Access sever from fedora initialization sequence completed

Post Reply
sundarkq
OpenVpn Newbie
Posts: 4
Joined: Tue Jun 13, 2017 10:45 am

Access sever from fedora initialization sequence completed

Post by sundarkq » Tue Jun 13, 2017 10:49 am

Hi,

Iam using fedora i already installed openvpn access server now i execute ovpn file in terminal no errors are found it shows intialization seqence completed but i cant access my server what can i do please help me

novaflash
OpenVPN Expert
Posts: 436
Joined: Fri Apr 13, 2012 8:43 pm

Re: Access sever from fedora initialization sequence completed

Post by novaflash » Tue Jun 13, 2017 11:00 am

Can you provide more information than this? And things you've tried?

sundarkq
OpenVpn Newbie
Posts: 4
Joined: Tue Jun 13, 2017 10:45 am

Re: Access sever from fedora initialization sequence completed

Post by sundarkq » Tue Jun 13, 2017 12:43 pm

[root@localhost ~]# sudo openvpn --config /etc/openvpn/client.conf
Tue Jun 13 18:07:11 2017 OpenVPN 2.3.7 i686-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 9 2015
Tue Jun 13 18:07:11 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.08
Enter Auth Username: *************
Enter Auth Password: ********
Tue Jun 13 18:07:19 2017 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jun 13 18:07:19 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 13 18:07:19 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 13 18:07:19 2017 Socket Buffers: R=[163840->200000] S=[163840->200000]
Tue Jun 13 18:07:19 2017 UDPv4 link local: [undef]
Tue Jun 13 18:07:19 2017 UDPv4 link remote: [AF_INET]52.4.235.207:1194
Tue Jun 13 18:07:19 2017 TLS: Initial packet from [AF_INET]52.4.235.207:1194, sid=cbf35a88 2f8561e7
Tue Jun 13 18:07:19 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 13 18:07:20 2017 VERIFY OK: depth=1, CN=OpenVPN CA
Tue Jun 13 18:07:20 2017 VERIFY OK: nsCertType=SERVER
Tue Jun 13 18:07:20 2017 VERIFY OK: depth=0, CN=OpenVPN Server
Tue Jun 13 18:07:26 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jun 13 18:07:26 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 13 18:07:26 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jun 13 18:07:26 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 13 18:07:26 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 13 18:07:26 2017 [OpenVPN Server] Peer Connection Initiated with [AF_INET]52.4.235.207:1194
Tue Jun 13 18:07:29 2017 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Tue Jun 13 18:07:29 2017 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 10.12.128.1,route 10.1.0.0 255.255.0.0,route 10.10.0.0 255.255.0.0,route 10.12.0.0 255.255.0.0,route 10.26.0.0 255.255.0.0,route 10.70.0.0 255.255.0.0,route 10.177.0.0 255.255.0.0,route 10.178.0.0 255.255.0.0,route 10.220.0.0 255.255.0.0,route 10.2.0.0 255.254.0.0,route 10.24.0.0 255.254.0.0,route 10.210.0.0 255.254.0.0,route 10.212.0.0 255.254.0.0,route 10.20.0.0 255.252.0.0,dhcp-option DNS 10.10.0.10,dhcp-option DNS 10.10.0.20,dhcp-option DOMAIN aws.cainc.com,register-dns,block-ipv6,ifconfig 10.12.174.235 255.255.192.0'
Tue Jun 13 18:07:29 2017 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Tue Jun 13 18:07:29 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.7)
Tue Jun 13 18:07:29 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.7)
Tue Jun 13 18:07:29 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.7)
Tue Jun 13 18:07:29 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:32: register-dns (2.3.7)
Tue Jun 13 18:07:29 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:33: block-ipv6 (2.3.7)
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: LZO parms modified
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: route options modified
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: route-related options modified
Tue Jun 13 18:07:29 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 13 18:07:29 2017 ROUTE_GATEWAY 172.25.10.51/255.255.255.0 IFACE=wlp8s0 HWADDR=68:5d:43:74:c3:ae
Tue Jun 13 18:07:29 2017 TUN/TAP device tun0 opened
Tue Jun 13 18:07:29 2017 TUN/TAP TX queue length set to 100
Tue Jun 13 18:07:29 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 13 18:07:29 2017 /usr/sbin/ip link set dev tun0 up mtu 1500
Tue Jun 13 18:07:29 2017 /usr/sbin/ip addr add dev tun0 10.12.174.235/18 broadcast 10.12.191.255
Tue Jun 13 18:07:34 2017 ROUTE remote_host is NOT LOCAL
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 52.4.235.207/32 via 172.25.10.51
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.1.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.10.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.12.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.26.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.70.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.177.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.178.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.220.0.0/16 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.2.0.0/15 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.24.0.0/15 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.210.0.0/15 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.212.0.0/15 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 /usr/sbin/ip route add 10.20.0.0/14 metric 101 via 10.12.128.1
Tue Jun 13 18:07:34 2017 Initialization Sequence Completed


i will done this method sequence completed but i cant the the server help me please

novaflash
OpenVPN Expert
Posts: 436
Joined: Fri Apr 13, 2012 8:43 pm

Re: Access sever from fedora initialization sequence completed

Post by novaflash » Tue Jun 13, 2017 12:50 pm

What you're seeing is normal. When you call the openvpn program directly like you did, you see all the connection information. And it's successful. so the VPN connection is working.

So what isn't working?

sundarkq
OpenVpn Newbie
Posts: 4
Joined: Tue Jun 13, 2017 10:45 am

Re: Access sever from fedora initialization sequence completed

Post by sundarkq » Tue Jun 13, 2017 1:08 pm

no once sequence completed then i will access my server via browser but now i cannot connect to my server

novaflash
OpenVPN Expert
Posts: 436
Joined: Fri Apr 13, 2012 8:43 pm

Re: Access sever from fedora initialization sequence completed

Post by novaflash » Tue Jun 13, 2017 8:28 pm

Can you please explain a lot better what you are trying to do and from where? Everything that I know right know is this:

You have a working OpenVPN tunnel to some server.
You want to access a server (what server? where?) via a browser and that doesn't work.

I am not sure what you expect us to do about it. Unless you provide some useful troubleshooting data there really isn't much more we can do at this point.

sundarkq
OpenVpn Newbie
Posts: 4
Joined: Tue Jun 13, 2017 10:45 am

Re: Access sever from fedora initialization sequence completed

Post by sundarkq » Wed Jun 14, 2017 4:37 am

Thanks for the information. I really accept your concern. But I am not sure I was conveyed my query to correctly or not. I would like to give to detail statement here.

As you well known, while using fedora,if the VPN connection established then we would have a icon in the top right of the status bar. Here I am using and referring the server is my client base server. I had been provided with the user credential for accessing that.

As you earlier said, I understood that the tunnel connection was established for me. However I was not able to connect the url provided by my client. For windows I can able to connect the url and for your reference we are using the OPENVPN connect app.

We have run through many methods and found our only issue is on connecting the url in the browser.

Is this information is helpful for you to help us? or can you please tell us what kind of info you required from us?

Thanks.

novaflash
OpenVPN Expert
Posts: 436
Joined: Fri Apr 13, 2012 8:43 pm

Re: Access sever from fedora initialization sequence completed

Post by novaflash » Wed Jun 14, 2017 7:06 am

If you are using a URL then perhaps I now understand why it is not possible on Linux, but it is possible on Windows.

On Windows, the OpenVPN client takes care of implementing DNS. DNS is where a name like http://yourserver.com/ gets translated to http://123.45.67.89/. On Linux DNS needs to be manually implemented. So on Linux using a URL with a name instead of an IP to access a resource over VPN doesn't work by itself.

Add to your OpenVPN configuration file(s) by editing the configuration directly, the following lines:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

If you have resolvconf on your system, that should then implement DNS server pushed by your VPN server, to your Linux OS.

Alternatively don't use a URL with DNS name, but use the IP directly, like http://123.45.657.89 or wherever your server is. Perhaps then it will work for you.

Good luck.

Post Reply