Hello,
I've successfully setup a working client of OpenVPN on DNS-320 (arm architecture) under Debian.
It's starting correctly from the command line (openvpn --config /etc/openvpn/xxxx.conf), from the init script when I'm connected to the box, using auth-user-pass method and initiating the connection correctly.
However, I noticed it stops functionning after a while, so I've launched it under "screen -L openvpn --config /etc/openvpn/xxxx.conf" with 'verb 4' to have a trace (btw, it does not log to /var/log/syslog, but that's another issue imho).
The log shows that it "stops" functionning a short while after I've disconnected my ssh session; actually it asks after a while (no timestamp in the message) for authentication whereas the auth-user-pass is been working correctly on initial startup and then, of course, fails to reconnect to the server properly.
The tun module was compiled it by myself on the box, but it is still there so I assume the tun module does not crash. Restarting by hand the client allows the tunnel to be established, so no hung can be proved from that side (at least!).
Have I missed any configuration option, or something else (lack of entropy, tty related-stuff)?
Many thanks for your help
Auth reask
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Auth reask
Try adding
this will cause openvpn to daemonize itself and to write all output to syslog ; you can supply an optional name to both (e.g. 'syslog openvpn').
Code: Select all
daemon
syslog
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Apr 28, 2011 9:30 am
Re: Auth reask
Thanks for the quick reply, ok, trying that... (syslog appeared again, thx !)
Part of this code was provided by my OpenVpn provider, so dunno the side effect of every option (this is my first try...), neither if some are only optional. Probably worth a try !
Code: Select all
# Which device
dev tun
fast-io
persist-key
persist-tun
nobind
remote xxx.xxxxxxxxx.com 1194
pull
comp-lzo
tls-client
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
ca /etc/openvpn/ca.crt
dh /etc/openvpn/dh1024.pem
# Use Encryption
cipher AES-128-CBC
route-method exe
route-delay 2
auth-user-pass /etc/openvpn/pass.txt
verb 3
mute 5
syslog
daemon
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Auth reask
depends a bit on the server setup, but this client setup is never going to work. try
Code: Select all
# Which device
dev tun
fast-io
persist-key
persist-tun
nobind
remote xxx.xxxxxxxxx.com 1194
client
comp-lzo
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
ca /etc/openvpn/ca.crt
# Use Encryption
cipher AES-128-CBC
auth-user-pass /etc/openvpn/pass.txt
verb 3
mute 5
syslog
daemon
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Apr 28, 2011 9:30 am
Re: Auth reask
Many thanks, working wonderfully since the change for ~24h !
Keep up the good work
Keep up the good work