OpenVPN trouble... fails to start

[boelle]

So to make it short i followed this guide to install OpenVPN SERVER.....

http://melgrubb.wordpress.com/2014/08/0 ... openvpn-2/

but it fails to start when i issue /etc/init.d/openvpn start

"[FAIL] Starting virtual private network daemon: server failed!"

/var/log/openvpn.log and /var/log/openvpn-status.log are both EMPTY

my conf:

Code: Select all

local 192.168.0.3 # YOUR PI▒^▒^▒S IP ADDRESS
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/closet_server.crt
key /etc/openvpn/easy-rsa/keys/closet_server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.0.3 255.255.255.0" # YOUR PI▒^▒^▒S IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.0.1" # YOUR ROUTER▒^▒^▒S IP ADDRESS
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

i have googled the net far and near and most of them shows that the tun network interface is up, but that is not the case for me. and only one hit came close, that one was due to 2 conf file in same dir but i have only one.

also most guides say reboot and config firewall... i dont have a firewall as that is in my router... and i cant reboot since its a server other people is also depending on, to make it worse the pi is also doing energy loging and rebooting will make a mess in the data as it will use year 1970 until it gets a valid date from the internet... enough to screw up the data

but where can i start to look for faults?

Code: Select all

zgrep CONFIG_TUN /proc/config.gz
CONFIG_TUN=m

[maikcat]

first use verb 3 or higher,
second try to start openvpn by using

openvpn --config <path-to-config>

Michael.

[boelle]

tried that

pi@raspberrypi /etc/openvpn $ sudo openvpn --config /etc/openvpn/server.conf
pi@raspberrypi /etc/openvpn $

should it not say ok or something?

[boelle]

also only interfaces up after that is eth0 wlan0 and lo

[boelle]

and of course not using sudo throws permission errors:

Code: Select all

Wed Nov 19 20:40:38 2014 Warning: Error redirecting stdout/stderr to --log file:                                                                                                                                                              /var/log/openvpn.log: Permission denied (errno=13)
Wed Nov 19 20:40:38 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL]                                                                                                                                                              [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on                                                                                                                                                              Oct 12 2013
Wed Nov 19 20:40:38 2014 NOTE: your local LAN uses the extremely common subnet a                                                                                                                                                             ddress 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conf                                                                                                                                                             licts if you connect to the VPN server from public locations such as internet ca                                                                                                                                                             fes that use the same subnet.
Wed Nov 19 20:40:38 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig                                                                                                                                                             her to call user-defined scripts or executables
Wed Nov 19 20:40:38 2014 Note: cannot open /var/log/openvpn-status.log for WRITE
Wed Nov 19 20:40:38 2014 Cannot open /etc/openvpn/easy-rsa/keys/dh1024.pem for D                                                                                                                                                             H parameters: error:0200100D:system library:fopen:Permission denied: error:2006D                                                                                                                                                             002:BIO routines:BIO_new_file:system lib
Wed Nov 19 20:40:38 2014 Exiting

[maikcat]

after using verb 3, log files still empty?

Michael.

[boelle]

Yep.. not a single dot in either of them

[maikcat]

switch to root by using either su - or sudo su -
then start openvpn manually,

same result?

Michael.

[boelle]

that is what i did....

both with sudo and without.... i posted the precise command a few post up

[boelle]

but yes using sudo in front of the command or or doing

pi@raspberrypi ~ $ sudo su
root@raspberrypi:/home/pi# openvpn --config /etc/openvpn/server.conf

same result....

and also there is no network interface.... ie i only have lan and wlan and loopback

will the vpn one show up only if openvpn is running?

[boelle]

my german is a bit rusty but found this YT video and will see if there are steps i have missed or that the guide i used have missed

http://www.youtube.com/watch?v=a5-viXBCOyo

[boelle]

i followed the YT video excatly... even generated new key

only thing i skipped was 8-10:25 which is firewall stuff, i have removed the firewall in the first place as my main router handles that.

it still fails... and the logs are still empty.... and yes i only have one conf (deleted the other one) which now looks like this:

Code: Select all

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/closet_server.crt
key /etc/openvpn/easy-rsa/keys/closet_server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log 20
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 192.168.0.1" # YOUR ROUTER'S IP ADDRESS
log-append /var/log/openvpn.log
comp-lzo

[boelle]

as sudo su i tried this:

root@raspberrypi:/etc/openvpn# cat /var/log/syslog | grep VPN
root@raspberrypi:/etc/openvpn#

i also did a normal restart as sudo su

root@raspberrypi:/etc/openvpn# /etc/init.d/openvpn restart
[ ok ] Stopping virtual private network daemon:.
[FAIL] Starting virtual private network daemon: openvpn failed!


read through the detailed guide also: http://www.karesyk.de/vpn-server-einrichten/

in the user comments below that a user has excat the same issue.. search for "Luca schrieb am 20. März 2014 um 2:54 Uhr:"

[boelle]

hmmm

[ ok ] Stopping virtual private network daemon:.

the demon is not called openvpn like in the videos and guides... ie not when stopped.... but that works

but when its starting it is called openvpn????

[boelle]

tried to start all over again...

as sudo su:

apt-get purge openvpn

then removed the whole /etc/openvpn dir

apt-get install openvpn

last few lines of that:

Sætter openvpn (2.2.1-8+deb7u2) op...
[ ok ] Restarting virtual private network daemon.:.
root@raspberrypi:/etc#

still the demon is just a dot.. i see its the same in the video now...

will try once more with copy and paste from the detailed german guide

[boelle]

http://www.karesyk.de/vpn-server-einrichten/

only skipped step 9, 10, 11

it still fails to start... logs are empty

[boelle]

damm.

just tried openswan and pptpd none worked

then did a reboot... now all 3 are running and screwed my wifi connection

[boelle]

removed the 2 others and rebooted... now it fails again

so there must be something missing

testing my way now

[Traffic]

post your OpenVPN configs and logs for both server and client ..

[boelle]

log now says:

Fri Nov 21 00:22:43 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Fri Nov 21 00:22:43 2014 WARNING: --keepalive option is missing from server config
Fri Nov 21 00:22:43 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as interne$
Fri Nov 21 00:22:43 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Nov 21 00:22:43 2014 Diffie-Hellman initialized with 1024 bit key
Fri Nov 21 00:22:43 2014 Cannot load certificate file /etc/openvpn/easy-rsa/keys/closet_server.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL rout$
Fri Nov 21 00:22:43 2014 Exiting

hmm... its trying to load some old certificates... will see if i can make it load the right ones i just created