OpenVPN configuration Virtual Address - Service not running



  • Hello All!
    I'm having issues with setting up openvpn on netgate sg3100. I had no issues to set it up on the systems I build but looks like it works different on netgate. After running Wizard for OpenVPN I have no client export configuration nor if I go to Status -> OpenVPN it shows that virtual address -service not running.
    Can someone help me with it?
    Thank you in advance,
    Stan



  • Did you install the OpenVPN Client Export package? It's not installed by default.



  • I just did :( My bad, totally forgot it, but server is still not running. It created OPT4 interface that I don't know what should I do with.



  • So what happens if you manually start it? Anything in the System log?



  • nothing on the logs, but it fails.

    VPN.JPG



  • And the System log? I can't remember if there is a separate OpenVPN tab for events or not. I have to leave but I'll check in tomorrow morning.



  • Thank you KOM!
    Yes, there's a separate one for OpenVPN but shows any installation logs


  • LAYER 8 Rebel Alliance

    Set Verbosity level to 4
    Then check Status > System Logs > OpenVPN

    -Rico



  • Yes, try @Rico's suggestion and then check the log for details. Maybe it's choking on a weird config? You might also try deleting everything and starting again.



  • Thank you guys!
    Here's what I have under OpenVPN logs:

    Jul 27 18:15:15 openvpn 45701 Use --help for more information.
    Jul 27 18:17:21 openvpn 87735 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
    Jul 27 18:17:21 openvpn 87735 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Jul 27 18:17:21 openvpn 87735 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Jul 27 18:17:21 openvpn 87735 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
    Jul 27 18:17:21 openvpn 87735 Exiting due to fatal error
    Jul 27 18:18:44 openvpn 53253 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
    Jul 27 18:18:44 openvpn 53253 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Jul 27 18:18:44 openvpn 53253 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Jul 27 18:18:44 openvpn 53253 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
    Jul 27 18:18:44 openvpn 53253 Exiting due to fatal error
    Jul 27 18:19:39 openvpn 63347 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
    Jul 27 18:19:39 openvpn 63347 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Jul 27 18:19:39 openvpn 63347 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Jul 27 18:19:39 openvpn 63347 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
    Jul 27 18:19:39 openvpn 63347 Exiting due to fatal error
    Jul 27 18:19:50 openvpn 38312 Options error: --server directive network/netmask combination is invalid
    Jul 27 18:19:50 openvpn 38312 Use --help for more information.
    Jul 27 18:22:06 openvpn 33341 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
    Jul 27 18:22:06 openvpn 33341 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Jul 27 18:22:06 openvpn 33341 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Jul 27 18:22:06 openvpn 33341 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
    Jul 27 18:22:06 openvpn 33341 Exiting due to fatal error
    Jul 27 18:22:35 openvpn 85311 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible



  • I did try to delete everything and re-do everything over, but with the same results :(


  • LAYER 8 Global Moderator

    @fortis said in OpenVPN configuration Virtual Address - Service not running:

    Jul 27 18:19:50 openvpn 38312 Options error: --server directive network/netmask combination is invalid

    Well yeah that not going to work ;)



  • Thank you for reply!
    What am I doing wrong on setting it up? I just follow wizard.


  • LAYER 8 Netgate

    What, exactly, did you put in the wizard fields?



  • More specifically, what did you enter for Tunnel Network and Local Network? Those have to be networks and not single IP addresses.



  • I chose local user access
    CA and Server certificate
    interface WAN
    UDP on IPv4 only
    Local port default 1194
    tunnel settings I have network with mask 10.x.10.1 /24 and I put tunnel network with mask 10.x.50.1 /24
    client settings: dynamic IP checked, topology - subnet one ip address per client
    dns 8.8.8.8



  • Thank you for pointing to my error!!!
    I changed 10.x.50.1/24 to 10.x.50.0/24 and it works now!



  • No, its still wrong. Tunnel and Local can't be the same network. If your LAN is really 10.x.50.0/24, then make your tunnel network something else like 10.x.60.0/24 or 192.168.0.0/24.

    By the way, you don't need to obscure private IP space since it isn't routable from the Internet.



  • I'm sorry... typo
    my local network is 10.x.10.0/24
    Thank you very much for your help guys!
    I really appreciate it :)


Log in to reply