sudo openvpn /etc/openvpn/server.conf = no response

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
LegolasDK
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:18 pm

sudo openvpn /etc/openvpn/server.conf = no response

Post by LegolasDK » Sat Jul 08, 2017 8:36 pm

I have a raspberry Pi, trying to set it up as a vpn server.

But when I in my terminal type, "sudo openvpn /etc/openvpn/server.conf" - Nothing happens. No error or anything, terminal just waiting for me to write a new command.

When I do the same for the client, with the client.conf, I get the following:

Code: Select all

sudo openvpn --config /home/simon/pivpn1.ovpn 
Sat Jul  8 21:50:26 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sat Jul  8 21:50:26 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Enter Private Key Password: ************
Sat Jul  8 21:50:30 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jul  8 21:50:30 2017 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jul  8 21:50:30 2017 UDPv4 link local: [undef]
Sat Jul  8 21:50:30 2017 UDPv4 link remote: [AF_INET]212.10.152.148:11941
Sat Jul  8 21:51:30 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jul  8 21:51:30 2017 TLS Error: TLS handshake failed
Sat Jul  8 21:51:30 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Jul  8 21:51:32 2017 UDPv4 link local: [undef]
Sat Jul  8 21:51:32 2017 UDPv4 link remote: [AF_INET]212.10.152.148:11941
I guess that's because the server isn't running..

The server file is created by using https://github.com/pivpn/pivpn and the result is this:
server.conf

Code: Select all

dev tun
proto udp
port 11941
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.87.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
# Generated for use by PiVPN.io
I have opened port 11941 internal (I have option to do this external as well, don't know the purpose of that, so didnt) for Port Forwarding UDP.

Can anyone give some adivce on this? I am kinda noobish at all this
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: sudo openvpn /etc/openvpn/server.conf = no response

Post by TinCanTech » Sat Jul 08, 2017 9:02 pm

See your server log @ /var/log/openvpn.log
Top
LegolasDK
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:18 pm

Cannot connect client to my Raspberry Pi VPN server

Post by LegolasDK » Thu Jul 13, 2017 4:38 pm

I have a computer with Ubuntu 16.04, that I am trying to connect to my Raspberry Pi.

Here you can see mer Server config:

Code: Select all

dev tun
proto udp
port 11941
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.87.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
# Generated for use by PiVPN.io
And here is my client config

Code: Select all

client
dev tun
proto udp
remote xxx.xx.xxx.xxx 11941
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
 Keys, Certificates etc.
Here is the log from the server:

Code: Select all

Thu Jul 13 18:17:32 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
Thu Jul 13 18:17:32 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Jul 13 18:17:32 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/pki/ta.key' as a OpenVPN static key file
Thu Jul 13 18:17:32 2017 TUN/TAP device tun0 opened
Thu Jul 13 18:17:32 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 13 18:17:32 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 13 18:17:32 2017 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Thu Jul 13 18:17:32 2017 GID set to nogroup
Thu Jul 13 18:17:32 2017 UID set to nobody
Thu Jul 13 18:17:32 2017 UDPv4 link local (bound): [undef]
Thu Jul 13 18:17:32 2017 UDPv4 link remote: [undef]
Thu Jul 13 18:17:32 2017 Initialization Sequence Completed
And this is the response I get on the client when trying to connect to the server:

Code: Select all

sudo openvpn pivpn2.ovpn 
[sudo] password for simon: 
Thu Jul 13 18:18:33 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Thu Jul 13 18:18:33 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Enter Private Key Password: ************
Thu Jul 13 18:18:36 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul 13 18:18:36 2017 Control Channel Authentication: tls-auth using INLINE static key file
Thu Jul 13 18:18:36 2017 UDPv4 link local: [undef]
Thu Jul 13 18:18:36 2017 UDPv4 link remote: [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 18:19:36 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jul 13 18:19:36 2017 TLS Error: TLS handshake failed
Thu Jul 13 18:19:36 2017 SIGUSR1[soft,tls-error] received, process restarting
Thu Jul 13 18:19:38 2017 UDPv4 link local: [undef]
Thu Jul 13 18:19:38 2017 UDPv4 link remote: [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 18:20:38 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jul 13 18:20:38 2017 TLS Error: TLS handshake failed
Thu Jul 13 18:20:38 2017 SIGUSR1[soft,tls-error] received, process restarting
Thu Jul 13 18:20:40 2017 UDPv4 link local: [undef]
Thu Jul 13 18:20:40 2017 UDPv4 link remote: [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 18:21:40 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jul 13 18:21:40 2017 TLS Error: TLS handshake failed
Thu Jul 13 18:21:40 2017 SIGUSR1[soft,tls-error] received, process restarting
I am a noob in this field, and I don't know what this error means. I have opened port 11941 for 192.168.87.150 internal. Can someone help me with this?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: sudo openvpn /etc/openvpn/server.conf = no response

Post by TinCanTech » Thu Jul 13, 2017 4:53 pm

Your server log shows no connection attempts .. check your firewall and port forward 11941
Top
LegolasDK
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:18 pm

Re: sudo openvpn /etc/openvpn/server.conf = no response

Post by LegolasDK » Thu Jul 13, 2017 8:22 pm

Alright, I changed port forwarding to be External instead of Internal. This seems to have brought me one step further.

