View previous topic :: View next topic |
Author |
Message |
Jackie Lin Tux's lil' helper
Joined: 31 May 2017 Posts: 115
|
Posted: Fri Jul 07, 2017 3:05 am Post subject: openvpn has started, but is inactive |
|
|
Hello, there.
I am trying to configure openvpn service with an vps, but meet some problem. Could anyone help me?
I followed this guidehttps://wiki.gentoo.org/wiki/OpenVPN.
The server configuration is as below:
Code: |
port 12112
proto udp
dev tun0
ca ca.crt
cert example.crt
key example.key
dh dh.pem
server 10.0.0.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
#push "dhcp-option DNS 192.168.1.1"
keepalive 10 120
comp-lzo
user nobody
group nobody
status openvpn-status.log
log /etc/openvpn.log
|
The client configuration is as below:
Code: |
client
dev tun0
proto udp
remote 172.104.122.75 12112
comp-lzo
resolv-retry 30
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
script-security 2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
log /etc/openvpn/openvpn.log
verb 4
|
at the server end:
Code: |
moonlight openvpn # /etc/init.d/openvpn start
* Starting openvpn ... [ ok ]
moonlight openvpn # ifconfig
dummy0: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::680e:a5ff:fe12:a048 prefixlen 64 scopeid 0x20<link>
ether 6a:0e:a5:12:a0:48 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 324 bytes 125770 (122.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.104.122.75 netmask 255.255.255.0 broadcast 172.104.122.255
inet6 2400:8902::f03c:91ff:fe7b:6ae8 prefixlen 64 scopeid 0x0<global>
inet6 fe80::f03c:91ff:fe7b:6ae8 prefixlen 64 scopeid 0x20<link>
ether f2:3c:91:7b:6a:e8 txqueuelen 1000 (Ethernet)
RX packets 13260 bytes 1096423 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10987 bytes 1471604 (1.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 16 bytes 1104 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1104 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.255 destination 10.0.0.2
inet6 fe80::167:5812:b785:7f44 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 96 (96.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
at the client end:
Code: |
moonlight openvpn # /etc/init.d/openvpn start
* Starting openvpn ...
* WARNING: You have defined your own up/down scripts
* As you're running as a client, we now force Gentoo specific
* scripts to be run for up and down events.
* These scripts will call /etc/openvpn/openvpn-{up,down}.sh
* where you can put your own code. [ ok ]
* WARNING: openvpn has started, but is inactive
moonlight openvpn # ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s26u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.7 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a57:ff:fe30:8911 prefixlen 64 scopeid 0x20<link>
ether 08:57:00:30:89:11 txqueuelen 1000 (Ethernet)
RX packets 38578 bytes 22705382 (21.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46331 bytes 5912862 (5.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
Here is the client end log:
Code: |
moonlight openvpn # cat openvpn.log
Fri Jul 7 10:47:52 2017 Multiple --up scripts defined. The previously configured script is overridden.
Fri Jul 7 10:47:52 2017 Multiple --down scripts defined. The previously configured script is overridden.
Fri Jul 7 10:47:52 2017 us=72485 Current Parameter Settings:
Fri Jul 7 10:47:52 2017 us=72493 config = '/etc/openvpn/openvpn.conf'
Fri Jul 7 10:47:52 2017 us=72498 mode = 0
Fri Jul 7 10:47:52 2017 us=72504 persist_config = DISABLED
Fri Jul 7 10:47:52 2017 us=72509 persist_mode = 1
Fri Jul 7 10:47:52 2017 us=72514 show_ciphers = DISABLED
Fri Jul 7 10:47:52 2017 us=72519 show_digests = DISABLED
Fri Jul 7 10:47:52 2017 us=72524 show_engines = DISABLED
Fri Jul 7 10:47:52 2017 us=72529 genkey = DISABLED
Fri Jul 7 10:47:52 2017 us=72534 key_pass_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72539 show_tls_ciphers = DISABLED
Fri Jul 7 10:47:52 2017 us=72545 connect_retry_max = 0
Fri Jul 7 10:47:52 2017 us=72550 Connection profiles [0]:
Fri Jul 7 10:47:52 2017 us=72556 proto = udp
Fri Jul 7 10:47:52 2017 us=72561 local = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72566 local_port = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72571 remote = '172.104.122.75'
Fri Jul 7 10:47:52 2017 us=72576 remote_port = '12112'
Fri Jul 7 10:47:52 2017 us=72581 remote_float = DISABLED
Fri Jul 7 10:47:52 2017 us=72586 bind_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=72591 bind_local = DISABLED
Fri Jul 7 10:47:52 2017 us=72596 bind_ipv6_only = DISABLED
Fri Jul 7 10:47:52 2017 us=72601 connect_retry_seconds = 5
Fri Jul 7 10:47:52 2017 us=72606 connect_timeout = 120
Fri Jul 7 10:47:52 2017 us=72611 socks_proxy_server = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72616 socks_proxy_port = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72621 tun_mtu = 1500
Fri Jul 7 10:47:52 2017 us=72626 tun_mtu_defined = ENABLED
Fri Jul 7 10:47:52 2017 us=72631 link_mtu = 1500
Fri Jul 7 10:47:52 2017 us=72636 link_mtu_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=72641 tun_mtu_extra = 0
Fri Jul 7 10:47:52 2017 us=72646 tun_mtu_extra_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=72664 mtu_discover_type = -1
Fri Jul 7 10:47:52 2017 us=72670 fragment = 0
Fri Jul 7 10:47:52 2017 us=72684 mssfix = 1450
Fri Jul 7 10:47:52 2017 us=72689 explicit_exit_notification = 0
Fri Jul 7 10:47:52 2017 us=72694 Connection profiles END
Fri Jul 7 10:47:52 2017 us=72699 remote_random = DISABLED
Fri Jul 7 10:47:52 2017 us=72704 ipchange = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72709 dev = 'tun0'
Fri Jul 7 10:47:52 2017 us=72714 dev_type = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72719 dev_node = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72724 lladdr = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72729 topology = 1
Fri Jul 7 10:47:52 2017 us=72734 ifconfig_local = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72739 ifconfig_remote_netmask = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72743 ifconfig_noexec = DISABLED
Fri Jul 7 10:47:52 2017 us=72748 ifconfig_nowarn = DISABLED
Fri Jul 7 10:47:52 2017 us=72753 ifconfig_ipv6_local = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72758 ifconfig_ipv6_netbits = 0
Fri Jul 7 10:47:52 2017 us=72763 ifconfig_ipv6_remote = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72768 shaper = 0
Fri Jul 7 10:47:52 2017 us=72773 mtu_test = 0
Fri Jul 7 10:47:52 2017 us=72778 mlock = DISABLED
Fri Jul 7 10:47:52 2017 us=72783 keepalive_ping = 0
Fri Jul 7 10:47:52 2017 us=72788 keepalive_timeout = 0
Fri Jul 7 10:47:52 2017 us=72793 inactivity_timeout = 0
Fri Jul 7 10:47:52 2017 us=72798 ping_send_timeout = 0
Fri Jul 7 10:47:52 2017 us=72803 ping_rec_timeout = 0
Fri Jul 7 10:47:52 2017 us=72808 ping_rec_timeout_action = 0
Fri Jul 7 10:47:52 2017 us=72813 ping_timer_remote = DISABLED
Fri Jul 7 10:47:52 2017 us=72818 remap_sigusr1 = 0
Fri Jul 7 10:47:52 2017 us=72823 persist_tun = ENABLED
Fri Jul 7 10:47:52 2017 us=72828 persist_local_ip = DISABLED
Fri Jul 7 10:47:52 2017 us=72833 persist_remote_ip = DISABLED
Fri Jul 7 10:47:52 2017 us=72838 persist_key = ENABLED
Fri Jul 7 10:47:52 2017 us=72847 passtos = DISABLED
Fri Jul 7 10:47:52 2017 us=72853 resolve_retry_seconds = 30
Fri Jul 7 10:47:52 2017 us=72858 resolve_in_advance = DISABLED
Fri Jul 7 10:47:52 2017 us=72862 username = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72867 groupname = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72872 chroot_dir = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72877 cd_dir = '/etc/openvpn'
Fri Jul 7 10:47:52 2017 us=72882 writepid = '/var/run/openvpn.pid'
Fri Jul 7 10:47:52 2017 us=72889 up_script = '/etc/openvpn/up.sh'
Fri Jul 7 10:47:52 2017 us=72894 down_script = '/etc/openvpn/down.sh'
Fri Jul 7 10:47:52 2017 us=72899 down_pre = ENABLED
Fri Jul 7 10:47:52 2017 us=72904 up_restart = ENABLED
Fri Jul 7 10:47:52 2017 us=72909 up_delay = ENABLED
Fri Jul 7 10:47:52 2017 us=72914 daemon = ENABLED
Fri Jul 7 10:47:52 2017 us=72919 inetd = 0
Fri Jul 7 10:47:52 2017 us=72924 log = ENABLED
Fri Jul 7 10:47:52 2017 us=72929 suppress_timestamps = DISABLED
Fri Jul 7 10:47:52 2017 us=72934 machine_readable_output = DISABLED
Fri Jul 7 10:47:52 2017 us=72939 nice = 0
Fri Jul 7 10:47:52 2017 us=72944 verbosity = 4
Fri Jul 7 10:47:52 2017 us=72948 mute = 0
Fri Jul 7 10:47:52 2017 us=72953 gremlin = 0
Fri Jul 7 10:47:52 2017 us=72958 status_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=72963 status_file_version = 1
Fri Jul 7 10:47:52 2017 us=72968 status_file_update_freq = 60
Fri Jul 7 10:47:52 2017 us=72973 occ = ENABLED
Fri Jul 7 10:47:52 2017 us=72978 rcvbuf = 0
Fri Jul 7 10:47:52 2017 us=72983 sndbuf = 0
Fri Jul 7 10:47:52 2017 us=72988 mark = 0
Fri Jul 7 10:47:52 2017 us=72993 sockflags = 0
