OpenVPN Support Forum

Posted: **Wed Oct 12, 2011 12:52 pm**

I have Googled for this, but can't find any thing that helps...

I am having trouble getting the client (a Windows XP laptop) to connect to the OpenVPN server.
The basic error message is:

Code: Select all

read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

Searching on the net revealed that it apears the VPN server is not running.

However, when I check the server status through Webmin, it reports the status as Unknown. If I click "Show Status", then I get the screen which says "Executing /etc/init.d/openvpn status .." and that is all.

If I access the server with PuTTY, and type "sudo /etc/init.d/openvpn status", it just returns to the command prompt.

It doesn't even seem to show up with "ps aux | less" or "top".

I have tried stopping and starting and just restarting OpenVPN through both Webmin and at the command line with PuTTY, but still canot find if it is running.

What am I doing wrong?

Posted: **Wed Oct 12, 2011 3:18 pm**

log in on the server and run the openvpn server manually:

Code: Select all

/usr/sbin/openvpn --config <path to config file>

then connect the client. which linux distro are you using? the /etc/init.d/openvpn script is very distro dependent...

Posted: **Mon Oct 17, 2011 7:25 am**

Thanks. It seems it couldn't find the config file. Though because of another problem, I just did a server reinstall...

I have just reinstalled OpenVPN, and am carefully going through the HOWTO. I might have missed something obvious, but it doesn't seem to say where to put the configuration file, other than the example in /usr/share/doc/openvpn/examples, which I doubt is the right place for the actual conf file.

I am using OpenVPN 2.1.0 x86_64-pc-linux-gnu on Ubuntu 10.04.3 LTS, and at the moment just managing it through PuTTY.

Posted: **Mon Oct 17, 2011 9:43 am**

you can put the config file anywhere you want. A common place to put is

Code: Select all

/etc/openvpn

but it's up to you to decide what is the best spot. When in doubt, use this path.

Posted: **Mon Oct 17, 2011 11:40 am**

This thread was origianlly Cannot check status of OpenVPN server., but things have progress and new problems ahve reared their ugly heads...

yeah, thanks - that's what I did.

However, I dunno if I have other problems or it's all OpenVPN releted...

I ran /usr/sbinopenvpn --config /etc/openvpn/server.conf

and got:

Code: Select all

NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Diffie-Hellman initialized with 1024 bit key
/usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
TLS-Auth MTU parms [ L:1542 D:138 EF:0 EB:0 ET:0 EL:0 ]
WARNING: Potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.1/255.255.255.255]
ROUTE default_gateway=192.168.1.1
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
/sbin/ifconfig tun0 192.168.1.1 pointopoint 192.168.1.2 mtu 1500
WARNING: Potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
/sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.2
Data Channel MTU parms [L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Socket Buffers: R=[124928->131072] S=[124928->131072]

Then it all seemed to hang. There was nothing after that, and the PuTTY terminal would not respond.
After about five minutes, PuTTY then closed as it had lost connection to the server. After that I could not reconnect, PuTTY complains with "No route to host".
I then tried to connect through nautilus with ssh://user-name@192.168.1.100/home only to get the message:
"sftp://user-name@192.168.1.100/home", because the host could not be found.

Checking from the server, I tried apt-get update, only to get a long list of server not found.

ifconfig shows that the server is getting an IP address from the modem/router. But there is also another entry, now, for tun0:

Code: Select all

tun0	link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
		inet addr:192.168.1.1 P-t-p:192.168.1.2 mask:255.255.255.255.255
		UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 metric:1
		RX packets:0 errors:0 dropped:0 overruns:0 frame:0
		TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
		collisions:0 txqueuelen:100 
		RX bytes:56188 (0.0 B)  TX bytes:8763 (0.0 B)

I am assuming now, that something else is wrong and the OpenVPN is blocking all network traffic?

--EDIT--
Doing web searches, I see the tun0 entry look sto be pretty normal, so guess that's not the problem...

Posted: **Mon Oct 17, 2011 12:57 pm**

without any special keywords openvpn will continue to run in the foreground and will stop when you close putty; to run openvpn in the background add

Code: Select all

daemon
log-append /var/log/openvpn.log

to the server config file.

Posted: **Tue Oct 18, 2011 8:07 am**

Ok, I have done that. But the problem still occurs. When OpenVPN is running, there is no other connections possible to the server.

Here is the server.conf file:
# OpenVPN 2.0 config file for multi-client server.
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 192.168.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4
daemon

It is located at /etc/openvpn/server.conf

I have even tried running the server manually with /usr/sbin/openvpn --config /etc/openvpn/server.conf to make sure it was reading the configuration file. But again the problem occurs.

--EDIT--
Also, since installing OpenVPN and running for the first time, the server cannot connect to the outside world through the modem/router. Neither apt-get or wget work. I get server not found, or unable to resolve address errors. These are now persistant whether OpenVPN is running or not.

I have removed the openvpn script from /etc/init.d (I have backed it up to the home directory). But still there is no external connection.
I have set up portforarding on the modem/router for port 1194 to the server's internal ip address, and I created a rule to allow udp packages to the server, but even with these disabled, so the modem/router is in the same configuration as when I first set up the server, there is no connectivity.

Posted: **Tue Oct 18, 2011 8:57 am**

i hope that the lan ip of your server is not from 192.168.1.x network...

Michael.

Posted: **Tue Oct 18, 2011 10:46 am**

maikcat wrote:i hope that the lan ip of your server is not from 192.168.1.x network...

Michael.

By that I assume you mean that the server I am talking about is using the IP range 192.168.1.x for it's local network?
The answer is probably no. The "server PC" has a fixed IP in that range though.

The network if effectly centred around the modem/router.
The intention is to use the "server PC" as file share and printer share. However, because we have on eperson who is out of the office a lot, we need the VPN so the wanderer can access the project files.
The set-up is going to look like this (when I get OpenVPN working...)

Code: Select all

                 m r
internet <-----> o o <-----> server: OpenVPN + file-share + printer share
   ^             d u
   |             e t <-----> office PC
   |             m e <-----> office PC
   v             / r
 remote
  PC

(ain't ascii art just great!

)
After I found how to get OpenVPN running properly, then I can play around with other issues.

Posted: **Tue Oct 18, 2011 11:19 am**

alloydog wrote:--EDIT--
Also, since installing OpenVPN and running for the first time, the server cannot connect to the outside world through the modem/router. Neither apt-get or wget work. I get server not found, or unable to resolve address errors. These are now persistant whether OpenVPN is running or not.

I have removed the openvpn script from /etc/init.d (I have backed it up to the home directory). But still there is no external connection.
I have set up portforarding on the modem/router for port 1194 to the server's internal ip address, and I created a rule to allow udp packages to the server, but even with these disabled, so the modem/router is in the same configuration as when I first set up the server, there is no connectivity.

OK, I don't know if this a result of installing OpenVPN, but it seems resolv.conf was not being updated.
I manually editted it to read nameserver 192.168.1.1, restarted /etc/networking, and it now connects OK.

Posted: **Tue Oct 18, 2011 11:42 am**

can you also post the output of ifconfig on the openvpn server itself?

Michael.

Posted: **Wed Oct 19, 2011 6:00 am**

ifconfig output with OpenVPN runing:

Code: Select all

eth0      Link encap:Ethernet  HWaddr 00:26:18:b4:f3:05  
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::226:18ff:feb4:f305/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11463 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6240 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13404581 (13.4 MB)  TX bytes:704236 (704.2 KB)
          Interrupt:27 Base address:0xa000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2976 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2976 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:234928 (234.9 KB)  TX bytes:234928 (234.9 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.1.1  P-t-P:192.168.1.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:1368 (1.3 KB)

Posted: **Wed Oct 19, 2011 9:14 am**

hi there,

your eth0 and your tun0 are in the SAME range!!

your setup wont work
change your vpn network (tun interface)

Michael.

Posted: **Fri Oct 21, 2011 12:54 pm**

I've had a heck of job fixing this... I think I was thinking of a complicated fix. Most server set-ups I read about had the VPN server running on the server dealing with all the networtk traffic and so on. It wasn't untill I chatted to a mate and asked some really, really basic questions about networking.

Anyway, I fixed the IP problem by correcting the server entry in server.conf to 192.168.1.100. Now the VPN should run without interupting any other access.

But now I seem to be back to the original problem.
/etc/init.d/openvpn status returns an error saying it could not the PID.

ps aux | grep vpn returned:

Code: Select all

1369 0.0 0.0 7624 900 pts/0 S+ 15:48 0:00

But the PID seems to be different each time!

Posted: **Fri Oct 21, 2011 1:22 pm**

when you use openvpn in routing mode you
simply *cant* have both lan and tun interface in the same ip subnet....

use network 10.8.0.0/24 for your openvpn service and try again..

Michael.

Posted: **Tue Oct 25, 2011 8:12 am**

Big thanks! That all seems to be sorted now. A lot of this network admin stuff is new to me to me, and I think I was looingk for a too deep/complicated answer.

To be honest, I did not really know how the VPN worked, on a basic level. I couldn't understand how the IP range of 10.8.x.x would work with my modem/router, which uses the range 192.168.1.x.

A friend had to explain that the IP address in the VPN configuration file was effectly internal to the host server and that any routing/tunneling was done by the VPN server. So the the physical server (the big box with the bad paint job) connects to the modem/router with 192.1681.x. then any connection coming in on the port assigned to the VPN goes to the VPN server and is given an IP address in the 10.8.x.x range.

Just got one of the remote laptops to connect to the VPN server - and by remote, I mean it's in another building and connected over the internet, rather than being in the same office.

OpenVPN Support Forum

Cannot check status of OpenVPN server.

Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Connection problems after installing and starting OpenVPN

Re: Cannot check status of OpenVPN server.

Re: Connection problems after installing and starting OpenVP

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Connection problems after installing and starting OpenVP

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.

Re: Cannot check status of OpenVPN server.