[SOLVED] Problem connecting to openvpn server from ubuntu 10.04
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Problem connecting to openvpn server from ubuntu 10.04
Hello,
I need to connect to a openvpn server. I got the ovpn.conf file and it's working fine on windows. Now i'm trying to connect from ubuntu server using "ovpn --config ovpn.conf" command. It connects but i can't access the remote network. Here's the full sequence:
Code:
Tue Jan 17 11:48:54 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 17 11:48:54 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue Jan 17 11:48:54 2012 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jan 17 11:48:54 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:48:54 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:48:54 2012 LZO compression initialized
Tue Jan 17 11:48:54 2012 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 17 11:48:54 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 17 11:48:54 2012 Local Options hash (VER=V4): 'e39a3273'
Tue Jan 17 11:48:54 2012 Expected Remote Options hash (VER=V4): '3c14feac'
Tue Jan 17 11:48:54 2012 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:1024 [nonblock]
Tue Jan 17 11:48:55 2012 TCP connection established with [AF_INET]xx.xx.xx.xx:1024
Tue Jan 17 11:48:55 2012 Socket Buffers: R=[87380->200000] S=[16384->200000]
Tue Jan 17 11:48:55 2012 TCPv4_CLIENT link local: [undef]
Tue Jan 17 11:48:55 2012 TCPv4_CLIENT link remote: [AF_INET]xx.xx.xx.xx:1024
Tue Jan 17 11:48:55 2012 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1024, sid=f1999284 31a3de8f
Tue Jan 17 11:48:55 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 17 11:48:58 2012 VERIFY OK: depth=1, /CN=OpenVPN_CA
Tue Jan 17 11:48:58 2012 VERIFY OK: nsCertType=SERVER
Tue Jan 17 11:48:58 2012 VERIFY OK: depth=0, /CN=OpenVPN_Server
Tue Jan 17 11:49:04 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 17 11:49:04 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:49:04 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 17 11:49:04 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:49:04 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 17 11:49:04 2012 [OpenVPN_Server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1024
Tue Jan 17 11:49:06 2012 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
Tue Jan 17 11:49:06 2012 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,route-gateway dhcp,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,socket-flags TCP_NODELAY,redirect-gateway def1,redirect-gateway bypass-dhcp,auth-token SESS_ID_Xuef9io/65BetYMB6nUXNA==,comp-lzo yes'
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.1.0)
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.1.0)
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.1.0)
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:13: auth-token (2.1.0)
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: LZO parms modified
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: --socket-flags option modified
Tue Jan 17 11:49:06 2012 Socket flags: TCP_NODELAY=1 succeeded
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: route options modified
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: route-related options modified
Tue Jan 17 11:49:06 2012 ROUTE default_gateway=10.110.1.5
Tue Jan 17 11:49:06 2012 TUN/TAP device tap0 opened
Tue Jan 17 11:49:06 2012 TUN/TAP TX queue length set to 100
Tue Jan 17 11:49:11 2012 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Tue Jan 17 11:49:11 2012 Initialization Sequence Completed
I need to connect to a openvpn server. I got the ovpn.conf file and it's working fine on windows. Now i'm trying to connect from ubuntu server using "ovpn --config ovpn.conf" command. It connects but i can't access the remote network. Here's the full sequence:
Code:
Tue Jan 17 11:48:54 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 17 11:48:54 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue Jan 17 11:48:54 2012 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jan 17 11:48:54 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:48:54 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:48:54 2012 LZO compression initialized
Tue Jan 17 11:48:54 2012 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 17 11:48:54 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 17 11:48:54 2012 Local Options hash (VER=V4): 'e39a3273'
Tue Jan 17 11:48:54 2012 Expected Remote Options hash (VER=V4): '3c14feac'
Tue Jan 17 11:48:54 2012 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:1024 [nonblock]
Tue Jan 17 11:48:55 2012 TCP connection established with [AF_INET]xx.xx.xx.xx:1024
Tue Jan 17 11:48:55 2012 Socket Buffers: R=[87380->200000] S=[16384->200000]
Tue Jan 17 11:48:55 2012 TCPv4_CLIENT link local: [undef]
Tue Jan 17 11:48:55 2012 TCPv4_CLIENT link remote: [AF_INET]xx.xx.xx.xx:1024
Tue Jan 17 11:48:55 2012 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1024, sid=f1999284 31a3de8f
Tue Jan 17 11:48:55 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 17 11:48:58 2012 VERIFY OK: depth=1, /CN=OpenVPN_CA
Tue Jan 17 11:48:58 2012 VERIFY OK: nsCertType=SERVER
Tue Jan 17 11:48:58 2012 VERIFY OK: depth=0, /CN=OpenVPN_Server
Tue Jan 17 11:49:04 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 17 11:49:04 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:49:04 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 17 11:49:04 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 11:49:04 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 17 11:49:04 2012 [OpenVPN_Server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1024
Tue Jan 17 11:49:06 2012 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
Tue Jan 17 11:49:06 2012 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,route-gateway dhcp,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,socket-flags TCP_NODELAY,redirect-gateway def1,redirect-gateway bypass-dhcp,auth-token SESS_ID_Xuef9io/65BetYMB6nUXNA==,comp-lzo yes'
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.1.0)
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.1.0)
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.1.0)
Tue Jan 17 11:49:06 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:13: auth-token (2.1.0)
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: LZO parms modified
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: --socket-flags option modified
Tue Jan 17 11:49:06 2012 Socket flags: TCP_NODELAY=1 succeeded
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: route options modified
Tue Jan 17 11:49:06 2012 OPTIONS IMPORT: route-related options modified
Tue Jan 17 11:49:06 2012 ROUTE default_gateway=10.110.1.5
Tue Jan 17 11:49:06 2012 TUN/TAP device tap0 opened
Tue Jan 17 11:49:06 2012 TUN/TAP TX queue length set to 100
Tue Jan 17 11:49:11 2012 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Tue Jan 17 11:49:11 2012 Initialization Sequence Completed
Thanks for you help in advance.
Hello look at this part:
Tue Jan 17 11:48:55 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Try to use this parameter to login.
By this log all the rest seems to be right.
I use Remote Desktop Viewer and I do not have problems.
From what I can see it looks like openvpn is unable to change the default route due to the startup options not being correct.
Tue Jan 17 11:49:11 2012 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Rather then change the default, a better option is to us push ( on the server side ) to push a route to the server side network to any connecting client. You can also add a network route manually after you establish the VPN. If you do a 'netstat -rn' you will see all of the routes that your system has, all you need to do to test it is something like the following (assuming that you are root or have sudo privs)
/sbin/route add -net <serverside subnet>/XX gw <IP ADDR of serverside of VPN> ( 10.110.1.5 in this case )
Once you add that route, then you should be able to route traffic over the VPN.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.