VPN client doesn't start

vag_26 · Post by **vag_26** » Mon Feb 18, 2013 5:53 pm

Hello, I am new to the forum and I recently installed OPENVPN software to my ubuntu 10.04 machine. For now I am exploring how this software works. So, I installed VMware player on my ubuntu and on top of that another ubuntu.

On the VMware player I installed the VPN server which seems to work fine since the output of the command
$ /etc/init.d/openvpn restart gives me OK. In addition the virtual interface tun0 succesfully created. I checked it with ifconfig tun.

The problem is on the actual machine (not on VMware) where I installed the client. Command ifconfig tun tells me that the device did not found. What is more I can't start the client, command $ /etc/init.d/openvpn restart , gives me fail. Below is the client.conf :

Code: Select all

client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 10.8.0.0 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

Any ideas would be greatly appreciated!

mwandelaar · Post by **mwandelaar** » Mon Feb 18, 2013 8:16 pm

your config says:

remote 10.8.0.0 1194

Isn't this 10.8.0.1? 10.8.0.0 seems a network-address to me.

Can you post your logging (you're allready using verb 3) too?

vag_26 · Post by **vag_26** » Mon Feb 18, 2013 8:49 pm

Thanks mwandelaar.

Correct, client.conf says "remote 10.8.0.0" . This is the IP address which I gave to the server through the server.conf. Correct me if I have to change to "10.8.0.1".
The syslog reports the following:

Code: Select all

Feb 18 20:24:50 vag-laptop rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="820" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Feb 18 20:24:58 vag-laptop anacron[1034]: Job `cron.daily' terminated
Feb 18 20:24:58 vag-laptop anacron[1034]: Normal exit (1 job run)
Feb 18 20:25:29 vag-laptop ovpn-client[1972]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb 18 20:25:29 vag-laptop ovpn-client[1972]: TLS Error: TLS handshake failed
Feb 18 20:25:29 vag-laptop ovpn-client[1972]: TCP/UDP: Closing socket
Feb 18 20:25:29 vag-laptop ovpn-client[1972]: SIGUSR1[soft,tls-error] received, process restarting
Feb 18 20:25:29 vag-laptop ovpn-client[1972]: Restart pause, 2 second(s)
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: Re-using SSL/TLS context
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: LZO compression initialized
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: Local Options hash (VER=V4): '504e774e'
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: Expected Remote Options hash (VER=V4): '14168603'
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: Socket Buffers: R=[124928->131072] S=[124928->131072]
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: UDPv4 link local: [undef]
Feb 18 20:25:31 vag-laptop ovpn-client[1972]: UDPv4 link remote: [AF_INET]10.8.0.0:1194
Feb 18 20:25:40 vag-laptop kernel: [  500.930548] r8169: eth0: link up
Feb 18 20:25:45 vag-laptop kernel: [  505.672906] r8169: eth0: link up
Feb 18 20:25:45 vag-laptop kernel: [  506.451615] r8169: eth0: link up
Feb 18 20:25:46 vag-laptop kernel: [  507.549371] r8169: eth0: link up
Feb 18 20:25:47 vag-laptop kernel: [  508.212491] r8169: eth0: link up
Feb 18 20:25:48 vag-laptop kernel: [  508.958168] r8169: eth0: link up
Feb 18 20:25:49 vag-laptop kernel: [  509.686997] r8169: eth0: link up
Feb 18 20:25:50 vag-laptop kernel: [  510.706034] r8169: eth0: link up
Feb 18 20:26:00 vag-laptop kernel: [  521.417947] r8169: eth0: link up
Feb 18 20:26:16 vag-laptop kernel: [  536.801714] r8169: eth0: link up
Feb 18 20:26:31 vag-laptop ovpn-client[1972]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb 18 20:26:31 vag-laptop ovpn-client[1972]: TLS Error: TLS handshake failed
Feb 18 20:26:31 vag-laptop ovpn-client[1972]: TCP/UDP: Closing socket
Feb 18 20:26:31 vag-laptop ovpn-client[1972]: SIGUSR1[soft,tls-error] received, process restarting

I included only a part of it since it was much bigger trying. I don't know if it needs to increase verbosity...

Post by **Douglas** » Tue Feb 19, 2013 1:53 pm

Remote needs to be an actual connectable IP of the server. If it is really the 10. Block you posted, then ignore me!

vag_26 · Post by **vag_26** » Tue Feb 19, 2013 2:20 pm

What do you mean "actual"? If you mean a real machine no, it isn't. The server is installed on the VMware Player while the client on the actual machine.
Anyway, I made some modification on the client.conf and I changed the IP adress to 10.8.0.1 where is the server. For now the file seems like this:

Code: Select all

client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 10.8.0.1 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

But there is no result again... The tun0 interface isn't created yet.

Any suggestions?

Post by **Douglas** » Tue Feb 19, 2013 8:39 pm

I mean it has to be an IP you can ssh to, etc. can't be an IP you have in the VPN network.

vag_26 · Post by **vag_26** » Wed Feb 20, 2013 1:42 am

Ok Douglas. I feel a little bit confused now. If I understand correct, by saying that the IP address should be on the VPN network, this means that I have to use other IP network than the one on the server.conf.

I thought that client communicates with the server via the virtual interface tun. So, because in the server.conf I configured the network to be 10.8.0.0, I thought that 10.8.0.1 is the address to which clients reach server. So, the solution is to reach server to the IP to which my eth0 is assigned?? Confused!

vag_26 · Post by **vag_26** » Wed Feb 20, 2013 9:02 pm

Ok Douglas! You gave me a good hint. In the client.conf file I placed the IP address of the server that corresponds to its ethx and now the tun is created. I was so focused to my system so I forgot that there are interfaces too....Silly me!

Thanks for your help anyway!

vag_26 · Post by **vag_26** » Thu Feb 21, 2013 12:43 am

Hi again,

Although now I can ping from server and vice versa, after trying to configure the connection with the server through the openvpn network manager, I can't. I placed correctly all the keys and certifications. What the problem might be?

What about the gateway address? Which should I put? The key direction should be '1' or '0'?

Any hint? Any idea? I am so new in the field.. Forgive me if my questions sound annoying to you.

mwandelaar · Post by **mwandelaar** » Thu Feb 21, 2013 9:51 am

Depending on your distro, the logging is somewhere in your syslogfiles.
Try to run a tail -f on /var/log/syslog (or /var/log/messages, /var/log/daemon.log) and start the connection with the network-manager.

Probably you'll find the error there.

vag_26 · Post by **vag_26** » Wed Feb 27, 2013 11:34 pm

Thanks all for your help!! Finally I can connect with my server!!

OpenVPN Support Forum

VPN client doesn't start

VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start

Re: VPN client doesn't start