Broken wordpress/web server after setting up openVPN

November 26, 2015 1.6k views
WordPress Apache VPN DigitalOcean

I had a functioning wordpress multisite droplet (IP: and installed openVPN following the instructions in this page:

Now I realized that my webserver is not responding (I cannot open any page). Same thing has happened to the wordpress, it is either broken or not repsonding.

My main concern is to have my webserver&wordpress back to life. I do not mind to disable or undo the openVPN installation.

I did not find much information about conflict between openVPN and wordpress instalation. I am even not sure if I understand what has gone wrong. Can anyone advice please?

  • I can't really say for sure what your solution is, but I can try to make poor assumptions about your problem. Is SSH even working? If not, it sounds as if your OpenVPN installation totally boned your firewall settings and locked out all traffic. You'll probably need to use your console to fix it.

  • I can connect via SSH, and I guess you are right about the possible firewall issue.

  • I'm having the same problem!

1 Answer


You're still able to SSH in to the Droplet, correct? If so, login to the CLI and run:

sudo killall -9 openvpn

and then restart Apache. What the above command does is simply terminate all OpenVPN processes that may be running, effectively shutting it down.

You can confirm this by issuing the command:


and then pressing SHIFT+M followed by C (as in the letter) on your keyboard. This sorts processes by RAM usage and then expands the process in the far right column so that you can see everything that's running in detail. If it's running, you'll either see the user associated with your OpenVPN config in the far left column or the OpenVPN process in the far right.

If you see OpenVPN still running, while still in top, press k and find the ID of the process in the far left column, type it in and hit enter. You'll be asked how to kill it off, simply hit enter (leaving it blank). If that doesn't work, run the same again and enter -9 or 15.

Once you run the above and restart Apache, let me know if you're up and running. If not, please run top, press SHIFT+M followed by C and upload a screenshot to imgur or another image hosting service and link to it in your reply.

  • Really thanks. Your comment helped to learn this useful command (top). I figured out that my firewall was blocking web communication. After sudo ufw disable my web server is working.

    I wonder if it is possible to have a nice configuration in my firewall which allows having the VPN on some ports, while keeping the normal web server/wordpress open.

    • @roozfeiz No problem :-).

      You can use ufw to add and remove ports freely, you just need to know what ports you need to allow public access to. To help you out, I'd need to know a little more about the setup you're running.

      Other than OpenVPN, Apache, MySQL and PHP, what other software are you running?


      To get you started, ideally we'd want to allow HTTP, HTTPS and SSH through as we need the first two to serve your WordPress site and SSH, of course, to login to the CLI and SFTP :-).

      So to start:

      sudo ufw allow 80/tcp
      sudo ufw allow 443/tcp
      sudo ufw allow 53/udp
      sudo ufw allow 22/tcp

      That allows, in order from top to bottom, HTTP, HTTPS, DNS and SSH, through ufw. You can run these commands while ufw is disabled (it won't turn it on).

      The /tcp & /udp portion of the command simply allows us to specify our preferred protocol.

      Connections over Port 80, 443 and 22 are most always going to be TCP. Port 53 should be udp and if you turn the firewall on and do not allow this port through, you may run in to issues with package updates and outside connections.

      Why not use sudo ufw allow 53/tcp? You can, though unless you're physically running a DNS server on your Droplet (i.e. Bind, for example), it's pointless :-).


      With that in mind, to allow OpenVPN through, you'd simply use the same command and swap out the port.

      sudo ufw allow PORT/tcp

      Where PORT = your OpenVPN port.


      To test things out, you would then simply issue the command below, but FIRST, make sure your SSH Port is actually 22 and if it's not, change it. Why? Once you start ufw, if your SSH port isn't allowed in, you won't be allowed back in :-):

      sudo ufw start
      • @jtittle I did as you said and now I have a functioning firewall with openVPN running. I have not managed to make the VPN really working, however, the main problem is solved, thanks to you. For getting the VPN to work, I will do some research and try to figure it out myself before asking this wonderful community again.

        • @roozfeiz

          Always happy to help and I'm glad that we've taken care of one issue, though leaving you with something not working bugs me :-).

          Would you mind running the following:

          tail -50 /var/log/syslog

          and pasting the output in to a Pastebin (and posting that link here - just to keep the reply clean)? What this command does out output the last (and newest) data logged to the syslog.

          The -50 tells tail how many lines we'd like to output, so you could change this to any reasonable number (though normally, we keep it relatively low to prevent filling up the screen).

          • Thanks for the follow up question.

            My wordpress multisite installation is now working, after a bit of struggling with changing it from IP-installation to domain (because I was waiting for my DNS to change, I had installed it with IP). The firewall is ON (thanks to your advise) and shows no conflict with WP and the normal starting up of openVPN.

            However, the VPN is not functioning properly. My client openVPN can successfully connect to my droplet. However, after the connection is established, in my client system I can only browse my own droplet sites. Any other website cannot be opened. If I disconnect my openVPN client, the internet is just fine.

            I have placed here the result for tail -100 /var/log/syslog.

            By the way, Pastebin is a nice idea. I like it.

Have another answer? Share your knowledge.