OpenVPN Bridge, is the service running?

curdegn

26
+0/-0

OpenVPN Bridge, is the service running?

« on: April 21, 2011, 06:53:27 PM »

Hi,

Since after an update early April 2011 (SME Server 7.5.1), VPN did not work any more, i decided to install "OpenVPN Bridge". As I think installation and certificates went all well, but clients cannot connect. Syslog of client says:

Code: [Select]

ovpn-client[6258]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111).
I think the openvpn service may not run properly. For example if I use the Webinterface and click on "OpenVPN-Bridge"->"Display connected clients" it says "An error occured while connecting to the manager. Check the service is running.".

How can I check if the service is running? "ps aux | grep vpn" outputs:

Code: [Select]

root      3330  0.0  0.0    20   20 ?        Ss   18:17   0:00 runsv openvpn-bridge
smelog    3371  0.0  0.0  2600  264 ?        S    18:17   0:00 /usr/local/bin/multilog t s5000000 /var/log/openvpn-bridge

Well, does this mean it's running?

Many thanks for any advises

Logged

Stefano

10,894
+3/-0

Re: OpenVPN Bridge, is the service running?

« Reply #1 on: April 21, 2011, 07:04:35 PM »

Quote from: curdegn on April 21, 2011, 06:53:27 PM

Since after an update early April 2011 (SME Server 7.5.1), VPN did not work any more,

this should not happen.. please raise a bug in bugzilla asap giving as much info and report here the reference for future readers, thank you

Quote

i decided to install "OpenVPN Bridge". As I think installation and certificates went all well, but clients cannot connect. Syslog of client says:
Code: [Select]
ovpn-client[6258]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111).
I think the openvpn service may not run properly. For example if I use the Webinterface and click on "OpenVPN-Bridge"->"Display connected clients" it says "An error occured while connecting to the manager. Check the service is running.".

How can I check if the service is running? "ps aux | grep vpn" outputs:
Code: [Select]
root 3330 0.0 0.0 20 20 ? Ss 18:17 0:00 runsv openvpn-bridge smelog 3371 0.0 0.0 2600 264 ? S 18:17 0:00 /usr/local/bin/multilog t s5000000 /var/log/openvpn-bridgeWell, does this mean it's running?

Many thanks for any advises

how is your server configured? server, server and gateway? did you forward the right port to connecto to openvpn?

please, if you want help, help us to help you being more verbose

thank you

Logged

curdegn

26
+0/-0

Re: OpenVPN Bridge, is the service running?

« Reply #2 on: April 21, 2011, 11:00:35 PM »

Many thanks for reply.

Quote

how is your server configured? server, server and gateway? did you forward the right port to connecto to openvpn?

The SME-Server is configured as server and gateway and is placed behind a NAT/ADSLModem
SME-Server internal address: 192.168.10.1
SME-Server external address: 192.168.1.99
NAT/ADSLModem internal address: 192.168.1.1
NAT/ADSLModem external address: {my-public-ip-address}

The NAT/ADSLModem forwards port 1194 to the SME-Server external address at same port (1194).
Is there any other port-forwarding within the SNE-Server necessary?

Following the complete syslog output trying to connect to the SME-Server by vpn Client from the public (e.g. ubuntu networkManager):

Code: [Select]

Apr 21 22:21:50 MyPC NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Apr 21 22:21:50 MyPC NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3331
Apr 21 22:21:50 MyPC NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Apr 21 22:21:50 MyPC NetworkManager: <info>  VPN plugin state changed: 1
Apr 21 22:21:50 MyPC NetworkManager: <info>  VPN plugin state changed: 3
Apr 21 22:21:50 MyPC NetworkManager: <info>  VPN connection 'flinkchur' (Connect) reply received.
Apr 21 22:21:50 MyPC nm-openvpn[3335]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Apr 21 22:21:50 MyPC nm-openvpn[3335]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Apr 21 22:21:50 MyPC nm-openvpn[3335]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 21 22:21:50 MyPC nm-openvpn[3335]: WARNING: file '/home/user1/VPN-Certs/user1-key.pem' is group or others accessible
Apr 21 22:21:50 MyPC nm-openvpn[3335]: /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Apr 21 22:21:50 MyPC nm-openvpn[3335]: LZO compression initialized
Apr 21 22:21:50 MyPC nm-openvpn[3335]: UDPv4 link local: [undef]
Apr 21 22:21:50 MyPC nm-openvpn[3335]: UDPv4 link remote: [AF_INET]{my-public-ip-address}:1194
Apr 21 22:22:31 MyPC NetworkManager: <info>  VPN connection 'vpntest' (IP Config Get) timeout exceeded.
Apr 21 22:22:31 MyPC nm-openvpn[3335]: SIGTERM[hard,] received, process exiting
Apr 21 22:22:31 MyPC NetworkManager: <info>  Policy set 'Auto eth0' (eth0) as default for routing and DNS.

Does anyone have an idea where the problem could be?

Quote

Since after an update early April 2011 (SME Server 7.5.1), VPN did not work any more,
this should not happen. Please raise a bug in bugzilla asap giving as much info and report here the reference for future readers, thank you

Its quite a while I set up that VPN tunnel, now not sure witch contrib it was (is now deinsalled). Think this post here, from April 9th reports the same update problem (in German): http://forums.contribs.org/index.php/topic,47385.msg233809.html#msg233809

Logged

curdegn

26
+0/-0

Re: OpenVPN Bridge, is the service running?

« Reply #3 on: May 02, 2011, 01:37:37 PM »

SOLVED:
The problem was that I created a certificate for the server protected with a password:

Solution:
As explained here: http://wiki.contribs.org/OpenVPN_Bridge#Create_a_certificate_for_the_server you need to create a passwordless certificate so the daemon can be started automatically.

Curdegn

Logged