I'm setting up a VPN between a cloud server (my server, created following https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04, and a router (my client, a Linksys AE5800 configured with OpenWRT as outlined in https://openwrt.org/docs/guide-user/services/vpn/openvpn/client, and while things have gone relatively smoothly thus far, I've run into a snag where my client isn't able to connect.
As you'll see below, the error I get is "Network unreachable (code=101)", but I haven't been able to find any documentation on the error code numbers to help me figure out what I'm doing wrong, and I hope one of you will be able to help me out.
As a note, I have confirmed that the server is working as expected - I plugged the same configuration file into the Windows OpenVPN client and it connected up and handled traffic with no fuss at all.
Here are my configuration files and logs:
server
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
Code: Select all
Sat Feb 2 22:09:29 2019 us=238436 client_connect_script = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238442 learn_address_script = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238447 client_disconnect_script = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238453 client_config_dir = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238458 ccd_exclusive = DISABLED
Sat Feb 2 22:09:29 2019 us=238464 tmp_dir = '/tmp'
Sat Feb 2 22:09:29 2019 us=238470 push_ifconfig_defined = DISABLED
Sat Feb 2 22:09:29 2019 us=238476 push_ifconfig_local = 0.0.0.0
Sat Feb 2 22:09:29 2019 us=238486 push_ifconfig_remote_netmask = 0.0.0.0
Sat Feb 2 22:09:29 2019 us=238492 push_ifconfig_ipv6_defined = DISABLED
Sat Feb 2 22:09:29 2019 us=238499 push_ifconfig_ipv6_local = ::/0
Sat Feb 2 22:09:29 2019 us=238505 push_ifconfig_ipv6_remote = ::
Sat Feb 2 22:09:29 2019 us=238511 enable_c2c = DISABLED
Sat Feb 2 22:09:29 2019 us=238518 duplicate_cn = DISABLED
Sat Feb 2 22:09:29 2019 us=238523 cf_max = 0
Sat Feb 2 22:09:29 2019 us=238528 cf_per = 0
Sat Feb 2 22:09:29 2019 us=238535 max_clients = 1024
Sat Feb 2 22:09:29 2019 us=238540 max_routes_per_client = 256
Sat Feb 2 22:09:29 2019 us=238546 auth_user_pass_verify_script = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238553 auth_user_pass_verify_script_via_file = DISABLED
Sat Feb 2 22:09:29 2019 us=238559 auth_token_generate = DISABLED
Sat Feb 2 22:09:29 2019 us=238564 auth_token_lifetime = 0
Sat Feb 2 22:09:29 2019 us=238569 port_share_host = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238575 port_share_port = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238581 client = DISABLED
Sat Feb 2 22:09:29 2019 us=238587 pull = DISABLED
Sat Feb 2 22:09:29 2019 us=238594 auth_user_pass_file = '[UNDEF]'
Sat Feb 2 22:09:29 2019 us=238601 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Sat Feb 2 22:09:29 2019 us=238612 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sat Feb 2 22:09:29 2019 us=242254 Diffie-Hellman initialized with 2048 bit key
Sat Feb 2 22:09:29 2019 us=242620 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Feb 2 22:09:29 2019 us=242639 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Feb 2 22:09:29 2019 us=242650 TLS-Auth MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Feb 2 22:09:29 2019 us=242825 ROUTE_GATEWAY {server address}/255.255.240.0 IFACE=eth0 HWADDR=56:78:36:3e:33:51
Sat Feb 2 22:09:29 2019 us=247316 TUN/TAP device tun0 opened
Sat Feb 2 22:09:29 2019 us=247412 TUN/TAP TX queue length set to 100
Sat Feb 2 22:09:29 2019 us=247427 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Feb 2 22:09:29 2019 us=247443 /sbin/ip link set dev tun0 up mtu 1500
Sat Feb 2 22:09:29 2019 us=256568 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Feb 2 22:09:29 2019 us=262939 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sat Feb 2 22:09:29 2019 us=265768 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Feb 2 22:09:29 2019 us=266103 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Feb 2 22:09:29 2019 us=266123 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Feb 2 22:09:29 2019 us=266135 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Feb 2 22:09:29 2019 us=266140 UDPv4 link remote: [AF_UNSPEC]
Sat Feb 2 22:09:29 2019 us=266148 GID set to nogroup
Sat Feb 2 22:09:29 2019 us=266156 UID set to nobody
Sat Feb 2 22:09:29 2019 us=266166 MULTI: multi_init called, r=256 v=256
Sat Feb 2 22:09:29 2019 us=266188 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Feb 2 22:09:29 2019 us=266196 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
Sat Feb 2 22:09:29 2019 us=266203 succeeded -> ifconfig_pool_set()
Sat Feb 2 22:09:29 2019 us=266208 IFCONFIG POOL LIST
Sat Feb 2 22:09:29 2019 us=266213 client1,10.8.0.4
Sat Feb 2 22:09:29 2019 us=267905 Initialization Sequence Completed
client
client
dev tun
proto udp
remote {server address} 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
verb 4
# script-security 2
# up /etc/openvpn/update-resolve-conf
# down /etc/openvpn/update-resolve-conf
<ca>
{removed}
</ca>
<cert>
{removed}
</cert>
<key>
{removed}
</key>
<tls-auth>
{removed}
</tls-auth>
Code: Select all
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Re-using SSL/TLS context
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: TCP/UDP: Preserving recently used remote address: [AF_INET]{server address}:1194
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: UDP link local: (not bound)
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: UDP link remote: [AF_INET]{server address}:1194
Sat Feb 2 22:41:55 2019 daemon.err openvpn(vpnclient)[30135]: write UDP: Network unreachable (code=101)
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Network unreachable, restarting
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: TCP/UDP: Closing socket
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: SIGUSR1[soft,network-unreachable] received, process restarting
Sat Feb 2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Restart pause, 300 second(s)