Yet another newbie in need of help setting up openVPN

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
MarcC
OpenVpn Newbie
Posts: 10
Joined: Sun Jun 01, 2014 2:29 am

Yet another newbie in need of help setting up openVPN

Post by MarcC » Sun Jun 01, 2014 6:48 pm

Been racking my brains out trying to install and setup openVPN so I can use it between my home and my laptop as I travel about. Read lots of documentation but admit I am lost, though I feel like I am pretty close... I am including a LOT of info here, I hope it is not overwhelming and I did not see a way to attach such info in separate files...

I have installed the openVPN server on an openSuSE12.3 Linux system/server at home, and openSuSE12.3 on my laptop.

Ifconfig, route, server.conf and a sample logfile for my server (bigbang) shows the following -

bigbang:/etc/sysconfig # ifconfig

Code: Select all

eth0 Link encap:Ethernet HWaddr 00:13:20:7A:8A:FB
inet addr:10.10.10.100 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:664940 errors:0 dropped:1 overruns:0 frame:0
TX packets:659336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:451401131 (430.4 Mb) TX bytes:232466647 (221.6 Mb)
Interrupt:17 Memory:93100000-93120000

eth1 Link encap:Ethernet HWaddr 00:E0:29:70:57:84
inet addr:192.168.10.100 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11379704 errors:0 dropped:0 overruns:0 frame:0
TX packets:22854391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:891625160 (850.3 Mb) TX bytes:27868707527 (26577.6 Mb)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:543543 errors:0 dropped:0 overruns:0 frame:0
TX packets:543543 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3092103874 (2948.8 Mb) TX bytes:3092103874 (2948.8 Mb)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.10.1 P-t-P:10.8.10.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:131 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:10542 (10.2 Kb) TX bytes:0 (0.0 b)
bigbang:/etc/sysconfig # route -n

Code: Select all

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth0
10.8.10.0 192.168.10.100 255.255.255.0 UG 0 0 0 eth1
10.8.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.20.0 10.10.10.200 255.255.255.0 UG 0 0 0 eth0

bigbang:/srv/openvpn # grep -vE '^#|^;|^$' server.conf

Code: Select all

port 1194
proto udp
dev tun0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.10.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 192.168.10.0 255.255.255.0"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn.log
verb 4
mute 20
management localhost 7505
The following is an excerpt from openvpn.log (sensitive and redundant info removed) And yes, I noted the error message on the route add command, but I do not understand why it occurred or how to fix it...