Fri Jul 7 10:47:52 2017 us=72998 fast_io = DISABLED
Fri Jul 7 10:47:52 2017 us=73003 comp.alg = 2
Fri Jul 7 10:47:52 2017 us=73008 comp.flags = 1
Fri Jul 7 10:47:52 2017 us=73013 route_script = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73018 route_default_gateway = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73023 route_default_metric = 0
Fri Jul 7 10:47:52 2017 us=73028 route_noexec = DISABLED
Fri Jul 7 10:47:52 2017 us=73033 route_delay = 0
Fri Jul 7 10:47:52 2017 us=73038 route_delay_window = 30
Fri Jul 7 10:47:52 2017 us=73043 route_delay_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=73048 route_nopull = DISABLED
Fri Jul 7 10:47:52 2017 us=73053 route_gateway_via_dhcp = DISABLED
Fri Jul 7 10:47:52 2017 us=73058 allow_pull_fqdn = DISABLED
Fri Jul 7 10:47:52 2017 us=73064 management_addr = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73069 management_port = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73074 management_user_pass = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73079 management_log_history_cache = 250
Fri Jul 7 10:47:52 2017 us=73084 management_echo_buffer_size = 100
Fri Jul 7 10:47:52 2017 us=73089 management_write_peer_info_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73094 management_client_user = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73099 management_client_group = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73104 management_flags = 0
Fri Jul 7 10:47:52 2017 us=73110 shared_secret_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73115 key_direction = 0
Fri Jul 7 10:47:52 2017 us=73120 ciphername = 'BF-CBC'
Fri Jul 7 10:47:52 2017 us=73125 ncp_enabled = ENABLED
Fri Jul 7 10:47:52 2017 us=73130 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Jul 7 10:47:52 2017 us=73135 authname = 'SHA1'
Fri Jul 7 10:47:52 2017 us=73140 prng_hash = 'SHA1'
Fri Jul 7 10:47:52 2017 us=73145 prng_nonce_secret_len = 16
Fri Jul 7 10:47:52 2017 us=73150 keysize = 0
Fri Jul 7 10:47:52 2017 us=73155 engine = DISABLED
Fri Jul 7 10:47:52 2017 us=73160 replay = ENABLED
Fri Jul 7 10:47:52 2017 us=73165 mute_replay_warnings = DISABLED
Fri Jul 7 10:47:52 2017 us=73170 replay_window = 64
Fri Jul 7 10:47:52 2017 us=73175 replay_time = 15
Fri Jul 7 10:47:52 2017 us=73180 packet_id_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73185 use_iv = ENABLED
Fri Jul 7 10:47:52 2017 us=73190 test_crypto = DISABLED
Fri Jul 7 10:47:52 2017 us=73195 tls_server = DISABLED
Fri Jul 7 10:47:52 2017 us=73203 tls_client = ENABLED
Fri Jul 7 10:47:52 2017 us=73208 key_method = 2
Fri Jul 7 10:47:52 2017 us=73213 ca_file = 'ca.crt'
Fri Jul 7 10:47:52 2017 us=73218 ca_path = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73223 dh_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73228 cert_file = 'client1.crt'
Fri Jul 7 10:47:52 2017 us=73233 extra_certs_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73238 priv_key_file = 'client1.key'
Fri Jul 7 10:47:52 2017 us=73243 pkcs12_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73248 cipher_list = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73253 tls_verify = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73258 tls_export_cert = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73263 verify_x509_type = 0
Fri Jul 7 10:47:52 2017 us=73268 verify_x509_name = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73273 crl_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73278 ns_cert_type = 0
Fri Jul 7 10:47:52 2017 us=73283 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73288 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73293 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73298 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73303 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73308 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73312 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73317 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73322 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73327 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73332 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73336 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73341 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73346 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73351 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73356 remote_cert_ku[i] = 0
Fri Jul 7 10:47:52 2017 us=73361 remote_cert_eku = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73366 ssl_flags = 0
Fri Jul 7 10:47:52 2017 us=73370 tls_timeout = 2
Fri Jul 7 10:47:52 2017 us=73375 renegotiate_bytes = -1
Fri Jul 7 10:47:52 2017 us=73380 renegotiate_packets = 0
Fri Jul 7 10:47:52 2017 us=73385 renegotiate_seconds = 3600
Fri Jul 7 10:47:52 2017 us=73390 handshake_window = 60
Fri Jul 7 10:47:52 2017 us=73395 transition_window = 3600
Fri Jul 7 10:47:52 2017 us=73400 single_session = DISABLED
Fri Jul 7 10:47:52 2017 us=73405 push_peer_info = DISABLED
Fri Jul 7 10:47:52 2017 us=73410 tls_exit = DISABLED
Fri Jul 7 10:47:52 2017 us=73415 tls_auth_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73420 tls_crypt_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73427 server_network = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73432 server_netmask = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73452 server_network_ipv6 = ::
Fri Jul 7 10:47:52 2017 us=73458 server_netbits_ipv6 = 0
Fri Jul 7 10:47:52 2017 us=73464 server_bridge_ip = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73469 server_bridge_netmask = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73475 server_bridge_pool_start = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73481 server_bridge_pool_end = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73493 ifconfig_pool_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=73499 ifconfig_pool_start = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73504 ifconfig_pool_end = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73510 ifconfig_pool_netmask = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73515 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73520 ifconfig_pool_persist_refresh_freq = 600
Fri Jul 7 10:47:52 2017 us=73525 ifconfig_ipv6_pool_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=73531 ifconfig_ipv6_pool_base = ::
Fri Jul 7 10:47:52 2017 us=73536 ifconfig_ipv6_pool_netbits = 0
Fri Jul 7 10:47:52 2017 us=73541 n_bcast_buf = 256
Fri Jul 7 10:47:52 2017 us=73546 tcp_queue_limit = 64
Fri Jul 7 10:47:52 2017 us=73551 real_hash_size = 256
Fri Jul 7 10:47:52 2017 us=73556 virtual_hash_size = 256
Fri Jul 7 10:47:52 2017 us=73561 client_connect_script = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73569 learn_address_script = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73574 client_disconnect_script = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73580 client_config_dir = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73585 ccd_exclusive = DISABLED
Fri Jul 7 10:47:52 2017 us=73590 tmp_dir = '/tmp'
Fri Jul 7 10:47:52 2017 us=73595 push_ifconfig_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=73600 push_ifconfig_local = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73606 push_ifconfig_remote_netmask = 0.0.0.0
Fri Jul 7 10:47:52 2017 us=73611 push_ifconfig_ipv6_defined = DISABLED
Fri Jul 7 10:47:52 2017 us=73616 push_ifconfig_ipv6_local = ::/0
Fri Jul 7 10:47:52 2017 us=73621 push_ifconfig_ipv6_remote = ::
Fri Jul 7 10:47:52 2017 us=73626 enable_c2c = DISABLED
Fri Jul 7 10:47:52 2017 us=73632 duplicate_cn = DISABLED
Fri Jul 7 10:47:52 2017 us=73637 cf_max = 0
Fri Jul 7 10:47:52 2017 us=73642 cf_per = 0
Fri Jul 7 10:47:52 2017 us=73647 max_clients = 1024
Fri Jul 7 10:47:52 2017 us=73656 max_routes_per_client = 256
Fri Jul 7 10:47:52 2017 us=73661 auth_user_pass_verify_script = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73667 auth_user_pass_verify_script_via_file = DISABLED
Fri Jul 7 10:47:52 2017 us=73672 auth_token_generate = DISABLED
Fri Jul 7 10:47:52 2017 us=73677 auth_token_lifetime = 0
Fri Jul 7 10:47:52 2017 us=73682 port_share_host = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73687 port_share_port = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73692 client = ENABLED
Fri Jul 7 10:47:52 2017 us=73697 pull = ENABLED
Fri Jul 7 10:47:52 2017 us=73702 auth_user_pass_file = '[UNDEF]'
Fri Jul 7 10:47:52 2017 us=73708 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 6 2017
Fri Jul 7 10:47:52 2017 us=73718 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Fri Jul 7 10:47:52 2017 us=73926 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 7 10:47:52 2017 us=73942 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 7 10:47:52 2017 us=74233 WARNING: Your certificate is not yet valid!
Fri Jul 7 10:47:52 2017 us=74296 LZO compression initializing
Fri Jul 7 10:47:52 2017 us=74348 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Jul 7 10:47:52 2017 us=74368 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Fri Jul 7 10:47:52 2017 us=74385 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Jul 7 10:47:52 2017 us=74391 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Jul 7 10:47:52 2017 us=74401 TCP/UDP: Preserving recently used remote address: [AF_INET]172.104.122.75:12112
Fri Jul 7 10:47:52 2017 us=74419 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jul 7 10:47:52 2017 us=74426 UDP link local: (not bound)
Fri Jul 7 10:47:52 2017 us=74432 UDP link remote: [AF_INET]172.104.122.75:12112
Fri Jul 7 10:47:52 2017 us=271449 TLS: Initial packet from [AF_INET]172.104.122.75:12112, sid=d3350ad4 e9f44057
|
at the client end:
Code: |
moonlight openvpn # ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=250 time=4.18 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=250 time=3.98 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=250 time=3.63 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=250 time=3.27 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=250 time=4.50 ms
64 bytes from 10.0.0.1: icmp_seq=6 ttl=250 time=3.77 ms
64 bytes from 10.0.0.1: icmp_seq=7 ttl=250 time=5.02 ms
^C
--- 10.0.0.1 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6008ms
rtt min/avg/max/mdev = 3.271/4.053/5.023/0.539 ms
|
It is my first time to configure openvpn service. Could anyone help me? Thanks in advance! _________________ peace, focus. |
|
Back to top |
|
|
bbgermany Veteran
Joined: 21 Feb 2005 Posts: 1844 Location: Oranienburg/Germany
|
Posted: Fri Jul 07, 2017 5:04 am Post subject: |
|
|
Hi,
it seems, your tunnel is working. So I cannot see the issue, just because its telling you, that the service is inactive?
Can you post the output of ifconfig on the client side again? Maybe as "ifconfig -a", just to make sure, you show all interfaces.
thanks and greets, bb _________________ Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
Back to top |
|
|
Jackie Lin Tux's lil' helper
Joined: 31 May 2017 Posts: 115
|
Posted: Fri Jul 07, 2017 5:37 am Post subject: |
|
|
Thanks for reply, bbgermany.
client side:
Code: |
moonlight openvpn # ifconfig -a
enp3s0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether d4:3d:7e:df:f5:3d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s26u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.7 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a57:ff:fe30:8911 prefixlen 64 scopeid 0x20<link>
ether 08:57:00:30:89:11 txqueuelen 1000 (Ethernet)
RX packets 49695 bytes 32796042 (31.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59042 bytes 7610631 (7.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
The first time I ran /etc/init.d/openvpn start, there was tun0 interface. But it disappeared subsequently.
and no client1.csr file was generated when I followed the guide. _________________ peace, focus. |
|
Back to top |
|
|
Jackie Lin Tux's lil' helper
Joined: 31 May 2017 Posts: 115
|
Posted: Fri Jul 07, 2017 5:43 am Post subject: |
|
|
client end:
Code: |
moonlight openvpn # ls -al
total 92
drwxr-xr-x 2 root root 4096 Jul 7 10:42 .
drwxr-xr-x 71 root root 4096 Jul 7 06:24 ..
