OpenVPN spits alot of errors in logs

DELUSiONAL · June 22, 2025, 9:05pm

Hi all,

I lately noticed that OpenVPN spits the same error every 5 seconds in my logs.
Nevertheless OpenVPN is running perfectly fine.
At the moment I run 2 OpenVPN instances on the same router (different ports and certificate chains).
Even when I stop and disable the instances, the errors keep on comming.

Anyone any idea?

Sun Jun 22 23:05:32 2025 daemon.notice openvpn(server)[30222]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Sun Jun 22 23:05:32 2025 daemon.notice openvpn(server)[30222]: OpenVPN 2.6.14 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Jun 22 23:05:32 2025 daemon.notice openvpn(server)[30222]: library versions: OpenSSL 3.0.16 11 Feb 2025, LZO 2.10
Sun Jun 22 23:05:32 2025 daemon.warn openvpn(server)[30222]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jun 22 23:05:32 2025 daemon.warn openvpn(server)[30222]: ERROR: OpenVPN tls-crypt-v2 server key pem decode failed
Sun Jun 22 23:05:32 2025 daemon.err openvpn(server)[30222]: ERROR: invalid tls-crypt-v2 server key format
Sun Jun 22 23:05:32 2025 daemon.notice openvpn(server)[30222]: Exiting due to fatal error

Thanks in advance!

DELUSiONAL · June 22, 2025, 11:14pm

Not sure what is causing the problem.
If I check the services it seems to be disabled an stopped.
But according to LuCI the instances are running and I can login using them.

I use the config file located at /etc/config/openvpn
Not the one located at /etc/openvpn/server.conf

/etc/init.d/openvpn           	  disabled	   stopped

DELUSiONAL · June 22, 2025, 11:22pm

Seems to be fixed.
I deleted these two config files:

/etc/openvpn/server.conf
/etc/openvpn/client.conf

And no more errors in the log.

Thanks anyway!

mk24 · June 22, 2025, 11:26pm

Right, any files named *.conf in the /etc/openvpn directory will be loaded automatically and attempt to launch additional OpenVPN instances. You usually don't want that. Thus there is a convention of naming native OpenVPN config files .ovpn, which will not load automatically.

DELUSiONAL · June 22, 2025, 11:32pm

Thanks for the insight.
I copied and renamed them to .backup before deleting them.
Seems I don't need them at all in my current configuration.