Code: Select all

Sun Jun  1 09:56:55 2014 us=734239 Current Parameter Settings:
Sun Jun  1 09:56:55 2014 us=734493   config = '/etc/openvpn/server.conf'
Sun Jun  1 09:56:55 2014 us=734522   mode = 1
Sun Jun  1 09:56:55 2014 us=734544   persist_config = DISABLED
Sun Jun  1 09:56:55 2014 us=734564   persist_mode = 1
Sun Jun  1 09:56:55 2014 us=734583   show_ciphers = DISABLED
Sun Jun  1 09:56:55 2014 us=734603   show_digests = DISABLED
Sun Jun  1 09:56:55 2014 us=734623   show_engines = DISABLED
Sun Jun  1 09:56:55 2014 us=734643   genkey = DISABLED
Sun Jun  1 09:56:55 2014 us=734663   key_pass_file = '[UNDEF]'
Sun Jun  1 09:56:55 2014 us=734684   show_tls_ciphers = DISABLED
Sun Jun  1 09:56:55 2014 us=734705 Connection profiles [default]:
Sun Jun  1 09:56:55 2014 us=734726   proto = udp
Sun Jun  1 09:56:55 2014 us=734745   local = '[UNDEF]'
Sun Jun  1 09:56:55 2014 us=734765   local_port = 1194
Sun Jun  1 09:56:55 2014 us=734785   remote = '[UNDEF]'
Sun Jun  1 09:56:55 2014 us=734804   remote_port = 1194
Sun Jun  1 09:56:55 2014 us=734824   remote_float = DISABLED
Sun Jun  1 09:56:55 2014 us=734844   bind_defined = DISABLED
Sun Jun  1 09:56:55 2014 us=734864   bind_local = ENABLED
Sun Jun  1 09:56:55 2014 us=734883 NOTE: --mute triggered...
Sun Jun  1 09:56:55 2014 us=734920 249 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jun  1 09:56:55 2014 us=734944 OpenVPN 2.2.2 x86_64-suse-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Dec 14 2011
Sun Jun  1 09:56:55 2014 us=735454 MANAGEMENT: TCP Socket listening on 127.0.0.1:7505
Sun Jun  1 09:56:55 2014 us=735803 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jun  1 09:56:55 2014 us=868779 Diffie-Hellman initialized with 1024 bit key
Sun Jun  1 09:56:55 2014 us=885701 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jun  1 09:56:55 2014 us=885780 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sun Jun  1 09:56:55 2014 us=886048 ROUTE default_gateway=10.10.10.1
Sun Jun  1 09:56:55 2014 us=886700 TUN/TAP device tun0 opened
Sun Jun  1 09:56:55 2014 us=886771 TUN/TAP TX queue length set to 100
Sun Jun  1 09:56:55 2014 us=886843 /bin/ip link set dev tun0 up mtu 1500
Sun Jun  1 09:56:55 2014 us=889584 /bin/ip addr add dev tun0 local 10.8.10.1 peer 10.8.10.2
Sun Jun  1 09:56:55 2014 us=892123 /bin/ip route add 10.8.10.0/24 via 10.8.10.2
RTNETLINK answers: File exists
Sun Jun  1 09:56:55 2014 us=894093 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Jun  1 09:56:55 2014 us=894163 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jun  1 09:56:55 2014 us=898512 GID set to nobody
Sun Jun  1 09:56:55 2014 us=898639 UID set to nobody
Sun Jun  1 09:56:55 2014 us=899634 UDPv4 link local (bound): [undef]:1194
Sun Jun  1 09:56:55 2014 us=899687 UDPv4 link remote: [undef]
Sun Jun  1 09:56:55 2014 us=899729 MULTI: multi_init called, r=256 v=256
Sun Jun  1 09:56:55 2014 us=907510 IFCONFIG POOL: base=10.8.10.4 size=62
Sun Jun  1 09:56:55 2014 us=907620 IFCONFIG POOL LIST
Sun Jun  1 09:56:55 2014 us=907649 marcslaptopsuse,10.8.10.4
Sun Jun  1 09:56:55 2014 us=907722 Initialization Sequence Completed
Sun Jun  1 09:57:58 2014 us=132725 MULTI: multi_create_instance called
Sun Jun  1 09:57:58 2014 us=132928 10.10.10.1:49627 Re-using SSL/TLS context
Sun Jun  1 09:57:58 2014 us=133041 10.10.10.1:49627 LZO compression initialized
Sun Jun  1 09:57:58 2014 us=133410 10.10.10.1:49627 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jun  1 09:57:58 2014 us=133491 10.10.10.1:49627 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jun  1 09:57:58 2014 us=133622 10.10.10.1:49627 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jun  1 09:57:58 2014 us=133679 10.10.10.1:49627 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jun  1 09:57:58 2014 us=133775 10.10.10.1:49627 Local Options hash (VER=V4): '530fdded'
Sun Jun  1 09:57:58 2014 us=133837 10.10.10.1:49627 Expected Remote Options hash (VER=V4): '41690919'
Sun Jun  1 09:57:58 2014 us=133943 10.10.10.1:49627 TLS: Initial packet from 10.10.10.1:49627, sid=ae80b4a9 b15822ac
Sun Jun  1 09:57:59 2014 us=320744 10.10.10.1:49627 VERIFY OK: depth=1, /C=US/ST=STATE/L=City/O=Lastname/CN=Lastname_CA/name=Marc/emailAddress=xxx@xxx.com
Sun Jun  1 09:57:59 2014 us=321443 10.10.10.1:49627 VERIFY OK: depth=0, /C=US/ST=STATE/L=City/O=Lastname/CN=marcslaptopsuse/name=Marc/emailAddress=xxx@xxx.com
Sun Jun  1 09:57:59 2014 us=720492 10.10.10.1:49627 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jun  1 09:57:59 2014 us=720569 10.10.10.1:49627 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun  1 09:57:59 2014 us=720646 10.10.10.1:49627 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jun  1 09:57:59 2014 us=720675 10.10.10.1:49627 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun  1 09:57:59 2014 us=822373 10.10.10.1:49627 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jun  1 09:57:59 2014 us=822466 10.10.10.1:49627 [marcslaptopsuse] Peer Connection Initiated with 10.10.10.1:49627
Sun Jun  1 09:57:59 2014 us=822564 marcslaptopsuse/10.10.10.1:49627 MULTI: Learn: 10.8.10.6 -> marcslaptopsuse/10.10.10.1:49627
Sun Jun  1 09:57:59 2014 us=822593 marcslaptopsuse/10.10.10.1:49627 MULTI: primary virtual IP for marcslaptopsuse/10.10.10.1:49627: 10.8.10.6
Sun Jun  1 09:58:01 2014 us=845029 marcslaptopsuse/10.10.10.1:49627 PUSH: Received control message: 'PUSH_REQUEST'
Sun Jun  1 09:58:01 2014 us=845143 marcslaptopsuse/10.10.10.1:49627 SENT CONTROL [marcslaptopsuse]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 10.8.10.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.10.6 10.8.10.5' (status=1)
Sun Jun  1 09:58:03 2014 us=687700 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 09:58:03 2014 us=710134 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 09:58:03 2014 us=712441 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped

the above line repeats a lot here...

Sun Jun  1 09:58:11 2014 us=470106 marcslaptopsuse/10.10.10.1:49627 NOTE: --mute triggered...
Sun Jun  1 09:58:14 2014 us=167500 5 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jun  1 09:58:14 2014 us=168039 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Jun  1 09:58:15 2014 us=915047 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 09:58:16 2014 us=715167 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 09:58:16 2014 us=737489 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped

the above line repeats a lot here...

Sun Jun  1 09:58:23 2014 us=819994 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Jun  1 09:58:24 2014 us=252660 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 09:58:24 2014 us=274919 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 09:58:25 2014 us=142475 marcslaptopsuse/10.10.10.1:49627 MULTI: bad source address from client [192.168.10.10], packet dropped

the above line repeats a lot here...

Sun Jun  1 09:58:31 2014 us=729932 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Jun  1 09:58:41 2014 us=239915 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:58:51 2014 us=829982 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:02 2014 us=70221 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:11 2014 us=182470 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:21 2014 us=627470 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:31 2014 us=969958 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:42 2014 us=70022 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:52 2014 us=654955 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 09:59:58 2014 us=477376 MULTI: multi_create_instance called
Sun Jun  1 09:59:58 2014 us=477479 10.10.10.1:49709 Re-using SSL/TLS context
Sun Jun  1 09:59:58 2014 us=477536 10.10.10.1:49709 LZO compression initialized
Sun Jun  1 09:59:58 2014 us=477673 10.10.10.1:49709 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jun  1 09:59:58 2014 us=477704 10.10.10.1:49709 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jun  1 09:59:58 2014 us=477770 10.10.10.1:49709 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jun  1 09:59:58 2014 us=477795 10.10.10.1:49709 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jun  1 09:59:58 2014 us=477832 10.10.10.1:49709 Local Options hash (VER=V4): '530fdded'
Sun Jun  1 09:59:58 2014 us=477864 10.10.10.1:49709 Expected Remote Options hash (VER=V4): '41690919'
Sun Jun  1 09:59:58 2014 us=477913 10.10.10.1:49709 TLS: Initial packet from 10.10.10.1:49709, sid=c9a520a7 2b45ec3b
Sun Jun  1 09:59:59 2014 us=675667 10.10.10.1:49709 VERIFY OK: depth=1, /C=US/ST=STATE/L=City/O=Lastname/CN=Lastname_CA/name=Marc/emailAddress=xxx@xxx.com
Sun Jun  1 09:59:59 2014 us=675930 10.10.10.1:49709 VERIFY OK: depth=0, /C=US/ST=STATE/L=City/O=Lastname/CN=marcslaptopsuse/name=Marc/emailAddress=xxx@xxx.com
Sun Jun  1 10:00:00 2014 us=57895 10.10.10.1:49709 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jun  1 10:00:00 2014 us=57964 10.10.10.1:49709 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun  1 10:00:00 2014 us=58043 10.10.10.1:49709 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jun  1 10:00:00 2014 us=58071 10.10.10.1:49709 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun  1 10:00:00 2014 us=157263 10.10.10.1:49709 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jun  1 10:00:00 2014 us=157322 10.10.10.1:49709 [marcslaptopsuse] Peer Connection Initiated with 10.10.10.1:49709
Sun Jun  1 10:00:00 2014 us=157594 MULTI: new connection by client 'marcslaptopsuse' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Sun Jun  1 10:00:00 2014 us=157681 MULTI: Learn: 10.8.10.6 -> marcslaptopsuse/10.10.10.1:49709
Sun Jun  1 10:00:00 2014 us=157709 MULTI: primary virtual IP for marcslaptopsuse/10.10.10.1:49709: 10.8.10.6
Sun Jun  1 10:00:02 2014 us=309984 marcslaptopsuse/10.10.10.1:49709 PUSH: Received control message: 'PUSH_REQUEST'
Sun Jun  1 10:00:02 2014 us=310092 marcslaptopsuse/10.10.10.1:49709 SENT CONTROL [marcslaptopsuse]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 10.8.10.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.10.6 10.8.10.5' (status=1)
Sun Jun  1 10:00:03 2014 us=684938 marcslaptopsuse/10.10.10.1:49709 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 10:00:04 2014 us=277439 marcslaptopsuse/10.10.10.1:49709 MULTI: bad source address from client [192.168.10.10], packet dropped
Sun Jun  1 10:00:05 2014 us=464930 marcslaptopsuse/10.10.10.1:49709 MULTI: bad source address from client [192.168.10.10], packet dropped

the above line repeats a lot here...

