In this case, openvpn is started outside of NetworkManager. And a server configuration is attempted to be started. So "not using network-manager" would mean uninstall it; which I strongly discourage. That can cause lots of other issues on top of this.TinCanTech wrote: ↑Wed Jan 10, 2018 4:22 pmIn an effort to get to the bottom of this, did you try without using network-manager ?
Because it is difficult to tell if the problem is with openvpn or network-manager.
Debian 9 - Tunnel Interface Not Found - New Install
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: Debian 9 - Tunnel Interface Not Found - New Install
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: Debian 9 - Tunnel Interface Not Found - New Install
@dazo , why would be an issue not using network-manager to starting openvpn and also why would that mean to uninstall network-manager ?dazo wrote: ↑Wed Jan 10, 2018 4:29 pmIn this case, openvpn is started outside of NetworkManager. And a server configuration is attempted to be started. So "not using network-manager" would mean uninstall it; which I strongly discourage. That can cause lots of other issues on top of this.TinCanTech wrote: ↑Wed Jan 10, 2018 4:22 pmIn an effort to get to the bottom of this, did you try without using network-manager ?
Because it is difficult to tell if the problem is with openvpn or network-manager.
the only case where i would see network-manager interfere is on a workstation with a gui, and even there only if you use the network-manager openvpn plugin.
anyhow , i just installed openvpn on a debian 9 system and don't have any problems , but i have to say that compared to RHEL based family of linux distros , on debian... systemd is a bad joke , lot's of service units actually just run an old school init script and that's exactly the case for openvpn
so just start openvpn like you would on an older system which does not use systemd
Code: Select all
/etc/init.d/openvpn start|stop|restart
Code: Select all
modprobe tun
lsmod | grep tun
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: Debian 9 - Tunnel Interface Not Found - New Install
@TiTex ... I understand that systemd on Debian can feel like a bad joke. I don't think it's that bad, but what is bad is all the wrappers put around systemd to make it behave like a non-systemd system. Like you point out with using /etc/init.d/openvpn directly ... but I don't recall which way it wraps; if systemd is used as a wrapper around init.d scripts, well, that is going to cause a nastier user experience.
Which is why we managed to convince the Debian package maintainer to ship our openvpn-{client,server}@.service files ... but I'm not sure it has been updated with the changes we added in later 2.4.1+ releases; I've seen some traces of them being the same as in 2.4.0, which carries some bugs. So if the package maintainer could pick up our latest upstream versions and ship them, I believe Debian users could experience a much better systemd integration. But the old way of interacting with initd scripts needs to stop, it will give a half-baked experience.
In regards to uninstalling network-manager ... I don't know how tightly that is integrated into the distribution in Debian. But if you try to do such a stunt in RHEL/Fedora, you end up with a system which won't configure network interfaces well during boot. You can make it work by adding some tweaks in the various systemd network configuration unit files and so on. NetworkManager actually can do good things on servers as well as workstations and in particular laptops where networks are even less static. But in today's virtualized world, networks are not as static as they used to be with essentially just bare-metals in the data centres.
Which is why we managed to convince the Debian package maintainer to ship our openvpn-{client,server}@.service files ... but I'm not sure it has been updated with the changes we added in later 2.4.1+ releases; I've seen some traces of them being the same as in 2.4.0, which carries some bugs. So if the package maintainer could pick up our latest upstream versions and ship them, I believe Debian users could experience a much better systemd integration. But the old way of interacting with initd scripts needs to stop, it will give a half-baked experience.
In regards to uninstalling network-manager ... I don't know how tightly that is integrated into the distribution in Debian. But if you try to do such a stunt in RHEL/Fedora, you end up with a system which won't configure network interfaces well during boot. You can make it work by adding some tweaks in the various systemd network configuration unit files and so on. NetworkManager actually can do good things on servers as well as workstations and in particular laptops where networks are even less static. But in today's virtualized world, networks are not as static as they used to be with essentially just bare-metals in the data centres.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Mar 20, 2018 10:42 pm
Re: Debian 9 - Tunnel Interface Not Found - New Install
Note: @xq1xq1xq1, I too am running Debian 9.3 on my server. I'm having similar problems to you.
@dazo: your advice to not use "log" or "log-append" in server.conf was crucially important. I'm also using "verb 9" to debug. Now when I manually try to start openvpn on the command line with:
Code: Select all
openvpn --config /etc/openvpn/server/server.conf
Here's a nice guide to disabling, but not uninstalling, Network Manager.
In a nutshell, first (as root) show if Network manager is indeed in control of any network interfaces:
Code: Select all
nmcli dev status
Code: Select all
systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
Also Note: I had to append the following line to /etc/group:
Why? Because in Debian 9, you get a "nobody" user by default, in /etc/passwd, but no "nobody" group in /etc/group. Once the "nobody" group was created thusly, then and only then I could use "user nobody" and "group nobody" in server.conf.nobody:x:65534:nobody
My openvpn server now starts! At least from the command line....
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: Debian 9 - Tunnel Interface Not Found - New Install
I would rather recommend you to not disable NetworkManager on the system as a whole. Rather tell NetworkManager to not touch certain devices; like tun/tap devices. In /etc/NetworkManager/NetworkManager.conf rather add:
and restart NetworkManager.
Really. Stop believing NetworkManager is evil. It is trying to do all it can to make networking work nicely in todays more dynamic network environments. Killing it will give you other challenges when the environment around your box changes. Telling it "I know what I'm doing with these devices, you can relax" will generally give you a better experience in the end.
Code: Select all
[keyfile]
unmanaged-devices=interface-name:tun*
Really. Stop believing NetworkManager is evil. It is trying to do all it can to make networking work nicely in todays more dynamic network environments. Killing it will give you other challenges when the environment around your box changes. Telling it "I know what I'm doing with these devices, you can relax" will generally give you a better experience in the end.
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: Debian 9 - Tunnel Interface Not Found - New Install
For further info, see the NetworkManager.conf man page.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Debian 9 - Tunnel Interface Not Found - New Install
To clarify this: While trying to diagnose problems with Openvpn do not start openvpn via Network-Manager.
Instead run openvpn from a root terminal or with sudo .. eg:
Code: Select all
me@home /etc/openvpn $ sudo openvpn /path/to/my_config.conf
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Feb 26, 2018 1:23 am
Re: Debian 9 - Tunnel Interface Not Found - New Install
Dunno if this can solve your problem or not.
But your config file doesn't seem right on line 19.
You should write "group nogroup" instead of "group nobody"
I had same problem long time ago.
But your config file doesn't seem right on line 19.
You should write "group nogroup" instead of "group nobody"
I had same problem long time ago.
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: Debian 9 - Tunnel Interface Not Found - New Install
@blackhidden ... This issue is not related to --group at all. It would fail much earlier and with a very different error:
Code: Select all
# openvpn --config vpn-srv1.conf --group jambojambo
[....]
Fri Jun 1 11:52:28 2018 failed to find GID for group jambojambo
Fri Jun 1 11:52:28 2018 Exiting due to fatal error
#