OpenVPN Client not working after installing - Help

[phall472]

Hello

I am new to Linux and Centos 5.5.

I have a clean installed Centos 5.5 with a GUI setup.

I installed epel repository and then yum install openvpn.

I then downloaded my client.ovpn and tried connecting using terminal command:
openvpn --config client.ovpn
I then typed in my username and password
After many lines I get:
"Option error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS] :4: dhcp-pre-release (2.1.4)"
"Option error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS] :5: dhcp-release (2.1.4)"
"Option error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS] :6: dhcp-release (2.1.4)"
"Option error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS] :16: registered dns"

After more lines the output stops and says:
"Initialization Sequence Completed" with no prompt just a flashing cursor on the line below.

When I switch to FireFox and try browsing the internet I can not connect to any web site.
To recover I go back to the terminal window and press "Ctrl-C" and it terminates the program and gives me back a prompt.

Please help me to fix this error.

Thank you

[phall472]

Here is the output from trying to connect:
----------------------------------------------------------------
Script started on Mon 16 May 2011 10:23:30 PM EDT
#]0;root@xxxxxxxxxxxxxxxxxx]# openvpn --config client.ovpn
Mon May 16 22:24:25 2011 OpenVPN 2.1.4 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Apr 24 2011
Enter Auth Username:?????????
Enter Auth Password:
Mon May 16 22:25:00 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon May 16 22:25:00 2011 Control Channel Authentication: tls-auth using INLINE static key file
Mon May 16 22:25:00 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 16 22:25:00 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 16 22:25:00 2011 LZO compression initialized
Mon May 16 22:25:00 2011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon May 16 22:25:00 2011 Socket Buffers: R=[129024->200000] S=[129024->200000]
Mon May 16 22:25:00 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon May 16 22:25:00 2011 Local Options hash (VER=V4): '504e774e'
Mon May 16 22:25:00 2011 Expected Remote Options hash (VER=V4): '14168603'
Mon May 16 22:25:00 2011 UDPv4 link local: [undef]
Mon May 16 22:25:00 2011 UDPv4 link remote: 204.188.231.130:1194
Mon May 16 22:25:00 2011 TLS: Initial packet from 204.188.231.130:1194, sid=7f80c80a 4b9aa526
Mon May 16 22:25:00 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon May 16 22:25:00 2011 VERIFY OK: depth=1, /CN=OpenVPN_CA
Mon May 16 22:25:00 2011 VERIFY OK: nsCertType=SERVER
Mon May 16 22:25:00 2011 VERIFY OK: depth=0, /CN=OpenVPN_Server
Mon May 16 22:25:00 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 16 22:25:00 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 16 22:25:00 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 16 22:25:00 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 16 22:25:00 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon May 16 22:25:00 2011 [OpenVPN_Server] Peer Connection Initiated with 204.188.231.130:1194
Mon May 16 22:25:02 2011 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
Mon May 16 22:25:02 2011 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.12.1,dhcp-option DNS 208.98.0.8,dhcp-option DNS 208.98.0.7,register-dns,comp-lzo yes,ifconfig 5.5.12.189 255.255.252.0'
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.1.4)
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.1.4)
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.1.4)
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.1.4)
Mon May 16 22:25:02 2011 OPTIONS IMPORT: timers and/or timeouts modified
Mon May 16 22:25:02 2011 OPTIONS IMPORT: explicit notify parm(s) modified
Mon May 16 22:25:02 2011 OPTIONS IMPORT: LZO parms modified
Mon May 16 22:25:02 2011 OPTIONS IMPORT: --ifconfig/up options modified
Mon May 16 22:25:02 2011 OPTIONS IMPORT: route options modified
Mon May 16 22:25:02 2011 OPTIONS IMPORT: route-related options modified
Mon May 16 22:25:02 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon May 16 22:25:02 2011 ROUTE default_gateway=24.235.176.1
Mon May 16 22:25:02 2011 TUN/TAP device tun0 opened
Mon May 16 22:25:02 2011 TUN/TAP TX queue length set to 100
Mon May 16 22:25:02 2011 /sbin/ip link set dev tun0 up mtu 1500
Mon May 16 22:25:02 2011 /sbin/ip addr add dev tun0 5.5.12.189/22 broadcast 5.5.15.255
Mon May 16 22:25:07 2011 /sbin/ip route add 204.188.231.130/32 via 24.235.176.1
Mon May 16 22:25:07 2011 /sbin/ip route add 0.0.0.0/1 via 5.5.12.1
Mon May 16 22:25:07 2011 /sbin/ip route add 128.0.0.0/1 via 5.5.12.1
Mon May 16 22:25:07 2011 Initialization Sequence Completed


This is where it hangs

^#^C
Mon May 16 22:25:47 2011 event_wait : Interrupted system call (code=4)
Mon May 16 22:25:47 2011 SIGTERM received, sending exit notification to peer
Mon May 16 22:25:48 2011 TCP/UDP: Closing socket
Mon May 16 22:25:48 2011 /sbin/ip route del 204.188.231.130/32
Mon May 16 22:25:48 2011 /sbin/ip route del 0.0.0.0/1
Mon May 16 22:25:48 2011 /sbin/ip route del 128.0.0.0/1
Mon May 16 22:25:48 2011 Closing TUN/TAP interface
Mon May 16 22:25:48 2011 /sbin/ip addr del dev tun0 5.5.12.189/22
Mon May 16 22:25:48 2011 SIGTERM[soft,exit-with-notification] received, process exiting
#]0;root@xxxxxxxxxxxxxxxxxx]# exit
exit

Script done on Mon 16 May 2011 10:25:57 PM EDT
------------------------------------------------------------------------------------------------
I hope this helps to find the fix.

[janjust]

this is weird:

Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.1.4)
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.1.4)
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.1.4)
Mon May 16 22:25:02 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.1.4)

those options should all be recognized by openvpn 2.1.4 ; I am curious where the openvpn rpm came from...

Mon May 16 22:25:07 2011 Initialization Sequence Completed

This is where it hangs

that is normal - the connection is established, the VPN should be operation; the vpn process does not daemonize itself (== run in the background) unless you also specify

Code: Select all

log-append /var/log/openvpn.log
daemon

[maikcat]

hi there,

can you also post server configs?

Michael.

[phall472]

Hello janjust & maikcat

For Janjust - In my first post I said I used epel as my repository. As I mentioned as well this is a clean install just for this purpose. I could re-install if I needed to but that would be install number 5 (I tried 5 times).

For maikcat - I'm not the owner of the server that I wish to connect to. It is an OpenVPN service that I signed up for. My Windows 7 system works on the OpenVPN service, I just cannot get my CentOS system to work.

One more detail: I'm using a router between my 2 computers (1 Windows 7 and 1 CentOS) and the cable modem.

I do not think it should make any difference since OpenVPN works for my Windows 7 computer.

[janjust]

congratulations, you just compromised your VPN credentials - DO NOT EVER POST YOUR PRIVATE KEY .

have you tried whether the VPN is working after the 'Initialization completed" message? what is the IP address assigned to the tun0 interface? can you try pinging the VPN server (most likely 5.5.12.1) ?

[phall472]

Hello janjust

When I try to connect to any web page with FireFox it fails to connect.

Regarding the client certificate I have removed it BUT when I did post it I very carefully removed the username and remote names and left everything else.

Like I said I am new to CentOS or any Linux system.

Thank you for your warning.

[janjust]

I'm not expecting firefox to work; open a terminal window in centos and type

Code: Select all

ping 5.5.12.1

some basic Linux knowledge will be required to get this working

[phall472]

Hello Janjust

I'm sorry about my level of knowledge of CentOS. I do know how to ping but I did not know that I could open two terminal windows at the same time.