Sun Jun  1 10:00:17 2014 us=77624 marcslaptopsuse/10.10.10.1:49709 NOTE: --mute triggered...
Sun Jun  1 10:00:23 2014 us=297426 7 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jun  1 10:00:23 2014 us=297580 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:00:33 2014 us=572468 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:00:43 2014 us=879932 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:00:54 2014 us=179935 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:01:03 2014 us=414980 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:01:13 2014 us=757473 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:01:23 2014 us=905113 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:01:34 2014 us=134922 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:01:43 2014 us=282424 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:01:53 2014 us=592423 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:02:03 2014 us=799891 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:02:14 2014 us=174908 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:02:23 2014 us=277452 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:02:33 2014 us=657737 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:02:43 2014 us=744925 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:02:53 2014 us=824849 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:03:03 2014 us=429898 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:03:13 2014 us=772393 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:03:24 2014 us=114891 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:03:33 2014 us=329866 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sun Jun  1 10:03:43 2014 us=569857 NOTE: --mute triggered...
Sun Jun  1 10:04:23 2014 us=773522 marcslaptopsuse/10.10.10.1:49709 4 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jun  1 10:04:23 2014 us=773611 marcslaptopsuse/10.10.10.1:49709 [marcslaptopsuse] Inactivity timeout (--ping-restart), restarting
Sun Jun  1 10:04:23 2014 us=773642 marcslaptopsuse/10.10.10.1:49709 SIGUSR1[soft,ping-restart] received, client-instance restarting
---------------------------------------

On my laptop I am using the NetworkManager applet to load in my client.conf file and connect to the openVPN server. For the purpose of this test I have my laptop on a 192.168.20.0 subnet, but I am actually configuring the VPN connection to connect to 192.168.10.0 subnet. Here is what ifconfig, route show (with the actual internet IP address of my server xx'ed out), client.conf, and NetManager log files show -

marcslaptop:/etc/sysconfig # ifconfig

Code: Select all

eth0 Link encap:Ethernet HWaddr 10:BF:48:26:6A:51
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:65623 errors:0 dropped:0 overruns:0 frame:0
TX packets:65623 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:110078808 (104.9 Mb) TX bytes:110078808 (104.9 Mb)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.10.6 P-t-P:10.8.10.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:435 (435.0 b)

wlan0 Link encap:Ethernet HWaddr 00:08:CA:F7:89:5C
inet addr:192.168.20.104 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::208:caff:fef7:895c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11279 errors:0 dropped:0 overruns:0 frame:0
TX packets:7090 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3018653 (2.8 Mb) TX bytes:4504770 (4.2 Mb)
marcslaptop:/etc/sysconfig # route -n

Code: Select all

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.10.5 0.0.0.0 UG 0 0 0 tun0
10.8.10.1 10.8.10.5 255.255.255.255 UGH 0 0 0 tun0
10.8.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
XX.XX.XX.XX 192.168.20.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.10.0 10.8.10.5 255.255.255.0 UG 0 0 0 tun0
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0

Here is my client.conf file, I removed the public IP address of my server from the remote statement....

marcslaptop:/home/marc/openVPN # grep -vE '^#|^;|^$' client.conf

Code: Select all

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca "/home/marc/openVPN/ca.crt"
cert "/home/marc/openVPN/marcslaptopsuse.crt"
key "/home/marc/openVPN/marcslaptopsuse.key"
comp-lzo yes
verb 4
The following is an excerpt from the NetworkManager log file (sensitive and redundant info removed). This was the best way I could think of to extract the relevant information, if there is a better way please let me know. (Also, as an aside, it would be a good idea to be able to configure the client to log to a separate log file, just like the server side can do. If it is possible, I could not figure out how...)

