DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

OpenVPN: Socket bind failed on local address

Wed Mar 22, 2017 6:08 am

After (foolishly?) updating my RPi 2 (Ethernet) to the latest revisions (apt-get update / apt-get upgrade), my OpenVPN Server Service now fails to start on reboot:
TCP/UDP: Socket bind failed on local address [AF_INET]192.168.1.157:1194: Cannot assign requested address
I have tried these various suggestions from the interwebs, all of which failed to rectify the issue:

Code: Select all

nano /lib/systemd/system/openvpn@.service
Under [UNIT] section, tried all combinations of:

Code: Select all

After=network-online.target
Requires=network-online.target
After=multi-user.target
Wants=network-online.target
And have also set 'Wait for Network At Boot' in the raspi-config app.

The only 'fix' for this was to comment out the local 192.168.1.157 directive from the /etc/openvpn/server.conf file.

This is not ideal. I'd rather it bind to a specific address rather than Any address, should I choose to put another network card in, or upgrade to a RPI 3 (with Ethernet and Wifi)

Any suggestions?

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Wed Mar 22, 2017 10:54 pm

What's running on port 1194?

sudo netstat -tlnpu | awk -F '/' '/1194/ {print $2}'

What's in /etc/default/openvpn?
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Thu Mar 23, 2017 2:29 pm

Thanks for the response!
Below are the items you requested.

Code: Select all

root@xxxxxxxx:/home/pi#  netstat -tlnpu | awk -F '/' '/1194/ {print $2}'
openvpn

Code: Select all

root@xxxxxxxx:/home/pi# cat  /etc/default/openvpn
# This is the configuration file for /etc/init.d/openvpn

#
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.
# The VPN name refers to the VPN configutation file name.
# i.e. "home" would be /etc/openvpn/home.conf
#
# If you're running systemd, changing this variable will
# require running "systemctl daemon-reload" followed by
# a restart of the openvpn service (if you removed entries
# you may have to stop those manually)
#
#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office"
#
# WARNING: If you're running systemd the rest of the
# options in this file are ignored.
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
# Optional arguments to openvpn's command line
OPTARGS=""
#
# If you need openvpn running after sendsigs, i.e.
# to let umountnfs work over the vpn, set OMIT_SENDSIGS
# to 1 and include umountnfs as Required-Stop: in openvpn's
# init.d script (remember to run insserv after that)
#
OMIT_SENDSIGS=0

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Thu Mar 23, 2017 4:02 pm

So openvpn is starting during boot up. But your openvpn defaults file is missing an

Code: Select all

AUTOSTART="all"
line to get your openvpn profiles (in /etc/openvpn/*.conf) running.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Fri Mar 24, 2017 2:36 am

No joy. Made the Change, then rebooted. Stil get: :(

Code: Select all

root@xxxxxxxx:/usr# cat /var/log/openvpn.log
Thu Mar 23 21:28:00 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL                                                                          )] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Thu Mar 23 21:28:00 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Mar 23 21:28:00 2017 Control Channel Authentication: using '/etc/openvpn/eas                                                                          y-rsa/keys/ta.key' as a OpenVPN static key file
Thu Mar 23 21:28:00 2017 TCP/UDP: Socket bind failed on local address [AF_INET]1                                                                          92.168.1.157:1194: Cannot assign requested address
Thu Mar 23 21:28:00 2017 Exiting due to fatal error

Code: Select all

root@xxxxxxxx:/usr# cat /etc/openvpn/server.conf
local 192.168.1.157
...

Code: Select all

root@xxxxxxxx:/usr# cat  /etc/default/openvpn
# This is the configuration file for /etc/init.d/openvpn

#
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.
# The VPN name refers to the VPN configutation file name.
# i.e. "home" would be /etc/openvpn/home.conf
#
# If you're running systemd, changing this variable will
# require running "systemctl daemon-reload" followed by
# a restart of the openvpn service (if you removed entries
# you may have to stop those manually)
#
AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office"
#
# WARNING: If you're running systemd the rest of the
# options in this file are ignored.
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
# Optional arguments to openvpn's command line
OPTARGS=""
#
# If you need openvpn running after sendsigs, i.e.
# to let umountnfs work over the vpn, set OMIT_SENDSIGS
# to 1 and include umountnfs as Required-Stop: in openvpn's
# init.d script (remember to run insserv after that)
#
OMIT_SENDSIGS=0

Code: Select all

root@xxxxxxxx:/usr# ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:22:b5:01
          inet addr:192.168.1.157  Bcast:192.168.1.255  Mask:255.255.255.0

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Fri Mar 24, 2017 10:17 am

Try this in /etc/openvpn/server.conf

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Fri Mar 24, 2017 2:11 pm

Still unable to find any joy :cry:

Code: Select all

Fri Mar 24 09:05:25 2017 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.1.157:1194: Cannot assign requested address
The only difference between my server.conf and your example was the user/group, so I changed it to what you had:

Code: Select all

user openvpn
group openvpn

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Fri Mar 24, 2017 2:13 pm

Just to verify when it fails on startup, there is nothing bound to port 1194:

Code: Select all

root@xxxxxxxx:/home/pi# netstat -tlnpu | awk -F '/' '/1194/ {print $2}'
root@xxxxxxxx:/home/pi#

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Fri Mar 24, 2017 2:19 pm

Have you rebooted?
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Sun Mar 26, 2017 2:43 am

Every time.
I make a change and then reboot to see if OpenVPN attaches to its specified local IP address. When it fails, I try another change and reboot again.
So far, the only time it succeeds is when I don't specify the local IP in /etc/openvpn/server.conf

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Sun Mar 26, 2017 1:36 pm

You shouldn't need to include the local IP in your OpenVPN config. OpenVPN can work it out for itself by checking the kernel network tables.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Sun Mar 26, 2017 3:01 pm

As I said in my initial post, while not specifying the local IP address in the server.conf works, it is not ideal. For those situations where I have more than one adapter (eth0, wlan0, etc), I need to specify which IP address to bind OpenVPN to - not all of them.

And while your statement of it not being needed, that does not fix or explain why it no longer works as documented in the OpenVPN specifications.
https://community.openvpn.net/openvpn/w ... n23ManPage
--local host
Local host name or IP address for bind. If specified, OpenVPN will bind to this address only. If unspecified, OpenVPN will bind to all interfaces.
So, while I understand the version of OpenVPN to which I just upgraded to may be out of your control, just stating that I don't need it, is not a solution. I started here because all the resources from my apt-get upgrade came from the raspbian repository, and I still feel it is due to a initialization sequence issue in the startup of the RPi.

Thank you for your attempts to help me fix this issue. I will post this on the OpenVPN forum to see if someone there has some ideas.

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Sun Mar 26, 2017 5:50 pm

The docs say local w.x.y.z should work (as long as each interface has a different static address and it matches one of them). I've never been interested in using one RPi with two active interfaces.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: OpenVPN: Socket bind failed on local address

Fri Apr 14, 2017 1:24 am

Quick update: It's happened again on another Pi. And both Pi's where model 3B (which have two network adapters)
It may be that there is an issue in a recent build where OpenVPN cannot identify which adapter has the IP address specified and so either binds to the wrong one, and fails, or tries to bind to both, and fails.
So, by removing the IP address in the 'local xxx.xxx.xxx.xxx' setting of the server.conf file, it may be binding to both with 'any' address.
Most of the time, this is not an issue, but if the Pi is set up as a router or gateway, I'd think this would cause problems.

P.S. That's now 3 Raspberry Pi 3s, in three different locations, all failing this way. I think this is more than just a coincidence. There is a bug there somewhere...

Now 5! Raspberry PI 3s with this issue...and counting...

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Fri Apr 14, 2017 1:42 pm

It's a software bug. You won't have five raspberries failing with a hardware error unless you're seriously abusing them.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Tue Apr 18, 2017 4:03 pm

Good evening, I'm Francisco Cazorla, from Barcelona. I'm a beginner with Raspberry and I'm in a trouble with my first project.

I have a new PI 3 B, with Noobs 2.4.0 (and the last Raspbian version) I'm trying to build an VPN server with openvpn. I have been following the http://readwrite.com/2014/04/10/raspber ... -browsing/ tutorial and I have the same message OpenVPN: Socket bind failed on local address ... (as I can see it in the openvpn.log), The server does not work and port 1194 is not opened. It does matter if I comment the local statament or not.

I would like to track the evolution of this topic.

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Tue Apr 18, 2017 8:47 pm

I add the messages from the openvpn.log, with the local statement on server.conf (both commented and uncommented)
  • The message on the openvpn.log (with local statement on server.conf)
    Tue Apr 18 21:30:19 2017 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.0.157:1194: Cannot assign requested address

    The complete openvpn.log (and the local statement comented on server.conf)
    Tue Apr 18 21:30:19 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
    Tue Apr 18 21:30:19 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
    Tue Apr 18 21:30:19 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
    Tue Apr 18 21:30:19 2017 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
    Tue Apr 18 21:30:19 2017 Exiting due to fatal error

User avatar
DougieLawson
Posts: 39531
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN: Socket bind failed on local address

Tue Apr 18, 2017 8:49 pm

What's already running?

sudo netstat -tlnpu | grep 1194
ps xauf | grep openvpn
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Wed Apr 19, 2017 8:45 am

