OpenVPN not starting tun0
The next thing that should happen after "Peer Connection Initiated" is a push/pull request exchange. Apparently the other side is doing a push, but not a pull, so you also need to do a pull on this side.
Related videos on Youtube
usr-local-ΕΨΗΕΛΩΝ
Chuck Norris is the only one who can type my name on a keyboard by using my teeth as keys, courtesy of a roundhouse kick in my mouth
Updated on September 18, 2022Comments
-
usr-local-ΕΨΗΕΛΩΝ over 1 year
I have restored a Raspberry Pi running an OpenVPN client from a major disaster by actually copying files in
/etc/openvpn
to the new machine.Now simply openvpn won't start
dev tun0
Log shows the following (verbosity 3):
Tue Jan 31 20:08:34 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016 Tue Jan 31 20:08:34 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08 Tue Jan 31 20:08:35 2017 WARNING: file '/etc/ssl/vpn/secret.key' is group or others accessible Tue Jan 31 20:08:35 2017 WARNING: file '/etc/ssl/vpn/ta.key' is group or others accessible Tue Jan 31 20:08:35 2017 Control Channel Authentication: using '/etc/ssl/vpn/ta.key' as a OpenVPN static key file Tue Jan 31 20:08:35 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 31 20:08:35 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 31 20:08:35 2017 Socket Buffers: R=[163840->131072] S=[163840->131072] Tue Jan 31 20:08:35 2017 TUN/TAP device tun0 opened Tue Jan 31 20:08:35 2017 TUN/TAP TX queue length set to 100 Tue Jan 31 20:08:35 2017 GID set to nogroup Tue Jan 31 20:08:35 2017 UID set to nobody Tue Jan 31 20:08:35 2017 UDPv4 link local: [undef] Tue Jan 31 20:08:35 2017 UDPv4 link remote: [AF_INET]aa.bb.cc.dd:1194 Tue Jan 31 20:08:35 2017 TLS: Initial packet from [AF_INET]aa.bb.cc.dd:1194, sid=4c0e5dbf 708c5f57 Tue Jan 31 20:08:36 2017 VERIFY OK: depth=1, C=AT, ST=LA, L=ATLANTIS, O=coolpeople, OU=VPN, CN=coolpeople CA, name=djechelon, [email protected] Tue Jan 31 20:08:36 2017 VERIFY OK: nsCertType=SERVER Tue Jan 31 20:08:36 2017 VERIFY OK: depth=0, C=AT, ST=LA, L=ATLANTIS, O=coolpeople, OU=VPN, CN=limortacci, name=djechelon, [email protected] Tue Jan 31 20:08:37 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Jan 31 20:08:37 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 31 20:08:37 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Jan 31 20:08:37 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 31 20:08:37 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Tue Jan 31 20:08:37 2017 [limortacci] Peer Connection Initiated with [AF_INET]aa.bb.cc.dd:1194 Tue Jan 31 20:08:38 2017 Initialization Sequence Completed
But ifconfig shows no trace of
tun0
unless I use-a
ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
I expected at least tun0 to get the IP address as the server has.
What is wrong with my configuration? It looks like the VPN is established.
Client config is
dev tun proto udp tls-client remote aa.bb.cc.dd 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca /etc/ssl/vpn/ca.crt cert /etc/ssl/vpn/cert.crt key /etc/ssl/vpn/key.key ns-cert-type server tls-auth /etc/ssl/vpn/ta.key 1 cipher AES-256-CBC comp-lzo push "route 192.168.192.0 255.255.255.0 vpn_gateway 1" log /var/log/openvpn.log verb 7
Files in
/etc/ssl
are present (did I say I restored them too?)