Can't get Openvpn 2.1.2 to start

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Oral Deckard
OpenVpn Newbie
Posts: 7
Joined: Wed Aug 25, 2010 8:29 pm

Can't get Openvpn 2.1.2 to start

Post by Oral Deckard » Thu Aug 26, 2010 12:24 pm

I just installed Openvpn 2.1.2.1 on a 32 bit Fedora 13. It doesn't start in the usual manner. My usual manner is to use a root console and CD to /etc/openvpn, then tell it openvpn server.conf, at which point the console asks for the password, then quickly goes to Initialization Sequence Completed, and folks can then access the VPN.

But this time I it just does this:
[root@backupserver openvpn]# openvpn server.conf
[root@backupserver openvpn]#

It doesn't hang and doesn't produce errors. It just goes back to the prompt, ready for another command.

It is installed, which is clear when I tell it just openvpn with no configuration file. That causes it to produce:

Code: Select all

OpenVPN 2.1.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Aug 25 2010

General Options:
--config file   : Read configuration options from file.
--help          : Show options.
--version       : Show copyright and version information.

Tunnel Options:
--local host    : Local host name or ip address. Implies --bind.
--remote host [port] : Remote host name or ip address.
and much more.
Also, long ago, in a much older version, files and folders were put in the /etc/openvpn folder during installation, but no more. Even in the 2.1.1.2 version I have to manually put files in there for it. Is it supposed to put files and folders in there? I think it should, because they include the licensing and such. The 2.1.1.2 works with the files i copy in from the older version, but I fear an older version file copied into it might not be the best way to run it.

Anyway, I have 2.1.1.2 running on one F13 machine, and 2.1.2.1 not running on another. The files I copied into the 2.1.2.1 machine are the same as in the 2.1.1.2 machine, with only the IPs and port numbers changed to avoid conflict. I put the second on a different subnet and gave it port 1193 instead of 1194. But it doesn't get far enough for that to matter.

What is the correct way to start this thing?

Oral Deckard
OpenVpn Newbie
Posts: 7
Joined: Wed Aug 25, 2010 8:29 pm

Re: Can't get Openvpn 2.1.2 to start

Post by Oral Deckard » Thu Aug 26, 2010 5:18 pm

In desperation I reread the HowTo from the top and found the part I did long ago and forgot about. When Openvpn is installed from an RPM the files and folders are put in /usr/share/doc/openvpn-2.1.2/easy-rsa/2.0, where I copied them to /etc/openvpn. Well, I copied the new ones to there. At least that great mystery is solved. But still it does not start.

User avatar
ecrist
Forum Team
Posts: 254
Joined: Wed Nov 26, 2008 10:33 pm
Location: Minneapolis, MN
Contact:

Re: Can't get Openvpn 2.1.2 to start

Post by ecrist » Fri Aug 27, 2010 1:32 pm

Oral,

Try enabling logging in your config and increase the verbosity to 4 or higher. That should give you some indication as to why it's not starting up.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel Twitter: @ecrist
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

Oral Deckard
OpenVpn Newbie
Posts: 7
Joined: Wed Aug 25, 2010 8:29 pm

Re: Can't get Openvpn 2.1.2 to start

Post by Oral Deckard » Fri Aug 27, 2010 4:50 pm

Thank you very much! That helped greatly. I always have verbosity set to 6 but didn't even think to check the log because it looked like it quit before it got started.

OK, here is what I found:

Code: Select all

Fri Aug 27 12:17:41 2010 us=926162 TCP/UDP: Socket bind failed on local address [undef]:1193: Address already in use
Fri Aug 27 12:17:41 2010 us=926187 Exiting
So I Changed the port to 1196 in both the server.conf and firewall forwarding and tried again. This is what I got next:

Code: Select all

Fri Aug 27 12:29:09 2010 us=105735 Current Parameter Settings:
Fri Aug 27 12:29:09 2010 us=105814   config = 'server.conf'
Fri Aug 27 12:29:09 2010 us=105832   mode = 1
Fri Aug 27 12:29:09 2010 us=105848   persist_config = DISABLED
Fri Aug 27 12:29:09 2010 us=105863   persist_mode = 1
Fri Aug 27 12:29:09 2010 us=105878 NOTE: --mute triggered...
Fri Aug 27 12:29:09 2010 us=105905 262 variation(s) on previous 5 message(s) suppressed by --mute
Fri Aug 27 12:29:09 2010 us=105925 OpenVPN 2.1.1 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan  5 2010
Fri Aug 27 12:29:09 2010 us=106080 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Aug 27 12:29:09 2010 us=106112 Note: cannot open /mnt/D/VMs/openvpn-status.log for WRITE
Fri Aug 27 12:29:09 2010 us=110519 Diffie-Hellman initialized with 1024 bit key
Fri Aug 27 12:29:09 2010 us=111330 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Aug 27 12:29:09 2010 us=111359 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 27 12:29:09 2010 us=111377 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 27 12:29:09 2010 us=111401 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Aug 27 12:29:09 2010 us=111542 ROUTE default_gateway=192.168.10.1
Fri Aug 27 12:29:09 2010 us=111884 TUN/TAP device tun1 opened
Fri Aug 27 12:29:09 2010 us=111919 TUN/TAP TX queue length set to 100
Fri Aug 27 12:29:09 2010 us=111959 /sbin/ip link set dev tun1 up mtu 1500
Fri Aug 27 12:29:09 2010 us=114364 /sbin/ip addr add dev tun1 local 10.3.0.1 peer 10.3.0.2
Fri Aug 27 12:29:09 2010 us=115718 /sbin/ip route add 10.3.0.0/24 via 10.3.0.2
RTNETLINK answers: File exists
Fri Aug 27 12:29:09 2010 us=116612 ERROR: Linux route add command failed: external program exited with error status: 2
Fri Aug 27 12:29:09 2010 us=116651 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Aug 27 16:29:09 2010 us=116894 chroot to '/var/run/openvpn' and cd to '/' succeeded
Fri Aug 27 16:29:09 2010 us=116920 GID set to nobody
Fri Aug 27 16:29:09 2010 us=116939 UID set to nobody
Fri Aug 27 16:29:09 2010 us=116960 Socket Buffers: R=[112640->131072] S=[112640->131072]
Fri Aug 27 16:29:09 2010 us=117005 UDPv4 link local (bound): [undef]:1196
Fri Aug 27 16:29:09 2010 us=117023 UDPv4 link remote: [undef]
Fri Aug 27 16:29:09 2010 us=117044 MULTI: multi_init called, r=256 v=256
Fri Aug 27 16:29:09 2010 us=117083 IFCONFIG POOL: base=10.3.0.4 size=62
Fri Aug 27 16:29:09 2010 us=117111 IFCONFIG POOL LIST
Fri Aug 27 16:29:09 2010 us=117145 Initialization Sequence Completed
The console doesn't show anything happening at all. It looks for all the world like ti hung. But the log says the sequence completed, so I pinged it, and it pinged. So I tried browsing and didn't get through.

The error says a file exists. Do you have any idea what file it means ? I suspect that once that is taken care of it will work fine.

And this isn't a problem with 2.1.2.1. Yesterday I uninstalled it and installed 2.1.1.2 with Yumex. That version is working fine on another machine, so this is clearly not a problem with Openvpn, but with my configuration of this individual machine.

User avatar
ecrist
Forum Team
Posts: 254
Joined: Wed Nov 26, 2008 10:33 pm
Location: Minneapolis, MN
Contact:

Re: Can't get Openvpn 2.1.2 to start

Post by ecrist » Fri Aug 27, 2010 6:52 pm

I'm guessing you're not running as root, which is required when making changes to the routing tables.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel Twitter: @ecrist
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

Oral Deckard
OpenVpn Newbie
Posts: 7
Joined: Wed Aug 25, 2010 8:29 pm

Re: Can't get Openvpn 2.1.2 to start

Post by Oral Deckard » Fri Aug 27, 2010 7:50 pm

Actually I am. I'm running in a console with a root prompt and Konqueror started from another root console.
I thought maybe the file it was talking about was ipp.txt where it would cache the IP addresses. It is empty. I deleted it and when I next tried it recreated it, still empty. The permissions on it are rw-------, so it should have permission to write to it.

User avatar
ecrist
Forum Team
Posts: 254
Joined: Wed Nov 26, 2008 10:33 pm
Location: Minneapolis, MN
Contact:

Re: Can't get Openvpn 2.1.2 to start

Post by ecrist » Fri Aug 27, 2010 7:56 pm

The problem is the route add is failing. I don't have a linux box handy, so you'll have to read the man page and find out what exit status 2 means.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel Twitter: @ecrist
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

Post Reply