Hello,
How do you set up a VPN network for OpenSUSE Leap 42.1 KDE?
As for where I’m at:
https://en.opensuse.org/SDB:OpenVPN_Installation_and_Setup
I’m at the Easy-RSA setup part.
It’s download and extracted but for some reason it’s not letting me copy the content into openvpn directory:
cp -r easy-rsa-release-2.x/easy-rsa /etc/openvpn/
And I don’t know where it got saved and I don’t know where to save it too.
??
nvm I figured it out.
ADMIN*** can you please delete this thread please
We do not normaly delete threads. Others may learn from it. To help those others, please explain how you figured it out.
Anyways I found the direct path to the folder and happen to change the directory with privileges.
Now I have to figure out how to allow port forwarding through my firewall on port 1149 to establish a VPN connection on my system.
Can someone guide me?
I did everything detailed at
https://en.opensuse.org/SDB:OpenVPN_Installation_and_Setup
Now how to I run my system through the VPN or how can I test it to see if it works.
I set the rules for my firewall how it said.
**#** systemctl start openvpn.service
Failed to start openvpn.service: Unit openvpn.service failed to load: No such file or directory.
What could be the problem?
ca.crt, client1.crt, and client2.key arent in my
/etc/openvpn/easy-rsa/2.0/keys
diectory.
Could that be the problem?
There is no openvpn.service, just as the message tells you.
There is only an openvpn@.service template, which you need to call with the corresponding config file.
So, if your configuration file is /etc/openvpn/myconfig.conf e.g., you need to run:
systemctl start openvpn@myconfig
Or run this to automatically start it at boot:
systemctl enable openvpn@myconfig
Ok that didn’t work for some reason.
I have a config but I’m not sure if its correct.
There could be 2 problems.
And what happened?
What does “systemctl status openvpn@myconfig” say?
I’m not sure I can help you more, I never used openvpn at all.
PS: If you are unsure that your config file is correct, it probably would be a good idea to post it.
**linux-069u:~ #** systemctl status openvpn@myconfig
openvpn@myconfig.service - OpenVPN tunneling daemon instance using /etc/openvpn/myconfig.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: **failed** (Result: exit-code) since Wed 2016-02-17 08:13:10 EST; 7min ago
Process: 5142 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /e
tc/openvpn/ --config %i.conf **(code=exited, status=1/FAILURE)**
Feb 17 08:13:10 linux-069u openvpn[5142]: **Options error: In [CMD-LINE]:1: Error opening configuration file: m....conf**
Feb 17 08:13:10 linux-069u openvpn[5142]: **Use --help for more information.**
Hint: Some lines were ellipsized, use -l to show in full.
**linux-069u:~ #** systemctl status openvpn@client.conf
openvpn@client.conf.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: inactive (dead)
**linux-069u:~ #** systemctl status openvpn@client
openvpn@client.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: **failed** (Result: exit-code) since Wed 2016-02-17 08:13:23 EST; 9min ago
Process: 5151 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /e
tc/openvpn/ --config %i.conf **(code=exited, status=1/FAILURE)**
Feb 17 08:13:23 linux-069u openvpn[5151]: **Options error: You must define TUN/TAP device (--dev)**
Feb 17 08:13:23 linux-069u openvpn[5151]: **Use --help for more information.**
My config:
#remote 192.168.1.2 1194
#ca "/etc/openvpn/easy-rsa/2.0/keys/ca.crt"
#cert "/etc/openvpn/easy-rsa/2.0/keys/client1.crt"
#key "etc/openvpn/easy-rsa/2.0/keys/client1.key"
#comp-lzo yes
#dev tun
#proto udp
#nobind
#auth-nocache
#script-security 2
#persist-key
#persist-tun
#user nobody
#group nobody
#remote-cert-tls server
That config is practically empty, because all lines are commented out.
You need to remove the ‘#’ at the beginning of a line for that line to have any effect.
The last command you typed (systemctl status openvpn@client) does complain about that:
Feb 17 08:13:23 linux-069u openvpn[5151]: **Options error: You must define TUN/TAP device (--dev)**
Feb 17 08:13:23 linux-069u openvpn[5151]: **Use --help for more information.**
I.e. it failed because you didn’t specify the dev option (“dev tun”).
**linux-069u:~ #** systemctl status openvpn@client
openvpn@client.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: **failed** (Result: exit-code) since Wed 2016-02-17 08:13:23 EST; 2h 25min ago
Process: 5151 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf **(code=exited, status=1/FAILURE)**
Feb 17 08:13:23 linux-069u openvpn[5151]: **Options error: You must define TUN/TAP device (--dev)**
Feb 17 08:13:23 linux-069u openvpn[5151]: **Use --help for more information.**
Ok well my config is updated.
What’s is a dev option (“dev tun”).
That’s not mentioned in the openVPN setup page.
Have a look at your config file and a bell should ring.
What do I set the dev option (“dev tun”) at?
You need to set the dev option. You need to set that to tun so your config should contain the line:
dev tun
Alright I fixed my config:
Client
remote "MY IP 1194"
ca "/etc/openvpn/easy-rsa/2.0/keys/ca.crt"
cert "/etc/openvpn/easy-rsa/2.0/keys/client1.crt"
key "etc/openvpn/easy-rsa/2.0/keys/client1.key"
comp-lzo "yes"
dev "tun"
proto "udp"
nobind
auth-nocache
script-security "2"
persist-key
persist-tun
user "nobody"
group "nobody"
remote-cert-tls "server"
**linux-069u:~ #** systemctl status openvpn@client
openvpn@client.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: inactive (dead)
Why is it inactive (dead)?
**linux-069u:~ #** systemctl status openvpn@client
openvpn@client.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: **failed** (Result: exit-code) since Wed 2016-02-17 19:56:36 EST; 1min 13s ago
Process: 5616 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf **(code=exited, status=1/FAILURE)**
Feb 17 19:56:36 linux-069u openvpn[5616]: **Options error: Unrecognized option or missing parameter(s) in client.conf:1: Client (2.3.8)**
Feb 17 19:56:36 linux-069u openvpn[5616]: **Use --help for more information.**
What’s wrong with my config?
Port 1194 is enabled on my router.
And my config seems right.
I have the 3 certificates & Keys for the client in its folder.
>:(
**linux-069u:~ #** systemctl status openvpn@client -l
openvpn@client.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: **failed** (Result: exit-code) since Thu 2016-02-18 01:15:12 EST; 22min ago
Process: 2788 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /e
tc/openvpn/ --config %i.conf **(code=exited, status=1/FAILURE)**
Feb 18 01:15:12 linux-069u openvpn[2788]: **Options error: Unrecognized option or missing parameter(s) in client.conf:1**
: Client (2.3.8)
Feb 18 01:15:12 linux-069u openvpn[2788]: **Use --help for more information.**
Clientremote 108.162.219.20 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
comp-lzo yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nobody
remote-cert-tls server
My firewall configuration seems right
/etc/sysctl.conf is meant for local sysctl settings
sysctl reads settings from the following locations:
/boot/sysctl.conf-<kernelversion>
/lib/sysctl.d/*.conf
/usr/lib/sysctl.d/*.conf
/usr/local/lib/sysctl.d/*.conf
/etc/sysctl.d/*.conf
/run/sysctl.d/*.conf
/etc/sysctl.conf
net.ipv4.ip_forward =1
To disable or override a distribution provided file just place a
file with the same name in /etc/sysctl.d/
See sysctl.conf(5), sysctl.d(5) and sysctl(8) for more information
Can someone help a brother out?
No, it isn’t, there’s an error in line#1:
Feb 18 01:15:12 linux-069u openvpn[2788]: **Options error: Unrecognized option or missing parameter(s) in client.conf:1**
: Client (2.3.8)
Feb 18 01:15:12 linux-069u openvpn[2788]: **Use --help for more information.**
This is your line#1:
Clientremote 108.162.219.20 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
...
It should be:
client
remote 108.162.219.20 1194
If the missing line feed is just a copy/paste error, then the problem is the upper case ‘C’ in “client”, it has to be lower case (‘c’).
It was a copy/paste error.
**linux-069u:~ #** systemctl status openvpn@client -l
openvpn@client.service - OpenVPN tunneling daemon instance using /etc/openvpn/client.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: inactive (dead)
Then change “Client” to “client”.