protocol. Using AF_INET?
Code:
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: UDPv4 link local (bound): [AF_INET]47.XX.XX.XX:889
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: UDPv4 link remote: [AF_UNSPEC]
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: MULTI: multi_init called, r=256 v=256
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: IFCONFIG POOL IPv4: base=10.16.0.2 size=252
Sep 20 21:12:07 RT-AC68U-20E0 ovpn-server2[22809]: Initialization Sequence Completed
 
The change in the WAN ip is irrelevant. Most likely the OpenVPN server couldn't start on reboot (at least initially) due to some other dependency not being met at the time. This is NOT uncommon, and why sometimes certain processes need to retry several times before they can be correctly established. But as you saw, eventually it does get established.

The message about IPv4/IPv6 is just the OpenVPN server telling you that it doesn't know if you want it to listen on IPv4, IPv6, or both, for connections. So it's defaulting to IPv4 (AF_INET). Since Merlin only supports IPv4 anyway, you can eliminate the message (if it bothers you) by adding the following to the OpenVPN server custom config field, which tells it explicitly what to use.

Code:
proto udp4
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top