When I try to conntect now, I get the following message:

Code: Select all

sudo openvpn pivpnclientconfig.ovpn
Thu Jul 13 22:10:06 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Thu Jul 13 22:10:06 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Enter Private Key Password: **********
Thu Jul 13 22:10:10 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul 13 22:10:10 2017 Control Channel Authentication: tls-auth using INLINE static key file
Thu Jul 13 22:10:10 2017 UDPv4 link local: [undef]
Thu Jul 13 22:10:10 2017 UDPv4 link remote: [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 22:10:14 2017 [server] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 22:10:16 2017 TUN/TAP device tun0 opened
Thu Jul 13 22:10:16 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 13 22:10:16 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 13 22:10:16 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Thu Jul 13 22:10:16 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Jul 13 22:10:16 2017 Initialization Sequence Completed
And my openvpn.log contains the following

Code: Select all

Thu Jul 13 21:56:33 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
Thu Jul 13 21:56:33 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Jul 13 21:56:33 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/pki/ta.key' as a OpenVPN static key file
Thu Jul 13 21:56:33 2017 TUN/TAP device tun0 opened
Thu Jul 13 21:56:33 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 13 21:56:33 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 13 21:56:33 2017 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Thu Jul 13 21:56:33 2017 GID set to nogroup
Thu Jul 13 21:56:33 2017 UID set to nobody
Thu Jul 13 21:56:33 2017 UDPv4 link local (bound): [undef]
Thu Jul 13 21:56:33 2017 UDPv4 link remote: [undef]
Thu Jul 13 21:56:33 2017 Initialization Sequence Completed
Thu Jul 13 21:57:03 2017 xxx.xx.xxx.xxx:51279 [pivpnclientconfig] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:51279
Thu Jul 13 21:57:03 2017 pivpnclientconfig/xxx.xx.xxx.xxx:51279 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Thu Jul 13 21:57:05 2017 pivpnclientconfig/xxx.xx.xxx.xxx:51279 send_push_reply(): safe_cap=940
Thu Jul 13 22:02:26 2017 pivpnclientconfig/xxx.xx.xxx.xxx:51279 [pivpnclientconfig] Inactivity timeout (--ping-restart), restarting
Thu Jul 13 22:07:56 2017 xxx.xx.xxx.xxx:55931 [pivpnclientconfig] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:55931
Thu Jul 13 22:07:56 2017 pivpnclientconfig/xxx.xx.xxx.xxx:55931 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Thu Jul 13 22:07:58 2017 pivpnclientconfig/xxx.xx.xxx.xxx:55931 send_push_reply(): safe_cap=940
Thu Jul 13 22:10:13 2017 xxx.xx.xxx.xxx:49368 [pivpnclientconfig] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:49368
Thu Jul 13 22:10:13 2017 pivpnclientconfig/xxx.xx.xxx.xxx:49368 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Thu Jul 13 22:10:16 2017 pivpnclientconfig/xxx.xx.xxx.xxx:49368 send_push_reply(): safe_cap=940
I don't get the errors this time either. When I am connected to the server, there's no internet. Can anybody help me?
Top
LegolasDK
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:18 pm

Re: sudo openvpn /etc/openvpn/server.conf = no response

Post by LegolasDK » Thu Jul 13, 2017 8:41 pm

I have now applied port forwarding EXTERNAL instead of INTERNAL. Now I am one step further I think. Now my response when I try to connect is:

Code: Select all

sudo openvpn pivpnclientconfig.ovpn
Thu Jul 13 22:31:34 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Thu Jul 13 22:31:34 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Enter Private Key Password: **********
Thu Jul 13 22:31:38 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul 13 22:31:38 2017 Control Channel Authentication: tls-auth using INLINE static key file
Thu Jul 13 22:31:38 2017 UDPv4 link local: [undef]
Thu Jul 13 22:31:38 2017 UDPv4 link remote: [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 22:31:43 2017 [server] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:11941
Thu Jul 13 22:31:46 2017 TUN/TAP device tun0 opened
Thu Jul 13 22:31:46 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 13 22:31:46 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 13 22:31:46 2017 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Thu Jul 13 22:31:46 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Jul 13 22:31:46 2017 Initialization Sequence Completed
And my openvpn.log seems like this:

Code: Select all

Thu Jul 13 21:56:33 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
Thu Jul 13 21:56:33 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Jul 13 21:56:33 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/pki/ta.key' as a OpenVPN static key file
Thu Jul 13 21:56:33 2017 TUN/TAP device tun0 opened
Thu Jul 13 21:56:33 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 13 21:56:33 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 13 21:56:33 2017 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Thu Jul 13 21:56:33 2017 GID set to nogroup
Thu Jul 13 21:56:33 2017 UID set to nobody
Thu Jul 13 21:56:33 2017 UDPv4 link local (bound): [undef]
Thu Jul 13 21:56:33 2017 UDPv4 link remote: [undef]
Thu Jul 13 21:56:33 2017 Initialization Sequence Completed
Thu Jul 13 21:57:03 2017 xxx.xx.xxx.xxx:51279 [pivpnclientconfig] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:51279
Thu Jul 13 21:57:03 2017 pivpnclientconfig/xxx.xx.xxx.xxx:51279 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Thu Jul 13 21:57:05 2017 pivpnclientconfig/xxx.xx.xxx.xxx:51279 send_push_reply(): safe_cap=940
Thu Jul 13 22:02:26 2017 pivpnclientconfig/xxx.xx.xxx.xxx:51279 [pivpnclientconfig] Inactivity timeout (--ping-restart), restarting
Thu Jul 13 22:07:56 2017 xxx.xx.xxx.xxx:55931 [pivpnclientconfig] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xxx:55931
Thu Jul 13 22:07:56 2017 pivpnclientconfig/xxx.xx.xxx.xxx:55931 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Thu Jul 13 22:07:58 2017 pivpnclientconfig/xxx.xx.xxx.xxx:55931 send_push_reply(): safe_cap=940
I still don't understand the errors, and there is no internet for the client while connected. Can anybody help me?
Top
Post Reply

Return to “Configuration”