After the command sudo netstat -tlnpu | grep 1194 :

udp 0 0 0.0.0.0:1194 0.0.0.0:* 418/openvpn

After the command ps xauf | grep openvpn

nobody 418 0.0 0.6 5528 2844 ? Ss 10:15 0:00 /user/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf
root 1040 0.0 0.4 4268 1840 pts/0 S+ 10:22 0:00 \_ grep openvpn

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Wed Apr 19, 2017 8:57 am

I reenter the data again, as I did it manually the first time, and may be any error on it. Now, it has been done with a copy/paste:
  • command sudo netstat -tlnpu | grep 1194
    udp 0 0 0.0.0.0:1194 0.0.0.0:* 418/openvpn


    command ps xauf | grep openvpn
    nobody 418 0.0 0.6 5528 2844 ? Ss 10:15 0:00 /usr/sbin/openv pn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf
    root 1040 0.0 0.4 4268 1840 pts/0 S+ 10:22 0:00
\_ grep openvpn

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Wed Apr 19, 2017 9:06 am

Also, I noticed the data in the openvpn.log is not updated correctly (from my point of view):
  • -rw------- 1 root root 881 Apr 19 09:17 openvpn.log
    -rw------- 1 root root 232 Apr 19 10:16 openvpn-status.log
If I do an openvpn --config /etc/openvpn/server.conf, then the data is correctly update (I don't know if this is usefull to debug the problem)
  • -rw------- 1 root root 771 Apr 19 11:04 openvpn.log
    -rw------- 1 root root 0 Apr 19 11:04 openvpn-status.log
and the contens of the openvpn.log:
  • Wed Apr 19 11:04:08 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
    Wed Apr 19 11:04:08 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
    Wed Apr 19 11:04:08 2017 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts i$
    Wed Apr 19 11:04:08 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
    Wed Apr 19 11:04:08 2017 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
    Wed Apr 19 11:04:08 2017 Exiting due to fatal error

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Thu Apr 20, 2017 6:49 am

There was an error in my previous updates. I have verified the openvpn.log when the local statement is commented. There is no error message in the log, as you can see below, but port 1194 is still not opened. It seems not assigned to any ip, but I don't know raspbian enought to be sure of that.

[listThu Apr 20 08:17:12 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Thu Apr 20 08:17:12 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Thu Apr 20 08:17:12 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Thu Apr 20 08:17:12 2017 TUN/TAP device tun0 opened
Thu Apr 20 08:17:12 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 20 08:17:12 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Apr 20 08:17:12 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Apr 20 08:17:13 2017 GID set to nogroup
Thu Apr 20 08:17:13 2017 UID set to nobody
Thu Apr 20 08:17:13 2017 UDPv4 link local (bound): [undef]
Thu Apr 20 08:17:13 2017 UDPv4 link remote: [undef]
Thu Apr 20 08:17:13 2017 Initialization Sequence Completed
][/list]

Then, the command netstat -tlnpu | grep 1194 shows:
  • root@raspberrypi:/var/log# netstat -tlnpu | grep 1194
    udp 0 0 0.0.0.0:1194 0.0.0.0:* 416/openvpn
and the command ps xauf | grep openvpn shows:
  • root@raspberrypi:/var/log# ps xauf | grep openvpn
    nobody 416 0.0 0.6 5528 2900 ? Ss 08:27 0:00 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf
    root 1020 0.0 0.4 4268 1840 pts/0 S+ 08:47 0:00 \_ grep openvpn
    root@raspberrypi:/var/log#
I don't know how to continue with this. Any help welcome!

fcazorlasoler
Posts: 7
Joined: Sun Apr 16, 2017 6:41 am
Location: Barcelona

Re: OpenVPN: Socket bind failed on local address

Fri Apr 21, 2017 7:57 am

The problem was not really a problem!! It works perfectly (with the local statement commented) !!

I was trying to connect to the openvpn server from my local wifi, and this does not work. ( I supose this is normal. I don't know)

But today I tryed to connect form outside the wifi, and it works. The conecction is established and I can access the LAN without any problem.

Sorry for the inconvenience I could have caused to you.

Regards.

rohtua
Posts: 71
Joined: Sat Jul 16, 2016 9:01 am

Re: OpenVPN: Socket bind failed on local address

Wed Jun 28, 2017 11:25 am

Hi, I've been having the same issues myself and was reading your post, this post has the answer :)
DougieLawson wrote:The docs say local w.x.y.z should work (as long as each interface has a different static address and it matches one of them). I've never been interested in using one RPi with two active interfaces.
I went back to my interfaces file and set each active interface to a static ip and then when I reboot my Pi the OpenVPN server starts automatically, without having to comment out the local option in the server.conf file. Hope this helps.

Return to “Troubleshooting”