Webmin 1.999
Virtualmin 7.1-1
OpenVPN Admin uses OpenVPN version 2.0_rc16, OpenSSL version 0.9.7e
(I have tried to upgrade to the latest version but the site returns a 502 error)
Hi,
I am having issues connecting to my VPN. It sits on my server and worked fine on the previous machine I used but when I had to transfer it to a new VPS, it was necessary to rebuild it from scratch.
The service is running but I do not know how to test if it is running properly or not.
I have checked the config files and they all look to be fine with the redirection of keys and certificates etc. but to be sure I have even tried a profile with all the certificate, dh and keys data embedded.
No matter what I try I cannot get a connection. The log shows that it is negotiating with the server but something is stopping it from finalising the connection.
The only thing I can think of is the firewall but the ports have been open for UDP (1194 and 1195) and when I try:
root@electra:~# firewall-cmd --zone=public --query-masquerade
I get the response
yes
[Unfortunately I do not know enough about IP Tables and Firewalld to determine what I have set up as the masquerade so that might be the first place to start?]
I am posting some config files below as well for more information but can anyone help me to get this working please? I am posting both in Virtualmin forums and OpenVPN forums.
/etc/openvpn/xsxtc-vpn-kodi.conf
port 1195
proto udp
dev tun1
ca keys/xsxtc-ca/ca.crt
cert keys/xsxtc-ca/server-key.crt
key keys/xsxtc-ca/server-key.key
dh keys/xsxtc-ca/dh2048.pem
topology subnet
server 10.20.0.0 255.255.255.0
crl-verify keys/xsxtc-ca/crl.pem
ifconfig-pool-persist servers/xsxtc-vpn-kodi/logs/ipp.txt
cipher AES-256-CBC
user nobody
group nogroup
status servers/xsxtc-vpn-kodi/logs/openvpn-status.log
log-append servers/xsxtc-vpn-kodi/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/xsxtc-vpn-kodi/ccd
duplicate-cn
comp-lzo
persist-key
persist-tun
float
ccd-exclusive
auth SHA512
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
Extract from the server log
Wed Aug 31 21:29:47 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Aug 31 21:29:47 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Aug 31 21:29:47 2022 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Wed Aug 31 21:29:47 2022 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Wed Aug 31 21:29:47 2022 TUN/TAP device tun1 opened
Wed Aug 31 21:29:47 2022 /sbin/ip link set dev tun1 up mtu 1500
Wed Aug 31 21:29:47 2022 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Wed Aug 31 21:29:47 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 31 21:29:47 2022 UDPv4 link local (bound): [AF_INET][undef]:1195
Wed Aug 31 21:29:47 2022 UDPv4 link remote: [AF_UNSPEC]
Wed Aug 31 21:29:47 2022 GID set to nogroup
Wed Aug 31 21:29:47 2022 UID set to nobody
Wed Aug 31 21:29:47 2022 Initialization Sequence Completed
Wed Aug 31 22:43:43 2022 event_wait : Interrupted system call (code=4)
Wed Aug 31 22:43:43 2022 Closing TUN/TAP interface
Wed Aug 31 22:43:43 2022 /sbin/ip addr del dev tun1 10.20.0.1/24
RTNETLINK answers: Operation not permitted
Wed Aug 31 22:43:43 2022 Linux ip addr del failed: external program exited with error status: 2
Wed Aug 31 22:43:43 2022 SIGTERM[hard,] received, process exiting
Wed Aug 31 22:44:00 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Aug 31 22:44:00 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Aug 31 22:44:00 2022 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Wed Aug 31 22:44:00 2022 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Wed Aug 31 22:44:00 2022 TUN/TAP device tun1 opened
Wed Aug 31 22:44:00 2022 /sbin/ip link set dev tun1 up mtu 1500
Wed Aug 31 22:44:00 2022 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Wed Aug 31 22:44:00 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 31 22:44:00 2022 UDPv4 link local (bound): [AF_INET][undef]:1195
Wed Aug 31 22:44:00 2022 UDPv4 link remote: [AF_UNSPEC]
Wed Aug 31 22:44:00 2022 GID set to nogroup
Wed Aug 31 22:44:00 2022 UID set to nobody
Wed Aug 31 22:44:00 2022 Initialization Sequence Completed
Client kodi.opvn file (sits in a directory with all the referenced keys and certificates etc.)
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert kodi.crt
key kodi.key
remote xxx.xxx.xxx.xxx 1195
cipher AES-256-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
auth SHA512