Topic: [ANNOUNCE] smeserver-openvpn-bridge-fws-1.1-2.rpm

[Daniel B.]

The last lines of the server's log (you can get it through the panel) would be more helpfull. Just do the following:
- restart openvpn-bridge (/etc/init.d/openvpn-bridge restart)
- try to connect again (it should do the same error)
go in the server manager and copy past the last 30~40 lines of the logs

[del]

Hi VIP-ire,

This is my setup:
SME Server set as server/gateway = 10.0.0.1 Subnet: 255.0.0.0
DHCP Range on this server = 10.0.0.65 - 10.0.0.250
Test server in server only mode = 10.0.0.2 (DHCP turned off)
Ethernet Print Server = 10.0.0.20
Wireless Access = 10.0.0.10
One Local machine = 10.0.0.21
OpenVPN Range = 10.0.0.50 - 10.0.0.60 (OpenVPN is set for a max of 5 users)
But the server-manager panel still says that the Daemon is NOT running, can you tell me if I am missing something
Thanks.

Regards,
Del

[Daniel B.]

Hi VIP-ire,

This is my setup:
SME Server set as server/gateway = 10.0.0.1 Subnet: 255.0.0.0
DHCP Range on this server = 10.0.0.65 - 10.0.0.250
Test server in server only mode = 10.0.0.2 (DHCP turned off)
Ethernet Print Server = 10.0.0.20
Wireless Access = 10.0.0.10
One Local machine = 10.0.0.21
OpenVPN Range = 10.0.0.50 - 10.0.0.60 (OpenVPN is set for a max of 5 users)
But the server-manager panel still says that the Daemon is NOT running, can you tell me if I am missing something
Thanks.

Regards,
Del

Your configuration seems to be ok. You should have a look at your log to see why the deamon cannot start. The log of the server is accessibl through the panel. You can post the log or send me by mail (daniel@firewall-services.com), I'll try to see what's going on.

[AndrewR]

Del,

1) Which version of the panel are you running?
2) Have you created the Certicificates yet?
3) Since the install, have you done a reboot... enabing / disabling the service does not restart the daemon.

[Daniel B.]

Del,

1) Which version of the panel are you running?
2) Have you created the Certicificates yet?
3) Since the install, have you done a reboot... enabing / disabling the service does not restart the daemon.

Yes, I forgot to ask wich version you're running. You should use 1.0-3 which I released this morning. It does correct the problem of the daemon not restarting without rebooting.

[del]

Hi AndrewR,

1) Which version of the panel are you running?

I installed smeserver-openvpn-bridge-fws-1.0-2

2) Have you created the Certicificates yet?

Yes, but I have tried a couple of different IP ranges so do they need to be recreated?

3) Since the install, have you done a reboot... enabing / disabling the service does not restart the daemon.

I have rebooted a couple of times but it doesn't make any difference

Thanks for your response.

Regards,
Del

[AndrewR]

Del,

If I were you, this is what I would do:

1) Run the upgrade to 1.03
2) delete all Certificates. Create new ones.
3) Pick one range and stick to it. Make sure the range of IPs chosen is OUTSIDE your DHCP range, otherwise you could run into addressing conflicts. So, for example, your networks DHCP address range runs from 10.0.0.50-10.0.0.150, then make your VPN addresses be from 10.0.0.151-10.0.0.175 (or however many clients you need). ***NOTE: if your SME Server is the DHCP server for the network, then disregard. But if you are using another server as a DHCP (eg a Windows Server in an Active Directory Setup) Then you may want to do this. ***
4) Reconfigure all your clients with the new certificates and configuration files.

If that doesn't work... then uninstall OVPN and do a clean install. It sounds like some corrupt information and / or incomplete information, so the Daemon isn't starting due to the fact not everything is in order.

Cheers and good luck.

[imcintyre]

The last lines of the server's log (you can get it through the panel) would be more helpfull. Just do the following:
- restart openvpn-bridge (/etc/init.d/openvpn-bridge restart)
- try to connect again (it should do the same error)
go in the server manager and copy past the last 30~40 lines of the logs

I am at work now so this will have to wait until tonight/tomorrow morning.

