Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by Pippin » Sun Jul 31, 2022 9:13 pm

Hi,

Remove this,

Code: Select all

ipconfig-pool-persist ipp.txt
and try again.

It is spelled wrongly...
There is a better way to reserve tunnel IP but first try it.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Sun Jul 31, 2022 9:22 pm

tamar wrote:
Sun Jul 31, 2022 7:49 pm
I am stuck with it for a number of critical operation
:roll:

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by Pippin » Sun Jul 31, 2022 9:39 pm

@tamar
Ok, I have taken a closer look and have a hard time believing this ever worked with what you posted .....?
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

tamar
OpenVPN User
Posts: 32
Joined: Fri Apr 30, 2021 1:42 am

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by tamar » Mon Aug 01, 2022 11:21 am

I swear it did, Pippin. 🤷🏻‍♀️

But I manually hand typed the ifconfig-pool-persist ipp.txt. (I still have a commented version of the server.conf, so I reposted here by hand.) It was correct in the conf.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Mon Aug 01, 2022 11:38 am

Also remove compression settings from all of your client configs.

tamar
OpenVPN User
Posts: 32
Joined: Fri Apr 30, 2021 1:42 am

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by tamar » Mon Aug 01, 2022 11:46 am

All done - still not connecting :( grr.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Mon Aug 01, 2022 11:55 am

Not connecting is not the same as IP Version 15, please post the log files of server and client for the single connection attempt.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by Pippin » Mon Aug 01, 2022 5:58 pm

Hi,

Your config with some comments/adjustments, read them side by side with manual 2.5:
https://build.openvpn.net/man/openvpn-2 ... vpn.8.html

Code: Select all

port     ###<change
proto udp
dev tun
ca ca.crt
cert issued/server.crt
key private/server.key
dh dh.pem
topology subnet
server 172.16.0.0 255.255.255.0
#ipconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.10.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 60
tls-auth ta.key 0
cipher AES-256-CBC
#comp-lzo
#user nobody
#group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
#log-append  /var/log/openvpn/openvpn.log     ###< for per start log, see log  /var/log/openvpn/openvpn.log
log  /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA512
route 10.10.10.1 255.255.255.0

Code: Select all

client
#tls-client     ###<client already does this
#pull     ###<client already does this
dev tun
proto udp
remote hostname port     ###<change
resolv-retry infinite
nobind
#dhcp-option DNS 8.8.8.8
persist-key
persist-tun
#key-direction 1     ###<no need, see tls-auth ta.key 1
tls-auth ta.key 1
#comp-lzo
verb 4
ca ca.crt
cert client.crt
key client.key
auth SHA512
cipher AES-256-CBC
#client-config-dir ccd      ###<server side option here???
explicit-exit-notify 2
Try it and post server and client logs if it doesn't work.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Mon Aug 01, 2022 6:10 pm

Pippin wrote:
Mon Aug 01, 2022 5:58 pm
client
<snip>
#client-config-dir ccd ###<server side option here???
Indeed ..

Code: Select all

Options error: --client-config-dir/--ccd-exclusive requires --mode server
Use --help for more information.

tamar
OpenVPN User
Posts: 32
Joined: Fri Apr 30, 2021 1:42 am

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by tamar » Mon Aug 01, 2022 11:55 pm

Weird, that exact layout worked beforehand. Anyway, curious to hear why you recommend changing the port number.

I changed a few ports, and restarted the server and it seems to have worked, but it works on the old port as well. I don't know exactly what changed, maybe the fact that I had to delete and reload the .ovpn file with that client-config-dir ccd removal. A note for anyone like me: it helps to fully delete the profile from the app, not just to restart it with edits (since I guess it only reads it once).

I tried the exact same settings in my all-in-one file with the certificates, but that never got to working, despite the first half being identical (except for the calls to the certificates and keys). Can't explain that one. Still can't explain the other really either though.

Code: Select all

client
#tls-client
#pull
dev tun
proto udp
remote server port
resolv-retry infinite
nobind
#dhcp-option DNS 8.8.8.8
persist-key
persist-tun
#key-direction 1
verb 4
auth SHA512
cipher AES-256-CBC
#client-config-dir ccd 
<ca>
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
I appreciate your assistance and your patience with me.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Mon Aug 01, 2022 11:58 pm

tamar wrote:
Mon Aug 01, 2022 11:55 pm
Weird, that exact layout worked beforehand

<snip>

it helps to fully delete the profile from the app
If the app is Android then the option is probably ignored.

tamar
OpenVPN User
Posts: 32
Joined: Fri Apr 30, 2021 1:42 am

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by tamar » Tue Aug 02, 2022 5:11 pm

TinCanTech wrote:
Mon Aug 01, 2022 11:58 pm
tamar wrote:
Mon Aug 01, 2022 11:55 pm
Weird, that exact layout worked beforehand

<snip>

it helps to fully delete the profile from the app
If the app is Android then the option is probably ignored.
Done each time. I figured it wasn't reloading the profile via app restarts anyway.

tamar
OpenVPN User
Posts: 32
Joined: Fri Apr 30, 2021 1:42 am

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by tamar » Fri Aug 05, 2022 11:35 pm

Any further recommendations since removing/restoring the profile is not resolving the issue?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Sat Aug 06, 2022 1:26 am

Remove compression settings from your server and all of your clients configuration files.

IP version=15 errors are caused by incompatible compression between server and client.

tamar
OpenVPN User
Posts: 32
Joined: Fri Apr 30, 2021 1:42 am

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by tamar » Tue Aug 09, 2022 1:45 am

Compression is turned off on the server and client sides. These are the files that contain the different .crt and .key references.

Can't figure out what it is here.

Code: Select all

client
dev tun
proto udp
remote server port
resolv-retry infinite
nobind
persist-key
persist-tun
verb 4
auth SHA512
cipher AES-256-CBC
<ca>
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Post by TinCanTech » Tue Aug 09, 2022 10:35 am

Does the VPN work for all of your clients ?

Do you still see IP-Version 15 packet messages in your log ?

If the answer is yes to both those questions then you have probably missed one of your clients.

I can't do any more than that.

Post Reply