Koozali.org: home of the SME Server
Obsolete Releases => SME 8.x Contribs => Topic started by: smnirosh on September 16, 2015, 10:10:08 PM
-
Today i reconfigured my sme server. I answered all the questions as correct i believe. And once it asks for a "DNS address when no internet", I gave no IP address to that last question of the configuration steps.
After reconfiguration the internet is lost. then I changed the RJ 45 cables connected to 2 ports on the server. then internet works. And I manually add NAMESERVER 8.8.8.8 to the resolv.conf file. After all, I tried to connect from home to server via Openvpn it is not connecting. following error msg receiving through openvpn connection window;
Wed Sep 16 21:50:41 2015 OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 8 2015
Wed Sep 16 21:50:41 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Wed Sep 16 21:50:41 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Sep 16 21:50:41 2015 Need hold release from management interface, waiting...
Wed Sep 16 21:50:41 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'state on'
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'log all on'
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'hold off'
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'hold release'
Wed Sep 16 21:50:51 2015 MANAGEMENT: CMD 'username "Auth" "s.nirosh"'
Wed Sep 16 21:50:51 2015 MANAGEMENT: CMD 'password [...]'
Wed Sep 16 21:50:51 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Sep 16 21:50:51 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 16 21:50:51 2015 UDPv4 link local (bound): [undef]
Wed Sep 16 21:50:51 2015 UDPv4 link remote: [AF_INET]89.2.7.225:1194
Wed Sep 16 21:50:51 2015 MANAGEMENT: >STATE:1442433051,WAIT,,,
Wed Sep 16 21:51:51 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 16 21:51:51 2015 TLS Error: TLS handshake failed
Wed Sep 16 21:51:51 2015 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 16 21:51:51 2015 MANAGEMENT: >STATE:1442433111,RECONNECTING,tls-error,,
Wed Sep 16 21:51:51 2015 Restart pause, 2 second(s)
Wed Sep 16 21:51:53 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Sep 16 21:51:53 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 16 21:51:53 2015 UDPv4 link local (bound): [undef]
Wed Sep 16 21:51:53 2015 UDPv4 link remote: [AF_INET]89.2.7.225:1194
Wed Sep 16 21:51:53 2015 MANAGEMENT: >STATE:1442433113,WAIT,,,
Wed Sep 16 21:52:07 2015 SIGTERM received, sending exit notification to peer
Wed Sep 16 21:52:08 2015 SIGTERM[soft,exit-with-notification] received, process exiting
Wed Sep 16 21:52:08 2015 MANAGEMENT: >STATE:1442433128,EXITING,exit-with-notification,,
what do i have do to connect via openvpn.
-
You should first tell us which contrib you have installed, and which client is trying to connect, and how you have configured it.....
As a side note, you should not modify directly your /etc/resolv.conf file. This is managed by the SME Server templates engine, you'd better read some documentation (http://wiki.contribs.org/SME_Server:Documentation)
-
Ok. thanks for the advice.
my version of OS is - Linux 2.6.18 371. i686
I have deployed this server as a Gateway and server mode
I am trying to connect from windows 7
do i have to re configure openvpn?
How can i check if my openvpn is configured as bridge mode or as an othermode?
thanks for your quick reply
-
do i have to re configure openvpn?
How can i check if my openvpn is configured as bridge mode or as an othermode?
There's no builtin OpenVPN server. Which contrib have you installed ?
-
"DNS address when no internet"
can you explain where did you see such a request and in which language? I don't remember anything similar in SME's console..
-
How to check which contrib?
-
/sbin/e-smith/audittools/newrpms
-
Centos sme server 8
-
smnirosh, you'd try to answer to the questions you've been asked..
rpm -qa | grep openvpn
-
smnirosh
To explain more simply/fully.
Log in as root or a user with root privileges to a command prompt on your SME server.
Then type in the following commands one at a time & record the output & post it back here.
If you use Putty ssh remote access client (free download) from a workstation on your LAN, then you can cut & paste, making it easy to copy the output from the screen after you type these commands. You right click the little logo icon at the top left corner of the Putty window to access cut & paste commands etc.
/sbin/e-smith/audittools/newrpms
rpm -qa | grep openvpn
These commands will show all the additional rpm packages installed, & specifically show the version of openvpn installed (if installed).
-
thank you janet.. sometimes I forget to give more explanations
-
Stefano
For most users here, a simple command should be sufficient, but it seems smnirosh needs some hand holding.
-
openvpn 2.1.1-2.e15
-
is this the only output?
if so, you missed the smeserver-openvpn package..
so, now, please tell us how did you install openvpn
take a look here: http://wiki.contribs.org/OpenVPN_Bridge
-
Dear friends, so sad... after power loss this server has no display. But we have another linux server. we are planned to take this server into action. I am so so so sure this server has to be reconfigure again to be worked.
all this things happen to me is DISASTOR. :-x :-x :-x :-x
-
smnirosh
The Linux file system is very robust & usually tolerant of forced power shutdowns.
The journaling file system can withstand unexpected & non graceful power shutdowns.
So I would not worry too much about disruptions to your files.
You should have an uninterruptible power supply on your server though, so that a graceful (controlled) shutdown can be done in the event of a prolonged power failure.
A reconfigure of a server done via the console menu is not a problem, you have been told this before.
Usually you just step through the screens accepting the values that are already there & then reboot, too easy !
Fixing hardware that has failed is another issue though.
It should be easy enough to swap a monitor from another nearby device.
Please follow the howto to install openvpn correctly, you have an old version of openvpn installed for some unknown reason.
You do not tell us how it came to be installed.
-
Dear Janet, that server is not installed and configured by me. The only thing i know Admin password and where our critical data located and normal domain settings.
but now we are in a much troubled with it because hardware failure. I think it is motherboard Or RAM. This server has RDRam. it is now discontinuing production
We had another server no worked for long time. I am doing the server preparation for boot. after that i will update you all. keep in touch with me. :smile: :smile: :smile:
-
smnirosh
It does not matter what the replacement server hardware is.
If you install the fresh SME operating system from CD, you can then do a restore from the last known good backup, & your srever should be up & running with the same configuration & data as previously.
Being ready for serious hardware failures is something that a good sysadmin has a plan prepared for. eg spare equipment & drives etc
-
Hi janet, This time it may be the major issue. The boss gave me our previos server.
this one has Neth service 8.2. This one also give a "Reconfigure and reboot required" msg.
We formated the hard disk which was in sme server and our plan is configure a NAS drive. But this server go internet. and openvpn works. But the msg is a problem. my boss said pls reconfigure and give a reboot to making sure we are ready to audit.
-
Neth service 8.2. This one also give a "Reconfigure and reboot required" msg.
NethService is a Nethesis' product, and if you're using it you'd ask elsewhere for support..
please don't ask for support on nethserver communisty site, they are 2 different products
www.nethesis.it
-
thanks stefano. I contact nethsis. as their aspect, we have to contact the person who configured this server. they don't directly give us support. i was disappointed with nethsis. :-x
Any way. I can download sme server and configure domain in it. then share a ibay. Give DHCP range. and create users in it to use domain. I like to give it the same domain name that we used.
My main problem is "can i implement a openvpn through which existing users can logon"
because there are 12 users meant to use this server over openvpn. :shock:
-
smnirosh
......"can i implement a openvpn through which existing users can logon"
because there are 12 users meant to use this server over openvpn.
PLEASE READ THE DOCUMENTATION.
You are asking questions that you could easily find an answer for, just by browsing the wiki.
eg see http://wiki.contribs.org/Category:Contrib
which shows more than one contrib for openvpn
Read them & work out which one suits your situation & install that.
http://wiki.contribs.org/OpenVPN_Bridge
http://wiki.contribs.org/OpenVPN_Routed
http://wiki.contribs.org/OpenVPN_SiteToSite
& also this
http://wiki.contribs.org/Openswan_IPSEC
-
Yes, it's possible to reinstall an OpenVPN server as before. The problem is, if you don't want to touch the configuration of the 12 remote users, you'll need:
- To know how it was installed (was it the bridge contrib ?)
- You'll need to configure it exactly the same way as before
- You'll need to find the certificates on the server and use the same one on your new server
If one of these points is missing (especially the certificate part), then you'll have to start from scratch and reconfigure all the OpenVPN clients
-
Danial B., following open vpn client config is using by our company to connecto openvpn server. The usernames were in sme domain and they use their domain passwords to connect.
dev tun
# Verificare che l'hostname del server sia corretto.
remote 184.212.203.56
ca server.crt
tls-client
auth-user-pass
float
pull
explicit-exit-notify 1
verb 3
wht is this openvpn model? is it client to client, or server bridge, or route bridge?
-
thanks stefano. I contact nethsis. as their aspect, we have to contact the person who configured this server. they don't directly give us support. i was disappointed with nethsis. :-x
you should not..
BTW, where are you from?
-
NethService 8.2 is "just" SME8 with some proprietary packages (not needed)
AFAIK, you can restore a NethService backup on SME
try it first on a VM.. and move to SME9 asap (if you choose to stay on SME)
-
Pisa, itay
-
interesting..
why didn't you come to italian language forum? :-)
-
We are heading to having a ubuntu server in the future.
but now we need only a openvpn server to connect with clients due to few meetings. because we recruited some workers who works at other offices. At the moment i need special help from you to configure nethservice or sme to connect through openvpn.
In the system nethservice, the openvpn is also not working.
wht is your best recommend?
-
I just came in italy 9 months ago. my italian is not very well yet. but can handle some speaking methods but not like english
-
smnirosh
wht is this openvpn model? is it client to client, or server bridge, or route bridge?
Are you reading all the posts ? ....or are you just reading the last post ?
You need to scroll back because different people can make posts so you might get 2 or 3 or 4 replies, & you seem to be only reading the last post.
See contrib wiki articles on different variants of openvpn contribs that exist, covering bridge, routed & site to site, refer my earlier post.
http://forums.contribs.org/index.php/topic,51943.msg265222.html#msg265222
-
wht is this openvpn model? is it client to client, or server bridge, or route bridge?
Looking at this client config, this is definitely not using the bridge mode. Most likely, the server was installed using this how to: http://wiki.contribs.org/OpenVPN
There's no client side authentication (except login/password), but you still need to recover the certificate which were used on the server side (or you'll have to update the CA on every client)
-
Exactly you are correct. I want to recover this server. I can send clients the new ovpn files created by server ca. But i want them to use domain uername and passwords to connect to this vpn. Thanks
-
your best bet, as I told you, is to try to restore a backup on a new install of SME8.1
moreover, you'd try to find what contrib has been installed on your NethService
-
Ok guys, I am downloading sme 9.0 i386 now. I will install this server as Gateway domain and when it is come to Openvpn I will contact you. thanks
-
Ok guys, I am downloading sme 9.0 i386 now.
take a 64 bit
-
My question is that Sme server supports PPTP AND SSH by default. But we can install openvpn on it. But if I installed openvpn can i use openvpn to connect to sme server using its domain usernames and passwords by windows 7 clients.
Because everybody in my company is adopted to use the way it was in nethservice. But My effort is impliment the sme server 9.x as it is the newest and most available helps via forums. someone answer me yes or no to this question. thanks.
-
Yes it's possible. Look in the wiki for the openvpn bridge contrib for example
-
Dear all, i have installed the sme server 9.0 and configured it as a samba server. Then my point of openvpn. I followed all the information of vpn bridge documentation recommended by daniel. I installed vpn-bridge and phpki before installing openvpn. Is it no problem?
But it says when i connect "tls handshake error". What would be the problem
Is there anything do which is not mentioned in the tutorial?
-
There's not enough info for us to help you. There's probably a lot more info in either your client or your server's log which could help
-
Ok. I am very sorry. I will supply u more info later.
Can u give me a little information;
What would be installed first ,
1. Openvpn-bridge
2. Openvpn software
3. Phpki
I think i missed the sequence.
-
There's no sequence to follow. No matter which order you've installed the components, it should just work. Just carefully follow the wiki guide
-
Thanks very much. I will reconfigure it tomorrow morning when i got office.
-
smnirosh
......I will reconfigure it .......
You might use another word than "reconfigure" when talking about installing & configuring contribs/apps etc, as reconfigure has a special meaning in SME server
ie it means to run these commands
signal-event post-upgrade
signal-event reboot
-
All my friends, i installed smeserver and configured it as a openvpn server and it worked as i planned. Thanks for the support given by all of u. Lot of happy to me