OpenVPN Support Forum

[FOR FUTURE READERS]
Make sure you don't have your client.conf in /etc/openvpn.

Hi there,

I'm attempting to create a simple VPN tunnel on a VPS running CentOS 6 (32-bit), but I'm running into some trouble. I've installed and configured the OpenVPN server and client according to various tutorials without any problems. I can also connect to the OpenVPN server fine. However I can't access the internet through the VPN (no page loads). But I can still access the server. Performing commands through ssh if fine, for example.

I've been thinking it's a port problem but that's hasn't fixed anything. Do you have any ideas on the cause of this?

Thanks.

Info
client1.ovpn/client1.conf: http://pastebin.com/J2ahDRds
server.conf: http://pastebin.com/JFt08J2Q
Client-side log: http://pastebin.com/EtNu30hz
Server-side log: http://pastebin.com/vU1T3MEp

your sanitized server config is

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 6

Add and restart the server.

The client log shows that the connections comes up fine (although you'd be better off choosing a different IP range), but is disconnected after 30 seconds of use. The server log should give you a clue why.

Thanks, here is the (rather lengthy) log: http://pastebin.com/vU1T3MEp

I can't see any immediately obvious problems, except for some 'expected's around like 466.

The log shows me starting OpenVPN through /etc/init.d/openvpn start, trying to connect to google.com for about a minute, disconnecting and then stopping OpenVPN again.

your client seems to connect twice:

Mon Dec 5 12:06:38 2011 us=805813 SERVERIP:41818 [client1] Peer Connection Initiated with SERVERIP:41818
...
Mon Dec 5 12:06:49 2011 us=453401 CLIENTIP:57184 [client1] Peer Connection Initiated with CLIENTIP:57184

that does not seem right ... also, the client connects OK, but I see

Mon Dec 5 12:08:24 2011 us=663437 event_wait : Interrupted system call (code=4)

at the end - or was that you interrupting the server process?

So the first connection is from the server, to the server, as the client? And the second is from the client, to the server, as the client? I'm not sure what the significance of that is but it definitely doesn't seem right.

Also I imagine the interupt was just me using /etc/init.d/openvpn stop right at the end.

Is it possible that this is a problem with not having the right ports forwarded/opened?

While I'm not really sure what I'm talking about, is the amount of data that the logs show as being sent significant? Looking at the client log as I try to connect, it seems like an awfully small amount of data.

for an initial connect that amount of data seems right; run the server in the foreground on the CentOS box: and reconnect the client. Don't press Ctrl-C in the window where openvpn is running.
Then try to ping the VPN server IP 10.8.0.1 from the VPN client - does that work?

Wow, starting in the foreground worked! I appear to be tunneling fine. I imagine this is what it should do, but the SSH console is just hanging there (blank line, no [user@server dir]# prompt) instead of an alternate prompt.

In light of this, what does it tell us and how would I proceed to make the VPN run normally?

excellent - progress
Add to the openvpn config file, and try to start it again as a service: or

No dice, sadly. Starting it through either method has the same effect as with the daemon in the config file.

My current server.conf reads:

err, I'm confused now: your server config does not work , either when started using /etc/init.d/openvpn or when started from the command line? and if you remove the 'daemon' line and start it from the command line it DOES work? that is VERY odd...

Can you post the log file WITH the 'daemon' line present, there might be something funny going on in there.

Indeed, it's a conundrum SP. Here are (hopefully) more server-side logs than you'll ever need. The process shows me starting OpenVPN, connecting, trying to connect to a website for a few seconds, disconnecting and stopping OpenVPN with '/etc/init.d/openvpn stop'.

With 'daemon' and init.d script start: http://pastebin.com/5fE218Vk
With 'daemon' and service start: http://pastebin.com/C13C7BKF
init.d script start, no 'daemon': http://pastebin.com/gMVag2rS
Service start, no 'daemon': http://pastebin.com/CXCWrZUX
'openvpn --config /etc/openvpn/server.conf ' start, no 'daemon': http://pastebin.com/NhtqyWMW

The interrupted system call near the end of each is just me disconnecting. I can't see anything nasty in the first four, but the last one is rather interesting (that was the one that worked). The server ip is not mentioned once, the client seems to connect to the client, the Diffie-Hellman parameters aren't loading, and something about '--script-security 2'. And while it's probably of no consequence, it will also only start when I'm in the /etc/openvpn directory.

But the strangest thing? One attempt to start using 'openvpn --config /etc/openvpn/server.conf' (without 'daemon') resulted in it not running in the foreground (I still had the normal prompt). But my IP address was apparently still the server IP (I'm using whatismyipaddress.com for the IP checks). So I stopped the server using both 'etc/init.d/openvpn stop'and 'ervice openvpn stop', but didn't disconnect my client. On reloading the page (and trying four other IP address services) my IP was still that of the server. I have no idea at all how to interpret this, but here is the log:
http://pastebin.com/dqmzsRfS

Let me know if you need client-side logs or anything

hmmm the server seems to be connecting to itself - that can never be right.
1) Make sure that there is only a single '.conf' file in the /etc/openvpn directory; the CentOS /etc/init.d/openvpn script will try to start ALL files named '.conf' in that directory

2) the 'dh1024.pem file not found' is fatal - that instance of OpenVPN did not start; please absolute paths in your server.conf file for the ca, cert, key and dh parameters.

Oh crap. Well, after checking it turns out I had accidentally copied over the client.conf as well as the server.conf. It all works perfectly!

Well that journey came to a rather anticlimactic end, thanks for the help along the way.

no problem, closing topic