LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-12-2009, 08:37 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
OpenVPN-connection with Endian always failing


When trying to connect through openVPN with an Endian-firewall, using NetworkManager, a username, password & CA, connection succeeds and after 1 minute fails...

The log :
Code:
Nov 12 15:29:19 jonas nm-openvpn[6118]: Initialization Sequence Completed
Nov 12 15:29:20 jonas NetworkManager: <info>  VPN connection 'VPN Endian' (IP Config Get) complete.
Nov 12 15:29:20 jonas NetworkManager: <info>  Policy set 'VPN Endian' (tun0) as default for routing and DNS.
Nov 12 15:29:20 jonas NetworkManager: <info>  VPN plugin state changed: 4
Nov 12 15:29:27 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:29:35 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:29:43 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:29:51 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:29:59 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:30:07 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:30:15 jonas nm-openvpn[6118]: write to TUN/TAP : Invalid argument (code=22)
Nov 12 15:30:45 jonas nm-openvpn[6118]: [127.0.0.1] Inactivity timeout (--ping-restart), restarting
Nov 12 15:30:45 jonas nm-openvpn[6118]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 12 15:30:47 jonas nm-openvpn[6118]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Nov 12 15:30:47 jonas nm-openvpn[6118]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 12 15:30:47 jonas nm-openvpn[6118]: Re-using SSL/TLS context
Nov 12 15:30:52 jonas nm-openvpn[6118]: UDPv4 link local: [undef]
Nov 12 15:30:52 jonas nm-openvpn[6118]: UDPv4 link remote: public_ip:1194
Nov 12 15:30:52 jonas nm-openvpn[6118]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 12 15:30:53 jonas nm-openvpn[6118]: WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Nov 12 15:30:53 jonas nm-openvpn[6118]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1574'
Nov 12 15:30:53 jonas nm-openvpn[6118]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Nov 12 15:30:53 jonas nm-openvpn[6118]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Nov 12 15:30:53 jonas nm-openvpn[6118]: [127.0.0.1] Peer Connection Initiated with public_ip:1194
Nov 12 15:30:54 jonas nm-openvpn[6118]: Preserving previous TUN/TAP instance: tun0
Nov 12 15:30:54 jonas nm-openvpn[6118]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1541 192.168.1.190 255.255.255.0 restart
Nov 12 15:30:54 jonas NetworkManager: <info>  VPN plugin failed: 2
Nov 12 15:30:54 jonas nm-openvpn[6118]: script failed: external program exited with error status: 1
Nov 12 15:30:54 jonas nm-openvpn[6118]: Exiting
Nov 12 15:30:54 jonas NetworkManager: <info>  VPN plugin failed: 1
Nov 12 15:30:54 jonas NetworkManager: <info>  VPN plugin state changed: 6
Nov 12 15:30:54 jonas NetworkManager: <info>  VPN plugin state change reason: 0
Nov 12 15:30:54 jonas NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN connection was active.
Nov 12 15:30:54 jonas NetworkManager: nm_system_device_flush_ip4_routes_with_iface: assertion `iface_idx >= 0' failed
Nov 12 15:30:54 jonas NetworkManager: nm_system_device_flush_ip4_addresses_with_iface: assertion `iface_idx >= 0' failed
Why is it disconnecting ?
 
Old 11-13-2009, 06:44 PM   #2
jmc1987
Member
 
Registered: Sep 2009
Location: Oklahoma
Distribution: Debian, CentOS, windows 7/10
Posts: 879

Rep: Reputation: 113Reputation: 113
First off can you connect with out your firewall or SELinux Running?
 
Old 11-16-2009, 02:59 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by jmc1987 View Post
First off can you connect with out your firewall or SELinux Running?
On my client SElinux is permissive and firewall is disabled.

I can connect as follow :
Code:
[jonas@jonas ~]$ su -c 'openvpn --client --pull --comp-lzo --nobind --dev tap0 --ca /home/jonas/Desktop/endian.pem --auth-user-pass --remote XX.21.XX.XX'
Works fine.

What's wrong with NetworkManager then ??
I need root to create the tap0-device.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
small-endian to big-endian conversion of data to store in a structure NancyT Programming 2 11-26-2008 10:06 AM
Endian FW 2.2 RC 2 changing Openvpn PSK Lantzvillian Linux - Server 0 11-06-2008 11:14 AM
Endian Firewall /OpenVPN server jurry rigging Lantzvillian Linux - Server 0 02-20-2008 01:15 AM
problem in understanding little endian/big endian machine program indian Programming 6 04-19-2006 02:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration