View previous topic :: View next topic |
Author |
Message |
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sat Sep 01, 2018 10:02 am Post subject: [Solved] OpenVPN has started, but is inactive |
|
|
[Moderator note: changed title from OpenVPN error to include the specific warning now generated. -Hu]
Hi everyone!
Am trying to setup VPN tunnel, but for some reason client side OpenVPN running on Gentoo fails to start.
As per https://wiki.gentoo.org/wiki/OpenVPN I enabled in kernel:
Network core driver support
Universal TUN/TAP device driver support
Contents of /etc/openvpn/openvpn.conf:
Code: | client
dev tun0
proto udp
remote 1.2.3.4 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
ca /home/x/keys/ca.crt
cert /home/x/keys/client.crt
key /home/x/keys/client.key
key-direction 1
tls-auth /home/x/keys/ta.key 1 |
This is what happens when I try starting openvpn:
Code: | localhost /etc/openvpn # /etc/init.d/openvpn start -v
* Executing: /lib64/rc/sh/openrc-run.sh /lib64/rc/sh/openrc-run.sh /etc/init.d/net.eth0 start
* Bringing up interface eth0
* Skipping module adsl due to missing program: /usr/sbin/adsl-start /usr/sbin/pppoe-start
* Skipping module br2684ctl due to missing program: br2684ctl
* Skipping module clip due to missing program: /usr/sbin/atmsigd
* Skipping module netplugd due to missing program: /sbin/netplugd
* Skipping module ifplugd due to missing program: /usr/sbin/ifplugd
* Skipping module ipppd due to missing program: /usr/sbin/ipppd
* Skipping module firewalld due to missing program: firewall-cmd
* Skipping module pppd due to missing program: /usr/sbin/pppd
* Skipping module dhclient due to missing program: /sbin/dhclient
* Skipping module pump due to missing program: /sbin/pump
* Loaded modules: apipa arping bonding l2tp tuntap bridge ccwgroup ethtool dummy hsr macvlan macchanger macnet wpa_supplicant ssidnet iproute2 system vlan dhcpcd ip6rd ip6to4
* ip link set dev eth0 up
* Configuring eth0 for MAC address F4:30:B9:52:9A:8D ... [ ok ]
* dhcp ...
* Running dhcpcd ...
static assignment required [ !! ] [ !! ]
* ERROR: net.eth0 failed to start
* ERROR: cannot start openvpn as net.eth0 would not start |
Last edited by concerned on Wed Sep 05, 2018 9:09 am; edited 1 time in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sat Sep 01, 2018 4:39 pm Post subject: |
|
|
As I read that output, you are not yet far enough along to know whether your OpenVPN configuration is right. Your problem is that net.eth0 fails to start, so the system refuses to even attempt to start openvpn. Until you fix that, you cannot test whether your OpenVPN configuration is right. We need more information to understand why net.eth0 failed to start. Please post the output of cat -n /etc/conf.d/net ; cat -n /etc/dhcpcd.conf. |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sat Sep 01, 2018 4:47 pm Post subject: |
|
|
Hu wrote: | As I read that output, you are not yet far enough along to know whether your OpenVPN configuration is right. Your problem is that net.eth0 fails to start, so the system refuses to even attempt to start openvpn. Until you fix that, you cannot test whether your OpenVPN configuration is right. We need more information to understand why net.eth0 failed to start. Please post the output of cat -n /etc/conf.d/net ; cat -n /etc/dhcpcd.conf. |
Hu, thanks for the reply,
x ~ $ cat -n /etc/conf.d/net
Code: | 1 config_eth0="dhcp"
2 dhcp_eth0="nodns"
3 dhcpcd_eth0="-t 10 -S 8.8.8.8"
4 dns_servers="8.8.8.8" |
x ~ $ cat -n /etc/dhcpcd.conf
Code: | 1 # A sample configuration for dhcpcd.
2 # See dhcpcd.conf(5) for details.
3
4 # Allow users of this group to interact with dhcpcd via the control socket.
5 #controlgroup wheel
6
7 # Inform the DHCP server of our hostname for DDNS.
8 hostname
9
10 # Use the hardware address of the interface for the Client ID.
11 #clientid
12 # or
13 # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
14 # Some non-RFC compliant DHCP servers do not reply with this set.
15 # In this case, comment out duid and enable clientid above.
16 duid
17
18 # Persist interface configuration when dhcpcd exits.
19 persistent
20
21 # Rapid commit support.
22 # Safe to enable by default because it requires the equivalent option set
23 # on the server to actually work.
24 option rapid_commit
25
26 # A list of options to request from the DHCP server.
27 option domain_name_servers, domain_name, domain_search, host_name
28 nooption host_name
29 option classless_static_routes
30 # Most distributions have NTP support.
31 option ntp_servers
32 # Respect the network MTU. This is applied to DHCP routes.
33 option interface_mtu
34
35 # A ServerID is required by RFC2131.
36 require dhcp_server_identifier
37
38 # Generate Stable Private IPv6 Addresses instead of hardware based ones
39 slaac private |
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sun Sep 02, 2018 12:26 am Post subject: |
|
|
You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use. That would explain the error message you showed. What are you trying to achieve with that directive? |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sun Sep 02, 2018 11:51 am Post subject: |
|
|
Hu wrote: | You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use. That would explain the error message you showed. What are you trying to achieve with that directive? |
Hu, that is exactly what was causing the error!
I want to override default DNS address assigned by DHCP. I read the man dhcpcd, and see that I need to use -S domain_name_servers=8.8.8.8 ( have done this long ago, probably I made a typo while setting up )
After making this change, it goes further, but still doesn't make the connection
Code: | * Starting openvpn ...
* WARNING: You have defined your own up/down scripts
* As you're running as a client, we now force Gentoo specific
* scripts to be run for up and down events.
* These scripts will call /etc/openvpn/openvpn-{up,down}.sh
* where you can put your own code. [ ok ]
* WARNING: openvpn has started, but is inactive |
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sun Sep 02, 2018 4:09 pm Post subject: |
|
|
Sorry, I haven't seen this failure mode and don't know how to debug it without reading the OpenVPN sources and/or Gentoo additions to it. I changed your thread title to reference the message you get now. Hopefully someone familiar with this usage mode will see it and step in. |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sun Sep 02, 2018 4:54 pm Post subject: |
|
|
Hu wrote: | Sorry, I haven't seen this failure mode and don't know how to debug it without reading the OpenVPN sources and/or Gentoo additions to it. I changed your thread title to reference the message you get now. Hopefully someone familiar with this usage mode will see it and step in. |
Thanks, I think that's a good idea. In the meanwhile, I will do a research myself.
Cheers, |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sun Sep 02, 2018 4:58 pm Post subject: |
|
|
I always get the Warning started but inactive message ... as it's coming up, it always connects.
What does your openvpn.conf look like _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sun Sep 02, 2018 5:09 pm Post subject: |
|
|
The opening post has the original openvpn configuration, and none of the changes described here should have affected it. What was shown then is probably still current. |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sun Sep 02, 2018 5:43 pm Post subject: |
|
|
concerned wrote: | Hu wrote: | You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use. That would explain the error message you showed. What are you trying to achieve with that directive? |
Hu, that is exactly what was causing the error!
I want to override default DNS address assigned by DHCP. I read the man dhcpcd, and see that I need to use -S domain_name_servers=8.8.8.8 ( have done this long ago, probably I made a typo while setting up )
After making this change, it goes further, but still doesn't make the connection
Code: | * Starting openvpn ...
* WARNING: You have defined your own up/down scripts
* As you're running as a client, we now force Gentoo specific
* scripts to be run for up and down events.
* These scripts will call /etc/openvpn/openvpn-{up,down}.sh
* where you can put your own code. [ ok ]
* WARNING: openvpn has started, but is inactive |
|
Anon-E-Moose, this is the latest state.
