Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

openvpn has started, but is inactive
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Jackie Lin
Tux's lil' helper
Tux's lil' helper


Joined: 31 May 2017
Posts: 115
PostPosted: Fri Jul 07, 2017 3:05 am    Post subject: openvpn has started, but is inactive Reply with quote
Hello, there.
I am trying to configure openvpn service with an vps, but meet some problem. Could anyone help me?
I followed this guidehttps://wiki.gentoo.org/wiki/OpenVPN.
The server configuration is as below:
Code:

port    12112

proto   udp

dev     tun0

ca      ca.crt
cert    example.crt
key     example.key
dh      dh.pem

server   10.0.0.0  255.255.255.0

persist-key
persist-tun
ifconfig-pool-persist  ipp.txt

push  "route 192.168.1.0 255.255.255.0"
#push  "dhcp-option DNS 192.168.1.1"

keepalive  10  120
comp-lzo

user  nobody
group nobody

status  openvpn-status.log
log     /etc/openvpn.log

The client configuration is as below:
Code:

client

dev tun0

proto udp

remote 172.104.122.75 12112

comp-lzo
resolv-retry 30
nobind

persist-key
persist-tun

ca  ca.crt
cert  client1.crt
key   client1.key


script-security 2
up  /etc/openvpn/up.sh
down  /etc/openvpn/down.sh

log  /etc/openvpn/openvpn.log
verb 4


at the server end:
Code:

moonlight openvpn # /etc/init.d/openvpn start
 * Starting openvpn ...                                                                                                                                                                                        [ ok ]
moonlight openvpn # ifconfig
dummy0: flags=195<UP,BROADCAST,RUNNING,NOARP>  mtu 1500
        inet6 fe80::680e:a5ff:fe12:a048  prefixlen 64  scopeid 0x20<link>
        ether 6a:0e:a5:12:a0:48  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 324  bytes 125770 (122.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.104.122.75  netmask 255.255.255.0  broadcast 172.104.122.255
        inet6 2400:8902::f03c:91ff:fe7b:6ae8  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::f03c:91ff:fe7b:6ae8  prefixlen 64  scopeid 0x20<link>
        ether f2:3c:91:7b:6a:e8  txqueuelen 1000  (Ethernet)
        RX packets 13260  bytes 1096423 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10987  bytes 1471604 (1.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 16  bytes 1104 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 1104 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.255  destination 10.0.0.2
        inet6 fe80::167:5812:b785:7f44  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 96 (96.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



at the client end:
Code:

moonlight openvpn # /etc/init.d/openvpn start
 * Starting openvpn ...
 * WARNING: You have defined your own up/down scripts
 * As you're running as a client, we now force Gentoo specific
 * scripts to be run for up and down events.
 * These scripts will call /etc/openvpn/openvpn-{up,down}.sh
 * where you can put your own code.                                                                                                                                                                            [ ok ]
 * WARNING: openvpn has started, but is inactive
moonlight openvpn # ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s26u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a57:ff:fe30:8911  prefixlen 64  scopeid 0x20<link>
        ether 08:57:00:30:89:11  txqueuelen 1000  (Ethernet)
        RX packets 38578  bytes 22705382 (21.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 46331  bytes 5912862 (5.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Here is the client end log:
Code:

moonlight openvpn # cat openvpn.log
Fri Jul  7 10:47:52 2017 Multiple --up scripts defined.  The previously configured script is overridden.
Fri Jul  7 10:47:52 2017 Multiple --down scripts defined.  The previously configured script is overridden.
Fri Jul  7 10:47:52 2017 us=72485 Current Parameter Settings:
Fri Jul  7 10:47:52 2017 us=72493   config = '/etc/openvpn/openvpn.conf'
Fri Jul  7 10:47:52 2017 us=72498   mode = 0
Fri Jul  7 10:47:52 2017 us=72504   persist_config = DISABLED
Fri Jul  7 10:47:52 2017 us=72509   persist_mode = 1
Fri Jul  7 10:47:52 2017 us=72514   show_ciphers = DISABLED
Fri Jul  7 10:47:52 2017 us=72519   show_digests = DISABLED
Fri Jul  7 10:47:52 2017 us=72524   show_engines = DISABLED
Fri Jul  7 10:47:52 2017 us=72529   genkey = DISABLED
Fri Jul  7 10:47:52 2017 us=72534   key_pass_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72539   show_tls_ciphers = DISABLED
Fri Jul  7 10:47:52 2017 us=72545   connect_retry_max = 0
Fri Jul  7 10:47:52 2017 us=72550 Connection profiles [0]:
Fri Jul  7 10:47:52 2017 us=72556   proto = udp
Fri Jul  7 10:47:52 2017 us=72561   local = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72566   local_port = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72571   remote = '172.104.122.75'
Fri Jul  7 10:47:52 2017 us=72576   remote_port = '12112'
Fri Jul  7 10:47:52 2017 us=72581   remote_float = DISABLED
Fri Jul  7 10:47:52 2017 us=72586   bind_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=72591   bind_local = DISABLED
Fri Jul  7 10:47:52 2017 us=72596   bind_ipv6_only = DISABLED
Fri Jul  7 10:47:52 2017 us=72601   connect_retry_seconds = 5
Fri Jul  7 10:47:52 2017 us=72606   connect_timeout = 120
Fri Jul  7 10:47:52 2017 us=72611   socks_proxy_server = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72616   socks_proxy_port = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72621   tun_mtu = 1500
Fri Jul  7 10:47:52 2017 us=72626   tun_mtu_defined = ENABLED
Fri Jul  7 10:47:52 2017 us=72631   link_mtu = 1500
Fri Jul  7 10:47:52 2017 us=72636   link_mtu_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=72641   tun_mtu_extra = 0
Fri Jul  7 10:47:52 2017 us=72646   tun_mtu_extra_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=72664   mtu_discover_type = -1
Fri Jul  7 10:47:52 2017 us=72670   fragment = 0
Fri Jul  7 10:47:52 2017 us=72684   mssfix = 1450
Fri Jul  7 10:47:52 2017 us=72689   explicit_exit_notification = 0
Fri Jul  7 10:47:52 2017 us=72694 Connection profiles END
Fri Jul  7 10:47:52 2017 us=72699   remote_random = DISABLED
Fri Jul  7 10:47:52 2017 us=72704   ipchange = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72709   dev = 'tun0'
Fri Jul  7 10:47:52 2017 us=72714   dev_type = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72719   dev_node = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72724   lladdr = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72729   topology = 1
Fri Jul  7 10:47:52 2017 us=72734   ifconfig_local = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72739   ifconfig_remote_netmask = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72743   ifconfig_noexec = DISABLED
Fri Jul  7 10:47:52 2017 us=72748   ifconfig_nowarn = DISABLED
Fri Jul  7 10:47:52 2017 us=72753   ifconfig_ipv6_local = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72758   ifconfig_ipv6_netbits = 0
Fri Jul  7 10:47:52 2017 us=72763   ifconfig_ipv6_remote = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72768   shaper = 0
Fri Jul  7 10:47:52 2017 us=72773   mtu_test = 0
Fri Jul  7 10:47:52 2017 us=72778   mlock = DISABLED
Fri Jul  7 10:47:52 2017 us=72783   keepalive_ping = 0
Fri Jul  7 10:47:52 2017 us=72788   keepalive_timeout = 0
Fri Jul  7 10:47:52 2017 us=72793   inactivity_timeout = 0
Fri Jul  7 10:47:52 2017 us=72798   ping_send_timeout = 0
Fri Jul  7 10:47:52 2017 us=72803   ping_rec_timeout = 0
Fri Jul  7 10:47:52 2017 us=72808   ping_rec_timeout_action = 0
Fri Jul  7 10:47:52 2017 us=72813   ping_timer_remote = DISABLED
Fri Jul  7 10:47:52 2017 us=72818   remap_sigusr1 = 0
Fri Jul  7 10:47:52 2017 us=72823   persist_tun = ENABLED
Fri Jul  7 10:47:52 2017 us=72828   persist_local_ip = DISABLED
Fri Jul  7 10:47:52 2017 us=72833   persist_remote_ip = DISABLED
Fri Jul  7 10:47:52 2017 us=72838   persist_key = ENABLED
Fri Jul  7 10:47:52 2017 us=72847   passtos = DISABLED
Fri Jul  7 10:47:52 2017 us=72853   resolve_retry_seconds = 30
Fri Jul  7 10:47:52 2017 us=72858   resolve_in_advance = DISABLED
Fri Jul  7 10:47:52 2017 us=72862   username = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72867   groupname = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72872   chroot_dir = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72877   cd_dir = '/etc/openvpn'
Fri Jul  7 10:47:52 2017 us=72882   writepid = '/var/run/openvpn.pid'
Fri Jul  7 10:47:52 2017 us=72889   up_script = '/etc/openvpn/up.sh'
Fri Jul  7 10:47:52 2017 us=72894   down_script = '/etc/openvpn/down.sh'
Fri Jul  7 10:47:52 2017 us=72899   down_pre = ENABLED
Fri Jul  7 10:47:52 2017 us=72904   up_restart = ENABLED
Fri Jul  7 10:47:52 2017 us=72909   up_delay = ENABLED
Fri Jul  7 10:47:52 2017 us=72914   daemon = ENABLED
Fri Jul  7 10:47:52 2017 us=72919   inetd = 0
Fri Jul  7 10:47:52 2017 us=72924   log = ENABLED
Fri Jul  7 10:47:52 2017 us=72929   suppress_timestamps = DISABLED
