Running OpenVPN Client on OpenVZ VPS

[stgltz]

Hi,

Newbie here looking for some help setting up a a OpenVPN client (not server) to connect to a VPN service I already subscribe to.

The VPS is running Ubuntu 14.04.3 LTS, OpenVZ is being used for the virtualization.

TUN/TAP module is enabled

Code: Select all

root@myvps:~# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state

I get the below error with no firewall or ip tables inplace

Code: Select all

root@myvps:/etc/openvpn# openvpn 'london.ovpn'
Thu Sep 24 05:07:28 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Enter Auth Username:
Enter Auth Password:
Thu Sep 24 05:07:38 2015 UDPv4 link local: [undef]
Thu Sep 24 05:07:38 2015 UDPv4 link remote: [AF_INET]146.185.20.156:1194
Thu Sep 24 05:07:38 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 24 05:07:39 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]146.185.20.156:1194
Thu Sep 24 05:07:41 2015 TUN/TAP device tun0 opened
Thu Sep 24 05:07:41 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 24 05:07:41 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu Sep 24 05:07:41 2015 /sbin/ip addr add dev tun0 local 10.197.1.6 peer 10.197.1.5
RTNETLINK answers: No such device
Thu Sep 24 05:07:41 2015 ERROR: Linux route add command failed: external program exited with error status: 2

some more out put that might be helpful

Code: Select all

root@myvps:~# ip route
default dev venet0  scope link 

Code: Select all

root@panda:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

Any help would be much appreciated, please let me know if these is more info I can give.

Cheers!

[maikcat]

can you try the following:

Code: Select all

openvpn --mktun --dev tun0
/sbin/ip link set dev tun0 up mtu 1500

can you see the interface using ifconfig?

Michael.

[stgltz]

Thanks for the reply maikcat!

Code: Select all

root@myvps:~# openvpn --mktun --dev tun0
Thu Sep 24 11:17:07 2015 TUN/TAP device tun0 opened
Thu Sep 24 11:17:07 2015 Persist state set to: ON
root@myvps:~# /sbin/ip link set dev tun0 up mtu 1500
root@myvps:~#

Code: Select all

root@myvps:~# ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:489 errors:0 dropped:0 overruns:0 frame:0
          TX packets:301 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:50105 (50.1 KB)  TX bytes:43853 (43.8 KB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:{vpspublicip}  P-t-P:{vpspublicip}  Bcast:{vpspublicip}  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

I tried connecting to the vpn server after that but no luck. If freezes and I have to re-boot the vps at the providers website to be able to ssh log on again.

[maikcat]

I tried connecting to the vpn server after that but no luck. If freezes and I have to re-boot the vps at the providers website to be able to ssh log on again.

i have a feeling that your vps is not freezed , it simply connects and redirects it gateway causing you to loose connection...

can you add route-nopull in your config and test again?

Michael.

[stgltz]

Thanks Michael!

After editing the config file it looks like it connects. I get the following:

root@myvps:/etc/openvpn# openvpn 'Germany.ovpn'
Fri Sep 25 01:48:52 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Fri Sep 25 01:48:52 2015 UDPv4 link local: [undef]
Fri Sep 25 01:48:52 2015 UDPv4 link remote: [AF_INET]46.165.251.155:1194
Fri Sep 25 01:48:53 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]46.165.251.155:1194
Fri Sep 25 01:48:56 2015 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 TUN/TAP device tun0 opened
Fri Sep 25 01:48:56 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 25 01:48:56 2015 /sbin/ip link set dev tun0 up mtu 1500
Fri Sep 25 01:48:56 2015 /sbin/ip addr add dev tun0 local 10.179.1.6 peer 10.179.1.5
Fri Sep 25 01:48:56 2015 Initialization Sequence Completed

I'm no longer locked out of the server. I tested downloading some data and it looks like it is not going through the vpn.

Code: Select all

root@myvps:~/pg/scripts$ ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.179.1.6  P-t-P:10.179.1.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:49774 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25970 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:66812663 (66.8 MB)  TX bytes:1684745 (1.6 MB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:{vpspublicip}  P-t-P:{vpspublicip}  Bcast:{vpspublicip}  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

Code: Select all

root@myvps:~$ wget -qO- http://ipecho.net/plain ; echo
{vpspublicip}

Do you know how to configure this?

Many thanks,

Tom

[maikcat]

things now get a little complicated....

with the directive i gave you , your client does not accept any routes send by the server.
if you remove it you loose your vpn because any response from internet go via tunnel
rendering your ssh session unusable.

the only work around is to enable policy based routing in your vps regarding the established ssh connections
so that ssh traffic keeps flowing via your normal gateway.

if you search the forum you will find similar topics...

Michael.