4

OpenVPN clients work fine when they're started by /etc/init.d/openvpn for the first time, but they can't reconnect if the master server is restarted.

This is the error I get in syslog:

ovpn-openvpn[8113]: Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
ovpn-openvpn[8113]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
ovpn-openvpn[8113]: Cannot allocate TUN/TAP dev dynamically
ovpn-openvpn[8113]: Exiting

This are the file permissions of tun device:

crw-rw-rw- 1 root root 10, 200 2011-03-24 16:51 /dev/net/tun

If I then restart the client using "/etc/init.d/openvpn restart", they connect normally.

Also, problems only appear when openvpn runs as user 'nobody'. Running as 'root' solves everything but it's not a viable solution.

'persist-tun' option also helps a bit, but not too much. Tunnels still don't last overnight.

Any suggestions?

Akarot
  • 143
  • 1
  • 2
  • 10

1 Answers1

1

I'd guess that you need to use the --ifconfig-pool-persist option on your server in order to keep the client <-> ip address mapping across the restarts of your server daemon. Otherwise the clients need to call ifconfig to reconfigure their tun device even with --persist-tun active. This will invariably fail if they do not have root priveleges.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169