Fri Jul  7 10:47:52 2017 us=72934   machine_readable_output = DISABLED
Fri Jul  7 10:47:52 2017 us=72939   nice = 0
Fri Jul  7 10:47:52 2017 us=72944   verbosity = 4
Fri Jul  7 10:47:52 2017 us=72948   mute = 0
Fri Jul  7 10:47:52 2017 us=72953   gremlin = 0
Fri Jul  7 10:47:52 2017 us=72958   status_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=72963   status_file_version = 1
Fri Jul  7 10:47:52 2017 us=72968   status_file_update_freq = 60
Fri Jul  7 10:47:52 2017 us=72973   occ = ENABLED
Fri Jul  7 10:47:52 2017 us=72978   rcvbuf = 0
Fri Jul  7 10:47:52 2017 us=72983   sndbuf = 0
Fri Jul  7 10:47:52 2017 us=72988   mark = 0
Fri Jul  7 10:47:52 2017 us=72993   sockflags = 0
Fri Jul  7 10:47:52 2017 us=72998   fast_io = DISABLED
Fri Jul  7 10:47:52 2017 us=73003   comp.alg = 2
Fri Jul  7 10:47:52 2017 us=73008   comp.flags = 1
Fri Jul  7 10:47:52 2017 us=73013   route_script = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73018   route_default_gateway = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73023   route_default_metric = 0
Fri Jul  7 10:47:52 2017 us=73028   route_noexec = DISABLED
Fri Jul  7 10:47:52 2017 us=73033   route_delay = 0
Fri Jul  7 10:47:52 2017 us=73038   route_delay_window = 30
Fri Jul  7 10:47:52 2017 us=73043   route_delay_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=73048   route_nopull = DISABLED
Fri Jul  7 10:47:52 2017 us=73053   route_gateway_via_dhcp = DISABLED
Fri Jul  7 10:47:52 2017 us=73058   allow_pull_fqdn = DISABLED
Fri Jul  7 10:47:52 2017 us=73064   management_addr = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73069   management_port = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73074   management_user_pass = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73079   management_log_history_cache = 250
Fri Jul  7 10:47:52 2017 us=73084   management_echo_buffer_size = 100
Fri Jul  7 10:47:52 2017 us=73089   management_write_peer_info_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73094   management_client_user = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73099   management_client_group = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73104   management_flags = 0
Fri Jul  7 10:47:52 2017 us=73110   shared_secret_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73115   key_direction = 0
Fri Jul  7 10:47:52 2017 us=73120   ciphername = 'BF-CBC'
Fri Jul  7 10:47:52 2017 us=73125   ncp_enabled = ENABLED
Fri Jul  7 10:47:52 2017 us=73130   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Jul  7 10:47:52 2017 us=73135   authname = 'SHA1'
Fri Jul  7 10:47:52 2017 us=73140   prng_hash = 'SHA1'
Fri Jul  7 10:47:52 2017 us=73145   prng_nonce_secret_len = 16
Fri Jul  7 10:47:52 2017 us=73150   keysize = 0
Fri Jul  7 10:47:52 2017 us=73155   engine = DISABLED
Fri Jul  7 10:47:52 2017 us=73160   replay = ENABLED
Fri Jul  7 10:47:52 2017 us=73165   mute_replay_warnings = DISABLED
Fri Jul  7 10:47:52 2017 us=73170   replay_window = 64
Fri Jul  7 10:47:52 2017 us=73175   replay_time = 15
Fri Jul  7 10:47:52 2017 us=73180   packet_id_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73185   use_iv = ENABLED
Fri Jul  7 10:47:52 2017 us=73190   test_crypto = DISABLED
Fri Jul  7 10:47:52 2017 us=73195   tls_server = DISABLED
Fri Jul  7 10:47:52 2017 us=73203   tls_client = ENABLED
Fri Jul  7 10:47:52 2017 us=73208   key_method = 2
Fri Jul  7 10:47:52 2017 us=73213   ca_file = 'ca.crt'
Fri Jul  7 10:47:52 2017 us=73218   ca_path = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73223   dh_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73228   cert_file = 'client1.crt'
Fri Jul  7 10:47:52 2017 us=73233   extra_certs_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73238   priv_key_file = 'client1.key'
Fri Jul  7 10:47:52 2017 us=73243   pkcs12_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73248   cipher_list = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73253   tls_verify = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73258   tls_export_cert = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73263   verify_x509_type = 0
Fri Jul  7 10:47:52 2017 us=73268   verify_x509_name = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73273   crl_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73278   ns_cert_type = 0
Fri Jul  7 10:47:52 2017 us=73283   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73288   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73293   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73298   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73303   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73308   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73312   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73317   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73322   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73327   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73332   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73336   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73341   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73346   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73351   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73356   remote_cert_ku[i] = 0
Fri Jul  7 10:47:52 2017 us=73361   remote_cert_eku = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73366   ssl_flags = 0
