无法 ioctl TUNSETIFF tap0：设备或资源繁忙 (errno=16)

Question

我遇到了一个奇怪的问题，当我与 openvpn 一起运行 bridge-start 时，该服务将无法启动。如果我不让 openvpn 运行 bridge-start，并手动添加必要的接口（tap0，br0）（或从 shell 运行 bridge-start），然后我注释掉“up”指令，以便 openvpn 不会调用任何脚本，然后它就可以工作了，一切都很好。

查看 openvpn.log 我可以看到 openvpn 使用多个选项（/etc/openvpn/bridge-start tap0 1500 1654 init）调用脚本，我真的不明白为什么会这样。这可能是个问题吗？

openvpn.log： Tue May 8 20:18:34 2018 us=217442 Current Parameter Settings: Tue May 8 20:18:34 2018 us=217576 config = 'server.conf' Tue May 8 20:18:34 2018 us=217599 mode = 1 Tue May 8 20:18:34 2018 us=217616 persist_config = DISABLED Tue May 8 20:18:34 2018 us=217633 persist_mode = 1 Tue May 8 20:18:34 2018 us=217679 show_ciphers = DISABLED Tue May 8 20:18:34 2018 us=217697 show_digests = DISABLED Tue May 8 20:18:34 2018 us=217713 show_engines = DISABLED Tue May 8 20:18:34 2018 us=217729 genkey = DISABLED Tue May 8 20:18:34 2018 us=217745 key_pass_file = '[UNDEF]' Tue May 8 20:18:34 2018 us=217761 show_tls_ciphers = DISABLED Tue May 8 20:18:34 2018 us=217778 connect_retry_max = 0 Tue May 8 20:18:34 2018 us=217795 Connection profiles [0]: Tue May 8 20:18:34 2018 us=217812 proto = udp Tue May 8 20:18:34 2018 us=217829 local = '[UNDEF]' Tue May 8 20:18:34 2018 us=217845 local_port = '1194' Tue May 8 20:18:34 2018 us=217861 remote = '[UNDEF]' Tue May 8 20:18:34 2018 us=217877 remote_port = '1194' Tue May 8 20:18:34 2018 us=217893 remote_float = DISABLED Tue May 8 20:18:34 2018 us=217909 bind_defined = DISABLED Tue May 8 20:18:34 2018 us=217925 NOTE: --mute triggered... Tue May 8 20:18:34 2018 us=217949 268 variation(s) on previous 20 message(s) suppressed by --mute Tue May 8 20:18:34 2018 us=217974 OpenVPN 2.4.5 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018 Tue May 8 20:18:34 2018 us=218005 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06 Tue May 8 20:18:34 2018 us=218268 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to Tue May 8 20:18:34 2018 us=218467 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 8 20:18:34 2018 us=219618 Diffie-Hellman initialized with 2048 bit key Tue May 8 20:18:34 2018 us=221006 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue May 8 20:18:34 2018 us=221065 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue May 8 20:18:34 2018 us=221120 TLS-Auth MTU parms [ L:1654 D:1140 EF:110 EB:0 ET:0 EL:3 ] Tue May 8 20:18:34 2018 us=221554 TUN/TAP device tap0 opened Tue May 8 20:18:34 2018 us=221605 TUN/TAP TX queue length set to 100 Tue May 8 20:18:34 2018 us=221798 /etc/openvpn/bridge-start tap0 1500 1654 init Tue May 8 20:18:34 2018 ERROR: Cannot ioctl TUNSETIFF tap0: Device or resource busy (errno=16) Tue May 8 20:18:34 2018 Exiting due to fatal error RTNETLINK answers: File exists RTNETLINK answers: File exists Tue May 8 20:18:34 2018 us=249873 WARNING: Failed running command (--up/--down): external program exited with error status: 2 Tue May 8 20:18:34 2018 us=249933 Exiting due to fatal error

桥接启动： br="br0" tap="tap0" eth="enp1s0" eth_ip="10.50.0.4" eth_netmask="24" eth_broadcast="10.50.0.255" for t in $tap; do /usr/sbin/openvpn --mktun --dev $t done /usr/sbin/ip link add $br type bridge /usr/sbin/ip link set $eth master $br for t in $tap; do /usr/sbin/ip link set $t master $br done for t in $tap; do /usr/sbin/ip link set $t up /usr/sbin/ip link set $t promisc on done /usr/sbin/ip link set $eth up /usr/sbin/ip link set $eth promisc on /usr/sbin/ip address add $eth_ip/$eth_netmask broadcast $eth_broadcast dev $br

切断配置：

port 1194 proto udp dev tap0 script-security 2 up "/etc/openvpn/bridge-start" down "/etc/openvpn/bridge-stop" tls-server ca ca.crt cert home-vpn.crt key home-vpn.key # This file should be kept secret dh dh2048.pem ifconfig-pool-persist ipp.txt server-bridge 10.50.0.4 255.255.255.0 10.50.0.50 10.50.0.100 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" keepalive 10 120 tls-auth ta.key 0 # This file is secret auth-nocache cipher CAMELLIA-256-CBC auth SHA512 reneg-sec 3600 crl-verify crl.pem tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 compress lz4-v2 push "compress lz4-v2" max-clients 50 persist-key persist-tun status openvpn-status.log log-append openvpn.log verb 4 mute 20 explicit-exit-notify

谢谢！

Answer 1

如果您没有停止服务 openvpn 并立即更改配置文件，则会发生这种情况 - 结果，在重新启动后，您仍然会丢失旧界面的进程。需要完全停止openvpn服务，执行killall openvpn。- 以 Linux Debian 为例：

# /etc/init.d/openvpn stop
# killall openvpn

我们检查内存中的进程：

# ps -A|grep openvpn

如果没有 - 启动 openvpn：

# /etc/init.d/openvpn start

该服务应该没有错误地启动...... :)