Not getting openvpn to work on CentOS 7

jonaskellens · 03-13-2018, 08:59 AM

Hello

I am experiencing problems setting up openvpn on CentOS 7.

On CentOS 6, I have no issues.
yum install openvpn
vi /etc/openvpn/vpn-server.conf
/sbin/service openvpn start

But on CentOS 7 I am stuck.

My system :

Code:

[root@prov admin]# cat /etc/centos-release
CentOS Linux release 7.4.1708 (Core)

[root@prov admin]# rpm -qa | grep openvpn
openvpn-2.4.4-1.el7.x86_64

[root@prov admin]# systemctl list-unit-files | grep openvpn
openvpn-client@.service                       disabled
openvpn-server@.service                       disabled
openvpn@.service                              disabled

When I issue the command :

Code:

[root@prov admin]# openvpn --config /etc/openvpn/server.conf

I have no output.

The logs :

Code:

[root@prov admin]# journalctl -xe


-- Unit openvpn-server@service.service has begun starting up.
mrt 13 12:38:11 my.domain.tld openvpn[14414]: Options error: In [CMD-LINE]:1: Error opening configuration file: service.conf
mrt 13 12:38:11 my.domain.tld openvpn[14414]: Use --help for more information.
mrt 13 12:38:11 my.domain.tld systemd[1]: openvpn-server@service.service: main process exited, code=exited, status=1/FAILURE
mrt 13 12:38:11 my.domain.tld systemd[1]: Failed to start OpenVPN service for service.
-- Subject: Unit openvpn-server@service.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit openvpn-server@service.service has failed.
-- 
-- The result is failed.
mrt 13 12:38:11 my.domain.tld systemd[1]: Unit openvpn-server@service.service entered failed state.
mrt 13 12:38:11 my.domain.tld systemd[1]: openvpn-server@service.service failed.
mrt 13 12:38:16 my.domain.tld systemd[1]: openvpn-server@service.service holdoff time over, scheduling restart.
mrt 13 12:38:16 my.domain.tld systemd[1]: Starting OpenVPN service for service...
-- Subject: Unit openvpn-server@service.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit openvpn-server@service.service has begun starting up.
mrt 13 12:38:16 my.domain.tld openvpn[14419]: Options error: In [CMD-LINE]:1: Error opening configuration file: service.conf
mrt 13 12:38:16 my.domain.tld openvpn[14419]: Use --help for more information.
mrt 13 12:38:16 my.domain.tld systemd[1]: openvpn-server@service.service: main process exited, code=exited, status=1/FAILURE
mrt 13 12:38:16 my.domain.tld systemd[1]: Failed to start OpenVPN service for service.
-- Subject: Unit openvpn-server@service.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit openvpn-server@service.service has failed.
-- 
-- The result is failed.
mrt 13 12:38:16 my.domain.tld systemd[1]: Unit openvpn-server@service.service entered failed state.
mrt 13 12:38:16 my.domain.tld systemd[1]: openvpn-server@service.service failed.
mrt 13 12:38:17 my.domain.tld openvpn[14425]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
mrt 13 12:38:17 my.domain.tld openvpn[14425]: OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
mrt 13 12:38:17 my.domain.tld openvpn[14425]: library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
mrt 13 12:38:17 my.domain.tld openvpn[14426]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block
mrt 13 12:38:17 my.domain.tld openvpn[14426]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block
mrt 13 12:38:17 my.domain.tld openvpn[14426]: TUN/TAP device tun1 opened
mrt 13 12:38:17 my.domain.tld openvpn[14426]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
mrt 13 12:38:17 my.domain.tld openvpn[14426]: /sbin/ip link set dev tun1 up mtu 1500
mrt 13 12:38:17 my.domain.tld NetworkManager[516]: <info>  [1520941097.9744] manager: (tun1): new Tun device (/org/freedesktop/NetworkManager/Devices/5)
mrt 13 12:38:17 my.domain.tld openvpn[14426]: /sbin/ip addr add dev tun1 local 10.20.92.1 peer 10.20.92.2
mrt 13 12:38:17 my.domain.tld openvpn[14426]: Could not determine IPv4/IPv6 protocol. Using AF_INET
mrt 13 12:38:17 my.domain.tld openvpn[14426]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
mrt 13 12:38:17 my.domain.tld openvpn[14426]: Exiting due to fatal error
mrt 13 12:38:17 my.domain.tld openvpn[14426]: /sbin/ip addr del dev tun1 local 10.20.92.1 peer 10.20.92.2

Hostech_Support · 03-14-2018, 03:53 AM

Hello jonaskellens,
please enable OpenVPN service...

jonaskellens · 03-14-2018, 08:08 AM

Quote:

Originally Posted by Hostech_Support

please enable OpenVPN service...

What do you mean by this ? Starting openvpn service is what I am trying to do here, as you can read in the logs.

Hostech_Support · 03-14-2018, 09:21 AM

Quote:

Originally Posted by jonaskellens

What do you mean by this ? Starting openvpn service is what I am trying to do here, as you can read in the logs.

At this point it looks like openvpn package was not installed properly on the Server to debug more you can analyze the logs in openvpn.log file.

jonaskellens · 03-14-2018, 10:05 AM

I added the following to my /etc/openvpn/server.conf :

Code:

log /var/log/openvpn.log

Now I have the following config :

Code:

[root@prov admin]# cat /etc/openvpn/server.conf 
# OpenVPN configuration file for VPN SERVER
dev tun
ifconfig 10.20.92.1 10.20.92.2
secret /etc/openvpn/staticVPN.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
user openvpn
group openvpn
daemon
log /var/log/openvpn.log

Output :

Code:

Wed Mar 14 16:03:30 2018 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Wed Mar 14 16:03:30 2018 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
Wed Mar 14 16:03:30 2018 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Wed Mar 14 16:03:30 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Mar 14 16:03:30 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Mar 14 16:03:30 2018 TUN/TAP device tun0 opened
Wed Mar 14 16:03:30 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Mar 14 16:03:30 2018 /sbin/ip link set dev tun0 up mtu 1500
Wed Mar 14 16:03:30 2018 /sbin/ip addr add dev tun0 local 10.20.92.1 peer 10.20.92.2
Wed Mar 14 16:03:30 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Mar 14 16:03:30 2018 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Mar 14 16:03:30 2018 UDPv4 link remote: [AF_UNSPEC]
Wed Mar 14 16:03:30 2018 GID set to openvpn
Wed Mar 14 16:03:30 2018 UID set to openvpn

More verbosity shows this :

Code:

Wed Mar 14 16:09:23 2018 us=358540 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Mar 14 16:09:23 2018 us=358598 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Mar 14 16:09:23 2018 us=358767 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Wed Mar 14 16:09:23 2018 us=358786 Exiting due to fatal error
Wed Mar 14 16:09:23 2018 us=358818 Closing TUN/TAP interface