Debian 9 - Tunnel Interface Not Found - New Install

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by dazo » Wed Jan 10, 2018 4:29 pm

TinCanTech wrote:
Wed Jan 10, 2018 4:22 pm
In an effort to get to the bottom of this, did you try without using network-manager ?
Because it is difficult to tell if the problem is with openvpn or network-manager.
In this case, openvpn is started outside of NetworkManager. And a server configuration is attempted to be started. So "not using network-manager" would mean uninstall it; which I strongly discourage. That can cause lots of other issues on top of this.

TiTex
OpenVPN Expert
Posts: 271
Joined: Tue Apr 12, 2011 6:22 am

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by TiTex » Wed Jan 10, 2018 8:15 pm

dazo wrote:
Wed Jan 10, 2018 4:29 pm
TinCanTech wrote:
Wed Jan 10, 2018 4:22 pm
In an effort to get to the bottom of this, did you try without using network-manager ?
Because it is difficult to tell if the problem is with openvpn or network-manager.
In this case, openvpn is started outside of NetworkManager. And a server configuration is attempted to be started. So "not using network-manager" would mean uninstall it; which I strongly discourage. That can cause lots of other issues on top of this.
@dazo , why would be an issue not using network-manager to starting openvpn and also why would that mean to uninstall network-manager ?
the only case where i would see network-manager interfere is on a workstation with a gui, and even there only if you use the network-manager openvpn plugin.

anyhow , i just installed openvpn on a debian 9 system and don't have any problems , but i have to say that compared to RHEL based family of linux distros , on debian... systemd is a bad joke :) , lot's of service units actually just run an old school init script and that's exactly the case for openvpn

so just start openvpn like you would on an older system which does not use systemd

Code: Select all

/etc/init.d/openvpn start|stop|restart
if this doesn't work , try loading the kernel module and see if you actually can load it

Code: Select all

modprobe tun
lsmod | grep tun

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by dazo » Wed Jan 10, 2018 10:35 pm

@TiTex ... I understand that systemd on Debian can feel like a bad joke. I don't think it's that bad, but what is bad is all the wrappers put around systemd to make it behave like a non-systemd system. Like you point out with using /etc/init.d/openvpn directly ... but I don't recall which way it wraps; if systemd is used as a wrapper around init.d scripts, well, that is going to cause a nastier user experience.

Which is why we managed to convince the Debian package maintainer to ship our openvpn-{client,server}@.service files ... but I'm not sure it has been updated with the changes we added in later 2.4.1+ releases; I've seen some traces of them being the same as in 2.4.0, which carries some bugs. So if the package maintainer could pick up our latest upstream versions and ship them, I believe Debian users could experience a much better systemd integration. But the old way of interacting with initd scripts needs to stop, it will give a half-baked experience.

In regards to uninstalling network-manager ... I don't know how tightly that is integrated into the distribution in Debian. But if you try to do such a stunt in RHEL/Fedora, you end up with a system which won't configure network interfaces well during boot. You can make it work by adding some tweaks in the various systemd network configuration unit files and so on. NetworkManager actually can do good things on servers as well as workstations and in particular laptops where networks are even less static. But in today's virtualized world, networks are not as static as they used to be with essentially just bare-metals in the data centres.

esbeeb
OpenVpn Newbie
Posts: 1
Joined: Tue Mar 20, 2018 10:42 pm

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by esbeeb » Tue Mar 20, 2018 10:59 pm

TinCanTech wrote:
Sat Jan 06, 2018 5:18 pm
Stop using Network-Manager.
Note: @xq1xq1xq1, I too am running Debian 9.3 on my server. I'm having similar problems to you.

@dazo: your advice to not use "log" or "log-append" in server.conf was crucially important. I'm also using "verb 9" to debug. Now when I manually try to start openvpn on the command line with:

Code: Select all

openvpn --config /etc/openvpn/server/server.conf
...All the highly verbose error messages show right there on the command line (and they weren't showing up in /var/log/syslog when I used "log" in server.conf)! Intensely useful!

Here's a nice guide to disabling, but not uninstalling, Network Manager.

In a nutshell, first (as root) show if Network manager is indeed in control of any network interfaces:

Code: Select all

nmcli dev status
My network interfaces were under control of Network Manager (which is the default in Debian). Then to disable Network Manager:

Code: Select all

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service 
Now another "nmcli dev status" should show that Network Manager is no longer in control of your Network interfaces.

Also Note: I had to append the following line to /etc/group:
nobody:x:65534:nobody
Why? Because in Debian 9, you get a "nobody" user by default, in /etc/passwd, but no "nobody" group in /etc/group. Once the "nobody" group was created thusly, then and only then I could use "user nobody" and "group nobody" in server.conf.

My openvpn server now starts! At least from the command line....

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by dazo » Wed Mar 28, 2018 2:48 pm

I would rather recommend you to not disable NetworkManager on the system as a whole. Rather tell NetworkManager to not touch certain devices; like tun/tap devices. In /etc/NetworkManager/NetworkManager.conf rather add:

Code: Select all

[keyfile]
unmanaged-devices=interface-name:tun*
and restart NetworkManager.

Really. Stop believing NetworkManager is evil. It is trying to do all it can to make networking work nicely in todays more dynamic network environments. Killing it will give you other challenges when the environment around your box changes. Telling it "I know what I'm doing with these devices, you can relax" will generally give you a better experience in the end.

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by dazo » Wed Mar 28, 2018 2:50 pm

For further info, see the NetworkManager.conf man page.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4627
Joined: Fri Jun 03, 2016 1:17 pm

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by TinCanTech » Wed Mar 28, 2018 3:35 pm

TinCanTech wrote:
Sat Jan 06, 2018 5:18 pm
Stop using Network-Manager
To clarify this: While trying to diagnose problems with Openvpn do not start openvpn via Network-Manager.

Instead run openvpn from a root terminal or with sudo .. eg:

Code: Select all

me@home /etc/openvpn $ sudo openvpn /path/to/my_config.conf

blackhiden
OpenVpn Newbie
Posts: 3
Joined: Mon Feb 26, 2018 1:23 am

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by blackhiden » Thu Apr 19, 2018 9:50 am

Dunno if this can solve your problem or not.
But your config file doesn't seem right on line 19.
You should write "group nogroup" instead of "group nobody"
I had same problem long time ago.

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Debian 9 - Tunnel Interface Not Found - New Install

Post by dazo » Fri Jun 01, 2018 9:55 am

@blackhidden ... This issue is not related to --group at all. It would fail much earlier and with a very different error:

Code: Select all

# openvpn --config vpn-srv1.conf --group jambojambo
[....]
Fri Jun  1 11:52:28 2018 failed to find GID for group jambojambo
Fri Jun  1 11:52:28 2018 Exiting due to fatal error
#

Post Reply