[Solved] New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
shayan.rahat
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 12, 2020 5:34 pm

[Solved] New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by shayan.rahat » Sat Sep 12, 2020 7:23 pm

Dear All,
Hi,

I've recently installed an OpenVPN server on an Alibaba Cloud VPS CentOS 7 instance following, mostly this guide, https://linuxize.com/post/how-to-set-up-an-openvpn-server-on-centos-7. So, having followed things through to the end, the OpenVPN service is running on my server and I have the client configuration file on my client. When I try to connect to the server, the client simply lingers on, I'm assuming, the handshake protocol or something like that (sorry, not too familiar with networking :roll: ). Here's the log from the client's attempt to connect (also tried it with the android client, same deadly silence!):

Code: Select all

Sun Sep 13 00:24:47 2020 us=747605 Current Parameter Settings:
Sun Sep 13 00:24:47 2020 us=747605   config = 'myvpn_client.ovpn'
Sun Sep 13 00:24:47 2020 us=747605   mode = 0
Sun Sep 13 00:24:47 2020 us=747605   show_ciphers = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   show_digests = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   show_engines = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   genkey = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   key_pass_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   show_tls_ciphers = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   connect_retry_max = 0
Sun Sep 13 00:24:47 2020 us=747605 Connection profiles [0]:
Sun Sep 13 00:24:47 2020 us=747605   proto = tcp-client
Sun Sep 13 00:24:47 2020 us=747605   local = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   local_port = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   remote = 'XXX.XXX.XXX.XXX'
Sun Sep 13 00:24:47 2020 us=747605   remote_port = '443'
Sun Sep 13 00:24:47 2020 us=747605   remote_float = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   bind_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   bind_local = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   bind_ipv6_only = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   connect_retry_seconds = 5
Sun Sep 13 00:24:47 2020 us=747605   connect_timeout = 120
Sun Sep 13 00:24:47 2020 us=747605   socks_proxy_server = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   socks_proxy_port = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   tun_mtu = 1500
Sun Sep 13 00:24:47 2020 us=747605   tun_mtu_defined = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   link_mtu = 1500
Sun Sep 13 00:24:47 2020 us=747605   link_mtu_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   tun_mtu_extra = 0
Sun Sep 13 00:24:47 2020 us=747605   tun_mtu_extra_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   mtu_discover_type = -1
Sun Sep 13 00:24:47 2020 us=747605   fragment = 0
Sun Sep 13 00:24:47 2020 us=747605   mssfix = 1450
Sun Sep 13 00:24:47 2020 us=747605   explicit_exit_notification = 0
Sun Sep 13 00:24:47 2020 us=747605 Connection profiles END
Sun Sep 13 00:24:47 2020 us=747605   remote_random = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   ipchange = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   dev = 'tun'
Sun Sep 13 00:24:47 2020 us=747605   dev_type = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   dev_node = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   lladdr = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   topology = 1
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_local = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_remote_netmask = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_noexec = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_nowarn = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_ipv6_local = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_ipv6_netbits = 0
Sun Sep 13 00:24:47 2020 us=747605   ifconfig_ipv6_remote = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   shaper = 0
Sun Sep 13 00:24:47 2020 us=747605   mtu_test = 0
Sun Sep 13 00:24:47 2020 us=747605   mlock = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   keepalive_ping = 0
Sun Sep 13 00:24:47 2020 us=747605   keepalive_timeout = 0
Sun Sep 13 00:24:47 2020 us=747605   inactivity_timeout = 0
Sun Sep 13 00:24:47 2020 us=747605   ping_send_timeout = 0
Sun Sep 13 00:24:47 2020 us=747605   ping_rec_timeout = 0
Sun Sep 13 00:24:47 2020 us=747605   ping_rec_timeout_action = 0
Sun Sep 13 00:24:47 2020 us=747605   ping_timer_remote = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   remap_sigusr1 = 0
Sun Sep 13 00:24:47 2020 us=747605   persist_tun = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   persist_local_ip = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   persist_remote_ip = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   persist_key = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   passtos = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   resolve_retry_seconds = 1000000000
Sun Sep 13 00:24:47 2020 us=747605   resolve_in_advance = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   username = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   groupname = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   chroot_dir = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   cd_dir = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   writepid = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   up_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   down_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   down_pre = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   up_restart = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   up_delay = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   daemon = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   inetd = 0
Sun Sep 13 00:24:47 2020 us=747605   log = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   suppress_timestamps = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   machine_readable_output = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   nice = 0
Sun Sep 13 00:24:47 2020 us=747605   verbosity = 4
Sun Sep 13 00:24:47 2020 us=747605   mute = 0
Sun Sep 13 00:24:47 2020 us=747605   gremlin = 0
Sun Sep 13 00:24:47 2020 us=747605   status_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   status_file_version = 1
Sun Sep 13 00:24:47 2020 us=747605   status_file_update_freq = 60
Sun Sep 13 00:24:47 2020 us=747605   occ = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   rcvbuf = 0
Sun Sep 13 00:24:47 2020 us=747605   sndbuf = 0
Sun Sep 13 00:24:47 2020 us=747605   sockflags = 0
Sun Sep 13 00:24:47 2020 us=747605   fast_io = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   comp.alg = 0
Sun Sep 13 00:24:47 2020 us=747605   comp.flags = 0
Sun Sep 13 00:24:47 2020 us=747605   route_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   route_default_gateway = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   route_default_metric = 0
Sun Sep 13 00:24:47 2020 us=747605   route_noexec = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   route_delay = 5
Sun Sep 13 00:24:47 2020 us=747605   route_delay_window = 30
Sun Sep 13 00:24:47 2020 us=747605   route_delay_defined = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   route_nopull = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   route_gateway_via_dhcp = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   allow_pull_fqdn = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   Pull filters:
Sun Sep 13 00:24:47 2020 us=747605     ignore "route-method"
Sun Sep 13 00:24:47 2020 us=747605   management_addr = '127.0.0.1'
Sun Sep 13 00:24:47 2020 us=747605   management_port = '25346'
Sun Sep 13 00:24:47 2020 us=747605   management_user_pass = 'stdin'
Sun Sep 13 00:24:47 2020 us=747605   management_log_history_cache = 250
Sun Sep 13 00:24:47 2020 us=747605   management_echo_buffer_size = 100
Sun Sep 13 00:24:47 2020 us=747605   management_write_peer_info_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   management_client_user = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   management_client_group = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   management_flags = 6
Sun Sep 13 00:24:47 2020 us=747605   shared_secret_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   key_direction = 1
Sun Sep 13 00:24:47 2020 us=747605   ciphername = 'AES-256-CBC'
Sun Sep 13 00:24:47 2020 us=747605   ncp_enabled = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun Sep 13 00:24:47 2020 us=747605   authname = 'SHA256'
Sun Sep 13 00:24:47 2020 us=747605   prng_hash = 'SHA1'
Sun Sep 13 00:24:47 2020 us=747605   prng_nonce_secret_len = 16
Sun Sep 13 00:24:47 2020 us=747605   keysize = 0
Sun Sep 13 00:24:47 2020 us=747605   engine = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   replay = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   mute_replay_warnings = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   replay_window = 64
Sun Sep 13 00:24:47 2020 us=747605   replay_time = 15
Sun Sep 13 00:24:47 2020 us=747605   packet_id_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   use_iv = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   test_crypto = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   tls_server = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   tls_client = ENABLED
Sun Sep 13 00:24:47 2020 us=747605   key_method = 2
Sun Sep 13 00:24:47 2020 us=747605   ca_file = '[[INLINE]]'
Sun Sep 13 00:24:47 2020 us=747605   ca_path = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   dh_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   cert_file = '[[INLINE]]'
Sun Sep 13 00:24:47 2020 us=747605   extra_certs_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   priv_key_file = '[[INLINE]]'
Sun Sep 13 00:24:47 2020 us=747605   pkcs12_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   cryptoapi_cert = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   cipher_list = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   cipher_list_tls13 = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   tls_cert_profile = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   tls_verify = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   tls_export_cert = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   verify_x509_type = 0
Sun Sep 13 00:24:47 2020 us=747605   verify_x509_name = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   crl_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   ns_cert_type = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 65535
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_ku[i] = 0
Sun Sep 13 00:24:47 2020 us=747605   remote_cert_eku = 'TLS Web Server Authentication'
Sun Sep 13 00:24:47 2020 us=747605   ssl_flags = 0
Sun Sep 13 00:24:47 2020 us=747605   tls_timeout = 2
Sun Sep 13 00:24:47 2020 us=747605   renegotiate_bytes = -1
Sun Sep 13 00:24:47 2020 us=747605   renegotiate_packets = 0
Sun Sep 13 00:24:47 2020 us=747605   renegotiate_seconds = 3600
Sun Sep 13 00:24:47 2020 us=747605   handshake_window = 60
Sun Sep 13 00:24:47 2020 us=747605   transition_window = 3600
Sun Sep 13 00:24:47 2020 us=747605   single_session = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   push_peer_info = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   tls_exit = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   tls_auth_file = '[[INLINE]]'
Sun Sep 13 00:24:47 2020 us=747605   tls_crypt_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_protected_authentication = DISABLED
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=747605   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757747   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757747   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_private_mode = 00000000
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_cert_private = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_pin_cache_period = -1
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_id = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   pkcs11_id_management = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   server_network = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   server_netmask = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   server_network_ipv6 = ::
Sun Sep 13 00:24:47 2020 us=757782   server_netbits_ipv6 = 0
Sun Sep 13 00:24:47 2020 us=757782   server_bridge_ip = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   server_bridge_netmask = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   server_bridge_pool_start = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   server_bridge_pool_end = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_pool_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_pool_start = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_pool_end = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_pool_netmask = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_pool_persist_refresh_freq = 600
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_ipv6_pool_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_ipv6_pool_base = ::
Sun Sep 13 00:24:47 2020 us=757782   ifconfig_ipv6_pool_netbits = 0
Sun Sep 13 00:24:47 2020 us=757782   n_bcast_buf = 256
Sun Sep 13 00:24:47 2020 us=757782   tcp_queue_limit = 64
Sun Sep 13 00:24:47 2020 us=757782   real_hash_size = 256
Sun Sep 13 00:24:47 2020 us=757782   virtual_hash_size = 256
Sun Sep 13 00:24:47 2020 us=757782   client_connect_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   learn_address_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   client_disconnect_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   client_config_dir = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   ccd_exclusive = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   tmp_dir = 'C:\Users\Shayan\AppData\Local\Temp\'
Sun Sep 13 00:24:47 2020 us=757782   push_ifconfig_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   push_ifconfig_local = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   push_ifconfig_remote_netmask = 0.0.0.0
Sun Sep 13 00:24:47 2020 us=757782   push_ifconfig_ipv6_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   push_ifconfig_ipv6_local = ::/0
Sun Sep 13 00:24:47 2020 us=757782   push_ifconfig_ipv6_remote = ::
Sun Sep 13 00:24:47 2020 us=757782   enable_c2c = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   duplicate_cn = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   cf_max = 0
Sun Sep 13 00:24:47 2020 us=757782   cf_per = 0
Sun Sep 13 00:24:47 2020 us=757782   max_clients = 1024
Sun Sep 13 00:24:47 2020 us=757782   max_routes_per_client = 256
Sun Sep 13 00:24:47 2020 us=757782   auth_user_pass_verify_script = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   auth_user_pass_verify_script_via_file = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   auth_token_generate = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   auth_token_lifetime = 0
Sun Sep 13 00:24:47 2020 us=757782   client = ENABLED
