search

angristan / openvpn-install

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
https://stanislas.blog
MIT License
13.78k stars 2.98k forks source link

Service is not started on Ubuntu 16.04 #311

Closed alexrose closed 6 years ago

alexrose commented 6 years ago

After pulling the latest version and generating new files, I cant connect to the vpn anymore. Any ideas? I'm using same external IP, same port; before this update, the vpn was working fine.

Thank you.

Thu Sep 27 17:41:25 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Sep 27 17:41:25 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Sep 27 17:41:25 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Thu Sep 27 17:41:25 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Sep 27 17:41:25 2018 Need hold release from management interface, waiting...
Thu Sep 27 17:41:25 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Sep 27 17:41:25 2018 MANAGEMENT: CMD 'state on'
Thu Sep 27 17:41:25 2018 MANAGEMENT: CMD 'log all on'
Thu Sep 27 17:41:25 2018 MANAGEMENT: CMD 'echo all on'
Thu Sep 27 17:41:26 2018 MANAGEMENT: CMD 'bytecount 5'
Thu Sep 27 17:41:26 2018 MANAGEMENT: CMD 'hold off'
Thu Sep 27 17:41:26 2018 MANAGEMENT: CMD 'hold release'
Thu Sep 27 17:41:26 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Sep 27 17:41:26 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Sep 27 17:41:26 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Sep 27 17:41:26 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Sep 27 17:41:26 2018 MANAGEMENT: >STATE:1538059286,RESOLVE,,,,,,
Thu Sep 27 17:41:26 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]myip:myport
Thu Sep 27 17:41:26 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Sep 27 17:41:26 2018 UDP link local: (not bound)
Thu Sep 27 17:41:26 2018 UDP link remote: [AF_INET]myip:myport
Thu Sep 27 17:41:26 2018 MANAGEMENT: >STATE:1538059286,WAIT,,,,,,
Thu Sep 27 17:42:26 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Sep 27 17:42:26 2018 TLS Error: TLS handshake failed
Thu Sep 27 17:42:26 2018 SIGUSR1[soft,tls-error] received, process restarting
Thu Sep 27 17:42:26 2018 MANAGEMENT: >STATE:1538059346,RECONNECTING,tls-error,,,,,
Thu Sep 27 17:42:26 2018 Restart pause, 5 second(s)
Thu Sep 27 17:42:31 2018 MANAGEMENT: >STATE:1538059351,RESOLVE,,,,,,
angristan commented 6 years ago

Which OS is your server running?

alexrose commented 6 years ago

DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"

daum commented 6 years ago

FYI I had this issue with a brand new setup on ubuntu 18, saw a number of "tls-crypt unwrap error: packet too short openvpn" in the syslog.

angristan commented 6 years ago

@alexrose OK, can you check the output of systemctl --no-pager -u openvpn@server?

alexrose commented 6 years ago

I'm not sure what -u should do; is this ok?

systemctl --no-pager | grep openvpn
iptables-openvpn.service                                                                                   loaded active exited    iptables rules for OpenVPN
system-openvpn.slice                                                                                       loaded active active    system-openvpn.slice
angristan commented 6 years ago

Oops, sorry, journalctl --no-pager -u openvpn@server

alexrose commented 6 years ago 
journalctl --no-pager -u openvpn@server
-- Logs begin at Wed 2018-09-26 01:16:01 EEST, end at Thu 2018-09-27 20:20:01 EEST. --
Sep 26 22:16:54 beast systemd[1]: Stopping OpenVPN connection to server...
Sep 26 22:16:54 beast ovpn-server[1012]: event_wait : Interrupted system call (code=4)
Sep 26 22:16:54 beast ovpn-server[1012]: Closing TUN/TAP interface
Sep 26 22:16:54 beast ovpn-server[1012]: /sbin/ip addr del dev tun0 10.8.0.1/24
Sep 26 22:16:54 beast ovpn-server[1012]: Linux ip addr del failed: external program exited with error status: 2
Sep 26 22:16:54 beast ovpn-server[1012]: SIGTERM[hard,] received, process exiting
Sep 26 22:16:54 beast systemd[1]: Stopped OpenVPN connection to server.
daum commented 6 years ago

@angristan Not sure that my issue is the same so let me know if I should get off the issue ticket as it appears mine is at least up and running:

Sep 27 17:21:16 ip-10-0-0-18 systemd[1]: Starting OpenVPN connection to server...
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: ECDH curve prime256v1 added
Sep 27 17:21:16 ip-10-0-0-18 systemd[1]: Started OpenVPN connection to server.
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: TUN/TAP device tun0 opened
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: TUN/TAP TX queue length set to 100
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: /sbin/ip link set dev tun0 up mtu 1500
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: UDPv4 link local (bound): [AF_INET][undef]:1194
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: UDPv4 link remote: [AF_UNSPEC]
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: GID set to nogroup
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: UID set to nobody
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: MULTI: multi_init called, r=256 v=256
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: IFCONFIG POOL LIST
Sep 27 17:21:16 ip-10-0-0-18 ovpn-server[744]: Initialization Sequence Completed
Sep 27 17:22:50 ip-10-0-0-18 ovpn-server[744]: tls-crypt unwrap error: packet too short
Sep 27 17:22:50 ip-10-0-0-18 ovpn-server[744]: TLS Error: tls-crypt unwrapping failed from [AF_INET]xx.xx.xxx.xxx:54990
Sep 27 17:22:52 ip-10-0-0-18 ovpn-server[744]: tls-crypt unwrap error: packet too short
Sep 27 17:22:52 ip-10-0-0-18 ovpn-server[744]: TLS Error: tls-crypt unwrapping failed from [AF_INET]xx.xx.xxx.xxx:54990
Sep 27 17:22:56 ip-10-0-0-18 ovpn-server[744]: tls-crypt unwrap error: packet too short
Sep 27 17:22:56 ip-10-0-0-18 ovpn-server[744]: TLS Error: tls-crypt unwrapping failed from [AF_INET]xx.xx.xxx.xxx:54990
Sep 27 17:23:04 ip-10-0-0-18 ovpn-server[744]: tls-crypt unwrap error: packet too short
Sep 27 17:23:04 ip-10-0-0-18 ovpn-server[744]: TLS Error: tls-crypt unwrapping failed from [AF_INET]xx.xx.xxx.xxx:54990
angristan commented 6 years ago

@daum Yes this seems to be another issue

angristan commented 6 years ago

@alexrose please post the end of the log... :)

alexrose commented 6 years ago

That's all I have. Also, I tried to install the vpn on a vps from inception hosting(fresh install - ubuntu 16, and the log is empty; but the problem remains(can't connect)

root@us:~# journalctl --no-pager -u openvpn@server
-- No entries --
root@us:~#
angristan commented 6 years ago

Ah yes, we use a different package now, and it's not using systemd, let me check

angristan commented 6 years ago

can you do a ps faux | grep openvpn?

alexrose commented 6 years ago 
root     25041  0.0  0.0   5104   896 pts/0    S+   20:55   0:00                          \_ grep --color=auto openvpn
angristan commented 6 years ago

It should be fixed with https://github.com/angristan/openvpn-install/commit/9716e868a021b6ea898e85288e29de552792af94.

The service wasn't started and enabled.

You can do:

systemctl enable openvpn
systemctl start openvpn
alexrose commented 6 years ago

Indeed, it works now. Thanks a lot. Have a great day/night!

angristan commented 6 years ago

Great 👍