LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-18-2016, 02:56 PM   #1
xdino
LQ Newbie
 
Registered: May 2016
Posts: 6

Rep: Reputation: Disabled
OpenVPN: Initialization Sequence Completed


So for the past 4 days I've tried everything to fix OpenVPN but still it's not working. I try and browse the web but the spinner just keeps spinning and ping does not receive packets.

Here's what the terminal gives me after running sudo openvpn --config Ubuntu.ovpn

Code:
Wed May 18 13:41:29 2016 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Wed May 18 13:41:29 2016 Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed May 18 13:41:29 2016 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Wed May 18 13:41:29 2016 UDPv4 link local: [undef]
Wed May 18 13:41:29 2016 UDPv4 link remote: [AF_INET]52.38.217.247:1194
Wed May 18 13:41:29 2016 TLS: Initial packet from [AF_INET]52.38.217.247:1194, sid=c333ba3d 85c45e62
Wed May 18 13:41:30 2016 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=odin, OU=odin, CN=odin CA, name=server, emailAddress=cats@gmail.com
Wed May 18 13:41:30 2016 VERIFY OK: nsCertType=SERVER
Wed May 18 13:41:30 2016 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=odin, OU=odin, CN=server, name=server, emailAddress=cats@gmail.com
Wed May 18 13:41:31 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed May 18 13:41:31 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 18 13:41:31 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed May 18 13:41:31 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 18 13:41:31 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed May 18 13:41:31 2016 [server] Peer Connection Initiated with [AF_INET]52.38.217.247:1194
Wed May 18 13:41:33 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed May 18 13:41:34 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Wed May 18 13:41:34 2016 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 18 13:41:34 2016 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 18 13:41:34 2016 OPTIONS IMPORT: route options modified
Wed May 18 13:41:34 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed May 18 13:41:34 2016 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=eth0 HWADDR=10:78:d2:9a:9c:96
Wed May 18 13:41:34 2016 TUN/TAP device tun0 opened
Wed May 18 13:41:34 2016 TUN/TAP TX queue length set to 100
Wed May 18 13:41:34 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 18 13:41:34 2016 /sbin/ip link set dev tun0 up mtu 1500
Wed May 18 13:41:34 2016 /sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
Wed May 18 13:41:34 2016 /sbin/ip route add 52.38.217.247/32 via 10.0.0.1
Wed May 18 13:41:34 2016 /sbin/ip route add 0.0.0.0/1 via 10.8.0.9
Wed May 18 13:41:34 2016 /sbin/ip route add 128.0.0.0/1 via 10.8.0.9
Wed May 18 13:41:34 2016 /sbin/ip route add 10.8.0.1/32 via 10.8.0.9
Wed May 18 13:41:34 2016 GID set to nogroup
Wed May 18 13:41:34 2016 UID set to nobody
Wed May 18 13:41:34 2016 Initialization Sequence Completed
Here's my client Ubuntu.ovpn file
Code:
client
dev tun
proto udp
remote 52.38.217.247 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
dhcp-option DNS 8.8.8.8
And here's the server.conf file
Code:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key 
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Last edited by xdino; 05-18-2016 at 03:00 PM.
 
Old 05-18-2016, 05:14 PM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,158

Rep: Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205
We need more details, actually ...

"Let's start with ping" You neglected to tell us which IP-address you are trying to ping!

Gee, I don't see any route commands in that configuration ... none in the client file, and none being pushed from the server. The routing that we see in the log-file seems to more-or-less confirm this:
Code:
Wed May 18 13:41:34 2016 /sbin/ip route add 52.38.217.247/32 via 10.0.0.1

... okay, this is how you get to the VPN host (52.38.217.247) by what appears to be
... your gateway (10.0.0.1)

Wed May 18 13:41:34 2016 /sbin/ip route add 0.0.0.0/1 via 10.8.0.9
Wed May 18 13:41:34 2016 /sbin/ip route add 128.0.0.0/1 via 10.8.0.9

... dunno what to make of a "/1" netmask!

