Page 1 of 1
Running OpenVPN Client on OpenVZ VPS
Posted: Thu Sep 24, 2015 10:55 am
by stgltz
Hi,
Newbie here looking for some help setting up a a OpenVPN client (not server) to connect to a VPN service I already subscribe to.
The VPS is running Ubuntu 14.04.3 LTS, OpenVZ is being used for the virtualization.
TUN/TAP module is enabled
Code: Select all
root@myvps:~# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
I get the below error with no firewall or ip tables inplace
Code: Select all
root@myvps:/etc/openvpn# openvpn 'london.ovpn'
Thu Sep 24 05:07:28 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Enter Auth Username:
Enter Auth Password:
Thu Sep 24 05:07:38 2015 UDPv4 link local: [undef]
Thu Sep 24 05:07:38 2015 UDPv4 link remote: [AF_INET]146.185.20.156:1194
Thu Sep 24 05:07:38 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 24 05:07:39 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]146.185.20.156:1194
Thu Sep 24 05:07:41 2015 TUN/TAP device tun0 opened
Thu Sep 24 05:07:41 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 24 05:07:41 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu Sep 24 05:07:41 2015 /sbin/ip addr add dev tun0 local 10.197.1.6 peer 10.197.1.5
RTNETLINK answers: No such device
Thu Sep 24 05:07:41 2015 ERROR: Linux route add command failed: external program exited with error status: 2
some more out put that might be helpful
Code: Select all
root@myvps:~# ip route
default dev venet0 scope link
Code: Select all
root@panda:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0
Any help would be much appreciated, please let me know if these is more info I can give.
Cheers!
Re: Running OpenVPN Client on OpenVZ VPS
Posted: Thu Sep 24, 2015 12:40 pm
by maikcat
can you try the following:
Code: Select all
openvpn --mktun --dev tun0
/sbin/ip link set dev tun0 up mtu 1500
can you see the interface using ifconfig?
Michael.
Re: Running OpenVPN Client on OpenVZ VPS
Posted: Thu Sep 24, 2015 4:25 pm
by stgltz
Thanks for the reply maikcat!
Code: Select all
root@myvps:~# openvpn --mktun --dev tun0
Thu Sep 24 11:17:07 2015 TUN/TAP device tun0 opened
Thu Sep 24 11:17:07 2015 Persist state set to: ON
root@myvps:~# /sbin/ip link set dev tun0 up mtu 1500
root@myvps:~#
Code: Select all
root@myvps:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:489 errors:0 dropped:0 overruns:0 frame:0
TX packets:301 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:50105 (50.1 KB) TX bytes:43853 (43.8 KB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:{vpspublicip} P-t-P:{vpspublicip} Bcast:{vpspublicip} Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
I tried connecting to the vpn server after that but no luck. If freezes and I have to re-boot the vps at the providers website to be able to ssh log on again.
Re: Running OpenVPN Client on OpenVZ VPS
Posted: Fri Sep 25, 2015 5:53 am
by maikcat
I tried connecting to the vpn server after that but no luck. If freezes and I have to re-boot the vps at the providers website to be able to ssh log on again.
i have a feeling that your vps is not freezed , it simply connects and redirects it gateway causing you to loose connection...
can you add route-nopull in your config and test again?
Michael.
Re: Running OpenVPN Client on OpenVZ VPS
Posted: Fri Sep 25, 2015 7:02 am
by stgltz
Thanks Michael!
After editing the config file it looks like it connects. I get the following:
root@myvps:/etc/openvpn# openvpn 'Germany.ovpn'
Fri Sep 25 01:48:52 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Fri Sep 25 01:48:52 2015 UDPv4 link local: [undef]
Fri Sep 25 01:48:52 2015 UDPv4 link remote: [AF_INET]46.165.251.155:1194
Fri Sep 25 01:48:53 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]46.165.251.155:1194
Fri Sep 25 01:48:56 2015 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Sep 25 01:48:56 2015 TUN/TAP device tun0 opened
Fri Sep 25 01:48:56 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 25 01:48:56 2015 /sbin/ip link set dev tun0 up mtu 1500
Fri Sep 25 01:48:56 2015 /sbin/ip addr add dev tun0 local 10.179.1.6 peer 10.179.1.5
Fri Sep 25 01:48:56 2015 Initialization Sequence Completed
I'm no longer locked out of the server. I tested downloading some data and it looks like it is not going through the vpn.
Code: Select all
root@myvps:~/pg/scripts$ ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.179.1.6 P-t-P:10.179.1.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:49774 errors:0 dropped:0 overruns:0 frame:0
TX packets:25970 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:66812663 (66.8 MB) TX bytes:1684745 (1.6 MB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:{vpspublicip} P-t-P:{vpspublicip} Bcast:{vpspublicip} Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
Code: Select all
root@myvps:~$ wget -qO- http://ipecho.net/plain ; echo
{vpspublicip}
Do you know how to configure this?
Many thanks,
Tom
Re: Running OpenVPN Client on OpenVZ VPS
Posted: Fri Sep 25, 2015 9:58 am
by maikcat
things now get a little complicated....
with the directive i gave you , your client does not accept any routes send by the server.
if you remove it you loose your vpn because any response from internet go via tunnel
rendering your ssh session unusable.
the only work around is to enable policy based routing in your vps regarding the established ssh connections
so that ssh traffic keeps flowing via your normal gateway.
if you search the forum you will find similar topics...
Michael.