Sun Sep 13 00:24:47 2020 us=757782   pull = ENABLED
Sun Sep 13 00:24:47 2020 us=757782   auth_user_pass_file = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   show_net_up = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   route_method = 3
Sun Sep 13 00:24:47 2020 us=757782   block_outside_dns = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   ip_win32_defined = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   ip_win32_type = 3
Sun Sep 13 00:24:47 2020 us=757782   dhcp_masq_offset = 0
Sun Sep 13 00:24:47 2020 us=757782   dhcp_lease_time = 31536000
Sun Sep 13 00:24:47 2020 us=757782   tap_sleep = 0
Sun Sep 13 00:24:47 2020 us=757782   dhcp_options = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   dhcp_renew = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   dhcp_pre_release = DISABLED
Sun Sep 13 00:24:47 2020 us=757782   domain = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   netbios_scope = '[UNDEF]'
Sun Sep 13 00:24:47 2020 us=757782   netbios_node_type = 0
Sun Sep 13 00:24:47 2020 us=757782   disable_nbt = DISABLED
Sun Sep 13 00:24:47 2020 us=757782 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Sun Sep 13 00:24:47 2020 us=757782 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Sep 13 00:24:47 2020 us=757782 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Enter Management Password:
Sun Sep 13 00:24:47 2020 us=757782 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25346
Sun Sep 13 00:24:47 2020 us=757782 Need hold release from management interface, waiting...
Sun Sep 13 00:24:48 2020 us=238229 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25346
Sun Sep 13 00:24:48 2020 us=357953 MANAGEMENT: CMD 'state on'
Sun Sep 13 00:24:48 2020 us=357953 MANAGEMENT: CMD 'log all on'
Sun Sep 13 00:24:48 2020 us=567619 MANAGEMENT: CMD 'echo all on'
Sun Sep 13 00:24:48 2020 us=577962 MANAGEMENT: CMD 'bytecount 5'
Sun Sep 13 00:24:48 2020 us=577962 MANAGEMENT: CMD 'hold off'
Sun Sep 13 00:24:48 2020 us=577962 MANAGEMENT: CMD 'hold release'
Sun Sep 13 00:24:48 2020 us=587472 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Sep 13 00:24:48 2020 us=587472 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Sep 13 00:24:48 2020 us=587472 Control Channel MTU parms [ L:1623 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Sun Sep 13 00:24:48 2020 us=587472 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sun Sep 13 00:24:48 2020 us=587472 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sun Sep 13 00:24:48 2020 us=587472 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sun Sep 13 00:24:48 2020 us=587472 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:443
Sun Sep 13 00:24:48 2020 us=587472 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Sep 13 00:24:48 2020 us=587472 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
Sun Sep 13 00:24:48 2020 us=587472 MANAGEMENT: >STATE:1599940488,TCP_CONNECT,,,,,,
Sun Sep 13 00:26:50 2020 us=208054 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:443 failed: Unknown error
Sun Sep 13 00:26:50 2020 us=208054 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sun Sep 13 00:26:50 2020 us=208054 MANAGEMENT: >STATE:1599940610,RECONNECTING,init_instance,,,,,
Sun Sep 13 00:26:50 2020 us=208054 Restart pause, 5 second(s)
Sun Sep 13 00:26:55 2020 us=248205 Re-using SSL/TLS context
Sun Sep 13 00:26:55 2020 us=248205 Control Channel MTU parms [ L:1623 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Sun Sep 13 00:26:55 2020 us=248205 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sun Sep 13 00:26:55 2020 us=248205 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sun Sep 13 00:26:55 2020 us=248205 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sun Sep 13 00:26:55 2020 us=248205 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:443
Sun Sep 13 00:26:55 2020 us=248205 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Sep 13 00:26:55 2020 us=248205 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
Sun Sep 13 00:26:55 2020 us=248205 MANAGEMENT: >STATE:1599940615,TCP_CONNECT,,,,,,
Sun Sep 13 00:27:14 2020 us=468058 TCP/UDP: Closing socket
Sun Sep 13 00:27:14 2020 us=468058 SIGTERM[hard,init_instance] received, process exiting
Sun Sep 13 00:27:14 2020 us=468058 MANAGEMENT: >STATE:1599940634,EXITING,init_instance,,,,,
At first, I thought the problem was with the client configuration file (because I had first tried setting things up following another guide, https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 which was somewhat terse on preparing the client configuration file.).
Yet, after some digging around, I'm starting to think that, maybe, it has something to do with firewall configurations on the server. I have a couple of reasons for suspecting that:
  • I have approximately zero knowledge about firewalls, and how it's implemented in CentOS. So, it represents a dark area where monsters are more likely to lurk!
  • Checking the OpenVPN server log, I can see that these 4 lines repeat themselves every 10 seconds:

    Code: Select all

    Sat Sep 12 22:21:58 2020 us=442495 MULTI: REAP range 240 -> 256
    Sat Sep 12 22:21:58 2020 us=442566 MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
    Sat Sep 12 22:21:58 2020 us=442575 MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
    Sat Sep 12 22:21:58 2020 us=442582 MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
    Sat Sep 12 22:21:58 2020 us=442591 SCHEDULE: schedule_find_least NULL
    
  • I can't see anything showing up on journalctl -f . Though that one is quite crowded by logs from all the good folks trying to force their way in, I don't see the slightest sign of my attempted connections on the client side.
Here's my server configuration file; comments deleted; genitalia XXd out ;) :
Server config

port 443

proto tcp

dev tun

ca ca.crt
cert myvpn.crt
key myvpn.key # This file should be kept secret

dh dh.pem

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

keepalive 10 120

tls-auth ta.key 0 # This file is secret

cipher AES-256-CBC

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log
log openvpn.log
log-append openvpn.log

verb 4

auth SHA256


And the client configuration file; similarly with comments deleted; genitalia XXd out ;) :
Client config

client

dev tun

proto tcp

remote XXX.XXX.XXX.XXX 443

resolv-retry infinite

nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

remote-cert-tls server

cipher AES-256-CBC

verb 4

auth SHA256
key-direction 1
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

</key>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
db:...
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Shayan-Easy-RSA CA
Validity
Not Before: Sep 12 15:43:16 2020 GMT
Not After : Dec 16 15:43:16 2022 GMT
Subject: CN=shayan_client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:

X509v3 Authority Key Identifier:
keyid:
DirName:/CN=Easy-RSA CA
serial:

X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
4c:b5...


-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>


Lastly, some information from the firewall settings, though I'm not sure if I'm including sufficient information in this regard since, as mentioned, I hardly know anything about it:

Code: Select all

sudo firewall-cmd --get-log-denied  --> all
sudo firewall-cmd --get-default-zone --> public
sudo firewall-cmd --get-active-zones -->
public
  interfaces: eth0
trusted
  interfaces: tun0

sudo firewall-cmd --list-all-zones -->
block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client openvpn ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: tun0
  sources:
  services:
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
So, I'd be immensely thankful if anybody can help me out, or guide me in the right direction to fix this.
Regards,
Shayan
Last edited by shayan.rahat on Sat Sep 12, 2020 8:01 pm, edited 2 times in total.

User avatar
Pippin
Forum Team
Posts: 869
Joined: Wed Jul 01, 2015 8:03 am

Re: New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by Pippin » Sat Sep 12, 2020 7:39 pm


User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7790
Joined: Fri Jun 03, 2016 1:17 pm

Re: New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by TinCanTech » Sat Sep 12, 2020 7:51 pm

If you want openvpn log file to help then use --verb 4

shayan.rahat
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 12, 2020 5:34 pm

Re: New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by shayan.rahat » Sat Sep 12, 2020 8:07 pm

Thanks for the suggestion regarding --verb 4 TinCanTech. I followed your advice, changed it in both config files, reset the OpenVPN service on the server and updated the logs in the original post.
Sorry for the tagging & formatting violations Pippin. Thanks for the pointer to the HOWTO as well. I think I had ran into that one as well during my initial search for a guide in setting things up. But I thought I'd be less likely to commit mistakes if I follow a more specific (i. e. CentOS 7) guide instead. If all else fails, I'd reset the OS and start from scratch following that HOWTO.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7790
Joined: Fri Jun 03, 2016 1:17 pm

Re: New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by TinCanTech » Sat Sep 12, 2020 8:19 pm

shayan.rahat wrote:
Sat Sep 12, 2020 7:23 pm
Sun Sep 13 00:26:50 2020 us=208054 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:443 failed: Unknown error
Sun Sep 13 00:26:50 2020 us=208054 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sun Sep 13 00:26:50 2020 us=208054 MANAGEMENT: >STATE:1599940610,RECONNECTING,init_instance,,,,,
Sun Sep 13 00:26:50 2020 us=208054 Restart pause, 5 second(s)
Probably your firewall.

shayan.rahat
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 12, 2020 5:34 pm

Re: New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by shayan.rahat » Sun Sep 13, 2020 4:24 am

So, still digging around to find the source of the problem, I'm looking at this line in my OpenVPN server log:

Code: Select all

Listening for incoming TCP connection on [AF_INET][undef]:443
Is this how it's supposed to be or should it list the network interface or the server's public IP address instead of [AF_INET][undef]?

shayan.rahat
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 12, 2020 5:34 pm

Re: New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by shayan.rahat » Sun Sep 13, 2020 6:08 am

So, after searching further and scanning my VPN server with nmap, I managed to learn that default security rules for the Alibaba Cloud panel filtered all incoming traffic except for ssh. So, added a rule to open up traffic for OpenVPN and that was it!

User avatar
Pippin
Forum Team
Posts: 869
Joined: Wed Jul 01, 2015 8:03 am

Re: [Solved] New OpenVPN Installation - Service Seems Unable to Start Listening for Connections

Post by Pippin » Sun Sep 13, 2020 8:29 am

Thanks for letting us now.

Post Reply