marcslaptop:/var/log # cat NetworkManager | grep vpn

Code: Select all

2014-06-01T09:57:57.877540-07:00 marcslaptop NetworkManager[661]: <info> Starting VPN service 'openvpn'...
2014-06-01T09:57:57.891116-07:00 marcslaptop NetworkManager[661]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 30268
2014-06-01T09:57:57.988925-07:00 marcslaptop NetworkManager[661]: <info> VPN service 'openvpn' appeared; activating connections
2014-06-01T09:57:58.021828-07:00 marcslaptop nm-openvpn[30270]: OpenVPN 2.2.2 x86_64-suse-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Dec 14 2011
2014-06-01T09:57:58.022120-07:00 marcslaptop nm-openvpn[30270]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-06-01T09:57:58.022373-07:00 marcslaptop nm-openvpn[30270]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-06-01T09:57:58.022603-07:00 marcslaptop nm-openvpn[30270]: LZO compression initialized
2014-06-01T09:57:58.022818-07:00 marcslaptop nm-openvpn[30270]: UDPv4 link local: [undef]
2014-06-01T09:57:58.023023-07:00 marcslaptop nm-openvpn[30270]: UDPv4 link remote: XX.XX.XX.XX:1194
2014-06-01T09:57:59.686725-07:00 marcslaptop nm-openvpn[30270]: [server] Peer Connection Initiated with XX.XX.XX.XX:1194
2014-06-01T09:58:01.810957-07:00 marcslaptop nm-openvpn[30270]: TUN/TAP device tun0 opened
2014-06-01T09:58:01.811577-07:00 marcslaptop nm-openvpn[30270]: /usr/lib/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.8.10.6 10.8.10.5 init
2014-06-01T09:58:01.870480-07:00 marcslaptop nm-openvpn[30270]: Initialization Sequence Completed
2014-06-01T09:58:32.825134-07:00 marcslaptop nm-openvpn[30270]: SIGTERM[hard,] received, process exiting
2014-06-01T09:58:36.687237-07:00 marcslaptop NetworkManager[661]: <info> VPN service 'openvpn' disappeared
2014-06-01T09:59:58.352758-07:00 marcslaptop NetworkManager[661]: <info> Starting VPN service 'openvpn'...
2014-06-01T09:59:58.353369-07:00 marcslaptop NetworkManager[661]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 516
2014-06-01T09:59:58.358799-07:00 marcslaptop NetworkManager[661]: <info> VPN service 'openvpn' appeared; activating connections
2014-06-01T09:59:58.366840-07:00 marcslaptop nm-openvpn[526]: OpenVPN 2.2.2 x86_64-suse-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Dec 14 2011
2014-06-01T09:59:58.367184-07:00 marcslaptop nm-openvpn[526]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-06-01T09:59:58.367533-07:00 marcslaptop nm-openvpn[526]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-06-01T09:59:58.367874-07:00 marcslaptop nm-openvpn[526]: LZO compression initialized
2014-06-01T09:59:58.368184-07:00 marcslaptop nm-openvpn[526]: UDPv4 link local: [undef]
2014-06-01T09:59:58.368388-07:00 marcslaptop nm-openvpn[526]: UDPv4 link remote: XX.XX.XX.XX:1194
2014-06-01T10:00:00.023031-07:00 marcslaptop nm-openvpn[526]: [server] Peer Connection Initiated with XX.XX.XX.XX:1194
2014-06-01T10:00:02.275986-07:00 marcslaptop nm-openvpn[526]: TUN/TAP device tun0 opened
2014-06-01T10:00:02.276339-07:00 marcslaptop nm-openvpn[526]: /usr/lib/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.8.10.6 10.8.10.5 init
2014-06-01T10:00:02.279687-07:00 marcslaptop nm-openvpn[526]: Initialization Sequence Completed
2014-06-01T10:00:22.924040-07:00 marcslaptop nm-openvpn[526]: SIGTERM[hard,] received, process exiting
2014-06-01T10:00:26.691008-07:00 marcslaptop NetworkManager[661]: <info> VPN service 'openvpn' disappeared
As one can see, a connection is being made, and I can see that also by looking at the openvpn log file. But no actual communication will take place over the VPN link! What is really ODD to my eyes is the gateway address being assigned for my laptop to use - 10.8.10.5. I have no idea where this is coming from and there is nothing in any of my config files or network setup configurations that has such an IP address in it. Of course it is not pingable from either end of the connection either. I would have expected this to be 10.8.10.1 but I am no expert so that is just a guess on my part.

Also, isn't this going to force all communication from my laptop through the VPN link? I really only want to use the VPN connection to access computers on my home network, while I am away. I don't want all my internet/mail/etc connections to go through the VPN connections, but would rather have them go through whatever local gateway I am connecting through....

Anywise, I am baffled, sure hope some kind guru will lead me out of these woods... Thanks in advance... Marc...
Top
Post Reply

Return to “Installation Help”