Multiple client connections failing due to bind

896 views
Skip to first unread message

peisch

unread,
Jul 7, 2012, 8:22:31 AM7/7/12
to tunnelbli...@googlegroups.com
I don't have anything in my configs that's telling openvpn to bind to the local 1194 -- but it is.  The subsequent connections will then fail.  I've tried various combinations of setting the port to any other port as well as bind/nobind but regardless, the first connection does the bind and the subsequent connections fail.

Is there anything I can do to tweak this behavior to make it work?

Tunnelblick 3.2.6 (build 2891.3007)
Default (2.2.1) (same results with 2.1.4)
Lion 10.7.4

[config A]
<connection>
remote aaa.aaa.com 1194
</connection>

dev tun
resolv-retry infinite
proto udp
nobind
auth-user-pass
ca vpnca.crt
comp-lzo adaptive
cipher AES-256-CBC
auth SHA1
tran-window 300
client



[Config B]
<connection>
remote bbb.bbb.com 1194
</connection>

dev tun
resolv-retry infinite
proto udp
auth-user-pass
ca ca.crt
comp-lzo adaptive
cipher AES-256-CBC
auth SHA1
tran-window 300
client


[Log when bringing up remote A]

2012-07-07 07:05:45 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.2.6 (build 2891.3007)

2012-07-07 07:05:45 *Tunnelblick: Attempting connection with AbilityNetwork; Set nameserver = 5; monitoring connection

2012-07-07 07:05:45 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start AAA.tblk 1337 5 0 0 0 49 -atDASNGWrdasngw 

2012-07-07 07:05:45 *Tunnelblick: openvpnstart message: Loading tun.kext

2012-07-07 07:05:45 *Tunnelblick: Established communication with OpenVPN

2012-07-07 07:05:45 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012

2012-07-07 07:05:45 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/peter/Library/Application Support/Tunnelblick/Configurations/AAA.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Users/peter/Library/Application Support/Tunnelblick/Configurations/AAA.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Speter-SLibrary-SApplication Support-STunnelblick-SConfigurations-SAAA.tblk-SContents-SResources-Sconfig.ovpn.5_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.1.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart

2012-07-07 07:05:46 *Tunnelblick: Obtained VPN username and password from the Keychain

2012-07-07 07:05:46 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

2012-07-07 07:05:46 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

2012-07-07 07:05:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2012-07-07 07:05:46 LZO compression initialized

2012-07-07 07:05:46 UDPv4 link local (bound): [undef]:1194

2012-07-07 07:05:46 UDPv4 link remote: aaa.aaa:1194

2012-07-07 07:05:46 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2012-07-07 07:05:46 [staff-server-shire] Peer Connection Initiated with 208.79.199.110:1194


[Log when brining up remote B]

2012-07-07 07:18:02 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.2.6 (build 2891.3007)

2012-07-07 07:18:04 *Tunnelblick: Attempting connection with boku; Set nameserver = 0; not monitoring connection

2012-07-07 07:18:04 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start BBB.tblk 1338 0 0 0 1 49 -atDASNGWrdasngw 

2012-07-07 07:18:04 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/peter/Library/Application Support/Tunnelblick/Configurations/BBB.tblk/Contents/Resources --daemon --management 127.0.0.1 1338 --config /Users/peter/Library/Application Support/Tunnelblick/Configurations/BBB.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Speter-SLibrary-SApplication Support-STunnelblick-SConfigurations-SBBB.tblk-SContents-SResources-Sconfig.ovpn.0_0_0_1_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2

2012-07-07 07:18:05 *Tunnelblick: Established communication with OpenVPN

2012-07-07 07:18:05 *Tunnelblick: Obtained VPN username and password from the Keychain

2012-07-07 07:18:05 *Tunnelblick: Flushed the DNS cache

2012-07-07 07:18:05 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012

2012-07-07 07:18:05 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

2012-07-07 07:18:05 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

2012-07-07 07:18:05 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2012-07-07 07:18:05 LZO compression initialized

2012-07-07 07:18:05 TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use

2012-07-07 07:18:05 Exiting

jkbull...gmail.com

unread,
Jul 7, 2012, 9:26:20 AM7/7/12
to tunnelbli...@googlegroups.com
This looks like an OpenVPN configuration issue. Try the OpenVPN Users Forum or the OpenVPN Users Mailing List.

The only two (slightly) unusual things about these configurations are that they use UDP and trans-window. UDP is reasonably common, but this is the first time I've seen (or noticed, anyway), trans-window.

Jonathan K. Bullard

unread,
Jul 10, 2012, 12:42:00 PM7/10/12
to tunnelbli...@googlegroups.com
Try adding the line
nobind
inside one of the <connection> sets -- maybe it only works there.


On Tue, Jul 10, 2012 at 12:20 PM, Derth <frodowear...@gmail.com> wrote:
It is not the trans-window..... I've got the same problem too.....

Config 1:

<connection>
remote location1.mydomain.local 1194
proto udp
</connection>

<connection>
remote location1.mydomain.local 443
proto tcp-client
connect-retry 3
</connection>

client
dev tun
comp-lzo
persist-tun
persist-key
cipher AES-256-CBC
tls-client
resolv-retry 5
tls-remote location1
auth-user-pass
tls-auth location1-tls.key 1
ca ca.crt
key client-key1.key
cert client-cert1.crt
Config 2:
<connection>
remote location2.mydomain.local 1195
proto udp
</connection>

<connection>
remote location2.mydomain.local 443
proto tcp-client
connect-retry 3
</connection>

client
dev tun
comp-lzo
persist-tun
persist-key
cipher AES-256-CBC
tls-client
resolv-retry 5
tls-remote location2
auth-user-pass
tls-auth location2-tls.key 1
ca ca.crt
key client-key1.key
cert client-cert1.crt


Both work individually, but when you try to connect to both, I get this in the log file:


2012-7-10 17:01:35 TCP/UDP: Socket bind failed on local address [undef]:1194 Address already in use
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/Z_xttTbqQM8J.

To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.

pablo....@proativati.com.br

unread,
Aug 16, 2018, 10:04:05 PM8/16/18
to tunnelblick-discuss
Dear,
Did you manage to run two simultaneous tunnels?
If so, how did you do it?
Reply all
Reply to author
Forward
0 new messages