openvpn on 6.01

gaetanlec

service openvpn start ... FAILED

« Reply #30 on: December 20, 2004, 05:57:14 PM »

Hi, I have followed your howto but get a failed message when starting openvpn service.
I am running sme 6.0.1-01

Here are the logs:
Dec 20 17:57:51 sm-e-smith openvpn[3676]: OpenVPN 2.0_rc1 i386-redhat-linux [SSL] [LZO] built on Dec 9 2004
Dec 20 17:57:51 sm-e-smith openvpn[3676]: Diffie-Hellman initialized with 1024 bit key
Dec 20 17:57:51 sm-e-smith openvpn[3676]: Cannot load certificate file server.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:missing asn1 eos
Dec 20 17:57:51 sm-e-smith openvpn[3676]: Exiting
Dec 20 17:57:51 sm-e-smith openvpn: failed

Thanks

Logged

Appesteijn

62
+0/-0

openvpn on 6.01

« Reply #31 on: December 20, 2004, 06:02:32 PM »

Cannot load certificate file server.crt

is the server.crt in the 'keys' directory? And are the security settings ok? Try chmod 700 server.crt

Logged

............

gaetanlec

openvpn on 6.01

« Reply #32 on: December 20, 2004, 09:49:38 PM »

I found the problem ... did not fully follow the howto (forget name Server abd client ...
Thanks
Gaetan

Logged

gaetanlec

Another problem/ SME Version 5.5

« Reply #33 on: December 20, 2004, 09:53:37 PM »

Hi,
I am now trying to install openvpn onto another machine - this time running sme 5.5.
I know thqt the howto mention Version 6.01 ... but maybe someone can help.
I follow the HowTo without any issues until I try to start the service which fails.
Here is the log:

Dec 20 20:52:01 QCK-MAIL openvpn[2520]: OpenVPN 2.0_rc1 i386-redhat-linux [SSL] [LZO] built on Dec 9 2004
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: Diffie-Hellman initialized with 1024 bit key
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: WARNING: file 'server.key' is group or others accessible
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 20 20:52:02 QCK-MAIL modprobe: modprobe: Can't locate module char-major-90
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: Cannot allocate TUN/TAP dev dynamically
Dec 20 20:52:02 QCK-MAIL openvpn[2520]: Exiting
Dec 20 20:52:02 QCK-MAIL openvpn: failed

I don't want to re-install the sme ...
Can something done (ie manual updates) to clear the problem ?

Thanks
Gaëtan

Logged

duncan

openvpn on 6.01

« Reply #34 on: December 21, 2004, 12:23:57 AM »

Its been a while - but Im pretty sure the 5.5 kernel does not support tun/tap devices.

The original howto (which seems to have disappeared) had a tun/tap howto. Basically compile it as you would a driver.

Regards Duncan

Logged

gaetanlec

openvpn on 6.01

« Reply #35 on: December 21, 2004, 02:59:44 PM »

Hi,
Thaks for the reply.
I have found an howto for tun on google (http://www.google.fr/search?q=cache:RcYxT2fpMboJ:www.e-smith.org/docs/howto/contrib/OpenVPN_HOWTO.html+sme+tun+tap+howto&hl=fr&start=1) ...
After installing the various packages, I get the following error:

[root@QCK-MAIL tun-1.1]# make install
cd linux; make all
make[1]: Entering directory /opt/tun-1.1/linux'
make[1]: Nothing to be done for all'.
make[1]: Leaving directory /opt/tun-1.1/linux'
cd linux; make inst
make[1]: Entering directory /opt/tun-1.1/linux'
/usr/bin/install -c -d -m 755 -o root -g root /lib/modules/2.2.19-7.0.8/net
/usr/bin/install -c -m 644 -o root -g root tun.o /lib/modules/2.2.19-7.0.8/net
/sbin/depmod -a
depmod: *** Unresolved symbols in /lib/modules/2.2.19-7.0.8/net/tun.o
make[1]: *** [kernel] Error 1
make[1]: Leaving directory /opt/tun-1.1/linux'
make: *** [install] Error 2
[root@QCK-MAIL tun-1.1]#

The same apply if I try to directly install the following rpm (http://vtun.sourceforge.net/tun/tun-1.1-6.rh72.i386.rpm)

Any idea ?
Thanks
Gaetan

Logged

Knuddi

540
+0/-0

openvpn on 6.01

« Reply #36 on: December 21, 2004, 03:44:39 PM »

Rather than building all this you might get away with a simpler solution.

mkdir /dev/net
mknod /dev/net/tun c 10 200
chmod 750 /dev/net
chmod 660 /dev/net/tun

Logged

www.scanmailx.com | www.smeoptimizer.com

gaetanlec

openvpn on 6.01

« Reply #37 on: December 21, 2004, 03:58:37 PM »

Hi,
I have tried this ...
Still cannot start the service.
Here is the log:

Dec 21 15:00:29 QCK-MAIL openvpn[7037]: OpenVPN 2.0_rc1 i386-redhat-linux [SSL] [LZO] built on Dec 9 2004
Dec 21 15:00:29 QCK-MAIL openvpn[7037]: Diffie-Hellman initialized with 1024 bit key
Dec 21 15:00:29 QCK-MAIL openvpn[7037]: WARNING: file 'server.key' is group or others accessible
Dec 21 15:00:29 QCK-MAIL openvpn[7037]: TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 21 15:00:29 QCK-MAIL insmod: /lib/modules/2.2.19-7.0.8/net/tun.o: insmod char-major-10-200 failed
Dec 21 15:00:29 QCK-MAIL openvpn[7037]: Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Dec 21 15:00:29 QCK-MAIL openvpn[7037]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Dec 21 15:00:30 QCK-MAIL openvpn[7037]: Cannot allocate TUN/TAP dev dynamically
Dec 21 15:00:30 QCK-MAIL openvpn[7037]: Exiting
Dec 21 15:00:30 QCK-MAIL openvpn: failed

Cheers
Gaetan

Logged

Knuddi

540
+0/-0

openvpn on 6.01

« Reply #38 on: December 21, 2004, 04:06:13 PM »

Did you install smeserver-openvpn-0.0.1-2.noarch.rpm?

Logged

www.scanmailx.com | www.smeoptimizer.com

gaetanlec

openvpn on 6.01

« Reply #39 on: December 21, 2004, 04:09:10 PM »

Yes I did.
Gaëtan

Logged

jamesli

OpenVPN LAN access

« Reply #40 on: December 23, 2004, 04:08:14 PM »

Hi, I am a newbie here. I have a SME 6.0 server only setup on my LAN and installed the OpenVPN on it following this how-to step by step, http://sme.swerts-knudsen.dk/howtos/howto_30.htm (Great instruction indeed). Now I can VPN to the server but can not see the rest of the LAN. What step I need to do to access the rest of the LAN??

Logged

Knuddi

540
+0/-0

openvpn on 6.01

« Reply #41 on: December 23, 2004, 09:01:37 PM »

jamesli, in what way cant you communicate with the rest of the LAN? Remember to set the 192.168.100.0 range as local net on all servers you want to communicate with. Otherwise they will not know where to return the requests to.

Can you ping the local LAN IP address on the server (not the 192.168.100.xx but the old eth0 net)?

Logged

www.scanmailx.com | www.smeoptimizer.com

jamesli

openvpn on 6.01

« Reply #42 on: December 24, 2004, 04:22:19 AM »

My setting is using an server only SME(internal ip 192.168.1.100) as the VPN server , it is behind a router(internal ip 192.168.1.1), I have forward the VPN port to the SME server. When I VPN from outside into the SME, I can see the SME server as 192.168.100.1, and also as 192.168.1.100. but I can not see the rest of the 192.168.1.x machines included the route (192.168.1.1). Ping for any internal ip other than 192.168.1.100 goes nowhere. I did add the 192.168.100.0 in the local network panel from the server manager. I am confused.

Logged

Appesteijn

62
+0/-0

openvpn on 6.01

« Reply #43 on: December 24, 2004, 09:45:31 AM »

If your client get a ip-adres but you can't ping the other machines in your local network may the route isn't right. Make sure that the following line in your server.conf is set correct:
push "route 192.168.internal.net 255.255.255.0 192.168.your.server"

Logged

............

cydonia

openvpn on 6.01

« Reply #44 on: December 25, 2004, 08:20:04 AM »

Ahh, i couldn't get this to work before but i hadn't really looked much further into it, just realised why today!

Great how to! thanks.

I see now, OpenVPN is much more secure and controlled than pptp VPN.

Logged