[Solved] Problems connecting two Raspberry Pi's

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Locked
DarrenHill
OpenVpn Newbie
Posts: 3
Joined: Thu Aug 06, 2015 7:15 pm

[Solved] Problems connecting two Raspberry Pi's

Post by DarrenHill » Tue Jan 19, 2016 6:53 pm

Hi,

Not sure if this is the correct place for this question, but if not then feel free to relocate it if needed.

I have a Raspberry Pi 1 server set up at home (using this tutorial under Raspbian Wheezy, which is acting as my OpenVPN server amongst many other tasks. So far it's worked beautifully, and I can connect to it from my Android tablet using the OpenVPN client app and from my Windows 7 netbook using the OpenVPN Connect program.

However I'm now trying to connect up a Raspberry Pi Zero, running OpenElec 6.0.0 and using this OpenVPN client built from the Github source for OpenVPN. When I try to connect via the command line, I get a couple of errors:

ip: RTNETLINK answers: Invalid argument
ip: RTNETLINK answers: File exists

and the connection fails (or rather just hangs). Below is a transcript of a connection attempt, plus a copy of my .ovpn file (both with the secret information removed):

Code: Select all

##############################################
# OpenELEC - The living room PC for everyone #
# ...... visit http://www.openelec.tv ...... #
##############################################

OpenELEC (official) Version: 6.0.0
Kodi-Zero:~/.config/openvpn # openvpn --config /storage/.config/openvpn/client4.
ovpn
Sun Jan 17 21:03:23 2016 OpenVPN 2.3_git armv6zk-openelec-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [IPv6] built on Dec 31 2015
Sun Jan 17 21:03:23 2016 library versions: LibreSSL 2.1.7, LZO 2.09
Sun Jan 17 21:03:23 2016 WARNING: file '/storage/.config/openvpn/client4pass.txt' is group or others accessible
Enter Private Key Password:
Sun Jan 17 21:03:31 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 17 21:03:31 2016 WARNING: file '/storage/.config/openvpn/client4.key' is group or others accessible
Sun Jan 17 21:03:31 2016 WARNING: file '/storage/.config/openvpn/ta.key' is group or others accessible
Sun Jan 17 21:03:31 2016 Control Channel Authentication: using '/storage/.config/openvpn/ta.key' as a OpenVPN static key file
Sun Jan 17 21:03:31 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 17 21:03:31 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 17 21:03:31 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]{{public IP address}}:1194
Sun Jan 17 21:03:31 2016 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Jan 17 21:03:31 2016 UDP link local: (not bound)
Sun Jan 17 21:03:31 2016 UDP link remote: [AF_INET]{{public IP address}}:1194
Sun Jan 17 21:03:31 2016 TLS: Initial packet from [AF_INET]{{public IP address}}:1194, sid=b422b177 e5699de0
Sun Jan 17 21:03:31 2016 VERIFY OK: depth=1, C=UK, ST=West Sussex, L=Crawley, O=DNH, OU=DNH, CN={{server}}, name={{server}}, emailAddress={{email address}}
Sun Jan 17 21:03:31 2016 Validating certificate key usage
Sun Jan 17 21:03:31 2016 ++ Certificate has key usage  00a0, expects 00a0
Sun Jan 17 21:03:31 2016 VERIFY KU OK
Sun Jan 17 21:03:31 2016 Validating certificate extended key usage
Sun Jan 17 21:03:31 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jan 17 21:03:31 2016 VERIFY EKU OK
Sun Jan 17 21:03:31 2016 VERIFY OK: depth=0, C=UK, ST=West Sussex, L=Crawley, O=DNH, OU=DNH, CN={{server}}, name={{server}}, emailAddress={{email address}}
Sun Jan 17 21:03:33 2016 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 17 21:03:33 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 17 21:03:33 2016 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 17 21:03:33 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 17 21:03:33 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jan 17 21:03:33 2016 [server] Peer Connection Initiated with [AF_INET]{{public IP address}}:1194
Sun Jan 17 21:03:34 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jan 17 21:03:34 2016 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route 192.168.0.210 255.255.255.0,dhcp-option DNS 192.168.0.200,redirect-gateway def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Jan 17 21:03:34 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 17 21:03:34 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 17 21:03:34 /2016 OPTIONS IMPORT: route options modified
Sun Jan 17 21:03:34 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 17 21:03:34 2016 TUN/TAP device tun0 opened
Sun Jan 17 21:03:34 2016 TUN/TAP TX queue length set to 100
Sun Jan 17 21:03:34 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 17 21:03:34 2016 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 17 21:03:34 2016 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sun Jan 17 21:03:34 2016 /sbin/ip route add {{public IP address}}/32 via 192.168.0.200
Sun Jan 17 21:03:34 2016 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sun Jan 17 21:03:34 2016 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sun Jan 17 21:03:34 2016 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sun Jan 17 21:03:34 2016 /sbin/ip route add 10.8.0.0/24 via 10.8.0.5
Sun Jan 17 21:03:34 2016 /sbin/ip route add 192.168.0.210/24 via 10.8.0.5
ip: RTNETLINK answers: Invalid argument
Sun Jan 17 21:03:34 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Jan 17 21:03:34 2016 /sbin/ip route add 10.8.0.0/24 via 10.8.0.5
ip: RTNETLINK answers: File exists
Sun Jan 17 21:03:34 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Jan 17 21:03:34 2016 Initialization Sequence Completed

Code: Select all

client
dev tun
proto udp
remote {{public ip address}} 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
key-direction 1
ca /storage/.config/openvpn/ca.crt
cert /storage/.config/openvpn/client4.crt
key /storage/.config/openvpn/client4.key
remote-cert-tls server
auth-user-pass /storage/.config/openvpn/client4pass.txt
tls-auth /storage/.config/openvpn/ta.key 1
cipher AES-128-CBC
comp-lzo
verb 3
mute 20
Can anyone shed any light on what may be going wrong, and what I may need to change or adjust on the server or client to get the connection to work? If I transfer the same ovpn and associated files to either my tablet or netbook it works from there, so I'm a bit stumped as to why it may not work from the Pi?

Many thanks in advance if you can help shed some light on this...
Top
DarrenHill
OpenVpn Newbie
Posts: 3
Joined: Thu Aug 06, 2015 7:15 pm

Re: Problems connecting two Raspberry Pi's

Post by DarrenHill » Fri Jan 22, 2016 9:10 pm

I've resolved the issue by rebuilding the server. The old one was based on Raspbian Wheezy, so I cleared it out and rebuilt it with Jessie-Lite and now things talk to each other fine and connect properly.

So issue resolved :)
Top
Locked

Return to “Installation Help”