OpenVPN Debian server help

[3limccombs]

Hey everyone, I just followed the instructions from this tutorial (https://www.linux.com/learn/tutorials/4 ... r-on-linux) about setting up an openvpn server.

Everything went great as far as I can tell, except when it came time to start the server. Running /etc/init.d/openvpn restart gives the error [Fail] Starting virtual private network daemon: server failed!

I'm not completely new to linux, this is running in a vmware esxi server but I can troubleshoot anything that is suggested. Thanks everyone!!

[maikcat]

can you post your configs used and logs?

Michael.

[3limccombs]

The output of /etc/openvpn/server.conf

Code: Select all

local 192.168.2.10
port 1194
proto udp
dev tap
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.10 255.255.255.0 192.168.2.70 192.168.2.79
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.2"
push "dhcp-option DOMAIN mccombs.lan"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Update Resolv Conf below:

#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

[ -x /sbin/resolvconf ] || exit 0

case $script_type in

up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
R=""
for SS in $IF_DNS_SEARCH ; do
R="${R}search $SS
"
done
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
;;
down)
/sbin/resolvconf -d "${dev}.inet"
;;
esac


This is all I can find config wise, I didnt see anything in /var/log/. If you need any other outputs please let me know! Thank you for your help.

[maikcat]

please add to your config

log /etc/openvpn/openvpn.log

this will create an openvpn log file.

also for bridging to work you must

use dev tap0 instead of dev tap
verify that br0 is started correctly before openvpn comes up and br0 contains both your eth & tap0 interfaces
both interfaces run in promisc mode
ip forwarding is enabled.

Michael.

[3limccombs]

Thanks for the help maikcat, I really do appreciate it.

The only thing in the openvpn.log file now is as follows

Options error: You must define DH file (--dh)
Use --help for more information.

I am looking into this further myself, and in doing so another question came up. Do I need to be bridging any interfaces? This is a VM Debian machine that's sole purpose is going to be running my OpenVPN server. So can I not just use the eth0 interface? Currently the VM has only one NIC and nothing really right now to bridge it to. If this needs to be setup differently please let me know.

Thanks!

[maikcat]

Code: Select all

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.10 255.255.255.0 192.168.2.70 192.168.2.79

this one slipped...

you cant have both server & server-bridge directives,
you must decide in which mode your vpn will operate,routing or bridging?

also dh param file is created by using build-dh script...

Michael.