Fri Jul  7 10:47:52 2017 us=73370   tls_timeout = 2
Fri Jul  7 10:47:52 2017 us=73375   renegotiate_bytes = -1
Fri Jul  7 10:47:52 2017 us=73380   renegotiate_packets = 0
Fri Jul  7 10:47:52 2017 us=73385   renegotiate_seconds = 3600
Fri Jul  7 10:47:52 2017 us=73390   handshake_window = 60
Fri Jul  7 10:47:52 2017 us=73395   transition_window = 3600
Fri Jul  7 10:47:52 2017 us=73400   single_session = DISABLED
Fri Jul  7 10:47:52 2017 us=73405   push_peer_info = DISABLED
Fri Jul  7 10:47:52 2017 us=73410   tls_exit = DISABLED
Fri Jul  7 10:47:52 2017 us=73415   tls_auth_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73420   tls_crypt_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73427   server_network = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73432   server_netmask = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73452   server_network_ipv6 = ::
Fri Jul  7 10:47:52 2017 us=73458   server_netbits_ipv6 = 0
Fri Jul  7 10:47:52 2017 us=73464   server_bridge_ip = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73469   server_bridge_netmask = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73475   server_bridge_pool_start = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73481   server_bridge_pool_end = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73493   ifconfig_pool_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=73499   ifconfig_pool_start = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73504   ifconfig_pool_end = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73510   ifconfig_pool_netmask = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73515   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73520   ifconfig_pool_persist_refresh_freq = 600
Fri Jul  7 10:47:52 2017 us=73525   ifconfig_ipv6_pool_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=73531   ifconfig_ipv6_pool_base = ::
Fri Jul  7 10:47:52 2017 us=73536   ifconfig_ipv6_pool_netbits = 0
Fri Jul  7 10:47:52 2017 us=73541   n_bcast_buf = 256
Fri Jul  7 10:47:52 2017 us=73546   tcp_queue_limit = 64
Fri Jul  7 10:47:52 2017 us=73551   real_hash_size = 256
Fri Jul  7 10:47:52 2017 us=73556   virtual_hash_size = 256
Fri Jul  7 10:47:52 2017 us=73561   client_connect_script = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73569   learn_address_script = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73574   client_disconnect_script = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73580   client_config_dir = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73585   ccd_exclusive = DISABLED
Fri Jul  7 10:47:52 2017 us=73590   tmp_dir = '/tmp'
Fri Jul  7 10:47:52 2017 us=73595   push_ifconfig_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=73600   push_ifconfig_local = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73606   push_ifconfig_remote_netmask = 0.0.0.0
Fri Jul  7 10:47:52 2017 us=73611   push_ifconfig_ipv6_defined = DISABLED
Fri Jul  7 10:47:52 2017 us=73616   push_ifconfig_ipv6_local = ::/0
Fri Jul  7 10:47:52 2017 us=73621   push_ifconfig_ipv6_remote = ::
Fri Jul  7 10:47:52 2017 us=73626   enable_c2c = DISABLED
Fri Jul  7 10:47:52 2017 us=73632   duplicate_cn = DISABLED
Fri Jul  7 10:47:52 2017 us=73637   cf_max = 0
Fri Jul  7 10:47:52 2017 us=73642   cf_per = 0
Fri Jul  7 10:47:52 2017 us=73647   max_clients = 1024
Fri Jul  7 10:47:52 2017 us=73656   max_routes_per_client = 256
Fri Jul  7 10:47:52 2017 us=73661   auth_user_pass_verify_script = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73667   auth_user_pass_verify_script_via_file = DISABLED
Fri Jul  7 10:47:52 2017 us=73672   auth_token_generate = DISABLED
Fri Jul  7 10:47:52 2017 us=73677   auth_token_lifetime = 0
Fri Jul  7 10:47:52 2017 us=73682   port_share_host = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73687   port_share_port = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73692   client = ENABLED
Fri Jul  7 10:47:52 2017 us=73697   pull = ENABLED
Fri Jul  7 10:47:52 2017 us=73702   auth_user_pass_file = '[UNDEF]'
Fri Jul  7 10:47:52 2017 us=73708 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  6 2017
Fri Jul  7 10:47:52 2017 us=73718 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Fri Jul  7 10:47:52 2017 us=73926 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Jul  7 10:47:52 2017 us=73942 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul  7 10:47:52 2017 us=74233 WARNING: Your certificate is not yet valid!
Fri Jul  7 10:47:52 2017 us=74296 LZO compression initializing
Fri Jul  7 10:47:52 2017 us=74348 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Jul  7 10:47:52 2017 us=74368 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Fri Jul  7 10:47:52 2017 us=74385 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Jul  7 10:47:52 2017 us=74391 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Jul  7 10:47:52 2017 us=74401 TCP/UDP: Preserving recently used remote address: [AF_INET]172.104.122.75:12112
Fri Jul  7 10:47:52 2017 us=74419 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jul  7 10:47:52 2017 us=74426 UDP link local: (not bound)
Fri Jul  7 10:47:52 2017 us=74432 UDP link remote: [AF_INET]172.104.122.75:12112
Fri Jul  7 10:47:52 2017 us=271449 TLS: Initial packet from [AF_INET]172.104.122.75:12112, sid=d3350ad4 e9f44057


