Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] OpenVPN has started, but is inactive
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sat Sep 01, 2018 10:02 am    Post subject: [Solved] OpenVPN has started, but is inactive Reply with quote

[Moderator note: changed title from OpenVPN error to include the specific warning now generated. -Hu]

Hi everyone!

Am trying to setup VPN tunnel, but for some reason client side OpenVPN running on Gentoo fails to start.

As per https://wiki.gentoo.org/wiki/OpenVPN I enabled in kernel:
    Network core driver support
    Universal TUN/TAP device driver support


Contents of /etc/openvpn/openvpn.conf:
Code:
client
dev tun0
proto udp
remote 1.2.3.4 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
ca /home/x/keys/ca.crt
cert /home/x/keys/client.crt
key /home/x/keys/client.key
key-direction 1
tls-auth /home/x/keys/ta.key 1


This is what happens when I try starting openvpn:
Code:
localhost /etc/openvpn # /etc/init.d/openvpn start -v
 * Executing: /lib64/rc/sh/openrc-run.sh /lib64/rc/sh/openrc-run.sh /etc/init.d/net.eth0 start
 * Bringing up interface eth0
 *   Skipping module adsl due to missing program: /usr/sbin/adsl-start /usr/sbin/pppoe-start
 *   Skipping module br2684ctl due to missing program: br2684ctl
 *   Skipping module clip due to missing program: /usr/sbin/atmsigd
 *   Skipping module netplugd due to missing program: /sbin/netplugd
 *   Skipping module ifplugd due to missing program: /usr/sbin/ifplugd
 *   Skipping module ipppd due to missing program: /usr/sbin/ipppd
 *   Skipping module firewalld due to missing program: firewall-cmd
 *   Skipping module pppd due to missing program: /usr/sbin/pppd
 *   Skipping module dhclient due to missing program: /sbin/dhclient
 *   Skipping module pump due to missing program: /sbin/pump
 *   Loaded modules: apipa arping bonding l2tp tuntap bridge ccwgroup ethtool dummy hsr macvlan macchanger macnet wpa_supplicant ssidnet iproute2 system vlan dhcpcd ip6rd ip6to4
 *   ip link set dev eth0 up
 *   Configuring eth0 for MAC address F4:30:B9:52:9A:8D ...                     [ ok ]
 *   dhcp ...
 *     Running dhcpcd ...
static assignment required                                                      [ !! ]                                                                          [ !! ]
 * ERROR: net.eth0 failed to start
 * ERROR: cannot start openvpn as net.eth0 would not start


Last edited by concerned on Wed Sep 05, 2018 9:09 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13493

PostPosted: Sat Sep 01, 2018 4:39 pm    Post subject: Reply with quote

As I read that output, you are not yet far enough along to know whether your OpenVPN configuration is right. Your problem is that net.eth0 fails to start, so the system refuses to even attempt to start openvpn. Until you fix that, you cannot test whether your OpenVPN configuration is right. We need more information to understand why net.eth0 failed to start. Please post the output of cat -n /etc/conf.d/net ; cat -n /etc/dhcpcd.conf.
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sat Sep 01, 2018 4:47 pm    Post subject: Reply with quote

Hu wrote:
As I read that output, you are not yet far enough along to know whether your OpenVPN configuration is right. Your problem is that net.eth0 fails to start, so the system refuses to even attempt to start openvpn. Until you fix that, you cannot test whether your OpenVPN configuration is right. We need more information to understand why net.eth0 failed to start. Please post the output of cat -n /etc/conf.d/net ; cat -n /etc/dhcpcd.conf.


Hu, thanks for the reply,

x ~ $ cat -n /etc/conf.d/net
Code:
     1   config_eth0="dhcp"
     2   dhcp_eth0="nodns"
     3   dhcpcd_eth0="-t 10 -S 8.8.8.8"
     4   dns_servers="8.8.8.8"

x ~ $ cat -n /etc/dhcpcd.conf
Code:
     1   # A sample configuration for dhcpcd.
     2   # See dhcpcd.conf(5) for details.
     3   
     4   # Allow users of this group to interact with dhcpcd via the control socket.
     5   #controlgroup wheel
     6   
     7   # Inform the DHCP server of our hostname for DDNS.
     8   hostname
     9   
    10   # Use the hardware address of the interface for the Client ID.
    11   #clientid
    12   # or
    13   # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
    14   # Some non-RFC compliant DHCP servers do not reply with this set.
    15   # In this case, comment out duid and enable clientid above.
    16   duid
    17   
    18   # Persist interface configuration when dhcpcd exits.
    19   persistent
    20   
    21   # Rapid commit support.
    22   # Safe to enable by default because it requires the equivalent option set
    23   # on the server to actually work.
    24   option rapid_commit
    25   
    26   # A list of options to request from the DHCP server.
    27   option domain_name_servers, domain_name, domain_search, host_name
    28   nooption host_name
    29   option classless_static_routes
    30   # Most distributions have NTP support.
    31   option ntp_servers
    32   # Respect the network MTU. This is applied to DHCP routes.
    33   option interface_mtu
    34   
    35   # A ServerID is required by RFC2131.
    36   require dhcp_server_identifier
    37   
    38   # Generate Stable Private IPv6 Addresses instead of hardware based ones
    39   slaac private
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13493

PostPosted: Sun Sep 02, 2018 12:26 am    Post subject: Reply with quote

You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use. That would explain the error message you showed. What are you trying to achieve with that directive?
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sun Sep 02, 2018 11:51 am    Post subject: Reply with quote

Hu wrote:
You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use. That would explain the error message you showed. What are you trying to achieve with that directive?


Hu, that is exactly what was causing the error!

I want to override default DNS address assigned by DHCP. I read the man dhcpcd, and see that I need to use -S domain_name_servers=8.8.8.8 ( have done this long ago, probably I made a typo while setting up )

After making this change, it goes further, but still doesn't make the connection

Code:
 * Starting openvpn ...
 * WARNING: You have defined your own up/down scripts
 * As you're running as a client, we now force Gentoo specific
 * scripts to be run for up and down events.
 * These scripts will call /etc/openvpn/openvpn-{up,down}.sh
 * where you can put your own code.                                                                                                [ ok ]
 * WARNING: openvpn has started, but is inactive
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13493

PostPosted: Sun Sep 02, 2018 4:09 pm    Post subject: Reply with quote

Sorry, I haven't seen this failure mode and don't know how to debug it without reading the OpenVPN sources and/or Gentoo additions to it. I changed your thread title to reference the message you get now. Hopefully someone familiar with this usage mode will see it and step in.
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sun Sep 02, 2018 4:54 pm    Post subject: Reply with quote

Hu wrote:
Sorry, I haven't seen this failure mode and don't know how to debug it without reading the OpenVPN sources and/or Gentoo additions to it. I changed your thread title to reference the message you get now. Hopefully someone familiar with this usage mode will see it and step in.


Thanks, I think that's a good idea. In the meanwhile, I will do a research myself.

Cheers,
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3688
Location: Dallas area

PostPosted: Sun Sep 02, 2018 4:58 pm    Post subject: Reply with quote

I always get the Warning started but inactive message ... as it's coming up, it always connects.

What does your openvpn.conf look like
_________________
Asus m5a99fx, FX 8320 - nouveau & radeon, oss4
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
4.14.62 kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 7.3.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13493

PostPosted: Sun Sep 02, 2018 5:09 pm    Post subject: Reply with quote

The opening post has the original openvpn configuration, and none of the changes described here should have affected it. What was shown then is probably still current.
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sun Sep 02, 2018 5:43 pm    Post subject: Reply with quote

concerned wrote:
Hu wrote:
You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use. That would explain the error message you showed. What are you trying to achieve with that directive?


Hu, that is exactly what was causing the error!

I want to override default DNS address assigned by DHCP. I read the man dhcpcd, and see that I need to use -S domain_name_servers=8.8.8.8 ( have done this long ago, probably I made a typo while setting up )

After making this change, it goes further, but still doesn't make the connection

Code:
 * Starting openvpn ...
 * WARNING: You have defined your own up/down scripts
 * As you're running as a client, we now force Gentoo specific
 * scripts to be run for up and down events.
 * These scripts will call /etc/openvpn/openvpn-{up,down}.sh
 * where you can put your own code.                                                                                                [ ok ]
 * WARNING: openvpn has started, but is inactive


Anon-E-Moose, this is the latest state.

What I did was fixing mistyped dhcp directive in /etc/conf.d/net as caught by Hu
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3688
Location: Dallas area

PostPosted: Sun Sep 02, 2018 5:49 pm    Post subject: Reply with quote

I'm not quite following what you're doing or trying to do.

Are you letting openvpn try and bring up the network? Or is the network up and you're then trying to bring up openvpn?

Personally, I would fix the problems with the network first, have it come up clean, then worry about openvpn.
_________________
Asus m5a99fx, FX 8320 - nouveau & radeon, oss4
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
4.14.62 kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 7.3.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sun Sep 02, 2018 6:08 pm    Post subject: Reply with quote

Anon-E-moose wrote:
I'm not quite following what you're doing or trying to do.

Are you letting openvpn try and bring up the network? Or is the network up and you're then trying to bring up openvpn?

Personally, I would fix the problems with the network first, have it come up clean, then worry about openvpn.


Network at server side is up, only OpenVPN is new
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3688
Location: Dallas area

PostPosted: Sun Sep 02, 2018 6:22 pm    Post subject: Reply with quote

Code:
 * Starting openvpn ...
 * WARNING: You are dropping root privileges!
 * As such openvpn may not be able to change ip, routing
 * or DNS configuration.                                                                                          [ ok ]
 * WARNING: openvpn has started, but is inactive


This is the message I get when I start up openvpn

If I do an "ip route" the routing for it shows up, and I can go out the tun adapter.

The only real difference I see between my openvpn.conf and your's is I ref "dev tun" not tun0

What does /var/log/openvpn/openvpn.log show?
_________________
Asus m5a99fx, FX 8320 - nouveau & radeon, oss4
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
4.14.62 kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 7.3.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sun Sep 02, 2018 6:51 pm    Post subject: Reply with quote

Anon-E-moose wrote:
Code:
 * Starting openvpn ...
 * WARNING: You are dropping root privileges!
 * As such openvpn may not be able to change ip, routing
 * or DNS configuration.                                                                                          [ ok ]
 * WARNING: openvpn has started, but is inactive


This is the message I get when I start up openvpn

If I do an "ip route" the routing for it shows up, and I can go out the tun adapter.

The only real difference I see between my openvpn.conf and your's is I ref "dev tun" not tun0

What does /var/log/openvpn/openvpn.log show?


In the beginning I had dev tun as well, but added a 0, because I thought that is the reason it fails.

My ip route stays same, tun interface doesn't show up at all. It only appears on the server

Here is what a fresh client log looks like after /etc/init.d/openvpn start && /etc/init.d/openvpn stop

Code:
Sun Sep  2 22:39:34 2018 Multiple --up scripts defined.  The previously configured script is overridden.
Sun Sep  2 22:39:34 2018 Multiple --down scripts defined.  The previously configured script is overridden.
Sun Sep  2 22:39:34 2018 us=117751 Current Parameter Settings:
Sun Sep  2 22:39:34 2018 us=117758   config = '/etc/openvpn/openvpn.conf'
Sun Sep  2 22:39:34 2018 us=117763   mode = 0
Sun Sep  2 22:39:34 2018 us=117768   persist_config = DISABLED
Sun Sep  2 22:39:34 2018 us=117773   persist_mode = 1
Sun Sep  2 22:39:34 2018 us=117778   show_ciphers = DISABLED
Sun Sep  2 22:39:34 2018 us=117782   show_digests = DISABLED
Sun Sep  2 22:39:34 2018 us=117786   show_engines = DISABLED
Sun Sep  2 22:39:34 2018 us=117791   genkey = DISABLED
Sun Sep  2 22:39:34 2018 us=117795   key_pass_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117800   show_tls_ciphers = DISABLED
Sun Sep  2 22:39:34 2018 us=117804   connect_retry_max = 0
Sun Sep  2 22:39:34 2018 us=117809 Connection profiles [0]:
Sun Sep  2 22:39:34 2018 us=117814   proto = udp
Sun Sep  2 22:39:34 2018 us=117818   local = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117823   local_port = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117828   remote = '1.3.3.1'
Sun Sep  2 22:39:34 2018 us=117832   remote_port = '1331'
Sun Sep  2 22:39:34 2018 us=117837   remote_float = DISABLED
Sun Sep  2 22:39:34 2018 us=117841   bind_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=117846   bind_local = DISABLED
Sun Sep  2 22:39:34 2018 us=117852   bind_ipv6_only = DISABLED
Sun Sep  2 22:39:34 2018 us=117856   connect_retry_seconds = 5
Sun Sep  2 22:39:34 2018 us=117861   connect_timeout = 120
Sun Sep  2 22:39:34 2018 us=117866   socks_proxy_server = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117870   socks_proxy_port = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117874   tun_mtu = 1500
Sun Sep  2 22:39:34 2018 us=117879   tun_mtu_defined = ENABLED
Sun Sep  2 22:39:34 2018 us=117883   link_mtu = 1500
Sun Sep  2 22:39:34 2018 us=117888   link_mtu_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=117892   tun_mtu_extra = 0
Sun Sep  2 22:39:34 2018 us=117896   tun_mtu_extra_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=117901   mtu_discover_type = -1
Sun Sep  2 22:39:34 2018 us=117905   fragment = 0
Sun Sep  2 22:39:34 2018 us=117910   mssfix = 1450
Sun Sep  2 22:39:34 2018 us=117914   explicit_exit_notification = 0
Sun Sep  2 22:39:34 2018 us=117919 Connection profiles END
Sun Sep  2 22:39:34 2018 us=117923   remote_random = DISABLED
Sun Sep  2 22:39:34 2018 us=117928   ipchange = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117932   dev = 'tun0'
Sun Sep  2 22:39:34 2018 us=117936   dev_type = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117941   dev_node = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117945   lladdr = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117949   topology = 1
Sun Sep  2 22:39:34 2018 us=117954   ifconfig_local = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117958   ifconfig_remote_netmask = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117963   ifconfig_noexec = DISABLED
Sun Sep  2 22:39:34 2018 us=117967   ifconfig_nowarn = DISABLED
Sun Sep  2 22:39:34 2018 us=117971   ifconfig_ipv6_local = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117976   ifconfig_ipv6_netbits = 0
Sun Sep  2 22:39:34 2018 us=117980   ifconfig_ipv6_remote = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=117985   shaper = 0
Sun Sep  2 22:39:34 2018 us=117989   mtu_test = 0
Sun Sep  2 22:39:34 2018 us=117993   mlock = DISABLED
Sun Sep  2 22:39:34 2018 us=117998   keepalive_ping = 0
Sun Sep  2 22:39:34 2018 us=118002   keepalive_timeout = 0
Sun Sep  2 22:39:34 2018 us=118006   inactivity_timeout = 0
Sun Sep  2 22:39:34 2018 us=118011   ping_send_timeout = 0
Sun Sep  2 22:39:34 2018 us=118015   ping_rec_timeout = 0
Sun Sep  2 22:39:34 2018 us=118019   ping_rec_timeout_action = 0
Sun Sep  2 22:39:34 2018 us=118024   ping_timer_remote = DISABLED
Sun Sep  2 22:39:34 2018 us=118028   remap_sigusr1 = 0
Sun Sep  2 22:39:34 2018 us=118033   persist_tun = ENABLED
Sun Sep  2 22:39:34 2018 us=118037   persist_local_ip = DISABLED
Sun Sep  2 22:39:34 2018 us=118041   persist_remote_ip = DISABLED
Sun Sep  2 22:39:34 2018 us=118050   persist_key = ENABLED
Sun Sep  2 22:39:34 2018 us=118055   passtos = DISABLED
Sun Sep  2 22:39:34 2018 us=118060   resolve_retry_seconds = 30
Sun Sep  2 22:39:34 2018 us=118064   resolve_in_advance = DISABLED
Sun Sep  2 22:39:34 2018 us=118069   username = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118073   groupname = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118077   chroot_dir = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118082   cd_dir = '/etc/openvpn'
Sun Sep  2 22:39:34 2018 us=118086   writepid = '/var/run/openvpn.pid'
Sun Sep  2 22:39:34 2018 us=118091   up_script = '/etc/openvpn/up.sh'
Sun Sep  2 22:39:34 2018 us=118095   down_script = '/etc/openvpn/down.sh'
Sun Sep  2 22:39:34 2018 us=118100   down_pre = ENABLED
Sun Sep  2 22:39:34 2018 us=118104   up_restart = ENABLED
Sun Sep  2 22:39:34 2018 us=118109   up_delay = ENABLED
Sun Sep  2 22:39:34 2018 us=118113   daemon = ENABLED
Sun Sep  2 22:39:34 2018 us=118124   inetd = 0
Sun Sep  2 22:39:34 2018 us=118132   log = ENABLED
Sun Sep  2 22:39:34 2018 us=118139   suppress_timestamps = DISABLED
Sun Sep  2 22:39:34 2018 us=118144   machine_readable_output = DISABLED
Sun Sep  2 22:39:34 2018 us=118148   nice = 0
Sun Sep  2 22:39:34 2018 us=118153   verbosity = 4
Sun Sep  2 22:39:34 2018 us=118157   mute = 0
Sun Sep  2 22:39:34 2018 us=118161   gremlin = 0
Sun Sep  2 22:39:34 2018 us=118166   status_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118170   status_file_version = 1
Sun Sep  2 22:39:34 2018 us=118175   status_file_update_freq = 60
Sun Sep  2 22:39:34 2018 us=118179   occ = ENABLED
Sun Sep  2 22:39:34 2018 us=118183   rcvbuf = 0
Sun Sep  2 22:39:34 2018 us=118188   sndbuf = 0
Sun Sep  2 22:39:34 2018 us=118192   mark = 0
Sun Sep  2 22:39:34 2018 us=118196   sockflags = 0
Sun Sep  2 22:39:34 2018 us=118201   fast_io = DISABLED
Sun Sep  2 22:39:34 2018 us=118205   comp.alg = 2
Sun Sep  2 22:39:34 2018 us=118210   comp.flags = 1
Sun Sep  2 22:39:34 2018 us=118214   route_script = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118219   route_default_gateway = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118223   route_default_metric = 0
Sun Sep  2 22:39:34 2018 us=118228   route_noexec = DISABLED
Sun Sep  2 22:39:34 2018 us=118233   route_delay = 0
Sun Sep  2 22:39:34 2018 us=118237   route_delay_window = 30
Sun Sep  2 22:39:34 2018 us=118242   route_delay_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=118246   route_nopull = DISABLED
Sun Sep  2 22:39:34 2018 us=118250   route_gateway_via_dhcp = DISABLED
Sun Sep  2 22:39:34 2018 us=118255   allow_pull_fqdn = DISABLED
Sun Sep  2 22:39:34 2018 us=118260   management_addr = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118264   management_port = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118269   management_user_pass = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118274   management_log_history_cache = 250
Sun Sep  2 22:39:34 2018 us=118278   management_echo_buffer_size = 100
Sun Sep  2 22:39:34 2018 us=118283   management_write_peer_info_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118287   management_client_user = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118292   management_client_group = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118296   management_flags = 0
Sun Sep  2 22:39:34 2018 us=118301   shared_secret_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118305   key_direction = 1
Sun Sep  2 22:39:34 2018 us=118310   ciphername = 'BF-CBC'
Sun Sep  2 22:39:34 2018 us=118315   ncp_enabled = ENABLED
Sun Sep  2 22:39:34 2018 us=118319   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun Sep  2 22:39:34 2018 us=118324   authname = 'SHA1'
Sun Sep  2 22:39:34 2018 us=118328   prng_hash = 'SHA1'
Sun Sep  2 22:39:34 2018 us=118333   prng_nonce_secret_len = 16
Sun Sep  2 22:39:34 2018 us=118337   keysize = 0
Sun Sep  2 22:39:34 2018 us=118342   engine = DISABLED
Sun Sep  2 22:39:34 2018 us=118346   replay = ENABLED
Sun Sep  2 22:39:34 2018 us=118351   mute_replay_warnings = DISABLED
Sun Sep  2 22:39:34 2018 us=118355   replay_window = 64
Sun Sep  2 22:39:34 2018 us=118360   replay_time = 15
Sun Sep  2 22:39:34 2018 us=118364   packet_id_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118372   use_iv = ENABLED
Sun Sep  2 22:39:34 2018 us=118377   test_crypto = DISABLED
Sun Sep  2 22:39:34 2018 us=118381   tls_server = DISABLED
Sun Sep  2 22:39:34 2018 us=118385   tls_client = ENABLED
Sun Sep  2 22:39:34 2018 us=118390   key_method = 2
Sun Sep  2 22:39:34 2018 us=118394   ca_file = '/home/x/keys/ca.crt'
Sun Sep  2 22:39:34 2018 us=118399   ca_path = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118403   dh_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118408   cert_file = '/home/x/keys/client.crt'
Sun Sep  2 22:39:34 2018 us=118413   extra_certs_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118418   priv_key_file = '/home/x/keys/client.key'
Sun Sep  2 22:39:34 2018 us=118423   pkcs12_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118427   cipher_list = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118431   tls_cert_profile = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118436   tls_verify = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118440   tls_export_cert = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118445   verify_x509_type = 0
Sun Sep  2 22:39:34 2018 us=118449   verify_x509_name = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118454   crl_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118458   ns_cert_type = 0
Sun Sep  2 22:39:34 2018 us=118463   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118467   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118471   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118476   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118480   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118484   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118489   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118493   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118497   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118502   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118506   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118510   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118514   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118519   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118523   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118527   remote_cert_ku[i] = 0
Sun Sep  2 22:39:34 2018 us=118532   remote_cert_eku = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118536   ssl_flags = 0
Sun Sep  2 22:39:34 2018 us=118541   tls_timeout = 2
Sun Sep  2 22:39:34 2018 us=118545   renegotiate_bytes = -1
Sun Sep  2 22:39:34 2018 us=118550   renegotiate_packets = 0
Sun Sep  2 22:39:34 2018 us=118554   renegotiate_seconds = 3600
Sun Sep  2 22:39:34 2018 us=118558   handshake_window = 60
Sun Sep  2 22:39:34 2018 us=118563   transition_window = 3600
Sun Sep  2 22:39:34 2018 us=118567   single_session = DISABLED
Sun Sep  2 22:39:34 2018 us=118572   push_peer_info = DISABLED
Sun Sep  2 22:39:34 2018 us=118576   tls_exit = DISABLED
Sun Sep  2 22:39:34 2018 us=118581   tls_auth_file = '/home/x/keys/ta.key'
Sun Sep  2 22:39:34 2018 us=118585   tls_crypt_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118592   server_network = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118597   server_netmask = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118607   server_network_ipv6 = ::
Sun Sep  2 22:39:34 2018 us=118612   server_netbits_ipv6 = 0
Sun Sep  2 22:39:34 2018 us=118617   server_bridge_ip = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118622   server_bridge_netmask = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118627   server_bridge_pool_start = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118632   server_bridge_pool_end = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118637   ifconfig_pool_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=118642   ifconfig_pool_start = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118647   ifconfig_pool_end = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118653   ifconfig_pool_netmask = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118658   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118663   ifconfig_pool_persist_refresh_freq = 600
Sun Sep  2 22:39:34 2018 us=118667   ifconfig_ipv6_pool_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=118672   ifconfig_ipv6_pool_base = ::
Sun Sep  2 22:39:34 2018 us=118682   ifconfig_ipv6_pool_netbits = 0
Sun Sep  2 22:39:34 2018 us=118687   n_bcast_buf = 256
Sun Sep  2 22:39:34 2018 us=118692   tcp_queue_limit = 64
Sun Sep  2 22:39:34 2018 us=118697   real_hash_size = 256
Sun Sep  2 22:39:34 2018 us=118701   virtual_hash_size = 256
Sun Sep  2 22:39:34 2018 us=118706   client_connect_script = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118710   learn_address_script = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118715   client_disconnect_script = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118719   client_config_dir = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118724   ccd_exclusive = DISABLED
Sun Sep  2 22:39:34 2018 us=118728   tmp_dir = '/tmp'
Sun Sep  2 22:39:34 2018 us=118733   push_ifconfig_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=118738   push_ifconfig_local = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118743   push_ifconfig_remote_netmask = 0.0.0.0
Sun Sep  2 22:39:34 2018 us=118748   push_ifconfig_ipv6_defined = DISABLED
Sun Sep  2 22:39:34 2018 us=118753   push_ifconfig_ipv6_local = ::/0
Sun Sep  2 22:39:34 2018 us=118758   push_ifconfig_ipv6_remote = ::
Sun Sep  2 22:39:34 2018 us=118763   enable_c2c = DISABLED
Sun Sep  2 22:39:34 2018 us=118768   duplicate_cn = DISABLED
Sun Sep  2 22:39:34 2018 us=118773   cf_max = 0
Sun Sep  2 22:39:34 2018 us=118777   cf_per = 0
Sun Sep  2 22:39:34 2018 us=118782   max_clients = 1024
Sun Sep  2 22:39:34 2018 us=118786   max_routes_per_client = 256
Sun Sep  2 22:39:34 2018 us=118791   auth_user_pass_verify_script = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118796   auth_user_pass_verify_script_via_file = DISABLED
Sun Sep  2 22:39:34 2018 us=118800   auth_token_generate = DISABLED
Sun Sep  2 22:39:34 2018 us=118805   auth_token_lifetime = 0
Sun Sep  2 22:39:34 2018 us=118810   port_share_host = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118814   port_share_port = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118819   client = ENABLED
Sun Sep  2 22:39:34 2018 us=118823   pull = ENABLED
Sun Sep  2 22:39:34 2018 us=118828   auth_user_pass_file = '[UNDEF]'
Sun Sep  2 22:39:34 2018 us=118834 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 31 2018
Sun Sep  2 22:39:34 2018 us=118843 library versions: OpenSSL 1.0.2m  2 Nov 2017, LZO 2.09
Sun Sep  2 22:39:34 2018 us=119125 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Sep  2 22:39:34 2018 us=119149 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Sep  2 22:39:34 2018 us=119829 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep  2 22:39:34 2018 us=119844 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep  2 22:39:34 2018 us=119853 LZO compression initializing
Sun Sep  2 22:39:34 2018 us=119916 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Sep  2 22:39:34 2018 us=119938 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Sun Sep  2 22:39:34 2018 us=119959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Sep  2 22:39:34 2018 us=119965 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Sep  2 22:39:34 2018 us=119975 TCP/UDP: Preserving recently used remote address: [AF_INET]1.3.3.1:1331
Sun Sep  2 22:39:34 2018 us=119994 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Sep  2 22:39:34 2018 us=119999 UDP link local: (not bound)
Sun Sep  2 22:39:34 2018 us=120005 UDP link remote: [AF_INET]1.3.3.1:1331
Sun Sep  2 22:40:08 2018 us=982429 event_wait : Interrupted system call (code=4)
Sun Sep  2 22:40:08 2018 us=982605 TCP/UDP: Closing socket
Sun Sep  2 22:40:08 2018 us=982642 SIGTERM[hard,] received, process exiting
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3688
Location: Dallas area

PostPosted: Sun Sep 02, 2018 7:02 pm    Post subject: Reply with quote

It appears you're not getting communication with the peer.

You get "UDP link remote: " but it's not responding, probably something wrong with the options you're trying to send it.

Code:
Sun Sep  2 22:39:34 2018 us=119959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Sep  2 22:39:34 2018 us=119965 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'


That's something you'll have to get with the other end to figure out.
_________________
Asus m5a99fx, FX 8320 - nouveau & radeon, oss4
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
4.14.62 kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 7.3.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
concerned
n00b
n00b


Joined: 05 Sep 2017
Posts: 35

PostPosted: Sun Sep 02, 2018 10:48 pm    Post subject: Reply with quote

Anon-E-moose,

Port forwarding was causing the problem.

It is set to only forward TCP traffic to this port, and I had the server in UDP mode.

At the moment I don't have access to that router to fix the port forwarding, so I changed VPN protocol to TCP, and now it works fine.

Thanks all for your time!

Cheers
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3688
Location: Dallas area

PostPosted: Sun Sep 02, 2018 11:41 pm    Post subject: Reply with quote

Well that would certainly cause problems. :lol:

Glad you found what it was.
_________________
Asus m5a99fx, FX 8320 - nouveau & radeon, oss4
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
4.14.62 kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 7.3.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum