Page 1 of 2
OpenVPN trouble... fails to start
Posted: Wed Nov 19, 2014 1:30 pm
by boelle
So to make it short i followed this guide to install OpenVPN SERVER.....
http://melgrubb.wordpress.com/2014/08/0 ... openvpn-2/
but it fails to start when i issue /etc/init.d/openvpn start
"[FAIL] Starting virtual private network daemon: server failed!"
/var/log/openvpn.log and /var/log/openvpn-status.log are both EMPTY
my conf:
Code: Select all
local 192.168.0.3 # YOUR PI▒^▒^▒S IP ADDRESS
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/closet_server.crt
key /etc/openvpn/easy-rsa/keys/closet_server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.0.3 255.255.255.0" # YOUR PI▒^▒^▒S IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.0.1" # YOUR ROUTER▒^▒^▒S IP ADDRESS
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
i have googled the net far and near and most of them shows that the tun network interface is up, but that is not the case for me. and only one hit came close, that one was due to 2 conf file in same dir but i have only one.
also most guides say reboot and config firewall... i dont have a firewall as that is in my router... and i cant reboot since its a server other people is also depending on, to make it worse the pi is also doing energy loging and rebooting will make a mess in the data as it will use year 1970 until it gets a valid date from the internet... enough to screw up the data
but where can i start to look for faults?
Code: Select all
zgrep CONFIG_TUN /proc/config.gz
CONFIG_TUN=m
Re: OpenVPN trouble... fails to start
Posted: Wed Nov 19, 2014 4:50 pm
by maikcat
first use verb 3 or higher,
second try to start openvpn by using
openvpn --config <path-to-config>
Michael.
Re: OpenVPN trouble... fails to start
Posted: Wed Nov 19, 2014 7:41 pm
by boelle
tried that
pi@raspberrypi /etc/openvpn $ sudo openvpn --config /etc/openvpn/server.conf
pi@raspberrypi /etc/openvpn $
should it not say ok or something?
Re: OpenVPN trouble... fails to start
Posted: Wed Nov 19, 2014 7:43 pm
by boelle
also only interfaces up after that is eth0 wlan0 and lo
Re: OpenVPN trouble... fails to start
Posted: Wed Nov 19, 2014 7:46 pm
by boelle
and of course not using sudo throws permission errors:
Code: Select all
Wed Nov 19 20:40:38 2014 Warning: Error redirecting stdout/stderr to --log file: /var/log/openvpn.log: Permission denied (errno=13)
Wed Nov 19 20:40:38 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Wed Nov 19 20:40:38 2014 NOTE: your local LAN uses the extremely common subnet a ddress 192.168.0.x or 192.168.1.x. Be aware that this might create routing conf licts if you connect to the VPN server from public locations such as internet ca fes that use the same subnet.
Wed Nov 19 20:40:38 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig her to call user-defined scripts or executables
Wed Nov 19 20:40:38 2014 Note: cannot open /var/log/openvpn-status.log for WRITE
Wed Nov 19 20:40:38 2014 Cannot open /etc/openvpn/easy-rsa/keys/dh1024.pem for D H parameters: error:0200100D:system library:fopen:Permission denied: error:2006D 002:BIO routines:BIO_new_file:system lib
Wed Nov 19 20:40:38 2014 Exiting
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 8:18 am
by maikcat
after using verb 3, log files still empty?
Michael.
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 1:22 pm
by boelle
Yep.. not a single dot in either of them
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 1:46 pm
by maikcat
switch to root by using either su - or sudo su -
then start openvpn manually,
same result?
Michael.
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 6:00 pm
by boelle
that is what i did....
both with sudo and without.... i posted the precise command a few post up
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 6:03 pm
by boelle
but yes using sudo in front of the command or or doing
pi@raspberrypi ~ $ sudo su
root@raspberrypi:/home/pi# openvpn --config /etc/openvpn/server.conf
same result....
and also there is no network interface.... ie i only have lan and wlan and loopback
will the vpn one show up only if openvpn is running?
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 6:29 pm
by boelle
my german is a bit rusty but found this YT video and will see if there are steps i have missed or that the guide i used have missed
http://www.youtube.com/watch?v=a5-viXBCOyo
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 7:59 pm
by boelle
i followed the YT video excatly... even generated new key
only thing i skipped was 8-10:25 which is firewall stuff, i have removed the firewall in the first place as my main router handles that.
it still fails... and the logs are still empty.... and yes i only have one conf (deleted the other one) which now looks like this:
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/closet_server.crt
key /etc/openvpn/easy-rsa/keys/closet_server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log 20
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 192.168.0.1" # YOUR ROUTER'S IP ADDRESS
log-append /var/log/openvpn.log
comp-lzo
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 8:07 pm
by boelle
as sudo su i tried this:
root@raspberrypi:/etc/openvpn# cat /var/log/syslog | grep VPN
root@raspberrypi:/etc/openvpn#
i also did a normal restart as sudo su
root@raspberrypi:/etc/openvpn# /etc/init.d/openvpn restart
[ ok ] Stopping virtual private network daemon:.
[FAIL] Starting virtual private network daemon: openvpn failed!
read through the detailed guide also:
http://www.karesyk.de/vpn-server-einrichten/
in the user comments below that a user has excat the same issue.. search for "Luca schrieb am 20. März 2014 um 2:54 Uhr:"
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 8:13 pm
by boelle
hmmm
[ ok ] Stopping virtual private network daemon:.
the demon is not called openvpn like in the videos and guides... ie not when stopped.... but that works
but when its starting it is called openvpn????
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 8:24 pm
by boelle
tried to start all over again...
as sudo su:
apt-get purge openvpn
then removed the whole /etc/openvpn dir
apt-get install openvpn
last few lines of that:
Sætter openvpn (2.2.1-8+deb7u2) op...
[ ok ] Restarting virtual private network daemon.:.
root@raspberrypi:/etc#
still the demon is just a dot.. i see its the same in the video now...
will try once more with copy and paste from the detailed german guide
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 8:40 pm
by boelle
http://www.karesyk.de/vpn-server-einrichten/
only skipped step 9, 10, 11
it still fails to start... logs are empty
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 10:37 pm
by boelle
damm.
just tried openswan and pptpd none worked
then did a reboot... now all 3 are running and screwed my wifi connection
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 11:07 pm
by boelle
removed the 2 others and rebooted... now it fails again
so there must be something missing
testing my way now
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 11:12 pm
by Traffic
post your OpenVPN configs and logs for both server and client ..
Re: OpenVPN trouble... fails to start
Posted: Thu Nov 20, 2014 11:23 pm
by boelle
log now says:
Fri Nov 21 00:22:43 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Fri Nov 21 00:22:43 2014 WARNING: --keepalive option is missing from server config
Fri Nov 21 00:22:43 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as interne$
Fri Nov 21 00:22:43 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Nov 21 00:22:43 2014 Diffie-Hellman initialized with 1024 bit key
Fri Nov 21 00:22:43 2014 Cannot load certificate file /etc/openvpn/easy-rsa/keys/closet_server.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL rout$
Fri Nov 21 00:22:43 2014 Exiting
hmm... its trying to load some old certificates... will see if i can make it load the right ones i just created