The following is the output from pinging 5.5.12.1

#]0;root@????????????????????# ping 5.5.12.1
PING 5.5.12.1 (5.5.12.1) 56(84) bytes of data.
64 bytes from 5.5.12.1: icmp_seq=1 ttl=64 time=32.4 ms
64 bytes from 5.5.12.1: icmp_seq=2 ttl=64 time=34.7 ms
64 bytes from 5.5.12.1: icmp_seq=3 ttl=64 time=33.2 ms
64 bytes from 5.5.12.1: icmp_seq=4 ttl=64 time=32.2 ms
64 bytes from 5.5.12.1: icmp_seq=5 ttl=64 time=35.2 ms
64 bytes from 5.5.12.1: icmp_seq=6 ttl=64 time=32.1 ms
64 bytes from 5.5.12.1: icmp_seq=7 ttl=64 time=32.8 ms
64 bytes from 5.5.12.1: icmp_seq=8 ttl=64 time=34.3 ms
64 bytes from 5.5.12.1: icmp_seq=9 ttl=64 time=34.7 ms
64 bytes from 5.5.12.1: icmp_seq=10 ttl=64 time=32.1 ms

Can you tell me how to copy & paste the terminal output without the script routine. I know how to do it in Windows terminal: highlight and Ctrl-c to copy and right mouse click to paste. This does not work in Centos

[janjust]

select the text in the terminal window using the mouse, then use Edit->Copy. You can then paste this in firefox using Ctrl+V or Edit->Paste; Middleclicking will also work.


so you can ping the VPN server - that means your basic tunnel is up and running. Now the next step is to determine what you want to route via this tunnel? all traffic?

[phall472]

Hi Janjust

Yes all traffic.

Thank you for helping me.

[janjust]

if a windows client works with this service, then your centos client should now also work; start firefox and go to http://www.whatismyip.com

[phall472]

Hi Janjust

I have tried using FireFox with OpenVPN before I first made this post. I tried www.google.com and it gave the same response as www.whatismyip.com:

Address Not Found

Firefox can't find the server at www.whatismyip.com.

But when I stop OpenVPN and use FireFox it works. I'm using it right now.

Thank you for your post. If you have any other ideas I will be happy to do what you suggest.

[phall472]

Hi Janjust

I just logged on to my OpenVPN using my Windows computer and clicked on my link in the above post for whatismy ip and it went directly to the website and told me the IP:

What Is My IP Address - WhatIsMyIP.com
Your IP Address Is: 204.188.231.130

Like I said the Windows computer works but the Centos does not work.

I hope this may help.

Thank you

[urs]

Hi,
I have exactly the same problem with Ubuntu 11.04.

With Windows XP there are no problems. So the server-configuration is ok.

Regards,
Urs

[janjust]

most likely the problem is in the DNS resolver cache ; on windows the new DNS settings are picked up automatically, on Linux this does not happen. You can install either the update-resolv-conf plugin for OpenVPN or use the NetworkManager-openvpn plugin.

Try to do a

Code: Select all

ping 8.8.8.8

in a terminal window - if that works then IP routing works, but name resolution does not.

[urs]

Hi janjust,

Code: Select all

ping 8.8.8.8

does not work (why 8.8.8.8?).

I tried

Code: Select all

...
auth-retry interact
up /etc/openvpn/update-resolv-conf 
down /etc/openvpn/update-resolv-conf
...

in my client.ovpn. No success.

Any other idea?

Regards,
Urs

[janjust]

'8.8.8.8' is the IP address of a Google-owned publicly accessible DNS server - it's great for testing purposes. The 8.8.8.8 was intended for phall472 , as he got pings working already - don't know about your setup; is there a firewall blocking things on ubuntu? what is your setup? which openvpn client are you using?

[phall472]

Hello Janjust

We are get somewhere! It worked.

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=82.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=79.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=81.7 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=80.9 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=80.6 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=55 time=81.6 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=55 time=82.3 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=55 time=87.6 ms

So what do I have to do now?

Thank you

[janjust]

for debugging, add the following to the /etc/resolv.conf file on the linux box:

Code: Select all

nameserver 208.98.0.8
nameserver 208.98.0.7

and then try to browse the web; if that works then you'll have to automate this step; this can be done using either the update-resolv-conf plugin or using NetworkManager-openvpn .