How to configure openvpn plugin

  • This is my log from w10 client.



    Fri Nov 20 20:18:16 2020 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

    Fri Nov 20 20:18:16 2020 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

    Fri Nov 20 20:18:16 2020 OpenVPN 2.5_rc1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 21 2020

    Fri Nov 20 20:18:16 2020 Windows version 10.0 (Windows 10 or greater) 64bit

    Fri Nov 20 20:18:16 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10

    Fri Nov 20 20:18:16 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341

    Fri Nov 20 20:18:16 2020 Need hold release from management interface, waiting...

    Fri Nov 20 20:18:17 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341

    Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'state on'

    Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'log all on'

    Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'echo all on'

    Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'bytecount 5'

    Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'hold off'

    Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'hold release'

    Fri Nov 20 20:18:23 2020 MANAGEMENT: CMD 'username "Auth" "pi"'

    Fri Nov 20 20:18:23 2020 MANAGEMENT: CMD 'password [...]'

    Fri Nov 20 20:18:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]195.240.130.112:1194

    Fri Nov 20 20:18:23 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

    Fri Nov 20 20:18:23 2020 UDP link local: (not bound)

    Fri Nov 20 20:18:23 2020 UDP link remote: [AF_INET]195.240.130.112:1194

    Fri Nov 20 20:18:23 2020 MANAGEMENT: >STATE:1605899903,WAIT,,,,,,

  • This is the syslog from omv5


    Nov 20 20:21:35 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

    Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.

    Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 142.

    Nov 20 20:21:41 raspberrypi systemd[1]: Stopped OpenVPN connection to server.

    Nov 20 20:21:41 raspberrypi systemd[1]: Starting OpenVPN connection to server...

    Nov 20 20:21:41 raspberrypi systemd[1]: Started OpenVPN connection to server.

    Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE

    Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

  • When i uninstalled openvpn from plugins and reinstalled it i get this error:


    >>> *************** Error ***************

    Failed to read from socket: Connection reset by peer

    <<< *************************************

    Updating file permissions ...

    Purging internal cache ...

    Restarting engine daemon ...

    Done ...

  • First of all change config like this:

    - disable "Use compression"

    - disable "PAM authentication"


    and after save / apply check if "openvpn" process is running - connect using SSH and run

    Code
    ps aufx | grep openvpn


    if YES, download client configuration and try to connect (without login/password for now)

  • root@raspberrypi:~# ps aufx | grep openvpn

    nobody 1378 0.0 0.0 4236 3612 ? Ss Nov20 0:00 \_ openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem

    root 30060 0.0 0.0 6536 560 pts/0 S+ 09:15 0:00 \_ grep openvpn

    root@raspberrypi:~#


    Is it running ?

    I cannot see it

  • this is the syslog from omv5:


    openvpn@server.service: Service RestartSec=5s expired, scheduling restart.

    Nov 21 09:18:49 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 52.

    Nov 21 09:18:49 raspberrypi systemd[1]: Stopped OpenVPN connection to server.

    Nov 21 09:18:49 raspberrypi systemd[1]: Starting OpenVPN connection to server...

    Nov 21 09:18:49 raspberrypi systemd[1]: Started OpenVPN connection to server.

    Nov 21 09:18:49 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE

    Nov 21 09:18:49 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

    Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.

    Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 53.

    Nov 21 09:18:54 raspberrypi systemd[1]: Stopped OpenVPN connection to server.

    Nov 21 09:18:54 raspberrypi systemd[1]: Starting OpenVPN connection to server...

    Nov 21 09:18:54 raspberrypi systemd[1]: Started OpenVPN connection to server.

    Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE

    Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

    Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.

    Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 54.

    Nov 21 09:18:59 raspberrypi systemd[1]: Stopped OpenVPN connection to server.

    Nov 21 09:18:59 raspberrypi systemd[1]: Starting OpenVPN connection to server...

    Nov 21 09:18:59 raspberrypi systemd[1]: Started OpenVPN connection to server.

    Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE

    Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

  • ah I see, you are running raspberryPi...


    my process list looks little bit different - I'm on Linux x64


    Code
    /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
    \_ /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid


    and everything works for me as expected - even with login/password


    try to disable OpenVPN plugin and from console run manually


    Code
    openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem

    maybe we can see some error raised...


    or maybe better with logging to file:


    Code
    openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem --log /var/log/openvpn.log

    then post whats inside /var/log/openvpn.log

  • When i uninstall plugin and reinstall it i get this error:

    Updating locale files ...


    >>> *************** Error ***************

    Failed to read from socket: Connection reset by peer

    <<< *************************************

    Updating file permissions ...

    Purging internal cache ...

    Restarting engine daemon ...

    Done ...


    This is output from your command:


    openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem

    Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/openvpn.conf

  • I must say i have openvpn stopped on portainer not deleted, i really want to use openvpn via plugin.


    This is var/log/openvpn.log:


    Sat Nov 21 09:56:37 2020 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [$

    Sat Nov 21 09:56:37 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10

    Sat Nov 21 09:56:37 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware t$

    Sat Nov 21 09:56:37 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line

    Sat Nov 21 09:56:37 2020 Cannot load DH parameters from /etc/openvpn/pki/dh.pem

    Sat Nov 21 09:56:37 2020 Exiting due to fatal error

  • it seems some files missing

    Code
    Error opening configuration file: /etc/openvpn/openvpn.conf
    Code
    Sat Nov 21 09:56:37 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line
    Sat Nov 21 09:56:37 2020 Cannot load DH parameters from /etc/openvpn/pki/dh.pem

    check whats in /etc/openvpn and /etc/openvpn/pki folders

  • mine folders looks like (+ more files in other subfolders)


  • Here is my output:


    ls

    OMV5.ovpn pi-tool-install.sh pi-tool-remove.sh

    root@raspberrypi:~#


    ls

    ca.crt index.txt openssl-easyrsa.cnf safessl-easyrsa.cnf

    certs_by_serial index.txt.attr private serial

    crl.pem index.txt.attr.old renewed serial.old

    dh.pem index.txt.old reqs

    extensions.temp issued revoked

  • root@raspberrypi:~# cd /etc/openvpn

    root@raspberrypi:/etc/openvpn# ls -l -R

    .:

    total 20

    drwxr-xr-x 2 root root 4096 Feb 20 2019 client

    -rw------- 1 root root 0 Nov 21 09:52 ipp.txt

    drwx------ 8 root root 4096 Nov 21 09:17 pki

    drwxr-xr-x 2 root root 4096 Feb 20 2019 server

    -rw-rw-rw- 1 root root 682 Nov 21 09:52 server.conf

    -rwxr-xr-x 1 root root 1468 Feb 20 2019 update-resolv-conf


    ./client:

    total 0


    ./pki:

    total 76

    -rw------- 1 root root 1192 Nov 13 15:37 ca.crt

    drwx------ 2 root root 4096 Nov 21 09:17 certs_by_serial

    -rw------- 1 root root 934 Nov 20 20:09 crl.pem

    -rw------- 1 root root 0 Nov 13 15:37 dh.pem

    -rw------- 1 root root 492 Nov 21 09:17 extensions.temp

    -rw------- 1 root root 686 Nov 21 09:17 index.txt

    -rw------- 1 root root 20 Nov 21 09:17 index.txt.attr

    -rw------- 1 root root 20 Nov 20 20:09 index.txt.attr.old

    -rw------- 1 root root 619 Nov 20 20:09 index.txt.old

    drwx------ 2 root root 4096 Nov 21 09:17 issued

    -rw------- 1 root root 4651 Nov 13 15:37 openssl-easyrsa.cnf

    drwx------ 2 root root 4096 Nov 21 09:17 private

    drwx------ 5 root root 4096 Nov 13 15:37 renewed

    drwx------ 2 root root 4096 Nov 21 09:17 reqs

    drwx------ 5 root root 4096 Nov 13 15:37 revoked

    -rw------- 1 root root 4577 Nov 21 09:17 safessl-easyrsa.cnf

    -rw------- 1 root root 33 Nov 21 09:17 serial

    -rw------- 1 root root 33 Nov 21 09:17 serial.old


    ./pki/certs_by_serial:

    total 24

    -rw------- 1 root root 4471 Nov 20 20:09 607D8826DBF52EC6B593F3FBEB303918.pem

    -rw------- 1 root root 4472 Nov 21 09:17 747E668491A2BBB34A26F90BCFC827FD.pem

    -rw------- 1 root root 4620 Nov 13 15:37 C69981A4C73125E38765058A4D30602E.pem


    ./pki/issued:

    total 24

    -rw------- 1 root root 4471 Nov 20 20:09 new.crt

    -rw------- 1 root root 4472 Nov 21 09:17 omv5.crt

    -rw------- 1 root root 4620 Nov 13 15:37 raspberrypi.crt


    ./pki/private:

    total 16

    -rw------- 1 root root 1675 Nov 13 15:37 ca.key

    -rw------- 1 root root 1704 Nov 20 20:09 new.key

    -rw------- 1 root root 1708 Nov 21 09:17 omv5.key

    -rw------- 1 root root 1704 Nov 13 15:37 raspberrypi.key


    ./pki/renewed:

    total 12

    drwx------ 2 root root 4096 Nov 13 15:37 certs_by_serial

    drwx------ 2 root root 4096 Nov 13 15:37 private_by_serial

    drwx------ 2 root root 4096 Nov 13 15:37 reqs_by_serial


    ./pki/renewed/certs_by_serial:

    total 0


    ./pki/renewed/private_by_serial:

    total 0


    ./pki/renewed/reqs_by_serial:

    total 0


    ./pki/reqs:

    total 12

    -rw------- 1 root root 883 Nov 20 20:09 new.req

    -rw------- 1 root root 883 Nov 21 09:17 omv5.req

    -rw------- 1 root root 895 Nov 13 15:37 raspberrypi.req


    ./pki/revoked:

    total 12

    drwx------ 2 root root 4096 Nov 20 20:09 certs_by_serial

    drwx------ 2 root root 4096 Nov 20 20:09 private_by_serial

    drwx------ 2 root root 4096 Nov 20 20:09 reqs_by_serial


    ./pki/revoked/certs_by_serial:

    total 48

    -rw------- 1 root root 4472 Nov 14 10:13 0720C59FF300607C26801C8812486ECD.crt

    -rw------- 1 root root 4471 Nov 13 15:47 1957C164DBC3F62F84D5333A0804B66B.crt

    -rw------- 1 root root 4472 Nov 13 16:22 77FDA90A046752754CCFB6DD7852DEFD.crt

    -rw------- 1 root root 4477 Nov 20 19:57 8E29E5B409ADEB15F75807176CBAC54B.crt

    -rw------- 1 root root 4472 Nov 13 16:03 D6E9CC02C308D399613329F54BF9B62B.crt

    -rw------- 1 root root 4471 Nov 20 20:01 DE49178F4CC6BF2DAA2CF15810CD6878.crt


    ./pki/revoked/private_by_serial:

    total 24

    -rw------- 1 root root 1704 Nov 14 10:13 0720C59FF300607C26801C8812486ECD.key

    -rw------- 1 root root 1704 Nov 13 15:47 1957C164DBC3F62F84D5333A0804B66B.key

    -rw------- 1 root root 1704 Nov 13 16:22 77FDA90A046752754CCFB6DD7852DEFD.key

    -rw------- 1 root root 1704 Nov 20 19:57 8E29E5B409ADEB15F75807176CBAC54B.key

    -rw------- 1 root root 1704 Nov 13 16:03 D6E9CC02C308D399613329F54BF9B62B.key

    -rw------- 1 root root 1704 Nov 20 20:01 DE49178F4CC6BF2DAA2CF15810CD6878.key


    ./pki/revoked/reqs_by_serial:

    total 24

    -rw------- 1 root root 883 Nov 14 10:13 0720C59FF300607C26801C8812486ECD.req

    -rw------- 1 root root 883 Nov 13 15:47 1957C164DBC3F62F84D5333A0804B66B.req

    -rw------- 1 root root 883 Nov 13 16:22 77FDA90A046752754CCFB6DD7852DEFD.req

    -rw------- 1 root root 887 Nov 20 19:57 8E29E5B409ADEB15F75807176CBAC54B.req

    -rw------- 1 root root 883 Nov 13 16:03 D6E9CC02C308D399613329F54BF9B62B.req

    -rw------- 1 root root 883 Nov 20 20:01 DE49178F4CC6BF2DAA2CF15810CD6878.req


    ./server:

    total 0

    root@raspberrypi:/etc/openvpn#

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!