What I did was fixing mistyped dhcp directive in /etc/conf.d/net as caught by Hu |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sun Sep 02, 2018 5:49 pm Post subject: |
|
|
I'm not quite following what you're doing or trying to do.
Are you letting openvpn try and bring up the network? Or is the network up and you're then trying to bring up openvpn?
Personally, I would fix the problems with the network first, have it come up clean, then worry about openvpn. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sun Sep 02, 2018 6:08 pm Post subject: |
|
|
Anon-E-moose wrote: | I'm not quite following what you're doing or trying to do.
Are you letting openvpn try and bring up the network? Or is the network up and you're then trying to bring up openvpn?
Personally, I would fix the problems with the network first, have it come up clean, then worry about openvpn. |
Network at server side is up, only OpenVPN is new |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sun Sep 02, 2018 6:22 pm Post subject: |
|
|
Code: | * Starting openvpn ...
* WARNING: You are dropping root privileges!
* As such openvpn may not be able to change ip, routing
* or DNS configuration. [ ok ]
* WARNING: openvpn has started, but is inactive |
This is the message I get when I start up openvpn
If I do an "ip route" the routing for it shows up, and I can go out the tun adapter.
The only real difference I see between my openvpn.conf and your's is I ref "dev tun" not tun0
What does /var/log/openvpn/openvpn.log show? _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sun Sep 02, 2018 6:51 pm Post subject: |
|
|
Anon-E-moose wrote: | Code: | * Starting openvpn ...
* WARNING: You are dropping root privileges!
* As such openvpn may not be able to change ip, routing
* or DNS configuration. [ ok ]
* WARNING: openvpn has started, but is inactive |
This is the message I get when I start up openvpn
If I do an "ip route" the routing for it shows up, and I can go out the tun adapter.
The only real difference I see between my openvpn.conf and your's is I ref "dev tun" not tun0
What does /var/log/openvpn/openvpn.log show? |
In the beginning I had dev tun as well, but added a 0, because I thought that is the reason it fails.
My ip route stays same, tun interface doesn't show up at all. It only appears on the server
Here is what a fresh client log looks like after /etc/init.d/openvpn start && /etc/init.d/openvpn stop
Code: | Sun Sep 2 22:39:34 2018 Multiple --up scripts defined. The previously configured script is overridden.
Sun Sep 2 22:39:34 2018 Multiple --down scripts defined. The previously configured script is overridden.
Sun Sep 2 22:39:34 2018 us=117751 Current Parameter Settings:
Sun Sep 2 22:39:34 2018 us=117758 config = '/etc/openvpn/openvpn.conf'
Sun Sep 2 22:39:34 2018 us=117763 mode = 0
Sun Sep 2 22:39:34 2018 us=117768 persist_config = DISABLED
Sun Sep 2 22:39:34 2018 us=117773 persist_mode = 1
Sun Sep 2 22:39:34 2018 us=117778 show_ciphers = DISABLED
Sun Sep 2 22:39:34 2018 us=117782 show_digests = DISABLED
Sun Sep 2 22:39:34 2018 us=117786 show_engines = DISABLED
Sun Sep 2 22:39:34 2018 us=117791 genkey = DISABLED
Sun Sep 2 22:39:34 2018 us=117795 key_pass_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117800 show_tls_ciphers = DISABLED
Sun Sep 2 22:39:34 2018 us=117804 connect_retry_max = 0
Sun Sep 2 22:39:34 2018 us=117809 Connection profiles [0]:
Sun Sep 2 22:39:34 2018 us=117814 proto = udp
Sun Sep 2 22:39:34 2018 us=117818 local = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117823 local_port = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117828 remote = '1.3.3.1'
Sun Sep 2 22:39:34 2018 us=117832 remote_port = '1331'
Sun Sep 2 22:39:34 2018 us=117837 remote_float = DISABLED
Sun Sep 2 22:39:34 2018 us=117841 bind_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=117846 bind_local = DISABLED
Sun Sep 2 22:39:34 2018 us=117852 bind_ipv6_only = DISABLED
