id summary reporter owner description type status priority milestone component version severity resolution keywords cc 1329 starting a server instance a second time (failing) messes up routing for the first instance Gert Döring "So, I have this server instance {{{ port 51194 proto udp6 dev tun server 10.204.2.0 255.255.255.0 }}} which will on start do this: {{{ Sep 18 17:01:32 gentoo tun-udp-p2mp[27140]: net_iface_mtu_set: mtu 1500 for tun1 Sep 18 17:01:32 gentoo tun-udp-p2mp[27140]: net_iface_up: set tun1 up Sep 18 17:01:32 gentoo tun-udp-p2mp[27140]: net_addr_ptp_v4_add: 10.204.2.1 peer 10.204.2.2 dev tun1 ... Sep 18 17:01:32 gentoo tun-udp-p2mp[27140]: net_route_v4_add: 10.204.2.0/24 via 10.204.2.2 dev [NULL] table 0 metric -1 ... Sep 18 17:01:32 gentoo tun-udp-p2mp[27140]: setsockopt(IPV6_V6ONLY=0) Sep 18 17:01:32 gentoo tun-udp-p2mp[27140]: UDPv6 link local (bound): [AF_INET6][undef]:51194 }}} all good: {{{ $ ip route |grep 10.204.1 10.204.1.0/24 via 10.204.1.2 dev tun0 10.204.1.2 dev tun0 proto kernel scope link src 10.204.1.1 }}} Now, start this instance again (because you messed up your locking in the surrounding scripts, or whatever)... it fails, because it cannot bind: {{{ 2020-09-18 17:09:14 us=113238 net_addr_ptp_v4_add: 10.204.1.1 peer 10.204.1.2 dev tun7 2020-09-18 17:09:14 us=114066 net_route_v4_add: 10.204.1.0/24 via 10.204.1.2 dev [NULL] table 0 metric -1 2020-09-18 17:09:14 us=114278 setsockopt(IPV6_V6ONLY=0) 2020-09-18 17:09:14 us=114338 TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:51194: Address already in use (errno=98) 2020-09-18 17:09:14 us=114376 Exiting due to fatal error 2020-09-18 17:09:14 us=114422 net_route_v4_del: 10.204.1.0/24 via 10.204.1.2 dev [NULL] table 0 metric -1 }}} but now: {{{ # ip route |grep 10.204.1 10.204.1.2 dev tun0 proto kernel scope link src 10.204.1.1 }}} the routes belonging to the *other* instance are gone. Not sure why this happens. I think netlink should tell us ""this route already exists"" and then we should *not* remove it on exit (AFAIR our logic already does ""we only remove routes that we successfully installed"") - but we do not seem to receive this feedback. I have not tested with an ""iproute2"" based openvpn binary, or on other platforms." Bug / Defect new major Generic / unclassified OpenVPN git master branch (Community Ed) Not set (select this one, unless your'e a OpenVPN developer) sitnl, netlink, double routes Antonio Quartulli tct