380.60 Beta2 - VPN and reboot issues

[Thorton]

After upgrading from 380.59 to 380.60 beta2, I have VPN connection issues. Every time 2nd, 3rd, or higher VPN profile is added to OpenVPN clients list, error message "Error - check configuration!" is displayed in 'Service state' section (1st VPN client is turned off!) Error log has this error all the time:


Jul 5 00:19:21 rc_service: httpd 448:notify_rc start_vpnclient2
Jul 5 00:19:22 openvpn[23349]: OpenVPN 2.3.11 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 22 2016
Jul 5 00:19:22 openvpn[23349]: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.08
Jul 5 00:19:22 openvpn[23350]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 5 00:19:22 openvpn[23350]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Jul 5 00:19:22 openvpn[23350]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jul 5 00:19:22 openvpn[23350]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jul 5 00:19:22 openvpn[23350]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Jul 5 00:19:22 openvpn[23350]: UDPv4 link local: [undef]
Jul 5 00:19:22 openvpn[23350]: UDPv4 link remote: [AF_INET]199.71.232.197:1194
Jul 5 00:19:22 openvpn[23350]: TLS: Initial packet from [AF_INET]199.71.232.197:1194, sid=572ee34d cfcaa561
Jul 5 00:19:22 openvpn[23350]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 5 00:19:23 openvpn[23350]: VERIFY OK: depth=1, C=US, ST=Florida, L=Miami, O=AzireVPN, OU=AzireVPN, CN=uk.ovpn.azirevpn.net, name=AzireVPN, emailAddress=info@azirevpn.com
Jul 5 00:19:23 openvpn[23350]: Validating certificate key usage
Jul 5 00:19:23 openvpn[23350]: ++ Certificate has key usage 00a0, expects 00a0
Jul 5 00:19:23 openvpn[23350]: VERIFY KU OK
Jul 5 00:19:23 openvpn[23350]: Validating certificate extended key usage
Jul 5 00:19:23 openvpn[23350]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jul 5 00:19:23 openvpn[23350]: VERIFY EKU OK
Jul 5 00:19:23 openvpn[23350]: VERIFY OK: depth=0, C=US, ST=Florida, L=Miami, O=AzireVPN, OU=AzireVPN, CN=uk.ovpn.azirevpn.net, name=AzireVPN, emailAddress=info@azirevpn.com
Jul 5 00:19:23 openvpn[23350]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 5 00:19:23 openvpn[23350]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Jul 5 00:19:23 openvpn[23350]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 5 00:19:23 openvpn[23350]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Jul 5 00:19:23 openvpn[23350]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jul 5 00:19:23 openvpn[23350]: [uk.ovpn.azirevpn.net] Peer Connection Initiated with [AF_INET]199.71.232.197:1194
Jul 5 00:19:26 openvpn[23350]: SENT CONTROL [uk.ovpn.azirevpn.net]: 'PUSH_REQUEST' (status=1)
Jul 5 00:19:26 openvpn[23350]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2606:ed00:4786:24::108c/64 2606:ed00:4786:24::1,dhcp-option DNS 199.71.232.194,redirect-gateway def1,redirect-gateway ipv6,route-ipv6 2000::/3,tun-ipv6,route-gateway 10.77.4.1,topology subnet,ping 3,ping-restart 15,ifconfig 10.77.4.142 255.255.255.0'
Jul 5 00:19:26 openvpn[23350]: Options error: unknown --redirect-gateway flag: ipv6
Jul 5 00:19:26 openvpn[23350]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 5 00:19:26 openvpn[23350]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 5 00:19:26 openvpn[23350]: OPTIONS IMPORT: route options modified
Jul 5 00:19:26 openvpn[23350]: OPTIONS IMPORT: route-related options modified
Jul 5 00:19:26 openvpn[23350]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 5 00:19:26 openvpn[23350]: TUN/TAP device tun12 opened
Jul 5 00:19:26 openvpn[23350]: TUN/TAP TX queue length set to 100
Jul 5 00:19:26 openvpn[23350]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Jul 5 00:19:26 openvpn[23350]: /usr/sbin/ip link set dev tun12 up mtu 1500
Jul 5 00:19:26 openvpn[23350]: /usr/sbin/ip addr add dev tun12 10.77.4.142/24 broadcast 10.77.4.255
Jul 5 00:19:26 openvpn[23350]: Linux ip addr add failed: external program exited with error status: 2
Jul 5 00:19:26 openvpn[23350]: Exiting due to fatal error


I know my config is CORRECT because if I copy VPN connection details from profile 2/3/4/5 to 1st profile, VPN starts working IMMEDIATELY. Put simply, I can use only one (first) VPN profile.


However, even bigger issue is reboot - only physical (hard) reboot works. If I click reboot button via admin interface, message says router is rebooting, but my Wifi connection is up all the time (usually it drops during reboot because router is down for several seconds). After "reboot", admin interface says "Your ISP's DHCP does not function properly" and Internet connection is down. Clicking that error messages brings me to connection setup wizard, which simply freezes.


Also, is it normal that 5 GHz connection becomes available only in 3-5 minutes after reboot? 2.4 GHz becomes available in a minute or so, while 5 GHz takes much, much longer.

 

[Thorton]

Did some more tests today, can confirm VPN is really fu**ed up in this release... If some changes are made even to 1st VPN client profile (which usually works) for more than 3 times (like changing hostname, applying settings, then changing hostname back, applying settings again), it stops working as well (error log has exactly the same messages as in my 1st post). The only way to get VPN up - hard reboot.