Sun Sep 2 22:39:34 2018 us=117856 connect_retry_seconds = 5
Sun Sep 2 22:39:34 2018 us=117861 connect_timeout = 120
Sun Sep 2 22:39:34 2018 us=117866 socks_proxy_server = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117870 socks_proxy_port = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117874 tun_mtu = 1500
Sun Sep 2 22:39:34 2018 us=117879 tun_mtu_defined = ENABLED
Sun Sep 2 22:39:34 2018 us=117883 link_mtu = 1500
Sun Sep 2 22:39:34 2018 us=117888 link_mtu_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=117892 tun_mtu_extra = 0
Sun Sep 2 22:39:34 2018 us=117896 tun_mtu_extra_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=117901 mtu_discover_type = -1
Sun Sep 2 22:39:34 2018 us=117905 fragment = 0
Sun Sep 2 22:39:34 2018 us=117910 mssfix = 1450
Sun Sep 2 22:39:34 2018 us=117914 explicit_exit_notification = 0
Sun Sep 2 22:39:34 2018 us=117919 Connection profiles END
Sun Sep 2 22:39:34 2018 us=117923 remote_random = DISABLED
Sun Sep 2 22:39:34 2018 us=117928 ipchange = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117932 dev = 'tun0'
Sun Sep 2 22:39:34 2018 us=117936 dev_type = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117941 dev_node = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117945 lladdr = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117949 topology = 1
Sun Sep 2 22:39:34 2018 us=117954 ifconfig_local = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117958 ifconfig_remote_netmask = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117963 ifconfig_noexec = DISABLED
Sun Sep 2 22:39:34 2018 us=117967 ifconfig_nowarn = DISABLED
Sun Sep 2 22:39:34 2018 us=117971 ifconfig_ipv6_local = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117976 ifconfig_ipv6_netbits = 0
Sun Sep 2 22:39:34 2018 us=117980 ifconfig_ipv6_remote = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=117985 shaper = 0
Sun Sep 2 22:39:34 2018 us=117989 mtu_test = 0
Sun Sep 2 22:39:34 2018 us=117993 mlock = DISABLED
Sun Sep 2 22:39:34 2018 us=117998 keepalive_ping = 0
Sun Sep 2 22:39:34 2018 us=118002 keepalive_timeout = 0
Sun Sep 2 22:39:34 2018 us=118006 inactivity_timeout = 0
Sun Sep 2 22:39:34 2018 us=118011 ping_send_timeout = 0
Sun Sep 2 22:39:34 2018 us=118015 ping_rec_timeout = 0
Sun Sep 2 22:39:34 2018 us=118019 ping_rec_timeout_action = 0
Sun Sep 2 22:39:34 2018 us=118024 ping_timer_remote = DISABLED
Sun Sep 2 22:39:34 2018 us=118028 remap_sigusr1 = 0
Sun Sep 2 22:39:34 2018 us=118033 persist_tun = ENABLED
Sun Sep 2 22:39:34 2018 us=118037 persist_local_ip = DISABLED
Sun Sep 2 22:39:34 2018 us=118041 persist_remote_ip = DISABLED
Sun Sep 2 22:39:34 2018 us=118050 persist_key = ENABLED
Sun Sep 2 22:39:34 2018 us=118055 passtos = DISABLED
Sun Sep 2 22:39:34 2018 us=118060 resolve_retry_seconds = 30
Sun Sep 2 22:39:34 2018 us=118064 resolve_in_advance = DISABLED
Sun Sep 2 22:39:34 2018 us=118069 username = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118073 groupname = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118077 chroot_dir = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118082 cd_dir = '/etc/openvpn'
Sun Sep 2 22:39:34 2018 us=118086 writepid = '/var/run/openvpn.pid'
Sun Sep 2 22:39:34 2018 us=118091 up_script = '/etc/openvpn/up.sh'
Sun Sep 2 22:39:34 2018 us=118095 down_script = '/etc/openvpn/down.sh'
Sun Sep 2 22:39:34 2018 us=118100 down_pre = ENABLED
Sun Sep 2 22:39:34 2018 us=118104 up_restart = ENABLED
Sun Sep 2 22:39:34 2018 us=118109 up_delay = ENABLED
Sun Sep 2 22:39:34 2018 us=118113 daemon = ENABLED
Sun Sep 2 22:39:34 2018 us=118124 inetd = 0
Sun Sep 2 22:39:34 2018 us=118132 log = ENABLED
Sun Sep 2 22:39:34 2018 us=118139 suppress_timestamps = DISABLED
Sun Sep 2 22:39:34 2018 us=118144 machine_readable_output = DISABLED
Sun Sep 2 22:39:34 2018 us=118148 nice = 0
Sun Sep 2 22:39:34 2018 us=118153 verbosity = 4
Sun Sep 2 22:39:34 2018 us=118157 mute = 0
