Results 1 to 6 of 6

Thread: openVPN setup issues

  1. #1
    Join Date
    Jun 2008
    Location
    Pacific Northwest
    Posts
    374

    Default openVPN setup issues

    Newbie with openVPN. Following the instructions presented on https://en.opensuse.org/SDB:OpenVPN_...tion_and_Setup
    Completed all the easyrsa tasks.

    Issues:
    After creating a UPD port 1194, the file /etc/sysctl.conf, the line
    net.ipv4.ip_forward = 1
    was not in the file, so I manually added it.

    #wicked ifup tun
    wicked: /org/opensuse/Network/Interface.getManagedObjects failed. Server responds:
    wicked: org.freedesktop.DBus.Error.ServiceUnknown: The name org.opensuse.Network was not provided by any .service files
    wicked: Couldn't refresh list of active network interfaces

    # systemctl start openvpn@server
    Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" f
    or details.

    # systemctl status openvpn@server
    openvpn@server.service - OpenVPN tunneling daemon instance using /etc/openvpn/server.conf
    Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Sat 2018-03-10 14:05:04 PST; 26min ago
    Process: 3716 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited
    , status=1/FAILURE)

    Mar 10 14:05:04 linux-6sro systemd[1]: Starting OpenVPN tunneling daemon instance using /etc/openvpn/server.conf...
    Mar 10 14:05:04 linux-6sro systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
    Mar 10 14:05:04 linux-6sro systemd[1]: Failed to start OpenVPN tunneling daemon instance using /etc/openvpn/server.conf.
    Mar 10 14:05:04 linux-6sro systemd[1]: openvpn@server.service: Unit entered failed state.
    Mar 10 14:05:04 linux-6sro systemd[1]: openvpn@server.service: Failed with result 'exit-code'.



    /var/log/openvpn/openvpn-status.log -- does not exist
    /var/log/openvpn/openvpn.log -- does not exist
    The greatest obstacle to discovery is not ignorance, it is the illusion of knowledge.
    Daniel J. Boorstin US Patent Office

  2. #2
    Join Date
    Jun 2008
    Location
    Pacific Northwest
    Posts
    374

    Default Re: openVPN setup issues


    # cat /etc/openvpn/server.conf
    #change with your port
    port 1194

    #You can use udp or tcp
    proto udp

    # "dev tun" will create a routed IP tunnel.
    dev tun
    topology subnet

    #Certificate Configuration

    #ca certificate
    ca /etc/easy-rsa/pki/ca.crt
    #Server Certificate
    cert /etc/easy-rsa/pki/issued/server.crt

    #Server Key and keep this is secret
    askpass /etc/easy-rsa/pki/private/server.pass
    key /etc/easy-rsa/pki/private/server.key

    #See the size a dh key in /etc/openvpn/keys/
    dh /etc/easy-rsa/pki/dh.pem

    #Internal IP will get when already connect
    server 10.8.0.0 255.255.255.0

    #this line will redirect all traffic through our OpenVPN
    push "redirect-gateway def1"
    push "route 192.168.0.0 255.255.255.0"

    #Provide DNS servers to the client, you can use goolge DNS
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"

    #Enable multiple client to connect with same key
    duplicate-cn

    keepalive 20 60
    comp-lzo
    persist-key
    persist-tun
    daemon

    #openvpn status log
    status /var/log/openvpn/openvpn-status.log

    #enable log
    log-append /var/log/openvpn/openvpn.log

    #Log Level
    verb 3
    The greatest obstacle to discovery is not ignorance, it is the illusion of knowledge.
    Daniel J. Boorstin US Patent Office

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,703
    Blog Entries
    1

    Default Re: openVPN setup issues

    I can only make a general comment here. I note that it is tun0 that needs to be brought up
    Code:
    sudo wicked ifup tun0
    before openvpn@server is started.

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,703
    Blog Entries
    1

    Default Re: openVPN setup issues

    The openSUSE documentation may be helpful here: Configuring a VPN Server

    In particular
    Set up a tun device configuration by creating a file called /etc/sysconfig/network/ifcfg-tun0 with the following content:

    Code:
    STARTMODE='manual'
    BOOTPROTO='static'
    TUNNEL='tun'
    TUNNEL_SET_OWNER='nobody'
    TUNNEL_SET_GROUP='nobody'
    LINK_REQUIRED=no
    PRE_UP_SCRIPT='systemd:openvpn@server'
    PRE_DOWN_SCRIPT='systemd:openvpn@service'
    The notation openvpn@server points to the OpenVPN server configuration file located at /etc/openvpn/server.conf. For more information, see /usr/share/doc/packages/openvpn/README.SUSE.
    Then you should be able to bring up the openVPN service with
    Code:
    sudo wicked ifup tun0
    Last edited by deano_ferrari; 10-Mar-2018 at 17:15.

  5. #5
    Join Date
    Jun 2008
    Location
    Pacific Northwest
    Posts
    374

    Default Re: openVPN setup issues

    I created the file as suggested. Rebooted the computer. This is what I get.

    # cat /etc/sysconfig/network/ifcfg-tun0
    STARTMODE='manual'
    BOOTPROTO='static'
    TUNNEL='tun'
    TUNNEL_SET_OWNER='nobody'
    TUNNEL_SET_GROUP='nobody'
    LINK_REQUIRED=no
    PRE_UP_SCRIPT='systemdpenvpn@server'
    PRE_DOWN_SCRIPT='systemdpenvpn@service

    # wicked ifup tun0
    wicked: /org/opensuse/Network/Interface.getManagedObjects failed. Server responds:
    wicked: org.freedesktop.DBus.Error.ServiceUnknown: The name org.opensuse.Network was not provided by any .service files
    wicked: Couldn't refresh list of active network interfaces



    The greatest obstacle to discovery is not ignorance, it is the illusion of knowledge.
    Daniel J. Boorstin US Patent Office

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,703
    Blog Entries
    1

    Default Re: openVPN setup issues

    I'm in uncharted territory with this. From a quick read of this OpenVPN wiki page it suggests running opevpn like this to troubleshoot...
    Code:
    openvpn /etc/openvpn/server.conf
    Specifically, this section
    https://community.openvpn.net/openvp...alconnectivity

    That should help with at least checking the server configuration is working. It might be that a bug report is needed for the wicked interoperability.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •