| View previous topic :: View next topic |
| Author |
Message |
kingcoras
n00b
Joined: 26 Jun 2007
Posts: 47
|
 Posted: Wed Jul 03, 2013 9:10 pm Post subject: [SOLVED] VPN problems |
 |
|
I've been working on this VPN problem for a long time, I cannot get it to work. it is the one reason I still occasionally used windows. as a hail mary, I replaced the windows install with an ubuntu install (Ubuntu does not play nice with grub!!!) and got it to work with Ubuntu, so I know it can work in linux.
But on Gentoo, it fails, and I don't know why.
At first I thought I was using the wrong openVPN version, so I checked it in porthole and it was right. then I noticed that the "lzo" use flag wasn't set, and the VPN requires LZO compression. So I set it globally in /etc/portage/make.conf and updated all packages in world...
| Code: |
emerge --update --deep --newuse world
|
which ended up installing a few new packages.
not solved, however. and Ubuntu is unfortunately very tight-lipped about how its packages are configured. I also checked installed package lists for ubuntu, and openVPN-blacklist was one, to install that on Gentoo i had to individually accept the ~amd64 keyword on that package. It also installed linux-headers, but I can't find any equivalent in the gentoo package list.
is it at all possible that I missed something in my kernel setup? I know I see tunneling options in the kernel, but I'm not sure which ones are correct for a purely IPV4 VPN tunnel that uses LZO compression.
I know I'm not giving a lot of info here, but I honestly don't know what to give. The hardware works, I'm just not sure whats wrong on the software side.
Wait.... wait...
| Code: |
hightech drew # cat /usr/src/linux/.config |grep TUNNEL
# CONFIG_INET_XFRM_TUNNEL is not set
CONFIG_INET_TUNNEL=m
# CONFIG_INET_XFRM_MODE_TUNNEL is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
# CONFIG_INET6_TUNNEL is not set
CONFIG_INET6_XFRM_MODE_TUNNEL=m
# CONFIG_IPV6_TUNNEL is not set
hightech drew #
|
Just had a thought... is that what is wrong?
I'm going to see if I can find that other option in the kernel.
If anyone has any ideas, please post!
_________________
<bocz> i think ill be stuck to getting 2 sticks of 128
<bocz> thats 310 mb for a server
<Guilty> Kudos on finding the elusive 54MB DIMM
gentoo boot time: 25 seconds, Windows boot time: 1:30. Why, Bill, why?
Last edited by kingcoras on Sun Jul 07, 2013 2:40 am; edited 1 time in total |
|
| Back to top |
|
 |
kingcoras
n00b
Joined: 26 Jun 2007
Posts: 47
|
| Posted: Wed Jul 03, 2013 10:14 pm Post subject: |
|
|
Okay, made some changes in the kernel, no dice... see current config slices below.
| Code: |
hightech linux # cat .config |grep IP
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_BZIP2 is not set
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_IPC_NS=y
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_NEED_MULTIPLE_NODES=y
# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set
CONFIG_SYSVIPC_COMPAT=y
CONFIG_XFRM_IPCOMP=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE_STATS is not set
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
# CONFIG_IP_PNP_BOOTP is not set
# CONFIG_IP_PNP_RARP is not set
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE_DEMUX=y
CONFIG_NET_IPGRE=m
# CONFIG_NET_IPGRE_BROADCAST is not set
CONFIG_IP_MROUTE=y
# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_NET_IPVTI=y
CONFIG_INET_IPCOMP=y
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
# CONFIG_INET6_IPCOMP is not set
# CONFIG_IPV6_MIP6 is not set
CONFIG_IPV6_SIT=m
# CONFIG_IPV6_SIT_6RD is not set
CONFIG_IPV6_NDISC_NODETYPE=y
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_GRE=m
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IPV6_MROUTE is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_TIPC is not set
# CONFIG_IPX is not set
# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
# CONFIG_BLK_DEV_XIP is not set
# CONFIG_IP1000 is not set
# CONFIG_HIPPI is not set
# CONFIG_SLIP is not set
# CONFIG_USB_IPHETH is not set
# CONFIG_IPW2100 is not set
# CONFIG_IPW2200 is not set
CONFIG_MOUSE_PS2_LOGIPS2PP=y
# CONFIG_SERIO_PCIPS2 is not set
# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
# CONFIG_IPMI_HANDLER is not set
# CONFIG_HWMON_DEBUG_CHIP is not set
# CONFIG_PCIPCWATCHDOG is not set
# CONFIG_MFD_VIPERBOARD is not set
# CONFIG_SND_CMIPCI is not set
# CONFIG_SND_RIPTIDE is not set
# CONFIG_USB_CHIPIDEA is not set
# CONFIG_IPACK_BUS is not set
# CONFIG_EXT2_FS_XIP is not set
# CONFIG_STRIP_ASM_SYMS is not set
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
CONFIG_DECOMPRESS_GZIP=y
CONFIG_DECOMPRESS_BZIP2=y
hightech linux # cat .config |grep TUNNEL
CONFIG_INET_XFRM_TUNNEL=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
# CONFIG_INET6_XFRM_TUNNEL is not set
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_IPV6_TUNNEL=m
hightech linux # cat .config |grep INET
CONFIG_INET=y
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_XFRM_TUNNEL=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
CONFIG_INET_LRO=y
# CONFIG_INET_DIAG is not set
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
# CONFIG_INET6_IPCOMP is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
hightech linux #
|
Also worth noting my porthole output for the openvpn package...
| Code: |
net-misc/openvpn
Robust and highly flexible tunneling application compatible with many OSes
Long Description: OpenVPN is an easy-to-use, robust and highly configurable VPN daemon which can be used to securely link two or more networks using an encrypted tunnel.
http://openvpn.net/
Installed versions:
2.3.1
Available versions for amd64:
2.2.2, 2.3.0, 2.3.1, ~(2.3.2)
Properties for version: 2.3.1
IUSE: examples, down-root, iproute2, pam, passwordsave, pkcs11, +plugins, polarssl, +ssl, +lzo, static
Use flags settings: +examples, -down-root, +iproute2, +pam, +passwordsave, -pkcs11, +plugins, -polarssl, +ssl, +lzo, -static
Final environment Use flags: +examples, +iproute2, +lzo, +pam, +passwordsave, +plugins, +ssl, -down-root, -pkcs11, -polarssl, -static
Keywords: alpha, amd64, arm, hppa, ia64, ~mips, ppc, ppc64, s390, sh, sparc, x86, ~sparc-fbsd, ~x86-fbsd, ~x86-freebsd, ~amd64-linux, ~arm-linux, ~x86-linux
License: GPL-2
User Configs:
USE: net-misc/openvpn examples iproute2 passwordsave plugins ssl lzo ==> /etc/portage/package.use
KEYWORDS: None
MASK: None
UNMASK: None
SETS: None
PROVIDED: None
|
Still not sure, and even more baffled now.
_________________
<bocz> i think ill be stuck to getting 2 sticks of 128
<bocz> thats 310 mb for a server
<Guilty> Kudos on finding the elusive 54MB DIMM
gentoo boot time: 25 seconds, Windows boot time: 1:30. Why, Bill, why? |
|
| Back to top |
|
|
kingcoras
n00b
Joined: 26 Jun 2007
Posts: 47
|
| Posted: Sun Jul 07, 2013 2:39 am Post subject: |
|
|
Okay, got my resolution, but it took some doing.
Someone showed me how to look at the system log file in gentoo, so we were watching it live while I tried to connect.
| Code: |
hightech drew # logger ==============================================
hightech drew # tail -f /var/log/messages
....
Jul 7 02:02:24 localhost root: ==============================================
Jul 7 02:02:50 localhost NetworkManager[3131]: <info> Starting VPN service 'openvpn'...
Jul 7 02:02:50 localhost NetworkManager[3131]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 4007
Jul 7 02:02:50 localhost NetworkManager[3131]: <info> VPN service 'openvpn' appeared; activating connections
Jul 7 02:02:50 localhost NetworkManager[3131]: <info> VPN plugin state changed: init (1)
Jul 7 02:02:50 localhost NetworkManager[3131]: <info> VPN plugin state changed: starting (3)
Jul 7 02:02:50 localhost NetworkManager[3131]: <info> VPN connection 'maskedname-tcp' (Connect) reply received.
Jul 7 02:02:50 localhost nm-openvpn[4010]: OpenVPN 2.3.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jun 29 2013
Jul 7 02:02:50 localhost nm-openvpn[4010]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 7 02:02:50 localhost nm-openvpn[4010]: Control Channel Authentication: using '/home/drew/Desktop/maskedname-Roadwarrior-NM/hmac.dat' as a OpenVPN static key file
Jul 7 02:02:50 localhost nm-openvpn[4010]: Attempting to establish TCP connection with [AF_INET]0.17.75.0:443 [nonblock]
Jul 7 02:02:51 localhost nm-openvpn[4010]: TCP connection established with [AF_INET]0.17.75.0:443
Jul 7 02:02:51 localhost nm-openvpn[4010]: TCPv4_CLIENT link local: [undef]
Jul 7 02:02:51 localhost nm-openvpn[4010]: TCPv4_CLIENT link remote: [AF_INET]0.17.75.0:443
Jul 7 02:03:03 localhost nm-openvpn[4010]: [vpngate.maskedname.net] Peer Connection Initiated with [AF_INET]0.17.75.0:443
Jul 7 02:03:06 localhost nm-openvpn[4010]: ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Jul 7 02:03:06 localhost nm-openvpn[4010]: Exiting due to fatal error
Jul 7 02:03:06 localhost NetworkManager[3131]: <warn> VPN plugin failed: 1
Jul 7 02:03:06 localhost NetworkManager[3131]: <info> VPN plugin state changed: stopped (6)
Jul 7 02:03:06 localhost NetworkManager[3131]: <info> VPN plugin state change reason: 0
Jul 7 02:03:06 localhost NetworkManager[3131]: <info> Policy set 'maskedname' (wlp1s0) as default for IPv4 routing and DNS.
Jul 7 02:03:06 localhost NetworkManager[3131]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Jul 7 02:03:11 localhost NetworkManager[3131]: <info> VPN service 'openvpn' disappeared
|
The important line...
| Code: |
Jul 7 02:03:06 localhost nm-openvpn[4010]: ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
|
Well, if it is a device, then that usually the kernel is missing something.
| Code: |
hightech / # cat /usr/src/linux/.config | grep -i tun
CONFIG_INET_XFRM_TUNNEL=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
# CONFIG_INET6_XFRM_TUNNEL is not set
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_IPV6_TUNNEL=m
# CONFIG_TUN is not set
CONFIG_8139TOO_TUNE_TWISTER=y
|
yeah... whoops.
ran make menuconfig, but I had no idea where TUN was. hit "/" to do a search and typed TUN.
| Code: |
│ Symbol: TUN [=n] │
│ Type : tristate │
│ Prompt: Universal TUN/TAP device driver support │
│ Defined at drivers/net/Kconfig:206 │
│ Depends on: NETDEVICES [=y] && NET_CORE [=y] │
│ Location: │
│ -> Device Drivers │
│ -> Network device support (NETDEVICES [=y]) │
│ (1) -> Network core driver support (NET_CORE [=y]) │
│ Selects: CRC32 [=y]
|
Really...
| Code: |
Device Drivers --->
[*] Network device support --->
< > Universal TUN/TAP device driver support
|
Yup, I did that.
Activated it, recompiled, copied kernel over to /boot and rebooted.
| Code: |
hightech drew # logger =====================================================
hightech drew # tail -f /var/log/messages
...
Jul 7 02:28:19 localhost root: =====================================================
Jul 7 02:28:32 localhost NetworkManager[3135]: <info> Starting VPN service 'openvpn'...
Jul 7 02:28:32 localhost NetworkManager[3135]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3694
Jul 7 02:28:32 localhost NetworkManager[3135]: <info> VPN service 'openvpn' appeared; activating connections
Jul 7 02:28:32 localhost NetworkManager[3135]: <info> VPN plugin state changed: init (1)
Jul 7 02:28:33 localhost NetworkManager[3135]: <info> VPN plugin state changed: starting (3)
Jul 7 02:28:33 localhost NetworkManager[3135]: <info> VPN connection 'maskedname-tcp' (Connect) reply received.
Jul 7 02:28:33 localhost nm-openvpn[3699]: OpenVPN 2.3.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jun 29 2013
Jul 7 02:28:33 localhost nm-openvpn[3699]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 7 02:28:33 localhost nm-openvpn[3699]: Control Channel Authentication: using '/home/drew/Desktop/maskedname-Roadwarrior-NM/hmac.dat' as a OpenVPN static key file
Jul 7 02:28:33 localhost nm-openvpn[3699]: Attempting to establish TCP connection with [AF_INET]0.0.84.152:443 [nonblock]
Jul 7 02:28:34 localhost nm-openvpn[3699]: TCP connection established with [AF_INET]0.0.84.152:443
Jul 7 02:28:34 localhost nm-openvpn[3699]: TCPv4_CLIENT link local: [undef]
Jul 7 02:28:34 localhost nm-openvpn[3699]: TCPv4_CLIENT link remote: [AF_INET]0.0.84.152:443
Jul 7 02:28:45 localhost nm-openvpn[3699]: [vpngate.maskedname.net] Peer Connection Initiated with [AF_INET]0.0.84.152:443
Jul 7 02:28:48 localhost nm-openvpn[3699]: TUN/TAP device tun0 opened
Jul 7 02:28:48 localhost nm-openvpn[3699]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1560 1.0.152.10 1.0.152.9 init
Jul 7 02:28:48 localhost NetworkManager[3135]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> VPN connection 'maskedname-tcp' (IP4 Config Get) reply received from old-style plugin.
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> VPN Gateway: 0.0.84.152
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Tunnel Device: tun0
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> IPv4 configuration:
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Internal Gateway: 1.0.152.9
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Internal Address: 1.0.152.10
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Internal Prefix: 32
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Internal Point-to-Point Address: 1.0.152.9
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Maximum Segment Size (MSS): 0
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Static Route: 1.0.152.1/32 Next Hop: 1.0.152.1
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Forbid Default Route: no
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Internal DNS: 2.0.0.1
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> Internal DNS: 2.0.0.2
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> DNS Domain: 'maskedname.net'
Jul 7 02:28:48 localhost NetworkManager[3135]: <info> No IPv6 configuration
Jul 7 02:28:48 localhost nm-openvpn[3699]: Initialization Sequence Completed
Jul 7 02:28:49 localhost NetworkManager[3135]: <info> VPN connection 'maskedname-tcp' (IP Config Get) complete.
Jul 7 02:28:49 localhost NetworkManager[3135]: <info> Policy set 'maskedname-tcp' (tun0) as default for IPv4 routing and DNS.
Jul 7 02:28:49 localhost NetworkManager[3135]: <info> Clearing nscd hosts cache.
Jul 7 02:28:49 localhost NetworkManager[3135]: <info> VPN plugin state changed: started (4)
Jul 7 02:28:49 localhost dbus[3122]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jul 7 02:28:49 localhost dbus[3122]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
|
Success.
So anything to do with TUN/TAP, probably has to do with that driver.
I hope this helps whoever is reading it!
(Names cloaked to protect identities)
_________________
<bocz> i think ill be stuck to getting 2 sticks of 128
<bocz> thats 310 mb for a server
<Guilty> Kudos on finding the elusive 54MB DIMM
gentoo boot time: 25 seconds, Windows boot time: 1:30. Why, Bill, why? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
