Auth reask

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nenel
OpenVpn Newbie
Posts: 3
Joined: Thu Apr 28, 2011 9:30 am

Auth reask

Post by nenel » Thu Apr 28, 2011 9:45 am

Hello,

I've successfully setup a working client of OpenVPN on DNS-320 (arm architecture) under Debian.

It's starting correctly from the command line (openvpn --config /etc/openvpn/xxxx.conf), from the init script when I'm connected to the box, using auth-user-pass method and initiating the connection correctly.

However, I noticed it stops functionning after a while, so I've launched it under "screen -L openvpn --config /etc/openvpn/xxxx.conf" with 'verb 4' to have a trace (btw, it does not log to /var/log/syslog, but that's another issue imho).

The log shows that it "stops" functionning a short while after I've disconnected my ssh session; actually it asks after a while (no timestamp in the message) for authentication whereas the auth-user-pass is been working correctly on initial startup and then, of course, fails to reconnect to the server properly.

The tun module was compiled it by myself on the box, but it is still there so I assume the tun module does not crash. Restarting by hand the client allows the tunnel to be established, so no hung can be proved from that side (at least!).

Have I missed any configuration option, or something else (lack of entropy, tty related-stuff)?

Many thanks for your help

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Auth reask

Post by janjust » Thu Apr 28, 2011 10:45 am

Try adding

Code: Select all

daemon
syslog
this will cause openvpn to daemonize itself and to write all output to syslog ; you can supply an optional name to both (e.g. 'syslog openvpn').

nenel
OpenVpn Newbie
Posts: 3
Joined: Thu Apr 28, 2011 9:30 am

Re: Auth reask

Post by nenel » Thu Apr 28, 2011 12:08 pm

Thanks for the quick reply, ok, trying that... (syslog appeared again, thx !)

Code: Select all

# Which device
dev tun
fast-io

persist-key
persist-tun

nobind
remote xxx.xxxxxxxxx.com 1194

pull
comp-lzo

tls-client
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
ca /etc/openvpn/ca.crt
dh /etc/openvpn/dh1024.pem

# Use Encryption
cipher AES-128-CBC

route-method exe
route-delay 2

auth-user-pass /etc/openvpn/pass.txt

verb 3
mute 5
syslog

daemon

Part of this code was provided by my OpenVpn provider, so dunno the side effect of every option (this is my first try...), neither if some are only optional. Probably worth a try ! :D

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Auth reask

Post by janjust » Thu Apr 28, 2011 1:39 pm

depends a bit on the server setup, but this client setup is never going to work. try

Code: Select all

# Which device
dev tun
fast-io

persist-key
persist-tun

nobind
remote xxx.xxxxxxxxx.com 1194

client
comp-lzo

cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
ca /etc/openvpn/ca.crt

# Use Encryption
cipher AES-128-CBC

auth-user-pass /etc/openvpn/pass.txt

verb 3
mute 5
syslog
daemon


nenel
OpenVpn Newbie
Posts: 3
Joined: Thu Apr 28, 2011 9:30 am

Re: Auth reask

Post by nenel » Fri Apr 29, 2011 9:38 am

Many thanks, working wonderfully since the change for ~24h !

Keep up the good work :)

Post Reply