[del]

Hi All,

I have now uninstalled the rpms, where can I get smeserver-openvpn-bridge-fws-1.0-3.noarch.rpm from? The link still downloads smeserver-openvpn-bridge-fws-1.0-2.noarch.rpm  and are the other 2 rpms the same? One other question, can put the rpms in their own directory and then install them? Only I like to keep things tidy Thanks.

Regards,
Del

[Daniel B.]

You will find everything about smeserver-openvpn-bridge-fws here:http://sme.firewall-services.com/downloads/smeserver-openvpn/

Of corse, you can download it, put it in the directory you want and then install locally with

Code: [Select]

rpm -Uvh /path/to/the/rpm
or

Code: [Select]

yum localinstall /path/to/the/rpm

[del]

Hi VIP-ire,

I have now installed again, but the daemon is still not running  Also the old certs are still there, can you tell me how to delete all of them so I can  then recreate them and see if that helps
This is the log:

Tue Dec 12 18:26:07 2006 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006
Tue Dec 12 18:26:07 2006 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so 'login' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Tue Dec 12 18:26:07 2006 Diffie-Hellman initialized with 1024 bit key
Tue Dec 12 18:26:07 2006 Cannot load certificate file easy-rsa/keys/bridge/server.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Tue Dec 12 18:26:07 2006 Exiting
Tue Dec 12 18:54:54 2006 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006
Tue Dec 12 18:54:54 2006 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so 'login' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Tue Dec 12 18:54:54 2006 Diffie-Hellman initialized with 1024 bit key
Tue Dec 12 18:54:54 2006 Cannot load certificate file easy-rsa/keys/bridge/server.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Tue Dec 12 18:54:54 2006 Exiting
Tue Dec 12 18:58:40 2006 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006
Tue Dec 12 18:58:40 2006 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so 'login' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Tue Dec 12 18:58:40 2006 Diffie-Hellman initialized with 1024 bit key
Tue Dec 12 18:58:40 2006 Cannot load certificate file easy-rsa/keys/bridge/server.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Tue Dec 12 18:58:40 2006 Exiting

Sorry for being a pain

Regards,
Del

[AndrewR]

Hi VIP-ire,

I have now installed again, but the daemon is still not running  Also the old certs are still there, can you tell me how to delete all of them so I can  then recreate them and see if that helps

Del,

To Delete Certificates:

1) Go to the OpenVPN section in Server Manager.
2) At the top, there is a link that Says:

Click here to manage the certificates

Click on that link.
3) On the page that loads, click on the link that reads as follows:

Click here to delete all the certificate and regenerate it

4) This will delete all your certificates, and create a new Server Certificate, ta.key, and a Diffle Hillmen key.

5) You will need to MANUALLY create NEW certificates for all of your users. Make sure you update your client installs with the new certificates and keys, and config file.

Hope this helps.

[del]

Hi AndrewR,

I have done that and recreated them but it is still the same. I noticed from the last log that my time zone was set to GMT and not EST, so I have put that right although I didn't think it would have anything to do with my problem. This is the new log:

Tue Dec 12 14:11:09 2006 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006
Tue Dec 12 14:11:09 2006 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so 'login' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Tue Dec 12 14:11:09 2006 Diffie-Hellman initialized with 1024 bit key
Tue Dec 12 14:11:09 2006 Cannot load certificate file easy-rsa/keys/bridge/server.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Tue Dec 12 14:11:09 2006 Exiting

I must be doing something wrong  Is there a way I can start the daemon manually? Thanks again.

Regards,
Del

[AndrewR]

Del,

It looks like your Certs are not deleting correctly... I encountered a similar problem when I first tried Beta4.. and it seems so long ago. Ultimately.. I had to reinstall SME entirely, and then do a fresh install of OVPN. That was fairly easy for me to do, since I was using SME in server only mode, and its only role is to be the OVPN server. If that's all you're using your SME server for... well... I would suggest doing a complete reinstall of SME (wipe the drive, install from scratch) and then do the OVPN install.

If you're using SME for more than that... hmm... I dunno. Anybody got any suggestions, to see if we can "force" the daemon to start?

[crazybob]

When you were removing openvpn, did you delete the entire /etc/openvpn folder? That is what I did when I changed from routing to bridge, and things went pretty well.

Bob