Wed May 18 13:41:34 2016 /sbin/ip route add 10.8.0.1/32 via 10.8.0.9

... it appears that ONLY "10.8.0.1" gets routed through the tunnel!
Remember that an OpenVPN (tunnel-mode ...) connection acts as a virtual router, and therefore, "all the ground-rules of 'being a router'" apply. The router occupies a single address ... the so-called "gateway address" ... on your local network. Then, there must be "routing commands" which specify the range of IP-addresses that are supposed to be "routed through" that gateway.

(Basically, "who cares that it isn't a physical box?" It is still 'a router.'")

Try this command: ip route get 1.2.3.4 (substituting some address of interest to you ...). This will tell you exactly how a packet to any given address will be "routed" by your machine.

You should find that there is a tunN interface ... that's the virtual VPN tunnel ... and that "traffic which you wish to be encrypted by the tunnel" must be passing through it.

Right now, I suspect that nothing is being routed through the tunnel, which BTW is probably being successfully(!) established.
 
1 members found this post helpful.
Old 05-18-2016, 05:32 PM   #3
xdino
LQ Newbie
 
Registered: May 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
@sundialsvcs Ok so how do I set up a route to pass my connection through the tunnel? Here's what the ip command gives me:

Code:
dino@dino:~/ip route get 93.184.216.34
93.184.216.34 via 10.8.0.9 dev tun0  src 10.8.0.10 
    cache
and ping example

Code:
PING 93.184.216.34 (93.184.216.34) 56(84) bytes of data.
^C
--- 93.184.216.34 ping statistics ---
53 packets transmitted, 0 received, 100% packet loss, time 52416ms
and here's my routing table after I start openvpn if that helps:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.9        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0
10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0
10.8.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
52.38.217.247   10.0.0.1        255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.8.0.9        128.0.0.0       UG    0      0        0 tun0

Last edited by xdino; 05-18-2016 at 06:32 PM.
 
Old 05-18-2016, 09:26 PM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,158

Rep: Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205Reputation: 2205
The only way that I could address this question would be to say: [i]"investigate whether-or-not all(!) of the following directives make sense:

Code:
/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
/sbin/ip route add 52.38.217.247/32 via 10.0.0.1
/sbin/ip route add 0.0.0.0/1 via 10.8.0.9
/sbin/ip route add 128.0.0.0/1 via 10.8.0.9
/sbin/ip route add 10.8.0.1/32 via 10.8.0.9
... because, these are the directives that were issued to your host, when you (apparently, successfully ...) connected this tunnel.
 
Old 05-19-2016, 03:28 PM   #5
xdino
LQ Newbie
 
Registered: May 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sundialsvcs View Post
The only way that I could address this question would be to say: [i]"investigate whether-or-not all(!) of the following directives make sense:

Code:
/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
/sbin/ip route add 52.38.217.247/32 via 10.0.0.1
/sbin/ip route add 0.0.0.0/1 via 10.8.0.9
/sbin/ip route add 128.0.0.0/1 via 10.8.0.9
/sbin/ip route add 10.8.0.1/32 via 10.8.0.9
... because, these are the directives that were issued to your host, when you (apparently, successfully ...) connected this tunnel.
Still couldn't fix it since I know nothing about using linux routes. But I figured out how to use ssh tunneling using socks proxy. So far it works.
 
Old 05-20-2016, 06:25 PM   #6
xdino
LQ Newbie
 
Registered: May 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sundialsvcs View Post
The only way that I could address this question would be to say: [i]"investigate whether-or-not all(!) of the following directives make sense:

Code:
/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
/sbin/ip route add 52.38.217.247/32 via 10.0.0.1
/sbin/ip route add 0.0.0.0/1 via 10.8.0.9
/sbin/ip route add 128.0.0.0/1 via 10.8.0.9
/sbin/ip route add 10.8.0.1/32 via 10.8.0.9
... because, these are the directives that were issued to your host, when you (apparently, successfully ...) connected this tunnel.
Ok I fixed it by running this line on the server:
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
and iptables -f on the client
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn : Initialization Sequence Completed but my ip was not changed J.A.X Linux - Newbie 3 06-05-2012 10:52 AM
OpenVPN assigning public & static IPs to pcs/devices behind an OpenVPN client dgonzalezh Linux - Networking 6 07-18-2010 10:50 AM
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
Error When converting Routing OpenVPN to bridge mode openvpn danmartinj Linux - Software 0 11-06-2009 10:23 AM


All times are GMT -5. The time now is 12:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration