Openvpn server (s2s) not starting after re-boot

I created an ovpn tunnerserver and it was working, but I restored older config thus re-created a new tunnel which worked but upon server reboot status is running but not connected.

Looking into log I see:
Tue Aug 4 03:06:50 2020 /sbin/ip route add cidr via ip.add.ress
RTNETLINK answers: File exists
Tue Aug 4 03:06:50 2020 ERROR: Linux route add command failed: external program exited with error status: 2

Tue Aug 4 03:06:50 2020 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1201: Address already in use (errno=98)
Tue Aug 4 03:06:50 2020 Exiting due to fatal error

How can this be solved? How can I reset openvpn completely including deleting obsolete routes, and how can this error be avoided in order to enable connected tunnelserver?

This openvpn s2s shall replace an ipsec tunnel, I had been using before, which has been deactivated but the remote network is almost the same,

while ipsec had configured 192.168.x.y/24 as remote network, openvpn hass now configured 192.168.x.y/25.

Is this a bug? How to solve? Would it work if ipsec tunnel is deleted? I dont want to delete it as it serves als fallback if the ovpn s2s does not work well enough, I’d like to change back to ipsec, thus it was not deleted but only deactivated.

Well I made a printscreen of the config so I could delete ipsec tunnel to check if this solves it and also rebooted again. Now the tunnel is up and running, but I don’t know if this should be considered as bug, I mean if I deactivate an ipsec tunnel shouldn’t its routes be removed?

And another question: If the ovpn tunnel nethserver is rebooted, the ovpn tunnel nethclient does aparently not immediatly reconnect to the tunnelserver. Is this normal? How can I configure it so the tunnelclient automatically reconnects to the tunnelserver as soon as it becomes available again?

Please check if there is some configuration left in the db:

db vpn show

and the openvpn logs on both sides to hopefully see why the reconnect does not work.

1 Like

I will do so, but for the time being I migrated back to ipsec vpn. Will report here then

1 Like

I removed the openvpn tunnel thus db vpn show only shows the ipsec-s2s tunnel. As described in the other thread I’d like to clean the cruft / leftover which have caused routing troubles so when I will try openvpn again there will be no problems.