Cannot connect to server over CLI

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
rechigo
OpenVpn Newbie
Posts: 4
Joined: Mon May 18, 2020 2:24 am

Cannot connect to server over CLI

Post by rechigo » Mon May 18, 2020 2:35 am

Client OpenVPN: 2.4.4
Server OpenVPN: 2.4.7
Server OS: Ubuntu 20.04
Client OS: Ubuntu 18.04

When I try to connect to my server, everything looks fine, I see the "initialization sequence completed" message, but of course, when I go to make a request it fails.

I tried

Code: Select all

curl api.ipify.org
to get my IP to ensure I was connected to the VPN, but it throws a "Could not resolve host"

Great, DNS issue then? I performed an nslookup on api.ipify.org to access it directly via the IP, which lead me to

Code: Select all

curl 108.171.202.203
however, that request just simply times out

I am able to connect to it fine over my windows 10 machine w/ OpenVPN connect, so I don't think this would be a server issue

Config:

Code: Select all

client
proto udp
explicit-exit-notify
remote RE.DA.CT.ED 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_58fQW5IsmES2dWU0 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
Output

Code: Select all

home@main-home:/etc/openvpn$ sudo openvpn --config some_config.conf
Sun May 17 19:33:20 2020 Unrecognized option or missing or extra parameter(s) in some_config.conf:19: block-outside-dns (2.4.4)
Sun May 17 19:33:20 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Sun May 17 19:33:20 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Sun May 17 19:33:20 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sun May 17 19:33:20 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 17 19:33:20 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sun May 17 19:33:20 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 17 19:33:20 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]RE.DA.CT.ED:1194
Sun May 17 19:33:20 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun May 17 19:33:20 2020 UDP link local: (not bound)
Sun May 17 19:33:20 2020 UDP link remote: [AF_INET]RE.DA.CT.ED:1194
Sun May 17 19:33:20 2020 TLS: Initial packet from [AF_INET]RE.DA.CT.ED:1194, sid=16dc2fd8 987bcce6
Sun May 17 19:33:20 2020 VERIFY OK: depth=1, CN=cn_C83DGEVgDAgeWwmC
Sun May 17 19:33:20 2020 VERIFY KU OK
Sun May 17 19:33:20 2020 Validating certificate extended key usage
Sun May 17 19:33:20 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun May 17 19:33:20 2020 VERIFY EKU OK
Sun May 17 19:33:20 2020 VERIFY X509NAME OK: CN=server_58fQW5IsmES2dWU0
Sun May 17 19:33:20 2020 VERIFY OK: depth=0, CN=server_58fQW5IsmES2dWU0
Sun May 17 19:33:20 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Sun May 17 19:33:20 2020 [server_58fQW5IsmES2dWU0] Peer Connection Initiated with [AF_INET]RE.DA.CT.ED:1194
Sun May 17 19:33:22 2020 SENT CONTROL [server_58fQW5IsmES2dWU0]: 'PUSH_REQUEST' (status=1)
Sun May 17 19:33:22 2020 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-128-GCM'
Sun May 17 19:33:22 2020 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 17 19:33:22 2020 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 17 19:33:22 2020 OPTIONS IMPORT: route options modified
Sun May 17 19:33:22 2020 OPTIONS IMPORT: route-related options modified
Sun May 17 19:33:22 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 17 19:33:22 2020 OPTIONS IMPORT: peer-id set
Sun May 17 19:33:22 2020 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun May 17 19:33:22 2020 OPTIONS IMPORT: data channel crypto options modified
Sun May 17 19:33:22 2020 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sun May 17 19:33:22 2020 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sun May 17 19:33:22 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=enp0s10 HWADDR=00:25:4b:a0:92:d6
Sun May 17 19:33:22 2020 TUN/TAP device tun1 opened
Sun May 17 19:33:22 2020 TUN/TAP TX queue length set to 100
Sun May 17 19:33:22 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun May 17 19:33:22 2020 /sbin/ip link set dev tun1 up mtu 1500
Sun May 17 19:33:22 2020 /sbin/ip addr add dev tun1 10.8.0.2/24 broadcast 10.8.0.255
Sun May 17 19:33:22 2020 /sbin/ip route add RE.DA.CT.ED/32 via 192.168.0.1
Sun May 17 19:33:22 2020 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun May 17 19:33:22 2020 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun May 17 19:33:22 2020 Initialization Sequence Completed

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7145
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot connect to server over CLI

Post by TinCanTech » Mon May 18, 2020 12:20 pm

rechigo wrote:
Mon May 18, 2020 2:35 am
I don't think this would be a server issue
It is a server issue ..

rechigo
OpenVpn Newbie
Posts: 4
Joined: Mon May 18, 2020 2:24 am

Re: Cannot connect to server over CLI

Post by rechigo » Mon May 18, 2020 11:54 pm

TinCanTech wrote:
Mon May 18, 2020 12:20 pm
It is a server issue ..
Then what is it that I need to change on my OpenVPN server to allow my ubuntu machine to connect

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7145
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot connect to server over CLI

Post by TinCanTech » Tue May 19, 2020 12:18 am

rechigo wrote:
Mon May 18, 2020 11:54 pm
Then what is it that I need to change on my OpenVPN server to allow my ubuntu machine to connect
Your log above clearly shows that your ubuntu machine is connected.
rechigo wrote:
Mon May 18, 2020 2:35 am
I am able to connect to it fine over my windows 10 machine w/ OpenVPN connect
Probably because W10 is not connected to your VPN.

To cut a long and tedious story short, please see the howto:
https://community.openvpn.net/openvpn/w ... oughtheVPN

rechigo
OpenVpn Newbie
Posts: 4
Joined: Mon May 18, 2020 2:24 am

Re: Cannot connect to server over CLI

Post by rechigo » Wed May 20, 2020 2:50 am

It is connected over windows 10 and traffic is passing through the VPN. There are MANY ways that I can and have confirmed that this is the case.

I've used a docker container with this same VPN, it works fine. I've used an ubuntu 20.04 VM with this VPN, it works fine. I've used multiple windows clients with this VPN, all work fine. All of these clients work fine and all traffic is routed through the VPN, but apparently its a server issue?

I've tried everything on that guide and confirmed that nothing there is the solution to this.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7145
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot connect to server over CLI

Post by TinCanTech » Wed May 20, 2020 12:36 pm

Sounds like a firewall problem.

rechigo
OpenVpn Newbie
Posts: 4
Joined: Mon May 18, 2020 2:24 am

Re: Cannot connect to server over CLI

Post by rechigo » Thu May 21, 2020 7:01 pm

I tried completely disabling the firewall to rule out that possibility, no difference made.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7145
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot connect to server over CLI

Post by TinCanTech » Thu May 21, 2020 7:14 pm

Try posting your server details.

viewtopic.php?f=30&t=22603

Post Reply