I am having an issue with a clean new PiVPN installation.
I installed OpenVPN via PiVPN using
Code: Select all
curl -L https://install.pivpn.io | bash
After the successful installation, I created a certificate for my phone using
Code: Select all
pivpn add nopass
Where could I start troubleshooting?
As this is a new raspbian stretch lite installation and a new PiVPN installation I can always just start over. Prior to running the PiVPN installer, I gave the raspberry pi its own, static IP of 192.168.1.5. That's about all I did besides setting the local timezone and expanding the filesystem
When ssh'd into the raspberry pi I can ping local IPs as well as outside domains:
Code: Select all
PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data.
64 bytes from 192.168.1.4: icmp_seq=1 ttl=64 time=0.642 ms
64 bytes from 192.168.1.4: icmp_seq=2 ttl=64 time=0.234 ms
64 bytes from 192.168.1.4: icmp_seq=3 ttl=64 time=0.237 ms
Code: Select all
PING google.com (172.217.0.78) 56(84) bytes of data.
64 bytes from nuq04s19-in-f14.1e100.net (172.217.0.78): icmp_seq=1 ttl=52 time=47.6 ms
64 bytes from nuq04s19-in-f14.1e100.net (172.217.0.78): icmp_seq=2 ttl=52 time=46.4 ms
64 bytes from nuq04s19-in-f14.1e100.net (172.217.0.78): icmp_seq=3 ttl=52 time=47.4 ms
This is the log I am getting back from the OpenVPN app:
Code: Select all
2018-36-11 19:36:48 1
2018-36-11 19:36:48 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2018-36-11 19:36:48 Frame=512/2048/512 mssfix-ctrl=1250
2018-36-11 19:36:48 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
10 [verify-x509-name] [server_SOME_HASH] [name]
14 [verb] [3]
2018-36-11 19:36:48 EVENT: RESOLVE
2018-36-11 19:36:49 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP
2018-36-11 19:36:49 EVENT: WAIT
2018-36-11 19:36:49 Connecting to [MY_DYNDNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4
2018-36-11 19:36:49 EVENT: CONNECTING
2018-36-11 19:36:49 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
2018-36-11 19:36:49 Creds: UsernameEmpty/PasswordEmpty
2018-36-11 19:36:49 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2018-36-11 19:36:49 VERIFY OK : depth=1
cert. version : 3
serial number : A6:8C:BB:40:7D:08:D6:49
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-10-11 21:00:54
expires on : 2028-10-08 21:00:54
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2018-36-11 19:36:49 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=ChangeMe
subject name : CN=server_SOME_HASH
issued on : 2018-10-11 21:01:27
expires on : 2028-10-08 21:01:27
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-36-11 19:36:50 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-36-11 19:36:50 Session is ACTIVE
2018-36-11 19:36:50 EVENT: GET_CONFIG
2018-36-11 19:36:50 Sending PUSH_REQUEST to server...
2018-36-11 19:36:50 OPTIONS:
0 [dhcp-option] [DNS] [1.1.1.1]
1 [dhcp-option] [DNS] [1.0.0.1]
2 [block-outside-dns]
3 [redirect-gateway] [def1]
4 [route-gateway] [10.8.0.1]
5 [topology] [subnet]
6 [ping] [1800]
7 [ping-restart] [3600]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
2018-36-11 19:36:50 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: COMP_STUB
peer ID: 0
2018-36-11 19:36:50 EVENT: ASSIGN_IP
2018-36-11 19:36:50 NIP: preparing TUN network settings
2018-36-11 19:36:50 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP
2018-36-11 19:36:50 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-36-11 19:36:50 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-36-11 19:36:50 NIP: redirecting all IPv4 traffic to TUN interface
2018-36-11 19:36:50 NIP: adding DNS 1.1.1.1
2018-36-11 19:36:50 NIP: adding DNS 1.0.0.1
2018-36-11 19:36:50 Connected via NetworkExtensionTUN
2018-36-11 19:36:50 LZO-ASYM init swap=0 asym=1
2018-36-11 19:36:50 Comp-stub init swap=1
2018-36-11 19:36:50 EVENT: CONNECTED MY_DYNDNS_NAME:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
Code: Select all
client
dev tun
proto udp
remote MY_DYNDNS_NAME 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_SOME_HASH name
cipher AES-256-CBC
auth SHA256
compress lz4
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[...]
...and this is the server config:
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_SOME_HASH.crt
key /etc/openvpn/easy-rsa/pki/private/server_SOME_HASH.key
dh none
ecdh-curve secp384r1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
compress lz4
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io