OpenVPN clients work fine when they're started by /etc/init.d/openvpn for the first time, but they can't reconnect if the master server is restarted.
This is the error I get in syslog:
ovpn-openvpn[8113]: Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
ovpn-openvpn[8113]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
ovpn-openvpn[8113]: Cannot allocate TUN/TAP dev dynamically
ovpn-openvpn[8113]: Exiting
This are the file permissions of tun device:
crw-rw-rw- 1 root root 10, 200 2011-03-24 16:51 /dev/net/tun
If I then restart the client using "/etc/init.d/openvpn restart", they connect normally.
Also, problems only appear when openvpn runs as user 'nobody'. Running as 'root' solves everything but it's not a viable solution.
'persist-tun' option also helps a bit, but not too much. Tunnels still don't last overnight.
Any suggestions?
Best Answer
I'd guess that you need to use the --ifconfig-pool-persist option on your server in order to keep the client <-> ip address mapping across the restarts of your server daemon. Otherwise the clients need to call ifconfig to reconfigure their tun device even with --persist-tun active. This will invariably fail if they do not have root priveleges.