How to configure openvpn plugin. Where to
Put public ipadres, username, where do i get the certificate ( ovpn)
I have no screen to fill in these things
How to configure openvpn plugin. Where to
Put public ipadres, username, where do i get the certificate ( ovpn)
I have no screen to fill in these things
This is my log from w10 client.
Fri Nov 20 20:18:16 2020 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Nov 20 20:18:16 2020 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Fri Nov 20 20:18:16 2020 OpenVPN 2.5_rc1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 21 2020
Fri Nov 20 20:18:16 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Nov 20 20:18:16 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Fri Nov 20 20:18:16 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Fri Nov 20 20:18:16 2020 Need hold release from management interface, waiting...
Fri Nov 20 20:18:17 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'state on'
Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'log all on'
Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'echo all on'
Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'bytecount 5'
Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'hold off'
Fri Nov 20 20:18:17 2020 MANAGEMENT: CMD 'hold release'
Fri Nov 20 20:18:23 2020 MANAGEMENT: CMD 'username "Auth" "pi"'
Fri Nov 20 20:18:23 2020 MANAGEMENT: CMD 'password [...]'
Fri Nov 20 20:18:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]195.240.130.112:1194
Fri Nov 20 20:18:23 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Nov 20 20:18:23 2020 UDP link local: (not bound)
Fri Nov 20 20:18:23 2020 UDP link remote: [AF_INET]195.240.130.112:1194
Fri Nov 20 20:18:23 2020 MANAGEMENT: >STATE:1605899903,WAIT,,,,,,
This is the syslog from omv5
Nov 20 20:21:35 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.
Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 142.
Nov 20 20:21:41 raspberrypi systemd[1]: Stopped OpenVPN connection to server.
Nov 20 20:21:41 raspberrypi systemd[1]: Starting OpenVPN connection to server...
Nov 20 20:21:41 raspberrypi systemd[1]: Started OpenVPN connection to server.
Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 20 20:21:41 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
When i uninstalled openvpn from plugins and reinstalled it i get this error:
>>> *************** Error ***************
Failed to read from socket: Connection reset by peer
<<< *************************************
Updating file permissions ...
Purging internal cache ...
Restarting engine daemon ...
Done ...
(you already leaked your IP address)
- do you have open port on your router?
- but it seems there is some configuration mismatch on your OpenVPN server...
First of all change config like this:
- disable "Use compression"
- disable "PAM authentication"
and after save / apply check if "openvpn" process is running - connect using SSH and run
if YES, download client configuration and try to connect (without login/password for now)
root@raspberrypi:~# ps aufx | grep openvpn
nobody 1378 0.0 0.0 4236 3612 ? Ss Nov20 0:00 \_ openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem
root 30060 0.0 0.0 6536 560 pts/0 S+ 09:15 0:00 \_ grep openvpn
root@raspberrypi:~#
Is it running ?
I cannot see it
this is the syslog from omv5:
openvpn@server.service: Service RestartSec=5s expired, scheduling restart.
Nov 21 09:18:49 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 52.
Nov 21 09:18:49 raspberrypi systemd[1]: Stopped OpenVPN connection to server.
Nov 21 09:18:49 raspberrypi systemd[1]: Starting OpenVPN connection to server...
Nov 21 09:18:49 raspberrypi systemd[1]: Started OpenVPN connection to server.
Nov 21 09:18:49 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 21 09:18:49 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.
Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 53.
Nov 21 09:18:54 raspberrypi systemd[1]: Stopped OpenVPN connection to server.
Nov 21 09:18:54 raspberrypi systemd[1]: Starting OpenVPN connection to server...
Nov 21 09:18:54 raspberrypi systemd[1]: Started OpenVPN connection to server.
Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 21 09:18:54 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Service RestartSec=5s expired, scheduling restart.
Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Scheduled restart job, restart counter is at 54.
Nov 21 09:18:59 raspberrypi systemd[1]: Stopped OpenVPN connection to server.
Nov 21 09:18:59 raspberrypi systemd[1]: Starting OpenVPN connection to server...
Nov 21 09:18:59 raspberrypi systemd[1]: Started OpenVPN connection to server.
Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 21 09:18:59 raspberrypi systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
ah I see, you are running raspberryPi...
my process list looks little bit different - I'm on Linux x64
/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
\_ /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
and everything works for me as expected - even with login/password
try to disable OpenVPN plugin and from console run manually
openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem
maybe we can see some error raised...
or maybe better with logging to file:
openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem --log /var/log/openvpn.log
then post whats inside /var/log/openvpn.log
When i uninstall plugin and reinstall it i get this error:
Updating locale files ...
>>> *************** Error ***************
Failed to read from socket: Connection reset by peer
<<< *************************************
Updating file permissions ...
Purging internal cache ...
