openvpn linux

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
2 posts Page 1 of 1
by enigma9o7 » Sat Aug 11, 2018 9:37 am
I've used openvpn under windows and android no problem and was always super simple.

However it didn't work so easily under linux (bodhi 5/ubuntu 18.04). I followed the instructions from
which linked to https://openvpn.net/index.php/access-se ... ients.html

sudo apt install openvpn worked fine

openvpn --version reports 2.4.4. The instructions say to "make sure" its 2.1; obviously it's not, but I assume newer version should be ok?

openvpn --config client.ovpn asks my username and password then reports various errors

Code: Select all

[b]bodhi@bodhi-VPCF115FM:~$ openvpn --version[/b]
OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
[b]bodhi@bodhi-VPCF115FM:~$ cd Downloads/
bodhi@bodhi-VPCF115FM:~/Downloads$ openvpn --config client.ovpn[/b]
Sat Aug 11 09:23:26 2018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
Sat Aug 11 09:23:26 2018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Enter Auth Username: [i]<username was entered here>[/i]
Enter Auth Password: *********
Sat Aug 11 09:23:38 2018 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Aug 11 09:23:38 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 09:23:38 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 09:23:38 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]209.148.113.36:1194
Sat Aug 11 09:23:38 2018 Socket Buffers: R=[212992->200000] S=[212992->200000]
Sat Aug 11 09:23:38 2018 UDP link local: (not bound)
Sat Aug 11 09:23:38 2018 UDP link remote: [AF_INET]209.148.113.36:1194
Sat Aug 11 09:23:38 2018 TLS: Initial packet from [AF_INET]209.148.113.36:1194, sid=0bdacc57 424287c7
Sat Aug 11 09:23:38 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Aug 11 09:23:38 2018 VERIFY OK: depth=1, CN=OpenVPN CA
Sat Aug 11 09:23:38 2018 VERIFY OK: nsCertType=SERVER
Sat Aug 11 09:23:38 2018 VERIFY OK: depth=0, CN=OpenVPN Server
Sat Aug 11 09:23:38 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Aug 11 09:23:38 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.148.113.36:1194
Sat Aug 11 09:23:40 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Sat Aug 11 09:23:40 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 184.23.191.129,dhcp-option DNS 208.201.224.33,dhcp-option DNS 208.201.224.11,register-dns,block-ipv6,ifconfig 184.23.191.174 255.255.255.128,peer-id 36,cipher AES-256-GCM'
Sat Aug 11 09:23:40 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
Sat Aug 11 09:23:40 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.4)
Sat Aug 11 09:23:40 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.4)
Sat Aug 11 09:23:40 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.4)
Sat Aug 11 09:23:40 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.4.4)
Sat Aug 11 09:23:40 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.4.4)
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: compression parms modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: route options modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: route-related options modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: peer-id set
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Aug 11 09:23:40 2018 OPTIONS IMPORT: data channel crypto options modified
Sat Aug 11 09:23:40 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Aug 11 09:23:40 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Aug 11 09:23:40 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Aug 11 09:23:40 2018 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp2s0 HWADDR=2c:81:58:f6:55:c1
Sat Aug 11 09:23:40 2018 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Sat Aug 11 09:23:40 2018 Exiting due to fatal error
bodhi@bodhi-VPCF115FM:~/Downloads$ 
by drew.phillips » Mon Aug 13, 2018 8:32 am
These errors all stem from openvpn running without the necessary privileges it needs. When running the openvpn client, it needs root access to create tunnels and add routes, so you simply need to run it with sudo:

Code: Select all

sudo openvpn --config client.ovpn
To avoid having to enter your su password every time you want to connect or re-connect, this can be avoided by creating a file called /etc/sudoers.d/openvpn and adding the following (replace *your_username* with your actual account username):

Code: Select all

*your_username* ALL=(ALL) NOPASSWD: /usr/sbin/openvpn
This tells the system that this particular user can run that program as sudo without needing to enter the password every time.

Hope that helps!
Drew Phillips
Programmer / System Operations, Sonic.net
2 posts Page 1 of 1

Who is online

In total there are 40 users online :: 2 registered, 0 hidden and 38 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot], Semrush [Bot] and 38 guests