Centos 8 VPN Instaltion
I apologize in the beginning if this information is found elsewhere, but being a newbie I can't find the How To's section.
Anyway, I am trying to install a VPN conncetion. I get as far as typing the following command # sudo ./openvpn-install.sh and go through the options IPv4 adress, Public IP4v address, protocol, port, DNS and client name. I then get groupadd: cannot open /etc/group useradd: group 'openvpn' does not exist error: %prein(openvpn-2.4.8-1.el8.x86_64) scriptlet failed, exit status 6 Error in PREIN scriptlet in rpm package openvpn Verifying : openvpn-2.4.8-1.el8.x86_64 1/1 Failed: openvpn-2.4.8-1.el8.x86_64 Error: Transaction failed mv: cannot move '/root/EasyRSA-3.0.5/' to '/etc/openvpn/server/': No such file or directory mv: cannot stat '/etc/openvpn/server/EasyRSA-3.0.5/': No such file or directory chown: cannot access '/etc/openvpn/server/easy-rsa/': No such file or directory ./openvpn-install.sh: line 305: cd: /etc/openvpn/server/easy-rsa/: No such file or directory ./openvpn-install.sh: line 307: ./easyrsa: No such file or directory ./openvpn-install.sh: line 308: ./easyrsa: No such file or directory ./openvpn-install.sh: line 309: ./easyrsa: No such file or directory ./openvpn-install.sh: line 310: ./easyrsa: No such file or directory ./openvpn-install.sh: line 311: ./easyrsa: No such file or directory cp: target '/etc/openvpn/server' is not a directory chown: cannot access '/etc/openvpn/server/crl.pem': No such file or directory ./openvpn-install.sh: line 317: openvpn: command not found ./openvpn-install.sh: line 326: /etc/openvpn/server/dh.pem: No such file or directory ./openvpn-install.sh: line 340: /etc/openvpn/server/server.conf: No such file or directory ./openvpn-install.sh: line 341: /etc/openvpn/server/server.conf: No such file or directory ./openvpn-install.sh: line 354: /etc/openvpn/server/server.conf: No such file or directory ./openvpn-install.sh: line 382: /etc/openvpn/server/server.conf: No such file or directory ./openvpn-install.sh: line 384: /etc/openvpn/server/server.conf: No such file or directory I've tried to look up errors for installation without finding anything to go on. I do see that the files and directories 'not found' are not there, but not sure how to create them, or what to put in them. I find the 'client name'.opvn file in /root/ with the following entries <ca> </ca> <cert> </cert> <key> </key> <tls-crypt> </tls-crypt> I don't know where to go from here. Thank you PS I am working on this is my limited spare time, so my responses aren't quick. Thanks again |
Quote:
Quote:
https://computingforgeeks.com/instal...rhel-centos-8/ ...a how-to guide, with complete steps. Note the uses of sudo in those instructions, because without root/elevated privileges, you won't be able to install things into system directories like /etc, and the steps will fail |
Centos 8 VPN Instaltion
Thank you for your response.
I tried to install using as root using # sudo ./openvpn-install.sh with the exact same results. I was using the webpage link you supplied as my directions to install What to do next? Thanks |
Quote:
|
"groupadd: cannot open /etc/group"
"useradd: group 'openvpn' does not exist" This link ought to explain how Centos 8 adds group. https://linuxconfig.org/redhat-8-add-user-to-group Normally an installer for an exact distribution should correctly follow the scripting to perform each line by line and expect a correct execution of each command. Makes me wonder if the program you are trying to install is correct for your system. Did you use this command? sudo dnf install epel-release sudo dnf install openvpn https://www.howtoforge.com/tutorial/...pn-and-easyrsa |
Centos 8 VPN Instaltion
Thanks to all who have posted.
I tried sudo bash -x openvpn-install.sh with the same result. So I manually made an entry in the /etc/group file for openvpn as "openvpn:x:13" and saved the file. This stopped the error of groupadd cannot open /etc/group I then went through and manually created all the directories that I was getting an error on as "No such file or directory" This fixed all those errors and when I ran # sudo ./openvpn-install.sh I got Looks like OpenVPN is already installed. What do you want to do? 1) Add a new user 2) Revoke an existing user 3) Remove OpenVPN 4) Exit Select an option: 1 Tell me a name for the client certificate. Client name: **** ./openvpn-install.sh: line 111: ./easyrsa: No such file or directory sed: can't read /etc/openvpn/server/easy-rsa/pki/issued/****.crt: No such file or directory cat: /etc/openvpn/server/easy-rsa/pki/private/****.key: No such file or directory Client **** added, configuration is available at: /root/****.ovpn So I at least have the VPN installed but I do not have a key or crt (I'm assuming certificate) for the client. The file ***.ovpn reads **** dev tun proto udp remote ***.***.***.*** 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC ignore-unknown-option block-outside-dns block-outside-dns verb 3 <ca> </ca> <cert> </cert> <key> </key> <tls-crypt> -----BEGIN OpenVPN Static key V1----- 2074842b419bb5f8c38616e172cf1970 bcea199188d6780edde8a10b34aa4e61 c5f6108332a7ee78365ebe808c9937db afd177417cec94322fa2416cac22cea9 746072bf800a9036ab4c02ce8fcc1eba 2915927b8123f781d086c34be0163943 37471bd852d5d0d0c787c42c266fd23f 73e37d937d7ba15626cd71485a8bba48 e271754d352721ee52e0f7c29d9230a9 60e4cab6fd9690c69a2ebc58724321e5 6efd3c4bb73c1408348bca5de4565340 c21921afc81c280644dc6773f322e0cd 25bfb05b67e84d5aa00ad96d1ff9a424 e8dab31692f4678ea55073fdfe10ed16 895e876c644b573b33431a2effceb159 3f6202cec3800d0b24d0fab1bf063dec -----END OpenVPN Static key V1----- </tls-crypt> From my limited experience and knowledge it appears that the easyrsa component of the openvpn install file did not work. I (at least) now only need to get a key and crt for the clients I added. I haven't found any information that allows a complete explanation as to how to do this. Help is greatly apreciated. Thanks |
Quote:
I think by now you have a partial installation. The installation script detects that something is installed and concludes it has nothing to do, but the easyrsa directory is missing, and perhaps more. I would remove OpenVPN (perhaps by removing /etc/openvpn?) and start again. However, before running the installation script I would look into it and find out what happens around the groupadd command. Another thought: I recently played with OpenVPN on Centos 7 and used a different installation method for EasyRSA. |
Thank you for all the responses.
I found that I had an error in my pathway for easyrsa in that I have an extra directory of EasyRSA-3.0.5 which is why I had the errors of 'no such file or directory'. I fixed the paths and have the server VPN working # sudo systemctl status openvpn ● openvpn.service - OpenVPN service Loaded: loaded (/usr/lib/systemd/system/openvpn.service; disabled; vendor preset: disabled) Active: active (exited) since Mon 2020-02-17 17:06:14 EST; 1 day 4h ago Main PID: 24493 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 26213) Memory: 0B CGroup: /system.slice/openvpn.service Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. I was able to create a user and get its .ovpn file I have now moved onto the client portion and have a windows 10 machine as the client. I donwloaded the openvpn windows client software and installed. I was also able to get the opvn file onto the client and imported it to the client. When I go to connect I get an error Client log Tue Feb 18 21:56:25 2020 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019 Tue Feb 18 21:56:25 2020 Windows version 6.2 (Windows 8 or greater) 64bit Tue Feb 18 21:56:25 2020 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10 Enter Management Password: Tue Feb 18 21:56:25 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Tue Feb 18 21:56:25 2020 Need hold release from management interface, waiting... Tue Feb 18 21:56:26 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'state on' Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'log all on' Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'echo all on' Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'bytecount 5' Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'hold off' Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'hold release' Tue Feb 18 21:56:26 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Tue Feb 18 21:56:26 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Feb 18 21:56:26 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Tue Feb 18 21:56:26 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Feb 18 21:56:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]73.230.37.158:1194 Tue Feb 18 21:56:26 2020 Socket Buffers: R=[65536->65536] S=[65536->65536] Tue Feb 18 21:56:26 2020 UDP link local: (not bound) Tue Feb 18 21:56:26 2020 UDP link remote: [AF_INET]73.230.37.158:1194 Tue Feb 18 21:56:26 2020 MANAGEMENT: >STATE:1582080986,WAIT,,,,,, Tue Feb 18 21:57:26 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Feb 18 21:57:26 2020 TLS Error: TLS handshake failed Tue Feb 18 21:57:26 2020 SIGUSR1[soft,tls-error] received, process restarting Tue Feb 18 21:57:26 2020 MANAGEMENT: >STATE:1582081046,RECONNECTING,tls-error,,,,, Tue Feb 18 21:57:26 2020 Restart pause, 5 second(s) |
Centos 8 VPN Instaltion
I yielded to other advice and started over, removing the openvpn that I had and went to
https://www.howtoforge.com/tutorial/...3-on-centos-8/ Everything was going well until I was 5-Enable Port-Forwarding and Configure Routing in Firewalld and Enable NAT for OpenVPN internal IP address '10.5.0.0/24' to the external IP address 'SERVERIP'. I followed the instructions as written but after "SERVERIP ... and then "firewall-cmd --permanent... I get an Error list index out of range looking through other items is seems that the awk command is the culprit, but I'm not sure what to do Thanks for any help |
Do you get this error when running firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE? If so, it was issued by firewall-cmd, not awk.
What is the value of SERVERIP? What is the output of ip route get 1.1.1.1? EDIT: "list index out of range" is probably a Python error, and firewall-cmd is written in Python. |
Centos 8 VPN Instaltion
Thank you for your response.
I did not get an error running firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE It was issued by entering firewall-cmd --reload If I reenter the first firewall-cmd, I get firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE Warning: ALREADY_ENABLED: passthrough 'ipv4', '['-t', 'nat', '-A', 'POSTROUTING', '-s', '10.5.0.0/24', '-o', '192.168.1.2', '-j', 'MASQUERADE']' success I hope this helps Thank you for your help |
All times are GMT -5. The time now is 01:39 AM. |