Help with installation needed

[juus]

Ive done install according to tutorial on site, but openvpn wont start.
This is output from - openvpn server.conf

Thu Aug 18 05:57:48 2011 OpenVPN 2.2.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 17 2011
Thu Aug 18 05:57:48 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 18 05:57:48 2011 Diffie-Hellman initialized with 2048 bit key
Thu Aug 18 05:57:48 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 18 05:57:48 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Thu Aug 18 05:57:48 2011 ROUTE: default_gateway=UNDEF
Thu Aug 18 05:57:48 2011 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Thu Aug 18 05:57:48 2011 /sbin/ifconfig 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
SIOCSIFADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFDSTADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFMTU: No such device
Thu Aug 18 05:57:48 2011 Linux ifconfig failed: external program exited with error status: 1
Thu Aug 18 05:57:48 2011 Exiting


Help would be appreciated, thanks

[janjust]

are you running as root? which Linux distro are you using? does your Linux distro come with the 'tun' driver (do a 'modinfo tun')

[juus]

Running debian & yes as root.
modinfo tun returns: modinfo: could not open /lib/modules/2.6.18-028stab085.5/modules.dep

[janjust]

seems like your kernel is not properly installed - if

Code: Select all

modprobe tun

does not work then openvpn will never work...

[juus]

modprobe tun
FATAL: Could not load /lib/modules/2.6.18-028stab085.5/modules.dep: No such file or directory

hmmm. it on VPS <- could that be problem?
If so i will try install on server later to check.

[janjust]

VPS is most likely the issue here: read up on e.g.
http://samj.net/2010/01/howto-set-up-op ... n-vps.html
you will need to enable Tun/Tap in the VPS Control Panel.

[juus]

Gave up on VPS & used sevrver - installed & connected 100%.
How do i know all traffic is being routed through vpn now?

[janjust]

from the client do a 'traceroute' ('tracert' on windows) to a host on the internet, e.g. 8.8.8.8 - the first hop should be the VPN server IP.

[juus]

first hop is my direct connection to net, not the vpn ip.
How do i get it to route through vpn? Have not seen anything in tutorial or am i missing something?

[janjust]

which tutorial?
add

Code: Select all

route-gateway def1

to the client config and reconnect; alternatively you can add

Code: Select all

push "route-gateway def1"

to the server config and restart the server; all connecting clients will not receive the 'route gateway' directive.

[juus]

I have tried your sugegstion, vpn connects but still no traffic thru it
I can ping vpn ip but cannot ping any other ips eg. 8.8.8.8 (google dns)


Fri Aug 19 12:55:15 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Fri Aug 19 12:55:15 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Aug 19 12:55:15 2011 LZO compression initialized
Fri Aug 19 12:55:15 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Aug 19 12:55:15 2011 Socket Buffers: R=[128000->128000] S=[49152->49152]
Fri Aug 19 12:55:15 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Aug 19 12:55:15 2011 Local Options hash (VER=V4): '41690919'
Fri Aug 19 12:55:15 2011 Expected Remote Options hash (VER=V4): '530fdded'
Fri Aug 19 12:55:15 2011 UDPv4 link local: [undef]
Fri Aug 19 12:55:15 2011 UDPv4 link remote: server_ip:1194
Fri Aug 19 12:55:15 2011 TLS: Initial packet from server_ip:1194, sid=eca1d306 083636cd
Fri Aug 19 12:55:17 2011 VERIFY OK: depth=1, /C=CA/ST=GP/L=JB/O=E5/CN=VPN/emailAddress=me@myhost.mydomain
Fri Aug 19 12:55:17 2011 VERIFY OK: nsCertType=SERVER
Fri Aug 19 12:55:17 2011 VERIFY OK: depth=0, /C=CA/ST=GP/L=JB/O=E5/CN=VPN/emailAddress=me@myhost.mydomain
Fri Aug 19 12:55:22 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Aug 19 12:55:22 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 12:55:22 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Aug 19 12:55:22 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 12:55:22 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Aug 19 12:55:22 2011 [VPNCC] Peer Connection Initiated with server_ip:1194
Fri Aug 19 12:55:24 2011 SENT CONTROL [VPN]: 'PUSH_REQUEST' (status=1)
Fri Aug 19 12:55:24 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Aug 19 12:55:24 2011 OPTIONS IMPORT: timers and/or timeouts modified
Fri Aug 19 12:55:24 2011 OPTIONS IMPORT: --ifconfig/up options modified
Fri Aug 19 12:55:24 2011 OPTIONS IMPORT: route options modified
Fri Aug 19 12:55:24 2011 ROUTE default_gateway=ip_assigned_by_service_provider
Fri Aug 19 12:55:24 2011 TAP-WIN32 device [Local Area Connection 56] opened: \\.\Global\{4331FBB4-6FA9-4BFB-BFC0-5FAFCF72B6F5}.tap
Fri Aug 19 12:55:24 2011 TAP-Win32 Driver Version 9.8
Fri Aug 19 12:55:24 2011 TAP-Win32 MTU=1500
Fri Aug 19 12:55:24 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {4331FBB4-6FA9-4BFB-BFC0-5FAFCF72B6F5} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Aug 19 12:55:24 2011 Successful ARP Flush on interface [118] {4331FBB4-6FA9-4BFB-BFC0-5FAFCF72B6F5}
Fri Aug 19 12:55:29 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD server_ip MASK 255.255.255.255 ip_assigned_by_service_provider
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 Initialization Sequence Completed

[Mimiko]

Now use:

Code: Select all

tracert 8.8.8.8

and see that it is going thru tunnel and is stuck at the server - you didn't add forwarding rules.

[juus]

tracert does not give any results, its like vpn blocking it.
How do i add forwarding rules?

[Mimiko]

Read this please: http://www.openvpn.net/index.php/open-s ... l#redirect

[juus]

I have added
push "redirect-gateway def1"
to the server.conf

I have run this
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

But i still cannot route traffic through vpn.
When vpn connects i can only ping vpn ip & no other ips.
tracert gives no results as well.

I am at a loss now, as i think i have covered basically everything so far, unless you think i missed something.

And thanks janjust & mimiko for the help thus far, most appreciated & learning much.

[Mimiko]

You encountered an iptable rule that blocks forwarding. You can search the forum for the solutions - its a common problem for new users. Or post "iptables -L" and "ip addr" results on server.

[juus]

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere


ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:xx:99:xx:2d:xx brd ff:ff:ff:ff:ff:ff
inet main_ip/24 brd main_ip scope global eth0
inet 2nd_server_ip/24 brd main_ip.255 scope global eth0:0
inet 3rd_server_ip/24 brd main_ip.255 scope global secondary eth0:1
inet 4th_server_ip/24 brd main_ip.255 scope global secondary eth0:2
inet 5th_server_ip/24 brd main_ip.255 scope global secondary eth0:3
inet 6th_server_ip/24 brd main_ip.255 scope global secondary eth0:4
inet6 fe80::xxx:99ff:xxxx:2d66/64 scope link
valid_lft forever preferred_lft forever

Here is output, honestly dont know what to make off it (googling around now)

[Mimiko]

Hm, it's strange that you don't get anything from traceroute. Could you please post anything thta tracert 8.8.8.8 gives? It must show something.
Also show routing table on client after OpenVPN connection. Disable firewall in tun adapter also.

[juus]

Windows IP Configuration

Host Name . . . . . . . . . . . . : Home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 57:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter OAS
Physical Address. . . . . . . . . : 00-FF-A5-24-74-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 56:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-43-31-FB-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::512:9253:8c72:292d%118(Preferred)
IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : 20 August 2011 08:35:45 AM
Lease Expires . . . . . . . . . . : 19 August 2012 08:35:44 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.8.0.5
DHCPv6 IAID . . . . . . . . . . . : 1979776835
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2B-CB-58-20-CF-30-82-3F-5A

DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Mobile Broadband adapter Mobile Broadband Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HUAWEI Mobile Connect - 3G Network Card #
8
Physical Address. . . . . . . . . : 00-1E-10-1F-7F-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : isp_assigned_ip(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : isp_assigned_gateway
DNS Servers . . . . . . . . . . . : isp_dns
isp_dns
NetBIOS over Tcpip. . . . . . . . : Enabled


tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.

firewall is disabled

[Mimiko]

"ip addr" on linux server - where is TUN adapter?

Could you please show "route print" on client.

Flush iptables on server and re-add "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE".
Are you sure the OpenVPN is not installed on VPS?