OpenVPN Server not Starting?

[Core]

I'm Kind of new to VPN's and Networking has never been my strong suit but I'm pretty sure I'm doing something wrong.

My OpenVPN Conf file:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert Core.crt
key Core.key
dh dh1024.pem
server 172.17.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client

on Arch instead of init.d we have rc.d so I do

/etc/rc.d/openvpn start

and I get

Code: Select all

:: Starting OpenVPN ...  openvpn                                         [FAIL] 

Now I'm a Hobbyist Programmer so I'm use to debugging but with just a Start Fail statement I don't have much to go on.

I'm just looking for a client to client at the moment but may expand it later.

Some hints at what I'm doing wrong would be most appreciated.

[Bebop]

You're not doing too bad so far ^^

A couple of hints to get you started:

• In server.conf add:

  Code: Select all

  log         ./openvpn.log
  verb 3

  and then restart the vpn. Check log. Post log here if need be.
• When starting the vpn as a service like you are, ensure there is only a single *.conf file in /etc/openvpn/ or it will try to run all the *.confs it see's, so if you have any such as test.conf, or sample.conf -- move them away.
• Until we see log output it would be all guess-work, i don't notice any obvious issues with config (could be wrong though).
• My guess is that maybe tun0 is not ready to use yet, but just a wild guess for fun

Curious, are you on a dedi or vps? If vps, xen or openvz? They're all fine to use, with openvz just more tricky than xen or dedi..

[Core]

Here is my log output its apparently a bad certificate

Code: Select all

Sun Jul 24 08:47:52 2011 OpenVPN 2.2.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on May 14 2011
Sun Jul 24 08:47:52 2011 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Jul 24 08:47:52 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jul 24 08:47:52 2011 Diffie-Hellman initialized with 1024 bit key
Sun Jul 24 08:47:52 2011 Cannot load certificate file Core.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Sun Jul 24 08:47:52 2011 Exiting

I take it that I did something wrong when creating the certificates?

I created the certificates like how they were shown everywhere including here:

source ./vars
./clean-all
./build-ca
./build-key Core#which i replaced with ./build-key-pass as I am looking for Password
#authentication rather than Certificates
./build-key-server Core # name of server, I suppose that I should have created this first
./build-dh

When you say dedi or vps I'm assuming your talking about how my actual network is setup I'm behind a router with a subnet 192.168.1.0/24 (I think I never really understood the /8 or /24) anyhow the network ranges from


Right now its just suppose to be a Client-to-Client for small lan games that takes a username and password. I'm Pretty Interested in learning how to properly set a VPN up, I did take a look at the openVPN documentation but found it to be a little distressing as its rather thrown at you(no offense I'm sure if I were more network literate that I would understand it better).

[Bebop]

You're doing great so far, and seriously.. its all going to come together nicely. It gets easier once the certs are sorted. your server conf looks fine so don't worry about /8 or /24 just yet.

Time for some bluntness ^^. here goes:

• Delete all certs and start over.
• Follow whatever guide you're using -- without changes.
• If your guide is not geared at passwords, then don't use passwords. Or, find a guide that is.
• For now I give you this: http://library.linode.com/networking/op ... an-5-lenny
  Its helped me greatly in the past. A couple subtle differences between arch and deb won't be a prob.

If you need help with anything specific just ask. Also, anyone else reading this -- feel free to jump in and help Core out.

[Core]

Fixed server is now working but now I'm having trouble figuring out how to actually connect to the server? I'm assuming openvpn doubles as a client?

[Bebop]

It does indeed.

the only difference is the conf file. You change the directives.

[Core]

Thanks for all the help by the way nice avatar hadn't seen bebop in years.

EDIT: still no dice client can't connect period I've tried everything the only reason I need a VPN is for lan nothing else I'm assuming I'll never get this working as Networking is overly complicated.

[Mimiko]

You''l get it working. Show the client config you are using and the log file from client.

[Bebop]

I'm assuming I'll never get this working as Networking is overly complicated.

Help is here when you need it. When armed with a server.conf and a client.conf theres rarely a problem that can't be solved quickly in this place. If you change you mind, feel free to try again.