Re: [Openvpn-users] OpenVPN CentOS Problem Issue

[Joselito T. <jos...@gm...>]

On Mon, Jun 6, 2011 at 2:01 PM, Jan Just Keijser <ja...@ni...> wrote:

> Hi,
>
> Joselito Tapangan wrote:
>
>>
>>
>>
>> On Mon, Jun 6, 2011 at 8:24 AM, Joselito Tapangan <
>> jos...@gm... <mailto:jos...@gm...>> wrote:
>>
>>    yes, the openVPN user the will start it is the root
>>
>>    On 6/5/11, Jan Just Keijser <ja...@ni...
>>    <mailto:ja...@ni...>> wrote:
>>    > Hi,
>>    >
>>    > Joselito Tapangan wrote:
>>    >>
>>    >> On Fri, Jun 3, 2011 at 3:32 PM, David Sommerseth
>>    >> <ope...@to...
>>    <mailto:ope...@to...>
>>    <mailto:ope...@to...
>>    <mailto:ope...@to...>>>
>>    >> wrote:
>>    >>
>>    >>     -----BEGIN PGP SIGNED MESSAGE-----
>>    >>     Hash: SHA1
>>    >>
>>    >>     On 03/06/11 02:34, Joselito Tapangan wrote:
>>    >>     > Hi,
>>    >>     >
>>    >>     >  When I run as root the command modinfo tun the display
>>    is this.
>>    >>     > /
>>    >>     > filename:
>>    >>     /lib/modules/2.6.18-194.32.1.el5/kernel/drivers/net/tun.ko
>>    >>     > alias:          char-major-10-200
>>    >>     > license:        GPL
>>    >>     > author:         (C) 1999-2004 Max Krasnyansky
>>    <ma...@qu... <mailto:ma...@qu...>
>>    >>     <mailto:ma...@qu... <mailto:ma...@qu...>>
>>    >>     > <mailto:ma...@qu... <mailto:ma...@qu...>
>>    <mailto:ma...@qu... <mailto:ma...@qu...>>>>
>>    >>     > description:    Universal TUN/TAP device driver
>>    >>     > srcversion:     23EC8E176639DE5F2DA2D21
>>    >>     > depends:
>>    >>     > vermagic:       2.6.18-194.32.1.el5 SMP mod_unload 686
>>    REGPARM
>>    >>     4KSTACKS gcc-4.1
>>    >>     > module_sig:
>>    >>     > 883f3504d24ffbb59f555817d939ea9112a82c09f6a8588888271
>>    <tel:8588888271>
>>    >>
>>    >> <tel:8588888271
>>
>>    <tel:8588888271
>> >>f5528944640a3f7bdd769eaaa760a08a76254af60772266157edea59dfbde7f294c70
>>    >>     > /
>>    >>     > When I run as root the modprobe tun. There is no error
>>    display
>>    >>     but also
>>    >>     > there is no output. It goes directly to the prompt.
>>    >>     >
>>    >>
>>    >>     [please, don't top post]
>>    >>
>>    >>     When modprobe do give any output, it means everything is okay.
>>    >>      The command
>>    >>     most likely worked fine.  You can verify that by doing as JJK
>>    >>     suggested:
>>    >>
>>    >>      lsmod | grep tun
>>    >>
>>    >>     If you see a line with 'tun' listed, it means the tun module is
>>    >>     loaded and
>>    >>     ready to be used.
>>    >>
>>    >>
>>    >>     kind regards,
>>    >>
>>    >>     David Sommerseth
>>    >>
>>    >>
>>    >>     > On Fri, Jun 3, 2011 at 4:42 AM, Jan Just Keijser
>>    >>     <ja...@ni... <mailto:ja...@ni...>
>>    <mailto:ja...@ni... <mailto:ja...@ni...>>
>>    >>     > <mailto:ja...@ni... <mailto:ja...@ni...>
>>    <mailto:ja...@ni... <mailto:ja...@ni...>>>> wrote:
>>    >>     >
>>    >>     >     do (as root)
>>    >>     >      modinfo tun
>>    >>     >      modprobe tun
>>    >>     >
>>    >>     >     if the second command returns an error , then there's
>>    >>     something wrong
>>    >>     >     with your CentOS installation ; after the 'modprobe'
>>    do an
>>    >>     >      lsmod | grep tun
>>    >>     >     to see if the device is actually listed.
>>    >>     >
>>    >>     >     HTH,
>>    >>     >
>>    >>     >     JJK
>>    >>     >
>>    >>
>>    >>     [...snip...]
>>    >>     -----BEGIN PGP SIGNATURE-----
>>    >>     Version: GnuPG v1.4.11 (GNU/Linux)
>>    >>     Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>    >>
>>    >>
>>  iEYEARECAAYFAk3ojh0ACgkQDC186MBRfro5TgCgig5fz6v2xFXJ68tS5dB3IHNw
>>    >>     lwAAnifkPMnbsfdijj+elw8bNq6Q26oo
>>    >>     =zv0W
>>    >>     -----END PGP SIGNATURE-----
>>    >>
>>    >>
>>    >> As what have you said, If there is no error the tun module is
>>    probably
>>    >> is running and ready to use. However the main problem of mine
>>    is the
>>    >> OpenVPN itself when I tried to run It failed and when I try to
>>    see the
>>    >> logs.
>>    >> This is what I found in the error log;
>>    >> /
>>    >> "Tue May 31 09:58:43 2011 us=705749 Note: Cannot ioctl
>>    TUNSETIFF tun0:
>>    >> Device or resource busy (errno=16)
>>    >> Tue May 31 09:58:43 2011 us=705763 Note: Attempting fallback to
>>    kernel
>>    >> 2.2 TUN/TAP interface
>>    >> Tue May 31 09:58:43 2011 us=705787 Cannot open TUN/TAP dev
>>    /dev/tun0:
>>    >> No such file or directory (errno=2)
>>    >> Tue May 31 09:58:43 2011 us=705811 Exiting"/
>>    >>
>>    >> What I need to know how to solve this problem Since we all know the
>>    >> module of tun is running, Any other possible reason why I
>>    commit that
>>    >> error? If there is so How can I do such solution? Your help is
>>    a great
>>    >> appreciated.
>>    >
>>    > so the 'tun' module is loaded; which user is used to start openvpn?
>>    > openvpn normally must be run as 'root' (or via 'sudo' ).
>>    >
>>    > also, try running, as root,
>>    >   openvpn --dev tun --proto udp
>>    > and post the output here - on my CentOS box that gives
>>    >   Sat Jun  4 22:58:13 2011 TUN/TAP device tun0 opened
>>    >
>>    > HTH,
>>    >
>>    > JJK
>>    >
>>    >
>>    >
>>    >
>>
>>
>>    --
>>    Respectfully Yours,
>>
>>    Joselito E. Tapangan
>>    Network Administrator
>>    Booom!! Interactive, Inc.
>>    2F Tulips Center Bldg.
>>    A.S. Fortuna St.
>>    Mandaue City, Cebu
>>    Philippines, 6014.
>>    http://joselitotapangan.info
>>    http://jetzumy2k.wordpress.com
>>    http://jetzumy2k.byethost18.com
>>    http://onlinereference.wordpress.com
>>
>>
>>
>> Hi,
>>
>>  When I run this command as root the out is this;
>> /
>> # openvpn --dev tun --proto udp
>>
>> Mon Jun  6 05:39:11 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2]
>> [EPOLL] [PKCS11] built on Mar 10 2011
>> Mon Jun  6 05:39:11 2011 IMPORTANT: OpenVPN's default port number is now
>> 1194, based on an official port number assignment by IANA.  OpenVPN
>> 2.0-beta16 and earlier used 5000 as the default port.
>> Mon Jun  6 05:39:11 2011 NOTE: OpenVPN 2.1 requires '--script-security 2'
>> or higher to call user-defined scripts or executables
>> Mon Jun  6 05:39:11 2011 ******* WARNING *******: all encryption and
>> authentication features disabled -- all data will be tunnelled as cleartext
>> Mon Jun  6 05:39:11 2011 TUN/TAP device tun0 opened
>> Mon Jun  6 05:39:11 2011 UDPv4 link local (bound): [undef]:1194
>> Mon Jun  6 05:39:11 2011 UDPv4 link remote: [undef]
>> /
>> I also tried the suggestion of David to change do some trial and error of
>> tun0 to tun1 or tun2. My new configuration is this;
>>
>> /port 1723 # (1194 is the default but on some APN networks this is
>> blocked)
>> proto tcp
>> dev tun1
>> ca /etc/openvpn/keys/ca.crt
>> cert /etc/openvpn/keys/server.crt
>> key /etc/openvpn/keys/server.key
>> dh /etc/openvpn/keys/dh1024.pem
>>
>> server 10.10.0.0 255.255.255.0
>> push "dhcp-option DNS 203.177.60.46
>> push "dhcp-option DNS 8.8.8.8"
>> #push "dhcp-option WINS 192.168.1.2"
>> push "route 192.168.0.0 255.255.255.0"
>> ifconfig-pool-persist ipp.txt
>> keepalive 10 120
>> comp-lzo
>> user nobody
>> group users
>> persist-key
>> persist-tun
>> status openvpn-status.log
>> verb 3
>> client-to-client
>> duplicate-cn # (this means several users can use the same key)/
>>                                                              When I tried
>> to start the Openvpn again it is still fail. And when I try to see the log
>> message the message is this;
>>
>> /Mon Jun  6 06:15:01 2011 us=353761 /sbin/ip route add 10.10.0.0/24 <
>> http://10.10.0.0/24> via 10.10.0.2
>>
>> Mon Jun  6 06:15:01 2011 us=354807 Data Channel MTU parms [ L:1542 D:1450
>> EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
>> Mon Jun  6 06:15:01 2011 us=355825 GID set to nobody
>> Mon Jun  6 06:15:01 2011 us=355939 UID set to nobody
>> Mon Jun  6 06:15:01 2011 us=355998 UDPv4 link local (bound): [undef]:1723
>> Mon Jun  6 06:15:01 2011 us=356026 UDPv4 link remote: [undef]
>> Mon Jun  6 06:15:01 2011 us=356048 MULTI: multi_init called, r=256 v=256
>> Mon Jun  6 06:15:01 2011 us=356158 IFCONFIG POOL: base=10.10.0.4 size=62
>> Mon Jun  6 06:15:01 2011 us=356209 IFCONFIG POOL LIST
>> Mon Jun  6 06:15:01 2011 us=356288 Initialization Sequence Completed/
>>
>>
>>  this looks perfectly alright! the server has started and has initialized
> and is now waiting for clients to connect.
>
> I'd recommend to use
>  dev tun
> instead of
>  dev tun1
> so OpenVPN can choose the first available tun device itself.
>
> HTH,
>
> JJK
>
> Hi,

   As what You have said it perfectly alright. But based of the command I
implement as root.

# /etc/init.d/openvpn start

There is an error display and that is [Failed]. I wonder It return in the
prompt failed error. Since when I see the logged is quiet fine.

Respectfully Yours,

Joselito E. Tapangan
Network Administrator
Booom!! Interactive, Inc.
2F Tulips Center Bldg.
A.S. Fortuna St.
Mandaue City, Cebu
Philippines, 6014.
http://joselitotapangan.info
http://jetzumy2k.wordpress.com
http://jetzumy2k.byethost18.com
http://onlinereference.wordpress.com