Getting various errors/warns on openvpn on system log

I'm getting those errors almost every minute, and sometimes the OpenVPN connection stops working and only the non-VPN connection does...

The errors I'm getting are these:

daemon.warn openvpn(client)[10067]: Multiple --up scripts defined.  The previously configured script is overridden.
daemon.warn openvpn(client)[10067]: Multiple --down scripts defined.  The previously configured script is overridden.
daemon.warn openvpn(client)[10067]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
daemon.err openvpn(client)[10067]: Options error: You must define TUN/TAP device (--dev)

The VPN configuration from the ovpn file are these:


dev tun0
fast-io
persist-key
persist-tun
nobind
remote *server* 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass vpn.auth
pull-filter ignore "redirect-gateway"

What those errors mean and what should I do to make them stop? I guess that the VPN connection might be failing sometimes because the killswitch is configured for tun0 but sometimes the VPN may create another tunnel, would that be possible?

Thanks in advance!

1 Like

Nope.

Is this a commercial openVPN tunnel where you are the client or is it your own OVPN tunnel and you are both server and client?

1 Like

Commercial OpenVPN tunnel, I'm the client, but sometimes the connection from the VPN just stops and I can't find the reason why

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client
I have never used OVPN client solution but have you installed it as instructed here and as instructed on the OVPN homepage?
Without changing anything? Port 1195...are you sure about that because 1194 is their registered port.

Remove the killswitch to see if it work better without it?

But as the error message say, it doesn’t know if it is a server or a client and it detects multiple configs. Do you have multiple configs in the OVPN folder?

Do OVPN homepage have any solution on this error if you google the fault at their support?

1 Like

Does it work better if using it on a client (pc, pad, smartphone etc) in the LAN instead of on the router?

1 Like

Well, I haven't changed the port configuration, this one came from the .ovpn file from my VPN provider... I guess the multiple scripts isn't really a problem, just a configuration error from trying hard to put this thing to work, but the:

Options error: You must define TUN/TAP device (--dev)

Seems more to be the problematic part... I get those errors on the log at least once per minute, so the connection could be reinitiating every minute or so... How do I set up the TUN/TAP device on the configuration file?

Scripts...
Well I am a little tired of OpenVPN faults with scripts in this forum right now, so before anything else from me.

  1. Do you have installed a real unmodified OpenWRT (not a Snapshot, not downloaded from anywhere else, not downloaded from hardware manufacturer, not modified and recompiled/built, and not bought from anyone) firmware only downloaded from the OpenWRT homepage?
  2. What version of OpenWRT in question nr 1.
  3. Have you ever made any attempt of a OPKG upgrade?
  4. What version of OpenVPN package is installed in the OpenWRT device (the one that doesn’t work) right now?
  5. Is the real OpenVPN organization the supplier of the config file?
  6. Did you install the config file as instructed in the user guide for OpenVPN Client on OpenWRT homepage?
1 Like

1- No, I'm using a snapshot, since it's installed on a Raspberry Pi 4
2- OpenWrt SNAPSHOT r16405-438e88e672
3- I haven't, I thought it may only have been a configuration problem
4- git-21.062.33236-5160f1c
5- Yes, downloaded right from their website
6- Yes, also had some help here on the forums

I will be honest with you, I will not dig my self in to the mud of never ending tread of fault finding mission on a package in a Snapshot install.

Maybe someone else here at the forum will help.

Post the output to pastebin.com redacting the private parts:

uci show openvpn; ls -a -l /etc/openvpn; head -v -n -0 /etc/openvpn/*
1 Like

There it is, thanks for the help!

1 Like
/etc/init.d/openvpn stop
tee -a /etc/openvpn/*.ovpn < /etc/openvpn/client.conf > /dev/null
mv /etc/openvpn/client.conf /etc/openvpn/client.ovpn
/etc/init.d/openvpn start
1 Like

do openvpn can use like remote router acces?

Yay! That did it!

I don't get exactly what the command did, but I noticed it appended the configurations to the end of the .ovpn file, right?

What was the problem exactly?

1 Like

The options should be added to the configured client profiles.
The default profile should be renamed/removed to prevent its autostart causing errors.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.