-rw------- 1 root root 1172 Jul 7 06:53 ca.crt
-rw------- 1 root root 1834 Jul 7 06:53 ca.key
-rw------- 1 root root 4361 Jul 7 06:53 client1.crt
-rw------- 1 root root 1708 Jul 7 06:54 client1.key
-rw------- 1 root root 887 Jul 7 06:54 client1.req
-rw------- 1 root root 424 Jul 7 06:53 dh.pem
-rwxr-xr-x 1 root root 943 Jul 6 13:27 down.sh
-rw-r--r-- 1 root root 0 Jul 6 13:27 .keep_net-vpn_openvpn-0
-rw-r--r-- 1 root root 272 Jul 7 10:42 openvpn.conf
-rw-r--r-- 1 root root 270 Jul 7 06:55 openvpn.conf~
-rw------- 1 root root 38219 Jul 7 13:30 openvpn.log
-rwxr-xr-x 1 root root 2865 Jul 6 13:27 up.sh
|
server end:
Code: |
moonlight openvpn # ls -al
total 60
drwxr-xr-x 2 root root 4096 Jul 7 10:44 .
drwxr-xr-x 42 root root 4096 Jul 6 21:34 ..
-rw------- 1 root root 1172 Jul 7 06:45 ca.crt
-rw------- 1 root root 1834 Jul 7 06:50 ca.key
-rw------- 1 root root 424 Jul 7 06:45 dh.pem
-rwxr-xr-x 1 root root 943 Jul 6 05:38 down.sh
-rw------- 1 root root 4379 Jul 7 06:45 example.crt
-rw------- 1 root root 1704 Jul 7 06:46 example.key
-rw------- 1 root root 887 Jul 7 06:46 example.req
-rw------- 1 root root 0 Jul 7 13:29 ipp.txt
-rw-r--r-- 1 root root 0 Jul 6 05:38 .keep_net-vpn_openvpn-0
-rw-r--r-- 1 root root 398 Jul 7 10:44 openvpn.conf
-rw-r--r-- 1 root root 396 Jul 7 06:52 openvpn.conf~
-rw------- 1 root root 294 Jul 7 13:30 openvpn-status.log
-rw------- 1 root root 636 Jul 7 06:47 ta.key
-rwxr-xr-x 1 root root 2865 Jul 6 05:38 up.sh
|
_________________ peace, focus. |
|
Back to top |
|
|
dachiod n00b
Joined: 11 Jun 2017 Posts: 9
|
Posted: Fri Jul 07, 2017 2:22 pm Post subject: |
|
|
output of Code: | cat /usr/src/linux/.config | grep CONFIG_TUN | ? |
|
Back to top |
|
|
Jackie Lin Tux's lil' helper
Joined: 31 May 2017 Posts: 115
|
Posted: Fri Jul 07, 2017 2:47 pm Post subject: |
|
|
Code: |
moonlight jerry # cat /usr/src/linux/.config | grep CONFIG_TUN
CONFIG_TUN=y
# CONFIG_TUN_VNET_CROSS_LE is not set
|
_________________ peace, focus. |
|
Back to top |
|
|
bbgermany Veteran
Joined: 21 Feb 2005 Posts: 1844 Location: Oranienburg/Germany
|
Posted: Sun Jul 09, 2017 11:39 am Post subject: |
|
|
Hi,
ok, I got another look at you config files. Please change the following:
1st: the push route stuff cannot match, since your network on the client is already 192.168.1.x, remove that line or replace the network with the one you have on your server side
2nd: change the logfile position to more suitable like /var/log instead of just /etc
3rd: add "verb 4" to the server config as well to get a bit more output, when connecting
4th: is there a special case, why you have changed the default 1194 port to 12112
5th: for testing, you should remove the "comp-lzo" config directive on both sides as well
6th: please add "pull" on the client side as config option (no additional parameters needed).
greets, bb
EDIT: I have a very very simple configuration for you. This works with my root-server.
server config:
Code: |
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 192.168.255.0 255.255.255.0
ifconfig-pool-persist ipp.txt
duplicate-cn
keepalive 10 120
tls-auth tls.key 0
tls-server
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
|
client config:
Code: |
client
dev tun
proto udp
remote server 1194
nobind
persist-key
persist-tun
ca server.crt
cert client1.crt
key client1.key
tls-auth tls.key 1
comp-lzo
verb 1
pull
|
One other question, did you generate all the certificates (ca, server and client) on the server or did you use different systems? _________________ Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|