openVPN setup issues

Parthenolide · March 10, 2018, 11:38pm

Newbie with openVPN. Following the instructions presented on https://en.opensuse.org/SDB:OpenVPN_Installation_and_Setup
Completed all the easyrsa tasks.

Issues:
After creating a UPD port 1194, the file /etc/sysctl.conf, the line
net.ipv4.ip_forward = 1
was not in the file, so I manually added it.

# wicked ifup tun
wicked: /org/opensuse/Network/Interface.getManagedObjects failed. Server responds:
wicked: org.freedesktop.DBus.Error.ServiceUnknown: The name org.opensuse.Network was not provided by any .service files
wicked: Couldn’t refresh list of active network interfaces

# systemctl start openvpn@server
Job for openvpn@server.service failed because the control process exited with error code. See “systemctl status openvpn@server.service” and “journalctl -xe” f
or details.

# systemctl status openvpn@server
● openvpn@server.service - OpenVPN tunneling daemon instance using /etc/openvpn/server.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2018-03-10 14:05:04 PST; 26min ago
Process: 3716 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited
, status=1/FAILURE)

Mar 10 14:05:04 linux-6sro systemd[1]: Starting OpenVPN tunneling daemon instance using /etc/openvpn/server.conf…
Mar 10 14:05:04 linux-6sro systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Mar 10 14:05:04 linux-6sro systemd[1]: Failed to start OpenVPN tunneling daemon instance using /etc/openvpn/server.conf.
Mar 10 14:05:04 linux-6sro systemd[1]: openvpn@server.service: Unit entered failed state.
Mar 10 14:05:04 linux-6sro systemd[1]: openvpn@server.service: Failed with result ‘exit-code’.

/var/log/openvpn/openvpn-status.log – does not exist
/var/log/openvpn/openvpn.log – does not exist

Parthenolide · March 10, 2018, 11:39pm

# cat /etc/openvpn/server.conf
#change with your port
port 1194

#You can use udp or tcp
proto udp

“dev tun” will create a routed IP tunnel.

dev tun
topology subnet

#Certificate Configuration

#ca certificate
ca /etc/easy-rsa/pki/ca.crt
#Server Certificate
cert /etc/easy-rsa/pki/issued/server.crt

#Server Key and keep this is secret
askpass /etc/easy-rsa/pki/private/server.pass
key /etc/easy-rsa/pki/private/server.key

#See the size a dh key in /etc/openvpn/keys/
dh /etc/easy-rsa/pki/dh.pem

#Internal IP will get when already connect
server 10.8.0.0 255.255.255.0

#this line will redirect all traffic through our OpenVPN
push “redirect-gateway def1”
push “route 192.168.0.0 255.255.255.0”

#Provide DNS servers to the client, you can use goolge DNS
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”

#Enable multiple client to connect with same key
duplicate-cn

keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon

#openvpn status log
status /var/log/openvpn/openvpn-status.log

#enable log
log-append /var/log/openvpn/openvpn.log

#Log Level
verb 3

deano_ferrari · March 11, 2018, 12:53am

I can only make a general comment here. I note that it is tun0 that needs to be brought up

sudo wicked ifup tun0

before openvpn@server is started.

deano_ferrari · March 11, 2018, 1:12am

The openSUSE documentation may be helpful here: Configuring a VPN Server

In particular

Set up a tun device configuration by creating a file called /etc/sysconfig/network/ifcfg-tun0 with the following content:

STARTMODE='manual'
BOOTPROTO='static'
TUNNEL='tun'
TUNNEL_SET_OWNER='nobody'
TUNNEL_SET_GROUP='nobody'
LINK_REQUIRED=no
PRE_UP_SCRIPT='systemd:openvpn@server'
PRE_DOWN_SCRIPT='systemd:openvpn@service'

The notation openvpn@server points to the OpenVPN server configuration file located at /etc/openvpn/server.conf. For more information, see /usr/share/doc/packages/openvpn/README.SUSE.

Then you should be able to bring up the openVPN service with

sudo wicked ifup tun0

Parthenolide · March 11, 2018, 7:14pm

I created the file as suggested. Rebooted the computer. This is what I get.

# cat /etc/sysconfig/network/ifcfg-tun0
STARTMODE=‘manual’
BOOTPROTO=‘static’
TUNNEL=‘tun’
TUNNEL_SET_OWNER=‘nobody’
TUNNEL_SET_GROUP=‘nobody’
LINK_REQUIRED=no
PRE_UP_SCRIPT=‘systemd:openvpn@server’
PRE_DOWN_SCRIPT='systemd:openvpn@service

# wicked ifup tun0
wicked: /org/opensuse/Network/Interface.getManagedObjects failed. Server responds:
wicked: org.freedesktop.DBus.Error.ServiceUnknown: The name org.opensuse.Network was not provided by any .service files
wicked: Couldn’t refresh list of active network interfaces

deano_ferrari · March 11, 2018, 11:47pm

I’m in uncharted territory with this. From a quick read of this OpenVPN wiki page it suggests running opevpn like this to troubleshoot…

openvpn /etc/openvpn/server.conf

Specifically, this section
https://community.openvpn.net/openvpn/wiki/HOWTO#StartinguptheVPNandtestingforinitialconnectivity

That should help with at least checking the server configuration is working. It might be that a bug report is needed for the wicked interoperability.