Page 1 of 1
Problem in starting openvpn
Posted: Sun Jun 05, 2011 3:21 am
by etrader
I just installed OpenVPN according to the instruction give at
http://directspace.net/eportal/knowledg ... icle&id=10
But when I try to start openvpn, it fails with this error
Code: Select all
~]# service openvpn start
Starting openvpn: /etc/init.d/openvpn: line 169: script_security---script-security 2: command not found
/etc/init.d/openvpn: line 169: script_security---script-security 2: command not found
Re: Problem in starting openvpn
Posted: Sun Jun 05, 2011 11:10 am
by martian111
Hi,
I just ran into this problem when installing the newest version of OpenVPN using RPMForge:
openvpn x86_64 2.2.0-2.el5.rf rpmforge 469 k
The issue is a typo in the /etc/init.d/openvpn file. The following patch fixed this issue for me:
Code: Select all
[root@server openvpn]# diff -u /etc/init.d/openvpn.orig /etc/init.d/openvpn
--- /etc/init.d/openvpn.orig 2011-05-23 15:01:04.000000000 -0600
+++ /etc/init.d/openvpn 2011-06-05 05:04:15.000000000 -0600
@@ -166,7 +166,7 @@
# Handle backward compatibility, see Red Hat Bugzilla ID #458594
script_security=''
if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then
- script_security-"--script-security 2"
+ script_security="--script-security 2"
fi
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security
if [ $? = 0 ]; then
I'm not sure yet where to post a bug on this... but it's a simple fix at this point...
Hope this helps...
Martin
Re: Problem in starting openvpn
Posted: Sun Jun 05, 2011 11:26 am
by martian111
Actually, found the RPMforge committer and left him a comment/message:
https://github.com/repoforge/rpms/commi ... ript.patch
Also opened a new bug/issue:
https://github.com/repoforge/rpms/issues/11
Martin
Re: Problem in starting openvpn
Posted: Sun Jun 05, 2011 2:52 pm
by etrader
I edited /etc/init.d/openvpn file by changing the line to
Code: Select all
script_security="--script-security 2"
The error is gone, but still when starting openvpn, it fails.
Re: Problem in starting openvpn
Posted: Mon Jun 06, 2011 9:47 am
by maikcat
hi there,
please post openvpn server log if you want someone to help you..
Michael.
Re: Problem in starting openvpn
Posted: Mon Jun 06, 2011 10:24 pm
by etrader
Sorry for my failure. Where can I find openvpn server log?
Re: Problem in starting openvpn
Posted: Tue Jun 07, 2011 6:38 am
by maikcat
add log statement inside server config f.e
log /etc/openvpn/server.log
and restart the server
Michael.
Re: Problem in starting openvpn
Posted: Wed Jun 08, 2011 6:16 am
by etrader
Thanks Michael. This is what written into the server log after trying to start openvpn (which is FAILED in ssh)
Code: Select all
Wed Jun 8 10:12:05 2011 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on May 23 2011
Wed Jun 8 10:12:05 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 8 10:12:05 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jun 8 10:12:05 2011 Cannot open dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file
Wed Jun 8 10:12:05 2011 Exiting
Re: Problem in starting openvpn
Posted: Wed Jun 08, 2011 6:58 am
by maikcat
hi there,
>Cannot open dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file
your dh1024.pem file is missing or it is located elsewhere...
when you generated certs , you issued build-dh command
this command creates the above file.
it would help alot if you posted the server config file though.
Michael.
Re: Problem in starting openvpn
Posted: Wed Jun 08, 2011 8:01 am
by etrader
Actually I did not created certs manually, as I followed the procedure instructed at
http://directspace.net/eportal/knowledg ... icle&id=10
The openvpn.conf is
Code: Select all
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon
log /etc/openvpn/server.log
Re: Problem in starting openvpn
Posted: Wed Jun 08, 2011 8:11 am
by maikcat
hi there,
anyway the dh1024.pem file is missing...
i suggest you read the docs and build keys by yourself.
Michael.
Re: Problem in starting openvpn
Posted: Wed Jun 08, 2011 7:02 pm
by etrader
Thanks Michael. I created it according to the OpenVPN How-To, and now the openvpn is successfully starting on the server. But I cannot connect to it by OpenVPN GUI from my Windows machine. The icon remains yellow without any error message.
I do not know whether it is still a problem associated with the server, or bad configuration of Open VPN GUI. How I cannot verify (test) that OpenVPN on the server is working correctly?
Thank you in advance.
Re: Problem in starting openvpn
Posted: Thu Jun 09, 2011 7:28 am
by maikcat
hi there,
for start you should post your configs here...
and server logs.
Michael.
Re: Problem in starting openvpn
Posted: Thu Jun 09, 2011 6:04 pm
by etrader
Thanks for your kind attention. The server config is
Code: Select all
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert etrader.crt
key etrader.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon
log /etc/openvpn/server.log
The config file in C:\Program Files\OpenVPN\config
Code: Select all
remote 69.163.33.111
tls-client
dev tap
ca ca.crt
cert etrader.crt
key etrader.key
ping 10
verb 1
mute 10
comp-lzo
Re: Problem in starting openvpn
Posted: Fri Jun 10, 2011 9:14 am
by maikcat
hi there,
remove this
>push "route 10.8.0.0 255.255.255.0"
also change this
>push "redirect-gateway"
to this
push "redirect-gateway def1"
also to your client config
change this
>dev tap
to this
dev tun
ps: i noticed that you are using the SAME certificate to both server/client...
can you post exactly how did you build your keys?
Michael
Re: Problem in starting openvpn
Posted: Fri Jun 10, 2011 4:36 pm
by etrader
Thanks for your patience. It seems I have done something wrong. I copied the crt and key files from the server to my local Windows machine. Should I create cert in my local machin? I just created static key file.
Re: Problem in starting openvpn
Posted: Mon Jun 13, 2011 8:21 am
by maikcat
hi there,
to create your keys follow the above sequence..
first edit vars file
source it
then do the following
build-ca
build-key-server server <--builds a key named server for use on your openvpn server
build-dh
build-key user01 <--build a key named user for use on your client
to generate static.key file cd into keys dir and type
openvpn --genkey --secret ta.key
replace the names into your configs and try again to connect...
ps: there is a detailed howto into doc section to the openvpn.net site
Michael.