OpenVPN Startup Not Working?

Discussion in 'Server Operation' started by oday, May 3, 2010.

  1. oday

    oday New Member

    Hello Linux Community,

    I am new to Linux and new to networking, so please be patient with me if I am posting the wrong way or not providing the correct information when posting.

    I am setting up a bridged OpenVPN server on a Debian installation. After finishing the configuration and starting openvpn (using the "openvpn /etc/.../server.conf" option) the output pauses after the last line of the following output and the system does not proceed or return to the command prompt.

    ############################ Console Out Start ################################
    a# openvpn /etc/openvpn/examples/server.conf&
    [1] 2706
    # Mon May 3 08:40:19 2010 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
    Mon May 3 08:40:19 2010 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
    Mon May 3 08:40:19 2010 Diffie-Hellman initialized with 1024 bit key
    Mon May 3 08:40:19 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
    Mon May 3 08:40:21 2010 Control Channel Authentication: using '/etc/openvpn/examples/easy-rsa/ta.key' as a OpenVPN static key file
    Mon May 3 08:40:21 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon May 3 08:40:21 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon May 3 08:40:21 2010 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Mon May 3 08:40:21 2010 TUN/TAP device tap0 opened
    Mon May 3 08:40:21 2010 TUN/TAP TX queue length set to 100
    Mon May 3 08:40:21 2010 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
    Mon May 3 08:40:21 2010 GID set to nogroup
    Mon May 3 08:40:21 2010 UID set to nobody
    Mon May 3 08:40:21 2010 Socket Buffers: R=[111616->131072] S=[111616->131072]
    Mon May 3 08:40:21 2010 UDPv4 link local (bound): 192.168.3.137:1194
    Mon May 3 08:40:21 2010 UDPv4 link remote: [undef]
    Mon May 3 08:40:21 2010 MULTI: multi_init called, r=256 v=256
    Mon May 3 08:40:21 2010 IFCONFIG POOL: base=192.168.3.200 size=55
    Mon May 3 08:40:21 2010 IFCONFIG POOL LIST
    Mon May 3 08:40:21 2010 Initialization Sequence Completed
    ############################ Console Out End ################################

    Including the ampersand sign (&) to return to command does not change the response. Should I be expecting sume sort of succeeded statement or other output after this? Maybe there is a way that I can check the status of the connection or connection process? I cannot log in to the vpn remotely using the client confs, but who knows if there is another issue with them.

    Thanks for the help!
     
  2. Ben

    Ben HowtoForge Supporter

    Why don't you start openvpn via the init-Script? Normally it check's for all .conf files and tries to start them.
    Within this file you can also see that the binary has a parameter to daemonize the service....

    But nevertheless, I do not see any bad things in your logoutput. Did you check the output of netstat -tap whether openvpn is listening on the configured port? If so everything should be fine...
     
  3. oday

    oday New Member

    Thanks for your response.

    I checked netstat -tap and could not find openvpn listening on the configured port (port 1194). It may be that I do not know what to look for, though. I found the output to list all protocols as tcp, while I dictated udp in the server configuration. So I checked for udp with netstat -a, and found an openvpn listing, but am not sure what to make of it. It appears that the port is in use, because when I attempt to initiate the connection again it tells me that the socket is already in use. Below is the output of the netstat requests. If all looks fine, then I will try checking other reasons why connecting with a client is not working. Thank you again. Your aid is sincerely appreciated.

    ############################## output start ###################################
    Mercury:/home/la# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:35947 *:* LISTEN 1666/rpc.statd
    tcp 0 0 *:sunrpc *:* LISTEN 1655/portmap
    tcp 0 0 localhost:ipp *:* LISTEN 2059/cupsd
    tcp 0 0 localhost:smtp *:* LISTEN 2326/exim4
    tcp6 0 0 localhost:ipp [::]:* LISTEN 2059/cupsd
    Mercury:/home/la# netstat -a | grep udp
    udp 0 0 *:33047 *:*
    udp 0 0 Mercury.local:eek:penvpn *:*
    udp 0 0 *:48567 *:*
    udp 0 0 *:ircs *:*
    udp 0 0 *:mdns *:*
    udp 0 0 *:sunrpc *:*
    udp 0 0 *:ipp *:*
    udp6 0 0 [::]:mdns [::]:*
    udp6 0 0 [::]:40191 [::]:*
    ############################## output end ###################################
     
  4. Ben

    Ben HowtoForge Supporter

    So if you see openvpn listening on the configured port, why don't you just do the next step and set up your client to connect to your server.
    Or for which purpose did you install / configure the openvpn server? :)

    To release the openvpn process to the port, you need to kill the process. Or just use the init-script :)
     
  5. oday

    oday New Member

    As I mentioned, I am new to Linux and I am not sure what the netstat return is saying. No where does it indicate to me that openvpn is listening on port 1194. You suggested the 'netstat -tap' command to me, and it did not return any references to the configured port. Based on this, it looked to my inexperience self like openvpn may not be listening. If you think that it is, then I will move on to figuring out why my clients cannot connect. Thanks again.
     
  6. oday

    oday New Member

    o.k. I found the '-n' option for netstat, and verified that openvpn is in fact listening on the the configured port. I am not sure why it says "LISTEN" under "State" for the tcp sockets (is that right, sockets?), but not the udp. Regardless, thank you for pointing me in the right direction.

    ~o
     

Share This Page