Restarting engine daemon ...
Done ...
This is output from your command:
openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem
Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/openvpn.conf
I must say i have openvpn stopped on portainer not deleted, i really want to use openvpn via plugin.
This is var/log/openvpn.log:
Sat Nov 21 09:56:37 2020 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [$
Sat Nov 21 09:56:37 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Sat Nov 21 09:56:37 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware t$
Sat Nov 21 09:56:37 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Sat Nov 21 09:56:37 2020 Cannot load DH parameters from /etc/openvpn/pki/dh.pem
Sat Nov 21 09:56:37 2020 Exiting due to fatal error
mine folders looks like (+ more files in other subfolders)
/etc/openvpn:
drwxr-xr-x 2 root root 4096 Feb 20 2019 client
drwxr-xr-x 8 root root 4096 Nov 12 07:15 pki
drwxr-xr-x 2 root root 4096 Feb 20 2019 server
-rw-rw-rw- 1 root root 681 Nov 21 09:12 server.conf
-rwxr-xr-x 1 root root 1468 Feb 20 2019 update-resolv-conf
/etc/openvpn/pki:
-rw------- 1 root root 1192 Oct 16 16:31 ca.crt
drwx------ 2 root root 4096 Nov 8 17:41 certs_by_serial
-rw------- 1 root root 837 Oct 31 21:37 crl.pem
-rw------- 1 root root 424 Oct 16 16:32 dh.pem
-rw------- 1 root root 554 Nov 8 17:41 index.txt
-rw------- 1 root root 20 Nov 8 17:41 index.txt.attr
-rw------- 1 root root 20 Nov 6 08:56 index.txt.attr.old
-rw------- 1 root root 483 Nov 6 08:56 index.txt.old
drwx------ 2 root root 4096 Nov 8 17:41 issued
-rw------- 1 root root 4651 Oct 16 16:31 openssl-easyrsa.cnf
drwx------ 2 root root 4096 Nov 8 17:41 private
drwx------ 5 root root 4096 Oct 16 16:31 renewed
drwx------ 2 root root 4096 Nov 8 17:41 reqs
drwx------ 5 root root 4096 Oct 16 16:31 revoked
-rw------- 1 root root 4585 Nov 21 09:13 safessl-easyrsa.cnf
-rw------- 1 root root 33 Nov 8 17:41 serial
-rw------- 1 root root 33 Nov 8 17:41 serial.old
Alles anzeigen
Here is my output:
ls
OMV5.ovpn pi-tool-install.sh pi-tool-remove.sh
root@raspberrypi:~#
ls
ca.crt index.txt openssl-easyrsa.cnf safessl-easyrsa.cnf
certs_by_serial index.txt.attr private serial
crl.pem index.txt.attr.old renewed serial.old
dh.pem index.txt.old reqs
extensions.temp issued revoked
if first output is from /etv/openvpn, we know where is problem... But I am not sure - "root@raspberrypi:~#" says its from your (or ROOTs) "Home" directory...
yes i login via root open then mc go to dir and then type ls if i go out of mc then it goes back to root dir
What is a better commando ?
You know where the error is ?
root@raspberrypi:~# cd /etc/openvpn
root@raspberrypi:/etc/openvpn# ls -l -R
.:
total 20
drwxr-xr-x 2 root root 4096 Feb 20 2019 client
-rw------- 1 root root 0 Nov 21 09:52 ipp.txt
drwx------ 8 root root 4096 Nov 21 09:17 pki
drwxr-xr-x 2 root root 4096 Feb 20 2019 server
-rw-rw-rw- 1 root root 682 Nov 21 09:52 server.conf
-rwxr-xr-x 1 root root 1468 Feb 20 2019 update-resolv-conf
./client:
total 0
./pki:
total 76
-rw------- 1 root root 1192 Nov 13 15:37 ca.crt
drwx------ 2 root root 4096 Nov 21 09:17 certs_by_serial
-rw------- 1 root root 934 Nov 20 20:09 crl.pem
-rw------- 1 root root 0 Nov 13 15:37 dh.pem
-rw------- 1 root root 492 Nov 21 09:17 extensions.temp
-rw------- 1 root root 686 Nov 21 09:17 index.txt
-rw------- 1 root root 20 Nov 21 09:17 index.txt.attr
-rw------- 1 root root 20 Nov 20 20:09 index.txt.attr.old
-rw------- 1 root root 619 Nov 20 20:09 index.txt.old
drwx------ 2 root root 4096 Nov 21 09:17 issued
-rw------- 1 root root 4651 Nov 13 15:37 openssl-easyrsa.cnf
drwx------ 2 root root 4096 Nov 21 09:17 private
drwx------ 5 root root 4096 Nov 13 15:37 renewed
drwx------ 2 root root 4096 Nov 21 09:17 reqs
drwx------ 5 root root 4096 Nov 13 15:37 revoked
-rw------- 1 root root 4577 Nov 21 09:17 safessl-easyrsa.cnf
-rw------- 1 root root 33 Nov 21 09:17 serial
-rw------- 1 root root 33 Nov 21 09:17 serial.old
./pki/certs_by_serial:
total 24
-rw------- 1 root root 4471 Nov 20 20:09 607D8826DBF52EC6B593F3FBEB303918.pem
-rw------- 1 root root 4472 Nov 21 09:17 747E668491A2BBB34A26F90BCFC827FD.pem
-rw------- 1 root root 4620 Nov 13 15:37 C69981A4C73125E38765058A4D30602E.pem
./pki/issued:
total 24
-rw------- 1 root root 4471 Nov 20 20:09 new.crt
-rw------- 1 root root 4472 Nov 21 09:17 omv5.crt
-rw------- 1 root root 4620 Nov 13 15:37 raspberrypi.crt
./pki/private:
total 16
-rw------- 1 root root 1675 Nov 13 15:37 ca.key
-rw------- 1 root root 1704 Nov 20 20:09 new.key
-rw------- 1 root root 1708 Nov 21 09:17 omv5.key
-rw------- 1 root root 1704 Nov 13 15:37 raspberrypi.key
./pki/renewed:
total 12
drwx------ 2 root root 4096 Nov 13 15:37 certs_by_serial
drwx------ 2 root root 4096 Nov 13 15:37 private_by_serial
drwx------ 2 root root 4096 Nov 13 15:37 reqs_by_serial
./pki/renewed/certs_by_serial:
total 0
./pki/renewed/private_by_serial:
total 0
./pki/renewed/reqs_by_serial:
total 0
./pki/reqs:
total 12
-rw------- 1 root root 883 Nov 20 20:09 new.req
-rw------- 1 root root 883 Nov 21 09:17 omv5.req
-rw------- 1 root root 895 Nov 13 15:37 raspberrypi.req
./pki/revoked:
total 12
drwx------ 2 root root 4096 Nov 20 20:09 certs_by_serial
drwx------ 2 root root 4096 Nov 20 20:09 private_by_serial
drwx------ 2 root root 4096 Nov 20 20:09 reqs_by_serial
./pki/revoked/certs_by_serial:
total 48
-rw------- 1 root root 4472 Nov 14 10:13 0720C59FF300607C26801C8812486ECD.crt
-rw------- 1 root root 4471 Nov 13 15:47 1957C164DBC3F62F84D5333A0804B66B.crt
-rw------- 1 root root 4472 Nov 13 16:22 77FDA90A046752754CCFB6DD7852DEFD.crt
-rw------- 1 root root 4477 Nov 20 19:57 8E29E5B409ADEB15F75807176CBAC54B.crt
-rw------- 1 root root 4472 Nov 13 16:03 D6E9CC02C308D399613329F54BF9B62B.crt
-rw------- 1 root root 4471 Nov 20 20:01 DE49178F4CC6BF2DAA2CF15810CD6878.crt
./pki/revoked/private_by_serial:
total 24
-rw------- 1 root root 1704 Nov 14 10:13 0720C59FF300607C26801C8812486ECD.key
-rw------- 1 root root 1704 Nov 13 15:47 1957C164DBC3F62F84D5333A0804B66B.key
-rw------- 1 root root 1704 Nov 13 16:22 77FDA90A046752754CCFB6DD7852DEFD.key
-rw------- 1 root root 1704 Nov 20 19:57 8E29E5B409ADEB15F75807176CBAC54B.key
-rw------- 1 root root 1704 Nov 13 16:03 D6E9CC02C308D399613329F54BF9B62B.key
-rw------- 1 root root 1704 Nov 20 20:01 DE49178F4CC6BF2DAA2CF15810CD6878.key
./pki/revoked/reqs_by_serial:
total 24
-rw------- 1 root root 883 Nov 14 10:13 0720C59FF300607C26801C8812486ECD.req
-rw------- 1 root root 883 Nov 13 15:47 1957C164DBC3F62F84D5333A0804B66B.req
-rw------- 1 root root 883 Nov 13 16:22 77FDA90A046752754CCFB6DD7852DEFD.req
-rw------- 1 root root 887 Nov 20 19:57 8E29E5B409ADEB15F75807176CBAC54B.req
-rw------- 1 root root 883 Nov 13 16:03 D6E9CC02C308D399613329F54BF9B62B.req
-rw------- 1 root root 883 Nov 20 20:01 DE49178F4CC6BF2DAA2CF15810CD6878.req
./server:
total 0
root@raspberrypi:/etc/openvpn#
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!