Hi,
I'm trying to setup OpenVPN vtun2 on my ER-X for access to tigerVPN but commit fails and the log shows:
May 3 23:41:54 dtd-vpn openvpn[2886]: TCP/UDP: Socket bind failed on local address [undef]: Address already in use May 3 23:41:54 dtd-vpn openvpn[2886]: Exiting due to fatal error
existing config:
firewall {
all-ping enable
broadcast-ping disable
group {
address-group DNAT-TCP-vpn-server {
address 10.0.0.22
address 10.0.0.23
description "DNAT-TCP-vpn-server (OpenVPN)"
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 10.0.0.9/24
duplex auto
speed auto
}
ethernet eth1 {
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
encryption aes256
hash sha256
local-host 10.0.0.9
local-port 1194
mode server
openvpn-option "--push redirect-gateway def1"
openvpn-option "--push dhcp-option DNS 10.0.0.254"
openvpn-option --comp-lzo
openvpn-option "--dev tun"
openvpn-option "--max-clients 5"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--verb 3"
openvpn-option "--keepalive 10 60"
openvpn-option "--reneg-sec 0"
openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-pam.so login"
openvpn-option --client-cert-not-required
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
openvpn-option "--tls-auth /config/auth/keys/ta.key 0"
protocol udp
server {
subnet 10.71.87.0/24
}
tls {
ca-cert-file /config/auth/keys/ca.crt
cert-file /config/auth/keys/server.crt
dh-file /config/auth/keys/dh3072.pem
key-file /config/auth/keys/server.key
}
}
openvpn vtun1 {
encryption aes256
hash sha256
local-host 10.0.0.9
local-port 8443
mode server
openvpn-option "--push redirect-gateway def1"
openvpn-option "--push dhcp-option DNS 10.0.0.254"
openvpn-option --comp-lzo
openvpn-option "--dev tun"
openvpn-option "--max-clients 5"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--verb 3"
openvpn-option "--keepalive 10 60"
openvpn-option "--reneg-sec 0"
openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-pam.so login"
openvpn-option --client-cert-not-required
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
openvpn-option "--tls-auth /config/auth/keys/ta.key 0"
protocol tcp-passive
server {
subnet 10.87.77.0/24
}
tls {
ca-cert-file /config/auth/keys/ca.crt
cert-file /config/auth/keys/server.crt
dh-file /config/auth/keys/dh3072.pem
key-file /config/auth/keys/server.key
}
}
switch switch0 {
mtu 1500
}
}
service {
gui {
https-port 443
}
nat {
rule 1 {
description "DNAT TCP vpn-server (OpenVPN)"
destination {
port 443
}
inbound-interface eth0
inside-address {
address 10.0.0.9
port 8443
}
log disable
protocol tcp
source {
group {
address-group DNAT-TCP-vpn-server
}
}
type destination
}
rule 5000 {
description "UDP OpenVPN subnet to every where"
log disable
outbound-interface eth0
protocol ip
source {
address 10.71.87.0/24
}
type masquerade
}
rule 5001 {
description "TCP OpenVPN subnet to every where"
log disable
outbound-interface eth0
protocol ip
source {
address 10.87.77.0/24
}
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address 10.0.0.254
host-name vpn-server
login {
user MYNAME {
authentication {
encrypted-password <removed>
plaintext-password ""
}
level admin
}
}
name-server 10.0.0.254
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Los_Angeles
}
vpn {
ipsec {
auto-firewall-nat-exclude disable
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 10.0.0.0/24 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username MYNAME {
password PASS
}
}
mode local
}
client-ip-pool {
start 10.0.0.61
stop 10.0.0.65
}
dns-servers {
server-1 10.0.0.254
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret PASS
}
ike-lifetime 3600
}
outside-address 10.0.0.9
outside-nexthop 10.0.0.254
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.0.4853089.160219.1607 */config I'm trying to add:
NAME@vpn-server# show interfaces openvpn vtun2 +config-file "/config/tigerVPN/tigerVPN - US - Los Angeles.ovpn" +mode client [edit] NAME@vpn-server# commit [ interfaces openvpn vtun2 ] OpenVPN configuration error: Failed to start OpenVPN tunnel. Commit failed [edit] NAME@vpn-server#
.ovpn client config file:
;block-outside-dns client remote los.tigervpn.com 1194 udp remote los.tigervpn.com 443 tcp-client pull auth-user-pass /config/tigerVPN/tigerVPN.txt comp-lzo adaptive ca /config/tigerVPN/ca.crt dev tun tls-client script-security 2 cipher AES-256-CBC mute 10 route-delay 5 redirect-gateway def1 resolv-retry infinite #dhcp-renew #dhcp-release persist-key persist-tun remote-cert-tls server mssfix # Get help and more information by visiting https://help.tigervpn.com # With love from Bratislava, happy tigerVPN’ing!
Thanks,
->g.