OpenVPN not working correctly

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
john5788
Level 1
Level 1
Posts: 3
Joined: Wed Jul 20, 2016 2:46 am

OpenVPN not working correctly

Post by john5788 » Wed Jul 20, 2016 3:01 am

Hello,

I decided to try out Linux Mint 18 with Cinnamon desktop and I am having problems setting up an OpenVPN client using both command line and NetworkManager. To start off, here are my configs:

server:

Code: Select all

daemon
server-bridge
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto udp
port 1194
dev tap21
comp-lzo adaptive
keepalive 15 60
verb 3
duplicate-cn
push "dhcp-option DNS 192.168.1.1"
push "route-gateway 192.168.1.1"
push "redirect-gateway def1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 10
client:

Code: Select all

client
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
proto udp
remote domain.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
</ca>
resolv-retry infinite
nobind
When I import configuration to NetworkManager, I receive this message:

"The file 'client,ovpn' could not be read or does not contain recognized VPN connection information
Error: the plugin does not support import capability."

So then I try to setup the connection by hand and I get this message via libnotify:

"The VPN connection 'VPN connection 1' failed because the VPN service returned invalid configuration"

I then try to connect it from command line using `sudo openvpn --config client.ovpn', I find these errors:

Code: Select all

$ sudo openvpn --config config.ovpn 
[sudo] password for john5788: 

Tue Jul 19 23:21:51 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Tue Jul 19 23:21:51 2016 library versions: OpenSSL 1.0.2g-fips  1 Mar 2016, LZO 2.08
Enter Auth Username: ********
Enter Auth Password: ********
Tue Jul 19 23:21:58 2016 UDPv4 link local: [undef]
Tue Jul 19 23:21:58 2016 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Jul 19 23:21:58 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 19 23:21:59 2016 [RT-N66U] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Tue Jul 19 23:22:01 2016 TUN/TAP device tap0 opened
RTNETLINK answers: Network is unreachable
Tue Jul 19 23:22:01 2016 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: Network is unreachable
Tue Jul 19 23:22:01 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 19 23:22:01 2016 Initialization Sequence Completed
At this point, the VPN connection is established, but nothing is routed through it. Here is output of `route -n`

Code: Select all

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.176.1   255.255.255.255 UGH   0      0        0 wlp11s0
0.0.0.0         192.168.176.1   0.0.0.0         UG    600    0        0 wlp11s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlp11s0
x.x.x.x    192.168.176.1   255.255.255.255 UGH   0      0        0 wlp11s0
192.168.176.0   0.0.0.0         255.255.248.0   U     600    0        0 wlp11s0
1. Is there a solution for importing the ovpn file into NetworkManager?
2. Is there any way to check why manual configuration of the opvn file returns invalid connection info?
3. Why doesn't the command line connection route properly?

I'm not sure what's going on or how to fix this. The same config/server works on my Android device as well as several Windows 10 systems running the official OpenVPN GUI application. Any help would be great, thanks!
Last edited by john5788 on Thu Jul 21, 2016 5:41 am, edited 2 times in total.

User avatar
jtarin
Level 3
Level 3
Posts: 124
Joined: Sat Jun 08, 2013 8:14 am

Re: OpenVPN not working correctly

Post by jtarin » Thu Jul 21, 2016 12:22 am

Who is your VPN provider? Surely they have this info on their site. Let us know and we'll see if we can find it for you. It's really easy to set up a client with Network Manager.
Former Slackware user breaking bad.

john5788
Level 1
Level 1
Posts: 3
Joined: Wed Jul 20, 2016 2:46 am

Re: OpenVPN not working correctly

Post by john5788 » Thu Jul 21, 2016 12:28 am

I've setup my own VPN through my router at home. It is an Asus RT-N66U. I posted the server config, but I can take a screenshot of the configuration page too:

http://i.imgur.com/3Kw0rbn.png

User avatar
jtarin
Level 3
Level 3
Posts: 124
Joined: Sat Jun 08, 2013 8:14 am

Re: OpenVPN not working correctly

Post by jtarin » Thu Jul 21, 2016 9:59 am

I see your using "TAP" rather than "TUN"....not saying its the problem but MB worth investigating.....Here's a discussion.
Former Slackware user breaking bad.

john5788
Level 1
Level 1
Posts: 3
Joined: Wed Jul 20, 2016 2:46 am

Re: OpenVPN not working correctly

Post by john5788 » Thu Jul 21, 2016 2:31 pm

I am using TAP for a specific reason, that being for Steam In Home Streaming (IHS). TUN does not seem to allow Steam instances to find each other over TUN devices, but it does allow to happen over TAP devices.

vlgamerec
Level 1
Level 1
Posts: 1
Joined: Wed Oct 05, 2016 2:12 pm

Re: OpenVPN not working correctly

Post by vlgamerec » Wed Oct 05, 2016 2:17 pm

Hello,
I do have the exact same problem and message receive from the terminal.
Using TUN was fine in connection, but the problem is the joining of local network.
To let the local network treat the OpenVPN client as a member, I tried to use LAN route, but the result is the same as before: no local network access.
When TAP is used, this "network unreachable" is however blocking the way.

Post Reply

Return to “Other networking topics”