Sun Sep 2 22:39:34 2018 us=118161 gremlin = 0
Sun Sep 2 22:39:34 2018 us=118166 status_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118170 status_file_version = 1
Sun Sep 2 22:39:34 2018 us=118175 status_file_update_freq = 60
Sun Sep 2 22:39:34 2018 us=118179 occ = ENABLED
Sun Sep 2 22:39:34 2018 us=118183 rcvbuf = 0
Sun Sep 2 22:39:34 2018 us=118188 sndbuf = 0
Sun Sep 2 22:39:34 2018 us=118192 mark = 0
Sun Sep 2 22:39:34 2018 us=118196 sockflags = 0
Sun Sep 2 22:39:34 2018 us=118201 fast_io = DISABLED
Sun Sep 2 22:39:34 2018 us=118205 comp.alg = 2
Sun Sep 2 22:39:34 2018 us=118210 comp.flags = 1
Sun Sep 2 22:39:34 2018 us=118214 route_script = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118219 route_default_gateway = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118223 route_default_metric = 0
Sun Sep 2 22:39:34 2018 us=118228 route_noexec = DISABLED
Sun Sep 2 22:39:34 2018 us=118233 route_delay = 0
Sun Sep 2 22:39:34 2018 us=118237 route_delay_window = 30
Sun Sep 2 22:39:34 2018 us=118242 route_delay_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=118246 route_nopull = DISABLED
Sun Sep 2 22:39:34 2018 us=118250 route_gateway_via_dhcp = DISABLED
Sun Sep 2 22:39:34 2018 us=118255 allow_pull_fqdn = DISABLED
Sun Sep 2 22:39:34 2018 us=118260 management_addr = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118264 management_port = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118269 management_user_pass = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118274 management_log_history_cache = 250
Sun Sep 2 22:39:34 2018 us=118278 management_echo_buffer_size = 100
Sun Sep 2 22:39:34 2018 us=118283 management_write_peer_info_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118287 management_client_user = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118292 management_client_group = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118296 management_flags = 0
Sun Sep 2 22:39:34 2018 us=118301 shared_secret_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118305 key_direction = 1
Sun Sep 2 22:39:34 2018 us=118310 ciphername = 'BF-CBC'
Sun Sep 2 22:39:34 2018 us=118315 ncp_enabled = ENABLED
Sun Sep 2 22:39:34 2018 us=118319 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun Sep 2 22:39:34 2018 us=118324 authname = 'SHA1'
Sun Sep 2 22:39:34 2018 us=118328 prng_hash = 'SHA1'
Sun Sep 2 22:39:34 2018 us=118333 prng_nonce_secret_len = 16
Sun Sep 2 22:39:34 2018 us=118337 keysize = 0
Sun Sep 2 22:39:34 2018 us=118342 engine = DISABLED
Sun Sep 2 22:39:34 2018 us=118346 replay = ENABLED
Sun Sep 2 22:39:34 2018 us=118351 mute_replay_warnings = DISABLED
Sun Sep 2 22:39:34 2018 us=118355 replay_window = 64
Sun Sep 2 22:39:34 2018 us=118360 replay_time = 15
Sun Sep 2 22:39:34 2018 us=118364 packet_id_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118372 use_iv = ENABLED
Sun Sep 2 22:39:34 2018 us=118377 test_crypto = DISABLED
Sun Sep 2 22:39:34 2018 us=118381 tls_server = DISABLED
Sun Sep 2 22:39:34 2018 us=118385 tls_client = ENABLED
Sun Sep 2 22:39:34 2018 us=118390 key_method = 2
Sun Sep 2 22:39:34 2018 us=118394 ca_file = '/home/x/keys/ca.crt'
Sun Sep 2 22:39:34 2018 us=118399 ca_path = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118403 dh_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118408 cert_file = '/home/x/keys/client.crt'
Sun Sep 2 22:39:34 2018 us=118413 extra_certs_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118418 priv_key_file = '/home/x/keys/client.key'
Sun Sep 2 22:39:34 2018 us=118423 pkcs12_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118427 cipher_list = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118431 tls_cert_profile = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118436 tls_verify = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118440 tls_export_cert = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118445 verify_x509_type = 0
Sun Sep 2 22:39:34 2018 us=118449 verify_x509_name = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118454 crl_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118458 ns_cert_type = 0
Sun Sep 2 22:39:34 2018 us=118463 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118467 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118471 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118476 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118480 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118484 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118489 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118493 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118497 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118502 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118506 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118510 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118514 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118519 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118523 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118527 remote_cert_ku[i] = 0
Sun Sep 2 22:39:34 2018 us=118532 remote_cert_eku = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118536 ssl_flags = 0
Sun Sep 2 22:39:34 2018 us=118541 tls_timeout = 2
Sun Sep 2 22:39:34 2018 us=118545 renegotiate_bytes = -1
Sun Sep 2 22:39:34 2018 us=118550 renegotiate_packets = 0
Sun Sep 2 22:39:34 2018 us=118554 renegotiate_seconds = 3600
Sun Sep 2 22:39:34 2018 us=118558 handshake_window = 60
Sun Sep 2 22:39:34 2018 us=118563 transition_window = 3600
Sun Sep 2 22:39:34 2018 us=118567 single_session = DISABLED
Sun Sep 2 22:39:34 2018 us=118572 push_peer_info = DISABLED
Sun Sep 2 22:39:34 2018 us=118576 tls_exit = DISABLED
Sun Sep 2 22:39:34 2018 us=118581 tls_auth_file = '/home/x/keys/ta.key'
Sun Sep 2 22:39:34 2018 us=118585 tls_crypt_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118592 server_network = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118597 server_netmask = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118607 server_network_ipv6 = ::
Sun Sep 2 22:39:34 2018 us=118612 server_netbits_ipv6 = 0
Sun Sep 2 22:39:34 2018 us=118617 server_bridge_ip = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118622 server_bridge_netmask = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118627 server_bridge_pool_start = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118632 server_bridge_pool_end = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118637 ifconfig_pool_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=118642 ifconfig_pool_start = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118647 ifconfig_pool_end = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118653 ifconfig_pool_netmask = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118658 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118663 ifconfig_pool_persist_refresh_freq = 600
Sun Sep 2 22:39:34 2018 us=118667 ifconfig_ipv6_pool_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=118672 ifconfig_ipv6_pool_base = ::
Sun Sep 2 22:39:34 2018 us=118682 ifconfig_ipv6_pool_netbits = 0
Sun Sep 2 22:39:34 2018 us=118687 n_bcast_buf = 256
Sun Sep 2 22:39:34 2018 us=118692 tcp_queue_limit = 64
Sun Sep 2 22:39:34 2018 us=118697 real_hash_size = 256
Sun Sep 2 22:39:34 2018 us=118701 virtual_hash_size = 256
Sun Sep 2 22:39:34 2018 us=118706 client_connect_script = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118710 learn_address_script = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118715 client_disconnect_script = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118719 client_config_dir = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118724 ccd_exclusive = DISABLED
Sun Sep 2 22:39:34 2018 us=118728 tmp_dir = '/tmp'
Sun Sep 2 22:39:34 2018 us=118733 push_ifconfig_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=118738 push_ifconfig_local = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118743 push_ifconfig_remote_netmask = 0.0.0.0
Sun Sep 2 22:39:34 2018 us=118748 push_ifconfig_ipv6_defined = DISABLED
Sun Sep 2 22:39:34 2018 us=118753 push_ifconfig_ipv6_local = ::/0
Sun Sep 2 22:39:34 2018 us=118758 push_ifconfig_ipv6_remote = ::
Sun Sep 2 22:39:34 2018 us=118763 enable_c2c = DISABLED
Sun Sep 2 22:39:34 2018 us=118768 duplicate_cn = DISABLED
Sun Sep 2 22:39:34 2018 us=118773 cf_max = 0
Sun Sep 2 22:39:34 2018 us=118777 cf_per = 0
Sun Sep 2 22:39:34 2018 us=118782 max_clients = 1024
Sun Sep 2 22:39:34 2018 us=118786 max_routes_per_client = 256
Sun Sep 2 22:39:34 2018 us=118791 auth_user_pass_verify_script = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118796 auth_user_pass_verify_script_via_file = DISABLED
Sun Sep 2 22:39:34 2018 us=118800 auth_token_generate = DISABLED
Sun Sep 2 22:39:34 2018 us=118805 auth_token_lifetime = 0
Sun Sep 2 22:39:34 2018 us=118810 port_share_host = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118814 port_share_port = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118819 client = ENABLED
Sun Sep 2 22:39:34 2018 us=118823 pull = ENABLED
Sun Sep 2 22:39:34 2018 us=118828 auth_user_pass_file = '[UNDEF]'
Sun Sep 2 22:39:34 2018 us=118834 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 31 2018
Sun Sep 2 22:39:34 2018 us=118843 library versions: OpenSSL 1.0.2m 2 Nov 2017, LZO 2.09
Sun Sep 2 22:39:34 2018 us=119125 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 2 22:39:34 2018 us=119149 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Sep 2 22:39:34 2018 us=119829 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 2 22:39:34 2018 us=119844 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 2 22:39:34 2018 us=119853 LZO compression initializing
Sun Sep 2 22:39:34 2018 us=119916 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Sep 2 22:39:34 2018 us=119938 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Sun Sep 2 22:39:34 2018 us=119959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Sep 2 22:39:34 2018 us=119965 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Sep 2 22:39:34 2018 us=119975 TCP/UDP: Preserving recently used remote address: [AF_INET]1.3.3.1:1331
Sun Sep 2 22:39:34 2018 us=119994 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Sep 2 22:39:34 2018 us=119999 UDP link local: (not bound)
Sun Sep 2 22:39:34 2018 us=120005 UDP link remote: [AF_INET]1.3.3.1:1331
Sun Sep 2 22:40:08 2018 us=982429 event_wait : Interrupted system call (code=4)
Sun Sep 2 22:40:08 2018 us=982605 TCP/UDP: Closing socket
Sun Sep 2 22:40:08 2018 us=982642 SIGTERM[hard,] received, process exiting |
|
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sun Sep 02, 2018 7:02 pm Post subject: |
|
|
It appears you're not getting communication with the peer.
You get "UDP link remote: " but it's not responding, probably something wrong with the options you're trying to send it.
Code: | Sun Sep 2 22:39:34 2018 us=119959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Sep 2 22:39:34 2018 us=119965 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
That's something you'll have to get with the other end to figure out. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
concerned n00b
Joined: 05 Sep 2017 Posts: 35
|
Posted: Sun Sep 02, 2018 10:48 pm Post subject: |
|
|
Anon-E-moose,
Port forwarding was causing the problem.
It is set to only forward TCP traffic to this port, and I had the server in UDP mode.
At the moment I don't have access to that router to fix the port forwarding, so I changed VPN protocol to TCP, and now it works fine.
Thanks all for your time!
Cheers |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sun Sep 02, 2018 11:41 pm Post subject: |
|
|
Well that would certainly cause problems.
Glad you found what it was. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|