loadcorp
commented
5 years ago Also I tried to use the same config file on iOS client - nothing.
Closed loadcorp closed 5 years ago
loadcorp
commented
5 years ago Also I tried to use the same config file on iOS client - nothing.
angristan
commented
5 years ago Can you run this on the server:
ps faux | grep openvpnsystemctl status openvpn-server@serverloadcorp
commented
5 years ago Sorry for the delay answer, I was been on vacation without my laptop.
So this is results of your commands which you asked to run:
[root@vultr ~]# ps faux | grep openvpn root 2066 0.0 0.1 215640 1012 pts/0 S+ 17:23 0:00 | \_ grep --color=auto openvpn nobody 1892 0.0 0.7 72112 7272 ? Ss 17:19 0:00 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
`[root@vultr ~]# systemctl status openvpn-server@server ● openvpn-server@server.service - OpenVPN service for server Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor> Active: active (running) since Sun 2018-10-14 17:19:20 UTC; 6min ago Docs: man:openvpn(8) https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage https://community.openvpn.net/openvpn/wiki/HOWTO Main PID: 1892 (openvpn) Status: "Initialization Sequence Completed" Tasks: 1 (limit: 1152) Memory: 1.2M CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.s> └─1892 /usr/sbin/openvpn --status /run/openvpn-server/status-server.>
Oct 14 17:19:21 vultr.guest openvpn[1892]: Could not determine IPv4/IPv6 protoc> Oct 14 17:19:21 vultr.guest openvpn[1892]: Socket Buffers: R=[212992->212992] S> Oct 14 17:19:21 vultr.guest openvpn[1892]: UDPv4 link local (bound): [AF_INET][> Oct 14 17:19:21 vultr.guest openvpn[1892]: UDPv4 link remote: [AF_UNSPEC] Oct 14 17:19:21 vultr.guest openvpn[1892]: GID set to nobody Oct 14 17:19:21 vultr.guest openvpn[1892]: UID set to nobody Oct 14 17:19:21 vultr.guest openvpn[1892]: MULTI: multi_init called, r=256 v=256 Oct 14 17:19:21 vultr.guest openvpn[1892]: IFCONFIG POOL: base=10.8.0.2 size=25> Oct 14 17:19:21 vultr.guest openvpn[1892]: IFCONFIG POOL LIST Oct 14 17:19:21 vultr.guest openvpn[1892]: Initialization Sequence Completed lines 1-23/23 (END)`
angristan
commented
5 years ago OK, what about iptables -nvL and netstat -ulnp?
loadcorp
commented
5 years ago [root@vultr ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
4487 28M ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0
162 10923 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
162 10923 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
162 10923 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
1 40 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 146 9995 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 0 0 ACCEPT all -- tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ens3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 REJECT all -- * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 0 0 ACCEPT all -- ens3 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 ens3 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 383 packets, 58873 bytes) pkts bytes target prot opt in out source destination
4195 309K OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0Chain FORWARD_IN_ZONES (1 references) pkts bytes target prot opt in out source destination
0 0 FWDI_FedoraServer all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]Chain FORWARD_IN_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references) pkts bytes target prot opt in out source destination
0 0 FWDO_FedoraServer all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]Chain FORWARD_OUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references) pkts bytes target prot opt in out source destination
Chain FWDI_FedoraServer (1 references) pkts bytes target prot opt in out source destination
0 0 FWDI_FedoraServer_log all -- 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_FedoraServer_deny all -- 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_FedoraServer_allow all -- 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0Chain FWDI_FedoraServer_allow (1 references) pkts bytes target prot opt in out source destination
Chain FWDI_FedoraServer_deny (1 references) pkts bytes target prot opt in out source destination
Chain FWDI_FedoraServer_log (1 references) pkts bytes target prot opt in out source destination
Chain FWDO_FedoraServer (1 references) pkts bytes target prot opt in out source destination
0 0 FWDO_FedoraServer_log all -- 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_FedoraServer_deny all -- 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_FedoraServer_allow all -- 0.0.0.0/0 0.0.0.0/0Chain FWDO_FedoraServer_allow (1 references) pkts bytes target prot opt in out source destination
Chain FWDO_FedoraServer_deny (1 references) pkts bytes target prot opt in out source destination
Chain FWDO_FedoraServer_log (1 references) pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references) pkts bytes target prot opt in out source destination
162 10923 IN_FedoraServer all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]Chain INPUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references) pkts bytes target prot opt in out source destination
Chain IN_FedoraServer (1 references) pkts bytes target prot opt in out source destination
162 10923 IN_FedoraServer_log all -- 0.0.0.0/0 0.0.0.0/0
162 10923 IN_FedoraServer_deny all -- 0.0.0.0/0 0.0.0.0/0
162 10923 IN_FedoraServer_allow all -- 0.0.0.0/0 0.0.0.0/0
6 408 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0Chain IN_FedoraServer_allow (1 references) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW 9 480 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEWChain IN_FedoraServer_deny (1 references) pkts bytes target prot opt in out source destination
Chain IN_FedoraServer_log (1 references) pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references) pkts bytes target prot opt in out source destination
[root@vultr ~]# netstat -ulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:1194 0.0.0.0: 1892/openvpn
udp 0 0 127.0.0.1:323 0.0.0.0: 573/chronyd
udp 0 0 0.0.0.0:68 0.0.0.0: 1257/dhclient
udp6 0 0 ::1:323 ::: 573/chronyd
loadcorp
commented
5 years ago I must clarify one moment. This commands which you ask to run I am running on server side. But in my first message I show you logs on client side, when I ran command: [user@vpntest ~]$ sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn
angristan
commented
5 years ago Yep I understood 👍.
Everything seems fine on the server side. I assume there is an issue on your client's network. Maybe the port is closed?
loadcorp
commented
5 years ago I am using on client side Fedora 26 and all is ok when on the server side I am using Debian 9 or Ubuntu 16, but when on the server side I am using Fedora 28 I got this problem. Actually I am ok with Debian server side, Fedora not my usual case, I just tried to test different OS.
svcel
commented
5 years ago Very similar issue I am having with server side (Fedora 29) , tried three times on different servers with fresh Fedora 29 installation, no matter what, result is always same, my Logs same as loardcorp's. Only as addition
iptables -nvL 0 0 ACCEPT all -- tun0 0.0.0.0/0 0.0.0.0/0 here instead of this I see this 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
something must be wrong with script and fedora 29. On same servers with Ubuntu 18 everything works flawless as expected.
I installed all with default (and also tried another config too - with default system resolv.conf in setup step).
And when I tried to connect I see this:
[user@vpntest ~]$ sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn Sat Oct 6 15:44:28 2018 Unrecognized option or missing or extra parameter(s) in openvpn-client.ovpn:17: block-outside-dns (2.4.6) Sat Oct 6 15:44:28 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018 Sat Oct 6 15:44:28 2018 library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08 Sat Oct 6 15:44:28 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Sat Oct 6 15:44:28 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Sat Oct 6 15:44:28 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Sat Oct 6 15:44:28 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Sat Oct 6 15:44:28 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]140.82.32.171:1194 Sat Oct 6 15:44:28 2018 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Oct 6 15:44:28 2018 UDP link local: (not bound) Sat Oct 6 15:44:28 2018 UDP link remote: [AF_INET]140.82.32.171:1194 Sat Oct 6 15:45:28 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Oct 6 15:45:28 2018 TLS Error: TLS handshake failed Sat Oct 6 15:45:28 2018 SIGUSR1[soft,tls-error] received, process restarting Sat Oct 6 15:45:28 2018 Restart pause, 5 second(s)