OpenVPN configuration Virtual Address - Service not running
-
Hello All!
I'm having issues with setting up openvpn on netgate sg3100. I had no issues to set it up on the systems I build but looks like it works different on netgate. After running Wizard for OpenVPN I have no client export configuration nor if I go to Status -> OpenVPN it shows that virtual address -service not running.
Can someone help me with it?
Thank you in advance,
Stan -
Did you install the OpenVPN Client Export package? It's not installed by default.
-
I just did :( My bad, totally forgot it, but server is still not running. It created OPT4 interface that I don't know what should I do with.
-
So what happens if you manually start it? Anything in the System log?
-
nothing on the logs, but it fails.
-
And the System log? I can't remember if there is a separate OpenVPN tab for events or not. I have to leave but I'll check in tomorrow morning.
-
Thank you KOM!
Yes, there's a separate one for OpenVPN but shows any installation logs -
Set Verbosity level to 4
Then check Status > System Logs > OpenVPN-Rico
-
Yes, try @Rico's suggestion and then check the log for details. Maybe it's choking on a weird config? You might also try deleting everything and starting again.
-
Thank you guys!
Here's what I have under OpenVPN logs:Jul 27 18:15:15 openvpn 45701 Use --help for more information.
Jul 27 18:17:21 openvpn 87735 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:17:21 openvpn 87735 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:17:21 openvpn 87735 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:17:21 openvpn 87735 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:17:21 openvpn 87735 Exiting due to fatal error
Jul 27 18:18:44 openvpn 53253 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:18:44 openvpn 53253 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:18:44 openvpn 53253 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:18:44 openvpn 53253 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:18:44 openvpn 53253 Exiting due to fatal error
Jul 27 18:19:39 openvpn 63347 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:19:39 openvpn 63347 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:19:39 openvpn 63347 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:19:39 openvpn 63347 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:19:39 openvpn 63347 Exiting due to fatal error
Jul 27 18:19:50 openvpn 38312 Options error: --server directive network/netmask combination is invalid
Jul 27 18:19:50 openvpn 38312 Use --help for more information.
Jul 27 18:22:06 openvpn 33341 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Jul 27 18:22:06 openvpn 33341 OpenVPN 2.4.6 armv6-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Jul 27 18:22:06 openvpn 33341 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 27 18:22:06 openvpn 33341 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Jul 27 18:22:06 openvpn 33341 Exiting due to fatal error
Jul 27 18:22:35 openvpn 85311 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible -
I did try to delete everything and re-do everything over, but with the same results :(
-
@fortis said in OpenVPN configuration Virtual Address - Service not running:
Jul 27 18:19:50 openvpn 38312 Options error: --server directive network/netmask combination is invalid
Well yeah that not going to work ;)
-
Thank you for reply!
What am I doing wrong on setting it up? I just follow wizard. -
What, exactly, did you put in the wizard fields?
-
More specifically, what did you enter for Tunnel Network and Local Network? Those have to be networks and not single IP addresses.
-
I chose local user access
CA and Server certificate
interface WAN
UDP on IPv4 only
Local port default 1194
tunnel settings I have network with mask 10.x.10.1 /24 and I put tunnel network with mask 10.x.50.1 /24
client settings: dynamic IP checked, topology - subnet one ip address per client
dns 8.8.8.8 -
Thank you for pointing to my error!!!
I changed 10.x.50.1/24 to 10.x.50.0/24 and it works now! -
No, its still wrong. Tunnel and Local can't be the same network. If your LAN is really 10.x.50.0/24, then make your tunnel network something else like 10.x.60.0/24 or 192.168.0.0/24.
By the way, you don't need to obscure private IP space since it isn't routable from the Internet.
-
I'm sorry... typo
my local network is 10.x.10.0/24
Thank you very much for your help guys!
I really appreciate it :)