OpenVPN configuration Virtual Address - Service not running

fortis

Thank you KOM!
Yes, there's a separate one for OpenVPN but shows any installation logs

Rico

Set Verbosity level to 4
Then check Status > System Logs > OpenVPN

-Rico

KOM

Yes, try @Rico's suggestion and then check the log for details. Maybe it's choking on a weird config? You might also try deleting everything and starting again.

fortis

Thank you guys!
Here's what I have under OpenVPN logs:

Jul 27 18:15:15 openvpn 45701 Use --help for more information.
Jul 27 18:17:21 openvpn 87735 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:17:21 openvpn 87735 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:17:21 openvpn 87735 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:17:21 openvpn 87735 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:17:21 openvpn 87735 Exiting due to fatal error
Jul 27 18:18:44 openvpn 53253 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:18:44 openvpn 53253 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:18:44 openvpn 53253 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:18:44 openvpn 53253 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:18:44 openvpn 53253 Exiting due to fatal error
Jul 27 18:19:39 openvpn 63347 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:19:39 openvpn 63347 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:19:39 openvpn 63347 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:19:39 openvpn 63347 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:19:39 openvpn 63347 Exiting due to fatal error
Jul 27 18:19:50 openvpn 38312 Options error: --server directive network/netmask combination is invalid
Jul 27 18:19:50 openvpn 38312 Use --help for more information.
Jul 27 18:22:06 openvpn 33341 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:22:06 openvpn 33341 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:22:06 openvpn 33341 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:22:06 openvpn 33341 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:22:06 openvpn 33341 Exiting due to fatal error
Jul 27 18:22:35 openvpn 85311 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible

fortis

I did try to delete everything and re-do everything over, but with the same results :(

johnpoz

@fortis said in OpenVPN configuration Virtual Address - Service not running:

Jul 27 18:19:50 openvpn 38312 Options error: --server directive network/netmask combination is invalid

Well yeah that not going to work ;)

fortis

Thank you for reply!
What am I doing wrong on setting it up? I just follow wizard.

Derelict

What, exactly, did you put in the wizard fields?

KOM

More specifically, what did you enter for Tunnel Network and Local Network? Those have to be networks and not single IP addresses.

fortis

I chose local user access
CA and Server certificate
interface WAN
UDP on IPv4 only
Local port default 1194
tunnel settings I have network with mask 10.x.10.1 /24 and I put tunnel network with mask 10.x.50.1 /24
client settings: dynamic IP checked, topology - subnet one ip address per client
dns 8.8.8.8

fortis

Thank you for pointing to my error!!!
I changed 10.x.50.1/24 to 10.x.50.0/24 and it works now!

KOM

No, its still wrong. Tunnel and Local can't be the same network. If your LAN is really 10.x.50.0/24, then make your tunnel network something else like 10.x.60.0/24 or 192.168.0.0/24.

By the way, you don't need to obscure private IP space since it isn't routable from the Internet.

fortis

I'm sorry... typo
my local network is 10.x.10.0/24
Thank you very much for your help guys!
I really appreciate it :)