Menu
▾
▴
Re: [Openvpn-users] OpenVPN CentOS Problem Issue
|
From: Jan J. K. <ja...@ni...> - 2011-06-06 06:01:47
|
Hi, Joselito Tapangan wrote: > > > > On Mon, Jun 6, 2011 at 8:24 AM, Joselito Tapangan > <jos...@gm... <mailto:jos...@gm...>> wrote: > > yes, the openVPN user the will start it is the root > > On 6/5/11, Jan Just Keijser <ja...@ni... > <mailto:ja...@ni...>> wrote: > > Hi, > > > > Joselito Tapangan wrote: > >> > >> On Fri, Jun 3, 2011 at 3:32 PM, David Sommerseth > >> <ope...@to... > <mailto:ope...@to...> > <mailto:ope...@to... > <mailto:ope...@to...>>> > >> wrote: > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> On 03/06/11 02:34, Joselito Tapangan wrote: > >> > Hi, > >> > > >> > When I run as root the command modinfo tun the display > is this. > >> > / > >> > filename: > >> /lib/modules/2.6.18-194.32.1.el5/kernel/drivers/net/tun.ko > >> > alias: char-major-10-200 > >> > license: GPL > >> > author: (C) 1999-2004 Max Krasnyansky > <ma...@qu... <mailto:ma...@qu...> > >> <mailto:ma...@qu... <mailto:ma...@qu...>> > >> > <mailto:ma...@qu... <mailto:ma...@qu...> > <mailto:ma...@qu... <mailto:ma...@qu...>>>> > >> > description: Universal TUN/TAP device driver > >> > srcversion: 23EC8E176639DE5F2DA2D21 > >> > depends: > >> > vermagic: 2.6.18-194.32.1.el5 SMP mod_unload 686 > REGPARM > >> 4KSTACKS gcc-4.1 > >> > module_sig: > >> > 883f3504d24ffbb59f555817d939ea9112a82c09f6a8588888271 > <tel:8588888271> > >> > >> <tel:8588888271 > <tel:8588888271>>f5528944640a3f7bdd769eaaa760a08a76254af60772266157edea59dfbde7f294c70 > >> > / > >> > When I run as root the modprobe tun. There is no error > display > >> but also > >> > there is no output. It goes directly to the prompt. > >> > > >> > >> [please, don't top post] > >> > >> When modprobe do give any output, it means everything is okay. > >> The command > >> most likely worked fine. You can verify that by doing as JJK > >> suggested: > >> > >> lsmod | grep tun > >> > >> If you see a line with 'tun' listed, it means the tun module is > >> loaded and > >> ready to be used. > >> > >> > >> kind regards, > >> > >> David Sommerseth > >> > >> > >> > On Fri, Jun 3, 2011 at 4:42 AM, Jan Just Keijser > >> <ja...@ni... <mailto:ja...@ni...> > <mailto:ja...@ni... <mailto:ja...@ni...>> > >> > <mailto:ja...@ni... <mailto:ja...@ni...> > <mailto:ja...@ni... <mailto:ja...@ni...>>>> wrote: > >> > > >> > do (as root) > >> > modinfo tun > >> > modprobe tun > >> > > >> > if the second command returns an error , then there's > >> something wrong > >> > with your CentOS installation ; after the 'modprobe' > do an > >> > lsmod | grep tun > >> > to see if the device is actually listed. > >> > > >> > HTH, > >> > > >> > JJK > >> > > >> > >> [...snip...] > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.11 (GNU/Linux) > >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > >> > >> > iEYEARECAAYFAk3ojh0ACgkQDC186MBRfro5TgCgig5fz6v2xFXJ68tS5dB3IHNw > >> lwAAnifkPMnbsfdijj+elw8bNq6Q26oo > >> =zv0W > >> -----END PGP SIGNATURE----- > >> > >> > >> As what have you said, If there is no error the tun module is > probably > >> is running and ready to use. However the main problem of mine > is the > >> OpenVPN itself when I tried to run It failed and when I try to > see the > >> logs. > >> This is what I found in the error log; > >> / > >> "Tue May 31 09:58:43 2011 us=705749 Note: Cannot ioctl > TUNSETIFF tun0: > >> Device or resource busy (errno=16) > >> Tue May 31 09:58:43 2011 us=705763 Note: Attempting fallback to > kernel > >> 2.2 TUN/TAP interface > >> Tue May 31 09:58:43 2011 us=705787 Cannot open TUN/TAP dev > /dev/tun0: > >> No such file or directory (errno=2) > >> Tue May 31 09:58:43 2011 us=705811 Exiting"/ > >> > >> What I need to know how to solve this problem Since we all know the > >> module of tun is running, Any other possible reason why I > commit that > >> error? If there is so How can I do such solution? Your help is > a great > >> appreciated. > > > > so the 'tun' module is loaded; which user is used to start openvpn? > > openvpn normally must be run as 'root' (or via 'sudo' ). > > > > also, try running, as root, > > openvpn --dev tun --proto udp > > and post the output here - on my CentOS box that gives > > Sat Jun 4 22:58:13 2011 TUN/TAP device tun0 opened > > > > HTH, > > > > JJK > > > > > > > > > > > -- > Respectfully Yours, > > Joselito E. Tapangan > Network Administrator > Booom!! Interactive, Inc. > 2F Tulips Center Bldg. > A.S. Fortuna St. > Mandaue City, Cebu > Philippines, 6014. > http://joselitotapangan.info > http://jetzumy2k.wordpress.com > http://jetzumy2k.byethost18.com > http://onlinereference.wordpress.com > > > > Hi, > > When I run this command as root the out is this; > / > # openvpn --dev tun --proto udp > > Mon Jun 6 05:39:11 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] > [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011 > Mon Jun 6 05:39:11 2011 IMPORTANT: OpenVPN's default port number is > now 1194, based on an official port number assignment by IANA. > OpenVPN 2.0-beta16 and earlier used 5000 as the default port. > Mon Jun 6 05:39:11 2011 NOTE: OpenVPN 2.1 requires '--script-security > 2' or higher to call user-defined scripts or executables > Mon Jun 6 05:39:11 2011 ******* WARNING *******: all encryption and > authentication features disabled -- all data will be tunnelled as > cleartext > Mon Jun 6 05:39:11 2011 TUN/TAP device tun0 opened > Mon Jun 6 05:39:11 2011 UDPv4 link local (bound): [undef]:1194 > Mon Jun 6 05:39:11 2011 UDPv4 link remote: [undef] > / > I also tried the suggestion of David to change do some trial and error > of tun0 to tun1 or tun2. My new configuration is this; > > /port 1723 # (1194 is the default but on some APN networks this is > blocked) > proto tcp > dev tun1 > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/server.crt > key /etc/openvpn/keys/server.key > dh /etc/openvpn/keys/dh1024.pem > > server 10.10.0.0 255.255.255.0 > push "dhcp-option DNS 203.177.60.46 > push "dhcp-option DNS 8.8.8.8" > #push "dhcp-option WINS 192.168.1.2" > push "route 192.168.0.0 255.255.255.0" > ifconfig-pool-persist ipp.txt > keepalive 10 120 > comp-lzo > user nobody > group users > persist-key > persist-tun > status openvpn-status.log > verb 3 > client-to-client > duplicate-cn # (this means several users can use the same key)/ > > When I tried to start the Openvpn again it is still fail. And when I > try to see the log message the message is this; > > /Mon Jun 6 06:15:01 2011 us=353761 /sbin/ip route add 10.10.0.0/24 > <http://10.10.0.0/24> via 10.10.0.2 > Mon Jun 6 06:15:01 2011 us=354807 Data Channel MTU parms [ L:1542 > D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] > Mon Jun 6 06:15:01 2011 us=355825 GID set to nobody > Mon Jun 6 06:15:01 2011 us=355939 UID set to nobody > Mon Jun 6 06:15:01 2011 us=355998 UDPv4 link local (bound): [undef]:1723 > Mon Jun 6 06:15:01 2011 us=356026 UDPv4 link remote: [undef] > Mon Jun 6 06:15:01 2011 us=356048 MULTI: multi_init called, r=256 v=256 > Mon Jun 6 06:15:01 2011 us=356158 IFCONFIG POOL: base=10.10.0.4 size=62 > Mon Jun 6 06:15:01 2011 us=356209 IFCONFIG POOL LIST > Mon Jun 6 06:15:01 2011 us=356288 Initialization Sequence Completed/ > > this looks perfectly alright! the server has started and has initialized and is now waiting for clients to connect. I'd recommend to use dev tun instead of dev tun1 so OpenVPN can choose the first available tun device itself. HTH, JJK |
