Page 2 of 2
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Sun Jul 31, 2022 9:13 pm
by Pippin
Hi,
Remove this,
and try again.
It is spelled wrongly...
There is a better way to reserve tunnel IP but first try it.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Sun Jul 31, 2022 9:22 pm
by TinCanTech
tamar wrote: ↑Sun Jul 31, 2022 7:49 pm
I am stuck with it for a number of
critical operation
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Sun Jul 31, 2022 9:39 pm
by Pippin
@tamar
Ok, I have taken a closer look and have a hard time believing this ever worked with what you posted .....?
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 11:21 am
by tamar
I swear it did, Pippin.
But I manually hand typed the ifconfig-pool-persist ipp.txt. (I still have a commented version of the server.conf, so I reposted here by hand.) It was correct in the conf.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 11:38 am
by TinCanTech
Also remove compression settings from all of your client configs.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 11:46 am
by tamar
All done - still not connecting
grr.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 11:55 am
by TinCanTech
Not connecting is not the same as IP Version 15, please post the log files of server and client for the single connection attempt.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 5:58 pm
by Pippin
Hi,
Your config with some comments/adjustments, read them side by side with manual 2.5:
https://build.openvpn.net/man/openvpn-2 ... vpn.8.html
Code: Select all
port ###<change
proto udp
dev tun
ca ca.crt
cert issued/server.crt
key private/server.key
dh dh.pem
topology subnet
server 172.16.0.0 255.255.255.0
#ipconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.10.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 60
tls-auth ta.key 0
cipher AES-256-CBC
#comp-lzo
#user nobody
#group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
#log-append /var/log/openvpn/openvpn.log ###< for per start log, see log /var/log/openvpn/openvpn.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA512
route 10.10.10.1 255.255.255.0
Code: Select all
client
#tls-client ###<client already does this
#pull ###<client already does this
dev tun
proto udp
remote hostname port ###<change
resolv-retry infinite
nobind
#dhcp-option DNS 8.8.8.8
persist-key
persist-tun
#key-direction 1 ###<no need, see tls-auth ta.key 1
tls-auth ta.key 1
#comp-lzo
verb 4
ca ca.crt
cert client.crt
key client.key
auth SHA512
cipher AES-256-CBC
#client-config-dir ccd ###<server side option here???
explicit-exit-notify 2
Try it and post server and client logs if it doesn't work.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 6:10 pm
by TinCanTech
Pippin wrote: ↑Mon Aug 01, 2022 5:58 pm
client
<snip>
#client-config-dir ccd ###<server side option here???
Indeed ..
Code: Select all
Options error: --client-config-dir/--ccd-exclusive requires --mode server
Use --help for more information.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 11:55 pm
by tamar
Weird, that exact layout worked beforehand. Anyway, curious to hear why you recommend changing the port number.
I changed a few ports, and restarted the server and it seems to have worked, but it works on the old port as well. I don't know exactly what changed, maybe the fact that I had to delete and reload the .ovpn file with that client-config-dir ccd removal. A note for anyone like me: it helps to fully delete the profile from the app, not just to restart it with edits (since I guess it only reads it once).
I tried the exact same settings in my all-in-one file with the certificates, but that never got to working, despite the first half being identical (except for the calls to the certificates and keys). Can't explain that one. Still can't explain the other really either though.
Code: Select all
client
#tls-client
#pull
dev tun
proto udp
remote server port
resolv-retry infinite
nobind
#dhcp-option DNS 8.8.8.8
persist-key
persist-tun
#key-direction 1
verb 4
auth SHA512
cipher AES-256-CBC
#client-config-dir ccd
<ca>
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
I appreciate your assistance and your patience with me.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Mon Aug 01, 2022 11:58 pm
by TinCanTech
tamar wrote: ↑Mon Aug 01, 2022 11:55 pm
Weird, that exact layout worked beforehand
<snip>
it helps to fully delete the profile from
the app
If
the app is Android then the option is probably ignored.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Tue Aug 02, 2022 5:11 pm
by tamar
TinCanTech wrote: ↑Mon Aug 01, 2022 11:58 pm
tamar wrote: ↑Mon Aug 01, 2022 11:55 pm
Weird, that exact layout worked beforehand
<snip>
it helps to fully delete the profile from
the app
If
the app is Android then the option is probably ignored.
Done each time. I figured it wasn't reloading the profile via app restarts anyway.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Fri Aug 05, 2022 11:35 pm
by tamar
Any further recommendations since removing/restoring the profile is not resolving the issue?
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Sat Aug 06, 2022 1:26 am
by TinCanTech
Remove compression settings from your server and all of your clients configuration files.
IP version=15 errors are caused by incompatible compression between server and client.
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Tue Aug 09, 2022 1:45 am
by tamar
Compression is turned off on the server and client sides. These are the files that contain the different .crt and .key references.
Can't figure out what it is here.
Code: Select all
client
dev tun
proto udp
remote server port
resolv-retry infinite
nobind
persist-key
persist-tun
verb 4
auth SHA512
cipher AES-256-CBC
<ca>
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet
Posted: Tue Aug 09, 2022 10:35 am
by TinCanTech
Does the VPN work for all of your clients ?
Do you still see IP-Version 15 packet messages in your log ?
If the answer is yes to both those questions then you have probably missed one of your clients.
I can't do any more than that.
