Installing on Ubuntu Server 18.10

[fgonza1971]

Hi guys, I've problems trying to setup OpenVPN-AS on Ubuntu 18.10, the install finished with this:

Initializing OpenVPN...
Removing Cluster Admin user login...
userdel "admin_c"
Adding new user login...
useradd -s /sbin/nologin "openvpn"
Writing as configuration file...
Perform sa init...
Error: Could not initialize sa.

The package used in the setup is: openvpn-as-latest-ubuntu18.amd_64.deb, the server its a VM on KVM for testing purposes:

test@openvpn-server:~$ uname -a
Linux openvpn-server 4.18.0-17-generic #18-Ubuntu SMP Wed Mar 13 14:34:40 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
test@openvpn-server:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.10
Release: 18.10
Codename: cosmic
test@openvpn-server:~$

Any hint or clue? What am I missing? I've read the install manual: https://openvpn.net/vpn-server-resource ... ux-system/ and its says: "We have a preference to use the latest Ubuntu 64 bits Long Term Support version for our prepared images" I suppose that the statement reffers on images for HyperV, VMWare, etc. right? maybe 18.10 is not supported?.

Best regards!


Fran

[fgonza1971]

Guys, I ran another test installing Ubuntu 18.04.2 and OpenVPN-AS works without any issue, no SA errors or whatsoever, can I suggest that you include in the article for Ubuntu that the software only run on LTS versions to be more specific?

Best regards!

Fran

[novaflash]

Hello Fran,

Normally the releases we make for LTS also work for the other inbetween versions of Ubuntu, but in this particular case, indeed it does not. I suspect Ubuntu 18.10 is missing some component for the initialization script to work.

You could probably bypass this problem by copying a configuration from another server on to an Ubuntu 18.10 release. But as mentioned we do have a definite preference for the LTS versions as the support for it is much longer.

We'll think about if we can offer a solution for 18.10.

[awill88]

After upgrading to Ubuntu 18.10 with an already installed instance of OpenVPN AS, I was able to upgrade to the latest .deb without issue. However, there is something going on with DNS. Spent hours trying to implement the suggested resolv.conf fixes and tried to put an up and down script in the advanced server settings only to find out that AS will mount absolute paths specified here to /run/openvpn_as so I get things like /run/openvpn//etc/update-resolve-conf File not found errors. It’s a little frustrating that to my knowledge there’s no straightforward way to throw scripts into AS. I’m not even sure if this is the issue, but wasn’t left with many resources to try this solution out.

So as of now, for my situation, we have no DNS. Disabled firewall, clients connect, can connect by IP, no nameserver resolution though. Please advise.

[novaflash]

Yeah that seems to confirm that some package is missing in 18.10 that is present in all the other versions. Not sure what exactly, it would have to be investigated.

We still recommend using 18.04 LTS.

You can't do up down scripts in Access Server as far as I know, you're not supposed to do that with Access Server. Why do you need an up/down script anyways?

DNS is different in Ubuntu 18 now, they use netplan now. Access Server version 2.7.3 has a fix for Ubuntu 18.04 LTS that reads the DNS servers in the OS correctly again if you use the function to push "same DNS servers as Access Server" to the VPN clients. The DNS settings are controlled via the VPN Settings page. You can easily overcome such problems on the VPN clients side by either not pushing a DNS server, or specifying the exact DNS servers you wish to push by manually defining them in the VPN Settings page.

[awill88]

Sorry, I was in a crunch with work and I was looking for an up/down script solution as I was used to with my personal vpn deployments.

But based on your response, it seems like that's a design choice not to provide it.

I have to apologize, I upgraded an ec2 instance and I thought it was 18.10, but it was 18.04 . Originally it was an AWS image that was ubuntu 16, so I'm sure the dist upgrade introduced some issues with the exiting openas--that persisted through the AS upgrade. I was using the "Have clients use the same DNS servers as the Access Server host" option, which pushed through the VPC DNS nicely, but broke with DNS updates for Ubuntu 18 LTS.

I was able to resolve by changing to "Have clients use specific DNS servers" and specifying 127.0.0.1 as primary (although I think it's 127.0.0.53 in /etc/resolv.conf). I know that one doesn't work but oh well. The secondary DNS is the default VPC DNS address which was provided in AWS Docs here:
https://docs.aws.amazon.com/vpc/latest/ ... tions.html

"For example, the DNS Server on a 10.0.0.0/16 network is located at 10.0.0.2"

I popped our VPC DNS address and poof, all issued resolved. Hope your issue gets addressed.

I also used /etc/resolv.conf as a guide to add the "DNS resolution zones (optional)" and added "ec2.internal"