VPN Won't Start

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
TF&7
OpenVpn Newbie
Posts: 2
Joined: Fri Mar 15, 2013 4:07 pm

VPN Won't Start

Post by TF&7 » Fri Mar 15, 2013 4:46 pm

Good evening everyone,

As I am new to OpenVPN, and, as a matter of fact quite new to Linux as well, I seem to have some trouble getting the VPN up and running. The moment I try to start my VPN I get following error in response:

Code: Select all

Command Execution Error /etc/init.d/openvpn start <vpn-name>
Since this is stating hardly anything I went for the logs - this is what happens during the attempt to start the server:

Code: Select all

Fri Mar 15 15:48:37 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Fri Mar 15 15:48:37 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Fri Mar 15 15:48:37 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Mar 15 15:48:37 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Mar 15 15:48:37 2013 WARNING: file 'keys/mq-intern/mq-openvpn.key' is group or others accessible
Fri Mar 15 15:48:37 2013 WARNING: file 'servers/MQ-VPN-INTERN/ta.key' is group or others accessible
Fri Mar 15 15:48:37 2013 Control Channel Authentication: using 'servers/MQ-VPN-INTERN/ta.key' as a OpenVPN static key file
Fri Mar 15 15:48:37 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 15 15:48:37 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 15 15:48:37 2013 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Mar 15 15:48:37 2013 TUN/TAP device tap0 opened
Fri Mar 15 15:48:37 2013 servers/MQ-VPN-INTERN/bin/MQ-VPN-INTERN.up tap0 1500 1576   init
Fri Mar 15 15:48:37 2013 WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
Fri Mar 15 15:48:37 2013 WARNING: Failed running command (--up/--down): external program fork failed
Fri Mar 15 15:48:37 2013 Exiting
"Right on, I'll just adjust that script-security thingy to like 2" - is what popped into my mind. It seemed promising and still do actually, however, I'm yet again stuck. In order to apply the script-security I used:

Code: Select all

sudo openvpn --script-security 3 --dev tap0
The device (tap0) seems to be found and everything, but it'll go unresponsive after a few lines of output which are:

Code: Select all

TUN/TAP device tap0 opened
UDPv4 link local (bound): [undef]
UDPv4 link remote: [undef]
I already let it process (or whatsoever is happening..) for like 1h while heading out for lunch (Asian it was..) - nothing - not one single new line. Of course there were some more than the above mentioned, but I'm not able to pastebin it and the log is recording nothing unfortunately. Said missing lines, however, are not relevant. Version and stuff. In short: Too much typing!

Sooo, is anyone able to help me out of this? It would be grand and well appreciated, as I'd really like get this running.

Cheers!
Mirko

PS: in case you need / want to have a look into my config --> http://paste.ubuntu.com/5616001

mwandelaar
OpenVPN Super User
Posts: 219
Joined: Mon Nov 23, 2009 8:24 pm

Re: VPN Won't Start

Post by mwandelaar » Sun Mar 17, 2013 4:03 pm

Code: Select all

sudo openvpn --script-security 3 --dev tap0
This line meens starting openvpn, without config, on interface tap0 with script-security set to level 3
The device (tap0) seems to be found and everything, but it'll go unresponsive after a few lines of output which are:

Code: Select all

TUN/TAP device tap0 opened
UDPv4 link local (bound): [undef]
UDPv4 link remote: [undef]
This is expected behavior because there are no other options given to openvpn.
I'll advise you to add the following line:

Code: Select all

script-security 2
to the config as it is posted on the ubuntu pastebin, increase verbose to level 3 (verb 3) and restart your openvpn-instance:

Code: Select all

sudo /etc/init.d/openvpn restart
and see if you have other errorlines in the logfile, like the ones you started with.

TF&7
OpenVpn Newbie
Posts: 2
Joined: Fri Mar 15, 2013 4:07 pm

Re: VPN Won't Start

Post by TF&7 » Mon Mar 18, 2013 8:33 am

mwandelaar, you are a genius, thank you very much for your response and explaining the missing bits!

I just added the script-security line into the config and the server did start right away.

Code: Select all

Mon Mar 18 09:20:36 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Mon Mar 18 09:20:36 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 18 09:20:36 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Mar 18 09:20:36 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar 18 09:20:36 2013 WARNING: file 'keys/mq-intern/mq-openvpn.key' is group or others accessible
Mon Mar 18 09:20:36 2013 WARNING: file 'servers/MQ-VPN-INTERN/ta.key' is group or others accessible
Mon Mar 18 09:20:36 2013 Control Channel Authentication: using 'servers/MQ-VPN-INTERN/ta.key' as a OpenVPN static key file
Mon Mar 18 09:20:36 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 18 09:20:36 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 18 09:20:36 2013 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Mar 18 09:20:36 2013 TUN/TAP device tap0 opened
Mon Mar 18 09:20:36 2013 servers/MQ-VPN-INTERN/bin/MQ-VPN-INTERN.up tap0 1500 1576   init
device br0 already exists; can't create bridge with the same name
Mon Mar 18 09:20:36 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Mar 18 09:20:36 2013 GID set to nogroup
Mon Mar 18 09:20:36 2013 UID set to nobody
Mon Mar 18 09:20:36 2013 Listening for incoming TCP connection on [undef]
Mon Mar 18 09:20:36 2013 TCPv4_SERVER link local (bound): [undef]
Mon Mar 18 09:20:36 2013 TCPv4_SERVER link remote: [undef]
Mon Mar 18 09:20:36 2013 Initialization Sequence Completed
I'll be off trying to get the remaining things done with the server.

Once again, thanks and have a great day!
Mirko

Post Reply