Installation OpenVpn Server on centos 5.5 (Trixbox) problem

mst · Post by **mst** » Sun Mar 06, 2011 4:23 pm

Just fallowing the guide from http://michigantelephone.wordpress.com/ ... nt-part-3/

And openVpn starts but after a while whole network is unreachable - all phones connected to Trixbox are unreachable.

Sun Mar 6 05:50:10 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Sun Mar 6 05:50:10 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Sun Mar 6 05:50:10 2011 Closing TUN/TAP interface
Sun Mar 6 05:50:10 2011 SIGTERM[hard,] received, process exiting
Sun Mar 6 05:53:04 2011 OpenVPN 2.1_rc2 i386-redhat-linux [SSL] [LZO1] [EPOLL] built on Apr 15 2007
Sun Mar 6 05:53:04 2011 WARNING: file 'keys/MYCOMPANY/server.key' is group or others accessible
Sun Mar 6 05:53:04 2011 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Mar 6 05:53:04 2011 TUN/TAP device tun0 opened
Sun Mar 6 05:53:04 2011 /sbin/ip link set dev tun0 up mtu 1500
Sun Mar 6 05:53:04 2011 /sbin/ip addr add dev tun0 local 192.168.254.1 peer 192.168.254.2
Sun Mar 6 05:53:04 2011 servers/MYCOMPANY/bin/MYCOMPANY.up tun0 1500 1558 192.168.254.1 192.168.254.2 init
Sun Mar 6 05:53:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 6 05:53:04 2011 GID set to nobody
Sun Mar 6 05:53:04 2011 UID set to nobody
Sun Mar 6 05:53:04 2011 UDPv4 link local (bound): [undef]:64000
Sun Mar 6 05:53:04 2011 UDPv4 link remote: [undef]
Sun Mar 6 05:53:04 2011 Initialization Sequence Completed
Sun Mar 6 05:54:57 2011 event_wait : Interrupted system call (code=4)
Sun Mar 6 05:54:57 2011 OpenVPN CLIENT LIST
Sun Mar 6 05:54:57 2011 Updated,Sun Mar 6 05:54:57 2011
Sun Mar 6 05:54:57 2011 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Sun Mar 6 05:54:57 2011 ROUTING TABLE
Sun Mar 6 05:54:57 2011 Virtual Address,Common Name,Real Address,Last Ref
Sun Mar 6 05:54:57 2011 GLOBAL STATS
Sun Mar 6 05:54:57 2011 Max bcast/mcast queue length,0
Sun Mar 6 05:54:57 2011 END
Sun Mar 6 05:55:12 2011 event_wait : Interrupted system call (code=4)
Sun Mar 6 05:55:12 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Sun Mar 6 05:55:12 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Sun Mar 6 05:55:12 2011 Closing TUN/TAP interface
Sun Mar 6 05:55:12 2011 SIGTERM[hard,] received, process exiting

please advice

Post by **maikcat** » Sun Mar 06, 2011 5:12 pm

hi there,

i hope your server ip is not in range 192.168.254.0/24.

but first post server config first.

cheers,

michael.

mst · Post by **mst** » Mon Mar 07, 2011 1:25 pm

Thank You Michael,

this is a server config:

port 64000
proto udp
dev tun0
ca keys/MYCOMPANY/ca.crt
cert keys/MYCOMPANY/server.crt
key keys/MYCOMPANY/server.key
dh keys/MYCOMPANY/dh1024.pem
server 192.168.254.0 255.255.255.0
crl-verify keys/MYCOMPANY/crl.pem
cipher AES-128-CBC
user nobody
group nobody
status servers/MYCOMPANY/logs/openvpn-status.log
log-append servers/MYCOMPANY/logs/openvpn.log
verb 2
mute 20
max-clients 5
management 127.0.0.1 8876
keepalive 10 120
client-config-dir /etc/openvpn/servers/MYCOMPANY/ccd
comp-lzo
persist-key
persist-tun
float
ccd-exclusive
up servers/MYCOMPANY/bin/MYCOMPANY.up
down-pre servers/MYCOMPANY/bin/MYCOMPANY.down-pre
push "route 192.168.11.0 255.255.255.0"

The server has 2nd NIC but it is disables so it should not matter at this point.

down-pre (script execute before VPN down)
route delete -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.254.2 tun0

up (script execute after VPN up)
route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.254.2 tun0
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Additional Configurations
example:
push "route 192.168.100.0 255.255.255.0"
This parameter adds a route to the client when it's connected
In my case: push "route 192.168.11.0 255.255.255.0"

I have it configured from WEBMIN ......

Thank you for your help.

mst · Post by **mst** » Mon Mar 07, 2011 7:47 pm

I have apf installed on that server and this could be the problem .....

how can I add tun0 and 192.168.254.0/24 network to apf ?

Post by **maikcat** » Tue Mar 08, 2011 7:47 am

hi there,

can you disable apf for testing purposes first?

michael.

mst · Post by **mst** » Tue Mar 08, 2011 12:31 pm

Yes I did in fallowing way:

1.Start OpenVpn
2. apf -f
3. service iptables stop
4. service bfd stop

Still local network 192.168.11.x stops working. The funny thing is that my remote phone connects in VPN tunnel to the Centos while eth0 - 192.168.11x network after a while stop working .....

Post by **maikcat** » Tue Mar 08, 2011 2:17 pm

hi there,

can you remove this 2 lines from your scripts?

echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

michael.
ps:issue a echo 0 first to undo them.

mst · Post by **mst** » Tue Mar 08, 2011 2:37 pm

after removing

echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

can not start OpenVpn server ......

Post by **janjust** » Tue Mar 08, 2011 3:08 pm

please , please, please: when making statements like "cannot start openvpn" always post the relevant part of the log file - that way others can have a look as to what is going wrong

mst · Post by **mst** » Tue Mar 08, 2011 3:22 pm

take my apologies for that. It looks like I was wrong, in a matter of fact I can start OpenVpn server:

here is the log from the time when I started it:

Tue Mar 8 16:24:50 2011 OpenVPN 2.1_rc2 i386-redhat-linux [SSL] [LZO1] [EPOLL] built on Apr 15 2007
Tue Mar 8 16:24:50 2011 WARNING: file 'keys/MYCOMPONY/server.key' is group or others accessible
Tue Mar 8 16:24:50 2011 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 8 16:24:50 2011 TUN/TAP device tun0 opened
Tue Mar 8 16:24:50 2011 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 8 16:24:50 2011 /sbin/ip addr add dev tun0 local 192.168.254.1 peer 192.168.254.2
Tue Mar 8 16:24:50 2011 servers/MYCOMPONY/bin/MYCOMPONY.up tun0 1500 1558 192.168.254.1 192.168.254.2 init
Tue Mar 8 16:24:50 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 8 16:24:50 2011 GID set to nobody
Tue Mar 8 16:24:50 2011 UID set to nobody
Tue Mar 8 16:24:50 2011 UDPv4 link local (bound): [undef]:64000
Tue Mar 8 16:24:50 2011 UDPv4 link remote: [undef]
Tue Mar 8 16:24:50 2011 Initialization Sequence Completed
Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)
Tue Mar 8 16:25:14 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Tue Mar 8 16:25:14 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Tue Mar 8 16:25:14 2011 Closing TUN/TAP interface
Tue Mar 8 16:25:14 2011 servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
Tue Mar 8 16:25:14 2011 script failed: shell command exited with error status: 7
Tue Mar 8 16:25:14 2011 Exiting

Post by **maikcat** » Wed Mar 09, 2011 10:15 am

hi there,

>servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted

besides removing the 2 echo lines mentioned,
did you change something else?

michael.

Post by **janjust** » Wed Mar 09, 2011 10:53 am

hmmm you're being hit by a 'Interrupted system call' error.

Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)

the remainder of the log file

RTNETLINK answers: Operation not permitted
Tue Mar 8 16:25:14 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Tue Mar 8 16:25:14 2011 Closing TUN/TAP interface
Tue Mar 8 16:25:14 2011 servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
Tue Mar 8 16:25:14 2011 script failed: shell command exited with error status: 7
Tue Mar 8 16:25:14 2011 Exiting

is "normal" behaviour when OpenVPN is run with 'user nobody' : when the server process shuts down it no longer has the access rights to clean up the tun interface. This is nothing to worry about, the real problem is the interrupt system call - or did you press Ctrl-C there

?

mst · Post by **mst** » Wed Mar 09, 2011 12:45 pm

thank you for reply ....

I have noticed that Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)

and no I did not press CTRL + C ..... hmmm could it be a bug? What can cause this besides physically pressed CTRl C ?

Thank You again

mst · Post by **mst** » Thu Mar 10, 2011 3:05 pm

What I have noticed:

Installed another Trixbox 2.6 server and installed OpenVpn. Fallowed the link http://michigantelephone.wordpress.com/ ... nt-part-3/

Again when start OpenVpn server the local network eth0 hangs up. Log files nathing tells using verbosity 5 all looks ok.

I have installed Elastix 2.0 that is Centos 5.5 distro and compared all over..... looks like it has to be something with Trix.

DOn't understand why OpenVpn can be installed in 10 minutes in one Centos and cannot be on another ........

OpenVPN Support Forum

Installation OpenVpn Server on centos 5.5 (Trixbox) problem

Installation OpenVpn Server on centos 5.5 (Trixbox) problem

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob

Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob