-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Socket bind failed on local address [AF_INET]127.0.0.1 #416
Comments
If changing port offset by small values leads to similar error, there could be some running process that reserves a large swath of ports in that range. If so, change the port offset to be well out that range. Some one else had reported a third party app that opens a large number of ports in the 25000 to 26000 range. Also make sure stale openvpn.exe processes are not getting left behind due to some other issue. That could lead to errors like this on attempting to restart the connection. Check running processes using task manager. |
@selvanair ty for helping. I can't seem t o find why OVPN GUI thinks that/those ports are taken? I just did a complete uninstall using IOBit Uninsttaller, that also does a scan for anything leftover in the registry, etc., double-checked to make sure that no openvpn services were leftover, and then installed this: Tried to connect with a previously working .ovpn file and still got the same error:
Then I looked at all current ports using Nirsoft Curports, and there's nothing using port 25340, or anything even near the 25000 range.: I also just changed the port to 9999, double-checked curports to make sure 9999 wasn't in use, and same error. Although looking at the log it's not even trying to use the port that I specified: I'm at a loss here as to what could be the issue? |
This is baffling. As snapshots are largely untested, can you try the latest release from [here] (https://openvpn.net/community-downloads/) ? I suppose you have interactive service running so that the GUI can be run as limited user? That's not critical, but good to know there are no unusual things going on. To narrow this down, could you directly start openvpn from a command prompt? Open a cmd window, cd to the folder where the config is and run, say, C:\Program Files\OpenVPN\bin\openvpn.exe --config Johannesburg01.ovpn --management localhost 25340 That will not fully succeed because of limited user privileges, but we can check whether it shows the same error. If the config has a log file specified in it, you may have to do a Ctrl-C and open the log file to check. Else the logs will appear on the terminal. Also check any excluded ports using netsh int ipv4 show excludedportrange tcp |
Ok, I uninstalled the snapshot and installed from the page you linked: https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.2-I601-amd64.msi Unfortunately I got the same error.
I just let the installer set up the service however it wanted:
Here is the result of running from a command-line:
Looking about midway through that screenshot it looks like the range 25302-25401 is excluded? Does this mean any port within that range can't be used? If so, how do I find what might be causing them to be blocked from use? Another question; does the computer need to be rebooted between each of these installations? I don't see any notice from the installer saying to do so, so I haven't been. |
Yes, default install will setup the service and start it. Reboot is not required except in some situations where the installation would prompt for it if required. The reservation list shows 25102 to 25901 are reserved and that is causing the error. I do not know how to find what is doing it. Apparently hyperv and docker is know to reserve large ranges though no idea whether this range is common. You could probably remove it using "netsh int ipv4 delete excludedportrange .... " command and then do an "administrative" reservation for your own use. Well-behaved programs will notice it and change their reservation when restarted. But that would require first stopping the offending program or use some registry edits and reboot. I don't know. An easier option may be to find a range that is free, add an administrative exclusion like
and then set the offset to 45000 in the GUI settings. |
To copy text from a command prompt, simply highlight the text with your mouse and then press Enter. |
Well, I might be onto something but not sure what or why, lol. Using that excluded ports command I got a massive list: https://pastebin.com/b9Hz0WEx Then I looked at the very top and it says that port 1063 shouldn't be excluded; confirmed it wasn't in use with CurPorts and it wasnt; set t hat port in OpenGUI settings and got the same error. The log said it was trying 1064. So thinking that OGUI adds 1 port to anything I set in it, I set the port in it to 1062. THAT connected! But looking in CurPorts, it literally connected to port 1062 instead of adding 1 port. So it looks like an issue with excluded ports, but I have NO idea why my list would be THAT HUGE. Also, I don't understand why OGUI doesn't just use the specified port every single time rather than adding port numbers? If the idea is to start at the given port, and keep attempting at ports that'll connect by adding 1 port at a time, it seems like it should still find a port when set to port 1063? |
I know, but I figured a screenshot would be fine in this case. |