at the client end:
Code:

moonlight openvpn # ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=250 time=4.18 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=250 time=3.98 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=250 time=3.63 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=250 time=3.27 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=250 time=4.50 ms
64 bytes from 10.0.0.1: icmp_seq=6 ttl=250 time=3.77 ms
64 bytes from 10.0.0.1: icmp_seq=7 ttl=250 time=5.02 ms
^C
--- 10.0.0.1 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6008ms
rtt min/avg/max/mdev = 3.271/4.053/5.023/0.539 ms


It is my first time to configure openvpn service. Could anyone help me? Thanks in advance!
_________________
peace, focus.
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
PostPosted: Fri Jul 07, 2017 5:04 am    Post subject: Reply with quote
Hi,

it seems, your tunnel is working. So I cannot see the issue, just because its telling you, that the service is inactive?

Can you post the output of ifconfig on the client side again? Maybe as "ifconfig -a", just to make sure, you show all interfaces.

thanks and greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB
Back to top
View user's profile Send private message
Jackie Lin
Tux's lil' helper
Tux's lil' helper


Joined: 31 May 2017
Posts: 115
PostPosted: Fri Jul 07, 2017 5:37 am    Post subject: Reply with quote
Thanks for reply, bbgermany.
client side:
Code:

moonlight openvpn # ifconfig -a
enp3s0: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether d4:3d:7e:df:f5:3d  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s26u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a57:ff:fe30:8911  prefixlen 64  scopeid 0x20<link>
        ether 08:57:00:30:89:11  txqueuelen 1000  (Ethernet)
        RX packets 49695  bytes 32796042 (31.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 59042  bytes 7610631 (7.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


The first time I ran /etc/init.d/openvpn start, there was tun0 interface. But it disappeared subsequently.
and no client1.csr file was generated when I followed the guide.
_________________
peace, focus.
Back to top
View user's profile Send private message
Jackie Lin
Tux's lil' helper
Tux's lil' helper


Joined: 31 May 2017
Posts: 115
PostPosted: Fri Jul 07, 2017 5:43 am    Post subject: Reply with quote
client end:
Code:

moonlight openvpn # ls -al
total 92
drwxr-xr-x  2 root root  4096 Jul  7 10:42 .
drwxr-xr-x 71 root root  4096 Jul  7 06:24 ..
-rw-------  1 root root  1172 Jul  7 06:53 ca.crt
-rw-------  1 root root  1834 Jul  7 06:53 ca.key
-rw-------  1 root root  4361 Jul  7 06:53 client1.crt
-rw-------  1 root root  1708 Jul  7 06:54 client1.key
-rw-------  1 root root   887 Jul  7 06:54 client1.req
-rw-------  1 root root   424 Jul  7 06:53 dh.pem
-rwxr-xr-x  1 root root   943 Jul  6 13:27 down.sh
-rw-r--r--  1 root root     0 Jul  6 13:27 .keep_net-vpn_openvpn-0
-rw-r--r--  1 root root   272 Jul  7 10:42 openvpn.conf
-rw-r--r--  1 root root   270 Jul  7 06:55 openvpn.conf~
-rw-------  1 root root 38219 Jul  7 13:30 openvpn.log
-rwxr-xr-x  1 root root  2865 Jul  6 13:27 up.sh


server end:
Code:

moonlight openvpn # ls -al
total 60
drwxr-xr-x  2 root root 4096 Jul  7 10:44 .
drwxr-xr-x 42 root root 4096 Jul  6 21:34 ..
-rw-------  1 root root 1172 Jul  7 06:45 ca.crt
-rw-------  1 root root 1834 Jul  7 06:50 ca.key
-rw-------  1 root root  424 Jul  7 06:45 dh.pem
-rwxr-xr-x  1 root root  943 Jul  6 05:38 down.sh
-rw-------  1 root root 4379 Jul  7 06:45 example.crt
-rw-------  1 root root 1704 Jul  7 06:46 example.key
-rw-------  1 root root  887 Jul  7 06:46 example.req
-rw-------  1 root root    0 Jul  7 13:29 ipp.txt
-rw-r--r--  1 root root    0 Jul  6 05:38 .keep_net-vpn_openvpn-0
-rw-r--r--  1 root root  398 Jul  7 10:44 openvpn.conf
-rw-r--r--  1 root root  396 Jul  7 06:52 openvpn.conf~
-rw-------  1 root root  294 Jul  7 13:30 openvpn-status.log
-rw-------  1 root root  636 Jul  7 06:47 ta.key
-rwxr-xr-x  1 root root 2865 Jul  6 05:38 up.sh


_________________
peace, focus.
Back to top
View user's profile Send private message
dachiod
n00b
n00b


Joined: 11 Jun 2017
Posts: 9
PostPosted: Fri Jul 07, 2017 2:22 pm    Post subject: Reply with quote
output of
Code:
cat /usr/src/linux/.config | grep CONFIG_TUN
?
Back to top
View user's profile Send private message
Jackie Lin
Tux's lil' helper
Tux's lil' helper


Joined: 31 May 2017
Posts: 115
PostPosted: Fri Jul 07, 2017 2:47 pm    Post subject: Reply with quote
Code:

moonlight jerry # cat /usr/src/linux/.config | grep CONFIG_TUN
CONFIG_TUN=y
# CONFIG_TUN_VNET_CROSS_LE is not set


_________________
peace, focus.
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
PostPosted: Sun Jul 09, 2017 11:39 am    Post subject: Reply with quote
Hi,

ok, I got another look at you config files. Please change the following:

1st: the push route stuff cannot match, since your network on the client is already 192.168.1.x, remove that line or replace the network with the one you have on your server side
2nd: change the logfile position to more suitable like /var/log instead of just /etc
3rd: add "verb 4" to the server config as well to get a bit more output, when connecting
4th: is there a special case, why you have changed the default 1194 port to 12112
5th: for testing, you should remove the "comp-lzo" config directive on both sides as well
6th: please add "pull" on the client side as config option (no additional parameters needed).

greets, bb

EDIT: I have a very very simple configuration for you. This works with my root-server.

server config:
Code:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 192.168.255.0 255.255.255.0
ifconfig-pool-persist ipp.txt
duplicate-cn
keepalive 10 120
tls-auth tls.key 0
tls-server
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


client config:
Code:

client
dev tun
proto udp
remote server 1194
nobind
persist-key
persist-tun
ca server.crt
cert client1.crt
key client1.key
tls-auth tls.key 1
comp-lzo
verb 1
pull


One other question, did you generate all the certificates (ca, server and client) on the server or did you use different systems?
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy