openvpn broken after upgrade to SUSE 11.1

Frau_Stiefel · July 7, 2010, 12:19am

Dear Forum,

after I upgraded my SUSE 11.0 to 11.1 many problemes solved themselves.
But now there is a new one.

I use openvpn, which always used to work without problems. After upgrading to SUSE 11.1 there is the error message:

“/etc/openvpn/client-suse.sh: line 7: modify_resolvconf: command not found
Wed Jul 7 00:11:38 2010 script failed: could not execute shell command”

The shell script is as follows:

#!/bin/sh
UPORDOWN=$1
DEV=$2

case $UPORDOWN in
  up)
    modify_resolvconf modify -s openvpn -p openvpn -t OpenVPN \
    -n `echo $foreign_option_1 | awk '{print $3}'` \
    -d `echo $foreign_option_3 | awk '{print $3}'`
    ;;
  down)
    modify_resolvconf restore -s openvpn
    ;;
  *)
    echo das war wohl nichts 
    ;;
esac

(“Das war wohl nichts” ~ “This did not work”)

I hope somebody can help me, is there any other information needed?

Greetings,
Stiefel

ken_yap · July 7, 2010, 12:55am

Check which package this file comes from:

rpm -qf /etc/openvpn/client-suse.sh

Perhaps it belongs to an obsolete package.

Frau_Stiefel · July 7, 2010, 9:52am

Thanks for your reply!
It says, it does not belong to any package.

I tried to update my openvpn-Version, which did not work.

The whole procedure that is done is:

[home]@linux-bda1:~> sudo /etc/openvpn/start_openvpn
Wed Jul  7 09:46:01 2010 OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO] [EPOLL] built on Dec  3 2008
Enter Auth Username:[username]
Enter Auth Password:
Wed Jul  7 09:46:08 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul  7 09:46:08 2010 WARNING: file 'client.p12' is group or others accessible
Wed Jul  7 09:46:08 2010 LZO compression initialized
Wed Jul  7 09:46:08 2010 Control Channel MTU parms  L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul  7 09:46:08 2010 Data Channel MTU parms  L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul  7 09:46:08 2010 Local Options hash (VER=V4): '41690919'
Wed Jul  7 09:46:08 2010 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul  7 09:46:08 2010 UDPv4 link local: [undef]
Wed Jul  7 09:46:08 2010 UDPv4 link remote: 193.175.73.100:1194
Wed Jul  7 09:46:08 2010 TLS: Initial packet from 193.175.73.100:1194, sid=ddac6013 11c9352c
Wed Jul  7 09:46:08 2010 VERIFY OK: depth=1, /C=DE/ST=BERLIN/L=BERLIN/O=OpenVPN-Charite/CN=OpenVPN-Charite-CA/emailAddress=einwahl-admin@charite.de
Wed Jul  7 09:46:08 2010 VERIFY OK: nsCertType=SERVER
Wed Jul  7 09:46:08 2010 VERIFY OK: depth=0, /C=DE/ST=BERLIN/O=OpenVPN-Charite/CN=server/emailAddress=einwahl-admin@charite.de
Wed Jul  7 09:46:08 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul  7 09:46:08 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  7 09:46:08 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul  7 09:46:08 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  7 09:46:08 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul  7 09:46:08 2010 [server] Peer Connection Initiated with 193.175.73.100:1194
Wed Jul  7 09:46:10 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jul  7 09:46:10 2010 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 141.42.3.33,dhcp-option DNS 141.42.2.22,dhcp-option DOMAIN charite.de,route 172.28.0.1,topology net30,ping 10,ping-restart 120,redirect-gateway def1,ifconfig 172.28.55.189 172.28.55.190'
Wed Jul  7 09:46:10 2010 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: topology (2.0.9)
Wed Jul  7 09:46:10 2010 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul  7 09:46:10 2010 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul  7 09:46:10 2010 OPTIONS IMPORT: route options modified
Wed Jul  7 09:46:10 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jul  7 09:46:10 2010 TUN/TAP device tun0 opened
Wed Jul  7 09:46:10 2010 /bin/ip link set dev tun0 up mtu 1500
Wed Jul  7 09:46:10 2010 /bin/ip addr add dev tun0 local 172.28.55.189 peer 172.28.55.190
Wed Jul  7 09:46:10 2010 /etc/openvpn/client-suse.sh up tun0 1500 1542 172.28.55.189 172.28.55.190 init
/etc/openvpn/client-suse.sh: line 7: modify_resolvconf: command not found
Wed Jul  7 09:46:10 2010 script failed: could not execute shell command
Wed Jul  7 09:46:10 2010 Exiting

The scripts used are:

start_openvpn.sh

#!/bin/sh
cd `dirname $0`
/usr/sbin/openvpn --config client.conf

client-suse.sh (see above)

change_resolv_conf.sh

#!/bin/sh
case "$1" in
   up) export action="up" ;;
   down) export action="down" ;;
   *) echo "No action specified." && exit 1 ;;
esac
    
if  "$action" = "up" ]; then
   mv /etc/resolv.conf /etc/resolv.conf.bak
   echo $foreign_option_1 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' > /etc/resolv.conf
   echo $foreign_option_2 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /etc/resolv.conf
   echo $foreign_option_3 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /etc/resolv.conf
fi

if  "$action" = "down" ]; then
   mv /etc/resolv.conf.bak /etc/resolv.conf
fi

client.conf

client
dev tun
proto udp
remote vpn-gw.charite.de 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 client.p12
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
reneg-sec 0

up "/etc/openvpn/client-suse.sh up"
down "/etc/openvpn/client-suse.sh down"

and client.p12, which is supposed to deal with username and password.

I did not change anything after the upgrading, therefore this is the only possible reason for the failure.

I hope somebody has an idea!
Stiefel

ken_yap · July 7, 2010, 3:44pm

I think you have to adapt your client.conf to the new package contents. I don’t know what the equivalent of client-suse.sh would be now, but that’s what you have to find out and modify.

Frau_Stiefel · July 7, 2010, 8:34pm

Fixed it!
The client.conf had three possibilities, the ones not used were marked with #
For SUSE

up "/etc/openvpn/client-suse.sh up"
down "/etc/openvpn/client-suse.sh down"

should be activated, for Ubuntu something else, and for all the other systems

up "/etc/openvpn/change_resolv_conf.sh up"
down "/etc/openvpn/change_resolv_conf.sh down"

This last possibility is the one working with SUSE 11.1

Thank you for the hint, ken_yap, it made me try a bit.