Setting up an EC2 instance in AWS.
Followed these instructions:
https://www.comparitech.com/blog/vpn-pr ... -services/
I cannot connect from my client to OPVN, but I can ssh to it. I checked my security group and 1194 is open to the world. All traffic is open in the VPC routing tables.
OPVN is running
nobody 31998 1 0 00:57 ? 00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn --config server.conf --script-security 2
ifconfig
eth0 Link encap:Ethernet HWaddr 0A:2E:DC:B2:73:B4
inet addr:X.X.X.X Bcast:172.31.47.255 Mask:255.255.240.0
inet6 addr: fe80::82e:dcff:feb2:73b4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:113176 errors:0 dropped:0 overruns:0 frame:0
TX packets:73506 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:117007236 (111.5 MiB) TX bytes:6022905 (5.7 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1523 (1.4 KiB) TX bytes:1523 (1.4 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
inet6 addr: fe80::7ee8:737b:15df:d7d2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:912 (912.0 b)
Only error in the log is;
Fri Jun 1 00:57:15 2018 /sbin/ip route del 10.8.0.0/24
RTNETLINK answers: Operation not permitted
Fri Jun 1 00:57:15 2018 ERROR: Linux route delete command failed: external program exited with error status: 2
Fri Jun 1 00:57:15 2018 Closing TUN/TAP interface
Fri Jun 1 00:57:15 2018 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Operation not permitted
Fri Jun 1 00:57:15 2018 Linux ip addr del failed: external program exited with error status: 2
Fri Jun 1 00:57:15 2018 SIGTERM[hard,] received, process exiting
Status
sudo cat openvpn-status.log
OpenVPN CLIENT LIST
Updated,Fri Jun 1 10:22:26 2018
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
I'm not certain how to debug this.
Tips/pointers/RTFMs appreciated.
Andy
Cannot connect to server
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
nipper
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Jun 01, 2018 10:17 am
Re: Cannot connect to server
I should add, my PC is already configured with OVPN and I use it daily to another server. So I'm pretty certain the issue is on the server side.
-
nipper
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Jun 01, 2018 10:17 am
Re: Cannot connect to server
So I found some threads that imply I should not run as nobody.
I removed that and restarted, even running as root (which I should not have to) I still see the errors:
Fri Jun 1 12:26:59 2018 /sbin/ip route del 10.8.0.0/24
RTNETLINK answers: No such process
Fri Jun 1 12:26:59 2018 ERROR: Linux route delete command failed: external program exited with error status: 2
Fri Jun 1 12:26:59 2018 Closing TUN/TAP interface
Fri Jun 1 12:26:59 2018 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Cannot assign requested address
Fri Jun 1 12:26:59 2018 Linux ip addr del failed: external program exited with error status: 2
Fri Jun 1 12:26:59 2018 SIGTERM[hard,] received, process exiting
Fri Jun 1 12:27:25 2018 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2017
I can run the commands with sudo, still fail to connect:
Fri Jun 01 05:28:42 2018 UDP link local: (not bound)
Fri Jun 01 05:28:42 2018 UDP link remote: [AF_INET]35.172.178.1:1194
Fri Jun 01 05:28:42 2018 MANAGEMENT: >STATE:1527856122,WAIT,,,,,,
Fri Jun 01 05:29:42 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jun 01 05:29:42 2018 TLS Error: TLS handshake failed
Fri Jun 01 05:29:42 2018 SIGUSR1[soft,tls-error] received, process restarting
Fri Jun 01 05:29:42 2018 MANAGEMENT: >STATE:1527856182,RECONNECTING,tls-error,,,,,
Fri Jun 01 05:29:42 2018 Restart pause, 5 second(s)
I removed that and restarted, even running as root (which I should not have to) I still see the errors:
Fri Jun 1 12:26:59 2018 /sbin/ip route del 10.8.0.0/24
RTNETLINK answers: No such process
Fri Jun 1 12:26:59 2018 ERROR: Linux route delete command failed: external program exited with error status: 2
Fri Jun 1 12:26:59 2018 Closing TUN/TAP interface
Fri Jun 1 12:26:59 2018 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Cannot assign requested address
Fri Jun 1 12:26:59 2018 Linux ip addr del failed: external program exited with error status: 2
Fri Jun 1 12:26:59 2018 SIGTERM[hard,] received, process exiting
Fri Jun 1 12:27:25 2018 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2017
I can run the commands with sudo, still fail to connect:
Fri Jun 01 05:28:42 2018 UDP link local: (not bound)
Fri Jun 01 05:28:42 2018 UDP link remote: [AF_INET]35.172.178.1:1194
Fri Jun 01 05:28:42 2018 MANAGEMENT: >STATE:1527856122,WAIT,,,,,,
Fri Jun 01 05:29:42 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jun 01 05:29:42 2018 TLS Error: TLS handshake failed
Fri Jun 01 05:29:42 2018 SIGUSR1[soft,tls-error] received, process restarting
Fri Jun 01 05:29:42 2018 MANAGEMENT: >STATE:1527856182,RECONNECTING,tls-error,,,,,
Fri Jun 01 05:29:42 2018 Restart pause, 5 second(s)
-
nipper
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Jun 01, 2018 10:17 am
Re: Cannot connect to server
K, kept fiddling with it. Error are gone, but still no connection.
openvpn]$ cat server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
tls-server
tls-auth /etc/openvpn/pfs.key
openvpn]$ cat server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
tls-server
tls-auth /etc/openvpn/pfs.key
-
bbuckm
- OpenVPN User
- Posts: 39
- Joined: Thu Apr 26, 2018 2:45 pm
-
nipper
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Jun 01, 2018 10:17 am
Re: Cannot connect to server
Found the issue. I needed 2 security groups, not just one:
Custom UDP Rule UDP 1194 0.0.0.0/0
Custom UDP Rule UDP 1194 ::/0
Custom UDP Rule UDP 1194 0.0.0.0/0
Custom UDP Rule UDP 1194 ::/0