The number you specify in the settings is an offset. The index of the config is added to that number to find the port to use. configs are generally alphabetically indexed but its a bit more complex [*] than that so not that easy to predict the port number especially if you have many configs. Its not random though. This logic is not perfect and the actual port used could span over a wide range if there are 100's of configs. Yet, its somewhat predictable :) I know this can benefit from some improvement. The port offset + config index is used as is -- no attempt is made at finding an unused port as that's not possible the way openvpn works. The GUI has to pick the port and openvpn core has to bind to it. Otherwise we would have used dynamic ports and avoided this issue altogether. [*] User configs are scanned first, global configs after that and Windows has a mind of its own how it orders directory traversal when recursing into sub directories. |
If I get my magnifying glass out then I can just about read it, although it is not exactly clear. |
ProTip: Click the image. ;) |
If you are trying to read her username and password, its not just you -- it has been blanked out. Don't blame your glasses :) |
Ok, thank you again for helping me sort this all out. :) At least I'm back in business again and able to connect, lol. One last quick one, that I don't know if I should just toss in here real quick or start up a whole new issue for? Is there a quick 1-liner I need to add to my .ovpn file to fix that "DEPRECATED OPTION:" notice w/out fully disabling the cipher, or lowering it to 128? From my searches I'm only able to find command-line flags to use (rather than the line for a config file), and also they basically give a line that disables the cipher. |
@YouveGotMeowxy Pro-tip: A Pro never print-screens a DOS prompt. 🏁 |
A pro uses whatever tool is available to get the job effectively done; you're only a click away from seeing the same result as a copy/paste. ;) |
A Pro chooses to use the correct tools to explain the problem clearly to their intended audience. I'll leave it there because I don't want to start a war -- Sorry for the intrusion. Please accept my apologies for any inadvertent offence, that was not my intention. |
A screenshot is a correct tool to explain. That's why there are hundreds of screenshot utilities, as well as millions of screenshots all over the internet on tutorial pages. :) Apology accepted, no offense taken. :-D |
One liner would be to replace "cipher" by "data-ciphers-fallback". But read on. Assuming your server supports ncp, the cipher is negotiated and AES-256-GCM or AES-128-GCM may be getting selected (check the logs). If so the cipher you are specifying is only a fallback. In 2.5, the preferred way to do that is using --data-ciphers-fallback instead of --cipher. The deprecation message does indicate that as one of the ways of fixing it. Command line options are the same as what goes into the config file except config file also supports inline certs and keys etc. And, the starting "--" is required on command-line but optional in the config file. So you could write --data-ciphers-fallback AES-256-CBC The latter form is generally preferred in the config file, but nothing wrong with the former. As the former form with "--" is required on command line, that's how its generally described in documentation and logs. P.S. Be careful and do check the logs to see what cipher is negotiated after you make changes. |
@selvanair ok, tyvm for everything! It looks like the original problem is due to Hyper-V reserving all those ports, and not the fault of OpenVPN/GUI, so I'll leave it up to you whether or not to Close the issue; I'll go digging into why and how to stop MS from totally owning my puter, once again, lol. :) |
Os there a fix for detecting an avoiding the excluded ports in the code? (or informing the user of the issue and the setting to change) |
As mentioned in the top of this thread, the user can change the port offset in the settings menu (see the Advanced tab) -- defaults tot 25340. The port used would be the offset + ordinal index of the config. If you have, say, 3 config files, they are indexed 0, 1, 2. |
Thanks, that would help. (Port numbers is not something that most users would understand) The excluded ports are a mess - they change randomly with reboots and the error messages did not make it obvious that that is what is going on. (Some other applications sometimes use hard-coded ports which means that they break until you reboot) (I have Hyper-V installed, with one VM created that is not running. I do have WSL1 as well, not sure if that also affects the excluded ports) (It also doesn't help that the classic troubleshooting of checking what is listening on the port also fails for the excluded ports) |
I ran into the same problem but didn´t check if the port was on an excluded range. After restarting the "Host Network Service" the problem was gone. It's not a fix but is faster than multiple restarts of the machine. |
I'm suddenly getting this error on this version, for every VPN config I try:
The log shows this:
I have tried changing the port in the settings tab, but I still always get the same error.
Anyone have any ideas?
The text was updated successfully, but these errors were encountered: