Installation OpenVpn Server on centos 5.5 (Trixbox) problem
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Installation OpenVpn Server on centos 5.5 (Trixbox) problem
Just fallowing the guide from http://michigantelephone.wordpress.com/ ... nt-part-3/
And openVpn starts but after a while whole network is unreachable - all phones connected to Trixbox are unreachable.
Sun Mar 6 05:50:10 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Sun Mar 6 05:50:10 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Sun Mar 6 05:50:10 2011 Closing TUN/TAP interface
Sun Mar 6 05:50:10 2011 SIGTERM[hard,] received, process exiting
Sun Mar 6 05:53:04 2011 OpenVPN 2.1_rc2 i386-redhat-linux [SSL] [LZO1] [EPOLL] built on Apr 15 2007
Sun Mar 6 05:53:04 2011 WARNING: file 'keys/MYCOMPANY/server.key' is group or others accessible
Sun Mar 6 05:53:04 2011 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Mar 6 05:53:04 2011 TUN/TAP device tun0 opened
Sun Mar 6 05:53:04 2011 /sbin/ip link set dev tun0 up mtu 1500
Sun Mar 6 05:53:04 2011 /sbin/ip addr add dev tun0 local 192.168.254.1 peer 192.168.254.2
Sun Mar 6 05:53:04 2011 servers/MYCOMPANY/bin/MYCOMPANY.up tun0 1500 1558 192.168.254.1 192.168.254.2 init
Sun Mar 6 05:53:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 6 05:53:04 2011 GID set to nobody
Sun Mar 6 05:53:04 2011 UID set to nobody
Sun Mar 6 05:53:04 2011 UDPv4 link local (bound): [undef]:64000
Sun Mar 6 05:53:04 2011 UDPv4 link remote: [undef]
Sun Mar 6 05:53:04 2011 Initialization Sequence Completed
Sun Mar 6 05:54:57 2011 event_wait : Interrupted system call (code=4)
Sun Mar 6 05:54:57 2011 OpenVPN CLIENT LIST
Sun Mar 6 05:54:57 2011 Updated,Sun Mar 6 05:54:57 2011
Sun Mar 6 05:54:57 2011 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Sun Mar 6 05:54:57 2011 ROUTING TABLE
Sun Mar 6 05:54:57 2011 Virtual Address,Common Name,Real Address,Last Ref
Sun Mar 6 05:54:57 2011 GLOBAL STATS
Sun Mar 6 05:54:57 2011 Max bcast/mcast queue length,0
Sun Mar 6 05:54:57 2011 END
Sun Mar 6 05:55:12 2011 event_wait : Interrupted system call (code=4)
Sun Mar 6 05:55:12 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Sun Mar 6 05:55:12 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Sun Mar 6 05:55:12 2011 Closing TUN/TAP interface
Sun Mar 6 05:55:12 2011 SIGTERM[hard,] received, process exiting
please advice
And openVpn starts but after a while whole network is unreachable - all phones connected to Trixbox are unreachable.
Sun Mar 6 05:50:10 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Sun Mar 6 05:50:10 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Sun Mar 6 05:50:10 2011 Closing TUN/TAP interface
Sun Mar 6 05:50:10 2011 SIGTERM[hard,] received, process exiting
Sun Mar 6 05:53:04 2011 OpenVPN 2.1_rc2 i386-redhat-linux [SSL] [LZO1] [EPOLL] built on Apr 15 2007
Sun Mar 6 05:53:04 2011 WARNING: file 'keys/MYCOMPANY/server.key' is group or others accessible
Sun Mar 6 05:53:04 2011 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Mar 6 05:53:04 2011 TUN/TAP device tun0 opened
Sun Mar 6 05:53:04 2011 /sbin/ip link set dev tun0 up mtu 1500
Sun Mar 6 05:53:04 2011 /sbin/ip addr add dev tun0 local 192.168.254.1 peer 192.168.254.2
Sun Mar 6 05:53:04 2011 servers/MYCOMPANY/bin/MYCOMPANY.up tun0 1500 1558 192.168.254.1 192.168.254.2 init
Sun Mar 6 05:53:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 6 05:53:04 2011 GID set to nobody
Sun Mar 6 05:53:04 2011 UID set to nobody
Sun Mar 6 05:53:04 2011 UDPv4 link local (bound): [undef]:64000
Sun Mar 6 05:53:04 2011 UDPv4 link remote: [undef]
Sun Mar 6 05:53:04 2011 Initialization Sequence Completed
Sun Mar 6 05:54:57 2011 event_wait : Interrupted system call (code=4)
Sun Mar 6 05:54:57 2011 OpenVPN CLIENT LIST
Sun Mar 6 05:54:57 2011 Updated,Sun Mar 6 05:54:57 2011
Sun Mar 6 05:54:57 2011 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Sun Mar 6 05:54:57 2011 ROUTING TABLE
Sun Mar 6 05:54:57 2011 Virtual Address,Common Name,Real Address,Last Ref
Sun Mar 6 05:54:57 2011 GLOBAL STATS
Sun Mar 6 05:54:57 2011 Max bcast/mcast queue length,0
Sun Mar 6 05:54:57 2011 END
Sun Mar 6 05:55:12 2011 event_wait : Interrupted system call (code=4)
Sun Mar 6 05:55:12 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Sun Mar 6 05:55:12 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Sun Mar 6 05:55:12 2011 Closing TUN/TAP interface
Sun Mar 6 05:55:12 2011 SIGTERM[hard,] received, process exiting
please advice
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
hi there,
i hope your server ip is not in range 192.168.254.0/24.
but first post server config first.
cheers,
michael.
i hope your server ip is not in range 192.168.254.0/24.
but first post server config first.
cheers,
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
Thank You Michael,
this is a server config:
port 64000
proto udp
dev tun0
ca keys/MYCOMPANY/ca.crt
cert keys/MYCOMPANY/server.crt
key keys/MYCOMPANY/server.key
dh keys/MYCOMPANY/dh1024.pem
server 192.168.254.0 255.255.255.0
crl-verify keys/MYCOMPANY/crl.pem
cipher AES-128-CBC
user nobody
group nobody
status servers/MYCOMPANY/logs/openvpn-status.log
log-append servers/MYCOMPANY/logs/openvpn.log
verb 2
mute 20
max-clients 5
management 127.0.0.1 8876
keepalive 10 120
client-config-dir /etc/openvpn/servers/MYCOMPANY/ccd
comp-lzo
persist-key
persist-tun
float
ccd-exclusive
up servers/MYCOMPANY/bin/MYCOMPANY.up
down-pre servers/MYCOMPANY/bin/MYCOMPANY.down-pre
push "route 192.168.11.0 255.255.255.0"
The server has 2nd NIC but it is disables so it should not matter at this point.
down-pre (script execute before VPN down)
route delete -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.254.2 tun0
up (script execute after VPN up)
route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.254.2 tun0
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
Additional Configurations
example:
push "route 192.168.100.0 255.255.255.0"
This parameter adds a route to the client when it's connected
In my case: push "route 192.168.11.0 255.255.255.0"
I have it configured from WEBMIN ......
Thank you for your help.
this is a server config:
port 64000
proto udp
dev tun0
ca keys/MYCOMPANY/ca.crt
cert keys/MYCOMPANY/server.crt
key keys/MYCOMPANY/server.key
dh keys/MYCOMPANY/dh1024.pem
server 192.168.254.0 255.255.255.0
crl-verify keys/MYCOMPANY/crl.pem
cipher AES-128-CBC
user nobody
group nobody
status servers/MYCOMPANY/logs/openvpn-status.log
log-append servers/MYCOMPANY/logs/openvpn.log
verb 2
mute 20
max-clients 5
management 127.0.0.1 8876
keepalive 10 120
client-config-dir /etc/openvpn/servers/MYCOMPANY/ccd
comp-lzo
persist-key
persist-tun
float
ccd-exclusive
up servers/MYCOMPANY/bin/MYCOMPANY.up
down-pre servers/MYCOMPANY/bin/MYCOMPANY.down-pre
push "route 192.168.11.0 255.255.255.0"
The server has 2nd NIC but it is disables so it should not matter at this point.
down-pre (script execute before VPN down)
route delete -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.254.2 tun0
up (script execute after VPN up)
route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.254.2 tun0
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
Additional Configurations
example:
push "route 192.168.100.0 255.255.255.0"
This parameter adds a route to the client when it's connected
In my case: push "route 192.168.11.0 255.255.255.0"
I have it configured from WEBMIN ......
Thank you for your help.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
I have apf installed on that server and this could be the problem .....
how can I add tun0 and 192.168.254.0/24 network to apf ?
how can I add tun0 and 192.168.254.0/24 network to apf ?
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
hi there,
can you disable apf for testing purposes first?
michael.
can you disable apf for testing purposes first?
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
Yes I did in fallowing way:
1.Start OpenVpn
2. apf -f
3. service iptables stop
4. service bfd stop
Still local network 192.168.11.x stops working. The funny thing is that my remote phone connects in VPN tunnel to the Centos while eth0 - 192.168.11x network after a while stop working .....
1.Start OpenVpn
2. apf -f
3. service iptables stop
4. service bfd stop
Still local network 192.168.11.x stops working. The funny thing is that my remote phone connects in VPN tunnel to the Centos while eth0 - 192.168.11x network after a while stop working .....
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
hi there,
can you remove this 2 lines from your scripts?
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
michael.
ps:issue a echo 0 first to undo them.
can you remove this 2 lines from your scripts?
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
michael.
ps:issue a echo 0 first to undo them.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
after removing
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
can not start OpenVpn server ......
echo 1 > /proc/sys/net/ipv4/conf/tun0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
can not start OpenVpn server ......
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
please , please, please: when making statements like "cannot start openvpn" always post the relevant part of the log file - that way others can have a look as to what is going wrong
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
take my apologies for that. It looks like I was wrong, in a matter of fact I can start OpenVpn server:
here is the log from the time when I started it:
Tue Mar 8 16:24:50 2011 OpenVPN 2.1_rc2 i386-redhat-linux [SSL] [LZO1] [EPOLL] built on Apr 15 2007
Tue Mar 8 16:24:50 2011 WARNING: file 'keys/MYCOMPONY/server.key' is group or others accessible
Tue Mar 8 16:24:50 2011 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 8 16:24:50 2011 TUN/TAP device tun0 opened
Tue Mar 8 16:24:50 2011 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 8 16:24:50 2011 /sbin/ip addr add dev tun0 local 192.168.254.1 peer 192.168.254.2
Tue Mar 8 16:24:50 2011 servers/MYCOMPONY/bin/MYCOMPONY.up tun0 1500 1558 192.168.254.1 192.168.254.2 init
Tue Mar 8 16:24:50 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 8 16:24:50 2011 GID set to nobody
Tue Mar 8 16:24:50 2011 UID set to nobody
Tue Mar 8 16:24:50 2011 UDPv4 link local (bound): [undef]:64000
Tue Mar 8 16:24:50 2011 UDPv4 link remote: [undef]
Tue Mar 8 16:24:50 2011 Initialization Sequence Completed
Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)
Tue Mar 8 16:25:14 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Tue Mar 8 16:25:14 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Tue Mar 8 16:25:14 2011 Closing TUN/TAP interface
Tue Mar 8 16:25:14 2011 servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
Tue Mar 8 16:25:14 2011 script failed: shell command exited with error status: 7
Tue Mar 8 16:25:14 2011 Exiting
here is the log from the time when I started it:
Tue Mar 8 16:24:50 2011 OpenVPN 2.1_rc2 i386-redhat-linux [SSL] [LZO1] [EPOLL] built on Apr 15 2007
Tue Mar 8 16:24:50 2011 WARNING: file 'keys/MYCOMPONY/server.key' is group or others accessible
Tue Mar 8 16:24:50 2011 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 8 16:24:50 2011 TUN/TAP device tun0 opened
Tue Mar 8 16:24:50 2011 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 8 16:24:50 2011 /sbin/ip addr add dev tun0 local 192.168.254.1 peer 192.168.254.2
Tue Mar 8 16:24:50 2011 servers/MYCOMPONY/bin/MYCOMPONY.up tun0 1500 1558 192.168.254.1 192.168.254.2 init
Tue Mar 8 16:24:50 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 8 16:24:50 2011 GID set to nobody
Tue Mar 8 16:24:50 2011 UID set to nobody
Tue Mar 8 16:24:50 2011 UDPv4 link local (bound): [undef]:64000
Tue Mar 8 16:24:50 2011 UDPv4 link remote: [undef]
Tue Mar 8 16:24:50 2011 Initialization Sequence Completed
Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)
Tue Mar 8 16:25:14 2011 TCP/UDP: Closing socket
RTNETLINK answers: Operation not permitted
Tue Mar 8 16:25:14 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Tue Mar 8 16:25:14 2011 Closing TUN/TAP interface
Tue Mar 8 16:25:14 2011 servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
Tue Mar 8 16:25:14 2011 script failed: shell command exited with error status: 7
Tue Mar 8 16:25:14 2011 Exiting
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
hi there,
>servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
besides removing the 2 echo lines mentioned,
did you change something else?
michael.
>servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
besides removing the 2 echo lines mentioned,
did you change something else?
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
hmmm you're being hit by a 'Interrupted system call' error.
the remainder of the log fileTue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)
is "normal" behaviour when OpenVPN is run with 'user nobody' : when the server process shuts down it no longer has the access rights to clean up the tun interface. This is nothing to worry about, the real problem is the interrupt system call - or did you press Ctrl-C there ?RTNETLINK answers: Operation not permitted
Tue Mar 8 16:25:14 2011 ERROR: Linux route delete command failed: shell command exited with error status: 2
Tue Mar 8 16:25:14 2011 Closing TUN/TAP interface
Tue Mar 8 16:25:14 2011 servers/MYCOMPONY/bin/MYCOMPONY.down tun0 1500 1558 192.168.254.1 192.168.254.2 init
SIOCDELRT: Operation not permitted
Tue Mar 8 16:25:14 2011 script failed: shell command exited with error status: 7
Tue Mar 8 16:25:14 2011 Exiting
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
thank you for reply ....
I have noticed that Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)
and no I did not press CTRL + C ..... hmmm could it be a bug? What can cause this besides physically pressed CTRl C ?
Thank You again
I have noticed that Tue Mar 8 16:25:14 2011 event_wait : Interrupted system call (code=4)
and no I did not press CTRL + C ..... hmmm could it be a bug? What can cause this besides physically pressed CTRl C ?
Thank You again
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sun Mar 06, 2011 4:18 pm
Re: Installation OpenVpn Server on centos 5.5 (Trixbox) prob
What I have noticed:
Installed another Trixbox 2.6 server and installed OpenVpn. Fallowed the link http://michigantelephone.wordpress.com/ ... nt-part-3/
Again when start OpenVpn server the local network eth0 hangs up. Log files nathing tells using verbosity 5 all looks ok.
I have installed Elastix 2.0 that is Centos 5.5 distro and compared all over..... looks like it has to be something with Trix.
DOn't understand why OpenVpn can be installed in 10 minutes in one Centos and cannot be on another ........
Installed another Trixbox 2.6 server and installed OpenVpn. Fallowed the link http://michigantelephone.wordpress.com/ ... nt-part-3/
Again when start OpenVpn server the local network eth0 hangs up. Log files nathing tells using verbosity 5 all looks ok.
I have installed Elastix 2.0 that is Centos 5.5 distro and compared all over..... looks like it has to be something with Trix.
DOn't understand why OpenVpn can be installed in 10 minutes in one Centos and cannot be on another ........