openvpn

deano · 26 Mar 2011 at 12:03

Hi,

i'ce installed a new server and installed and configured openvpn on it this was all up and running. Then i've copied over the users and server crt's from the old server so I dont have to recreate all the users stuff and so they cna still connect now i've done this openvpn will not start

the only error is

[ 8135.726814] tun0: Disabled Privacy Extensions

any ideas

tntcoder · 26 Mar 2011 at 12:40

Are you connecting manually or using something like gnome-network-manager?

Are your server and client configs definitely the same and known to be working?

deano · 26 Mar 2011 at 12:44

that error is on the server.

the clients (windows) worked before installing a new server. (does other stuff like mail dhcp dns etc etc)

copied over the all the certs from the old server to the new server as in

dh1024.pem extip my-ca.crt my-crl.pem server.conf server.crt server.key ta.key

and also copied over all the configs in /usr/local/CA

this contains all the client certs.

openvpn service just wont start on the server

I though it would be as easy as coping over the certs and config

tntcoder · 26 Mar 2011 at 12:52

It should be that simple

Have you tried starting the server manually, e.g "openvpn /etc/openvpn/myserver.conf" as opposed to just starting it as a service with init.d, might give you some more debugging information.

Also worth double checking the key files linked to in your config are in the correct place, but that should really give you errors if they aren't.

If that all fails I would try completly removing /etc/openvpn and setting it up again, your server config + keys are all that should be in there.

Tricky error you're getting though, google isn't much help

deano · 26 Mar 2011 at 12:58

thanks,

my server.conf is

port 5000
proto tcp
dev tun
keepalive 10 60
comp-lzo
verb 4

ca /etc/openvpn/my-ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file is secret
dh /etc/openvpn/dh1024.pem
tls-auth /etc/openvpn/ta.key 0 # This file is secret
crl-verify /etc/openvpn/my-crl.pem

user nobody
group nobody
persist-key
persist-tun

status /var/log/openvpn-status.log

server 192.168.255.0 255.255.255.0
push "ip-win32 dynamic"
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.2"

and all the files are in there.

i'll try as you have suggested with starting it rather than from init.d ta.

yep google is a waste of time for that error I'd have thought some one would have had similar issues before.

thanks

deano · 26 Mar 2011 at 13:05

sorted

using :-

openvpn /etc/openvpnserver.conf

produced

Sat Mar 26 12:59:29 2011 us=101028 failed to find GID for group nobody

in it's output.

now all working

tntcoder · 26 Mar 2011 at 13:06

Can you also post that status file up if it has any interesting content, /var/log/openvpn-status.log and check /var/log/syslog for anything vpn related.

EDIT: Ah awesome, glad its fixed!

deano · 26 Mar 2011 at 13:08

there is nothing in openvpn-status-log as no clients are connected

in messages i get

Mar 26 12:59:29 server kernel: [11728.108872] tun0: Disabled Privacy Extensions
Mar 26 13:02:07 server kernel: [11893.418471] tun0: Disabled Privacy Extensions
Mar 26 13:03:22 server kernel: [11971.426445] tun0: Disabled Privacy Extensions
Mar 26 13:07:38 server kernel: [12231.202091] tun0: Disabled Privacy Extensions

something still wrong but not sure what

deano · 26 Mar 2011 at 13:22

got a client connected and get this in openvpn-status-log

OpenVPN CLIENT LIST
Updated,Sat Mar 26 13:21:50 2011
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Diana_Bailey,94.5.212.13:49159,29435,51946,Sat Mar 26 13:18:56 2011
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
192.168.255.6,User_Name,94.5.212.13:49159,Sat Mar 26 13:21:40 2011
GLOBAL STATS
Max bcast/mcast queue length,0
END