OpenVPN to Linux client connection issues



  • I am running pfs 1.2.3 and have configured ovpn to communicate with 3 external windows boxes. Works prefectly!  ;D

    Now one of those doze boxes have become a linux Ubuntu and I am trying to reuse the client connection cert and key for ubuntu. if that is possible???

    client config file

    client
    dev tun
    proto tcp
    remote xxx.xx.xx.54 443
    
    resolv-retry infinite
    nobind
    persist-tun
    persist-key
    ca /etc/openvpn/shadow/ca.crt
    cert /etc/openvpn/shadow/client1.crt
    key /etc/openvpn/shadow/client1.key
    tls-client
    ns-cert-type server
    comp-lzo
    verb 4
    redirect-gateway
    

    I get this error

    Mon Oct  4 03:46:26 2010 us=289969 OPTIONS IMPORT: --ifconfig/up options modified
    Mon Oct  4 03:46:26 2010 us=289976 OPTIONS IMPORT: route options modified
    Mon Oct  4 03:46:26 2010 us=289982 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Mon Oct  4 03:46:26 2010 us=289990 Preserving previous TUN/TAP instance: tun4
    Mon Oct  4 03:46:26 2010 us=289997 Initialization Sequence Completed
    Mon Oct  4 03:46:30 2010 us=298177 Connection reset, restarting [0]
    Mon Oct  4 03:46:30 2010 us=298306 TCP/UDP: Closing socket
    Mon Oct  4 03:46:30 2010 us=298341 SIGUSR1[soft,connection-reset] received, process restarting
    Mon Oct  4 03:46:30 2010 us=298362 Restart pause, 5 second(s)
    
    

    Can anyone can help point me off in the right direction


  • Rebel Alliance Developer Netgate

    Reusing the same keys and config such should be fine, it doesn't look like anything you are using in that config file is Windows-specific.

    It hasn't mattered for me in the past, but you might try making sure that the line endings on the files are in UNIX format on the Ubuntu box.

    You might also crank up the verbosity "verb 6" or 7 or more, just to see if it gives anything more helpful than what you have.



  • @jimp:

    but you might try making sure that the line endings on the files are in UNIX format on the Ubuntu box.

    I am unsure what you mean unless you mean to switch '.ovpn' to '.conf'

    @jimp:

    You might also crank up the verbosity "verb 6" or 7 or more, just to see if it gives anything more helpful than what you have.

    I tried to crank the verbosity up aswell and nothing

    After further investigation i found this error:```
    Tue Oct  5 03:47:34 2010 us=396931 /sbin/route add -net xxx.xx.xx.54 netmask 255.255.255.255 gw 10.8.112.254
    SIOCADDRT: File exists
    Tue Oct  5 03:47:34 2010 us=397708 ERROR: Linux route add command failed: external program exited with error status: 7


  • Rebel Alliance Developer Netgate

    So it already has a route for that network somehow. Does the local subnet overlap what the remote side should be?


  • Rebel Alliance Developer Netgate

    @shadowadepts:

    @jimp:

    but you might try making sure that the line endings on the files are in UNIX format on the Ubuntu box.

    I am unsure what you mean unless you mean to switch '.ovpn' to '.conf'

    I meant DOS (^M\n, or \r\n) vs UNIX (\n) newlines. OpenVPN doesn't generally seem to care though, it tends to read either set.



  • @jimp:

    So it already has a route for that network somehow. Does the local subnet overlap what the remote side should be?

    I hope not! My Server is in the 192.168.x.0/24 network supplying a x.x.50.x ovpn addresses. and the clients reside in the 10.8.x.0/24 network.

    @jimp:

    I meant DOS (^M\n, or \r\n) vs UNIX (\n) newlines. OpenVPN doesn't generally seem to care though, it tends to read either set.

    i didn't actually switch the file extension from '.opvn' to '.config' i created a new config file with sudo gedit /etc/openvpn/x/

    If I end up having to create a new vpn tunnel what are the recomended settings or settings period for a linux/ubuntu box


  • Rebel Alliance Developer Netgate

    No specific settings for ubuntu, it should all just work as long as you have the settings match the server (proper keys, protocol, port, compression, cipher, etc)


Log in to reply