Fedora Linux Support Community & Resources Center
  #1  
Old 14th February 2012, 09:36 PM
kidboy Offline
Registered User
 
Join Date: Jan 2012
Location: Brazil
Posts: 44
windows_7firefox
Question Openvpn Fedora 16 x64

Hi, i install openvpn on Fedora 16 x86_64 and when i try start the service ( systemctl start openvpn.service ) i recive a error: Failed to issue method call: Unit openvpn.service failed to load: No such file or directory. See system logs and 'systemctl status openvpn.service' for details.

I can see a /lib/systemd/system/openvpn\@.service. What i have to do for openvpn work as a server daemon in Fedora 16 ?
Reply With Quote
  #2  
Old 14th February 2012, 09:53 PM
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,282
windows_7firefox
Re: Openvpn Fedora 16 x64

systemctl restart openvpn@ServerOrClientConfFileName.service

Where /etc/openvpn/ServerOrClientFileName.conf
Reply With Quote
  #3  
Old 7th May 2012, 05:23 AM
Proxin Offline
Registered User
 
Join Date: May 2012
Location: United States
Posts: 23
linuxfirefox
Re: Openvpn Fedora 16 x64

Hi,
Sorry to bump an old thread, but I'm having this same issue and 'systemctl restart openvpn@server.service' did not work...

When I tried this, I got an error:
Code:
Job failed. See system logs and 'systemctl status' for details.
And when I use 'systemctl status openvpn@server.service':
Code:
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
	  Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled)
	  Active: failed since Sun, 06 May 2012 21:19:25 -0700; 2min 5s ago
	 Process: 2693 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
	  CGroup: name=systemd:/system/openvpn@.service/server
My server configuration file is /etc/openvpn/server.conf.

What can I do to get this to work?
Reply With Quote
  #4  
Old 7th May 2012, 12:32 PM
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,282
linuxfirefox
Re: Openvpn Fedora 16 x64

At a terminal:

Code:
su
cd /etc/openvpn
openvpn --config server.conf
Any hints?
Reply With Quote
  #5  
Old 8th May 2012, 12:17 AM
Proxin Offline
Registered User
 
Join Date: May 2012
Location: United States
Posts: 23
windows_xp_2003firefox
Re: Openvpn Fedora 16 x64

Thanks for the reply beaker,
I figured out, it was my mistake- I had the wrong name for a few certs and keys, so it had no other option than to throw an error about not being able to find them.

However, I'm now experiencing another error upon trying to connect a client:
Code:
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, client-instance restarting
I've looked around and Googled for solutions but haven't been able to remedy this.
Will post my server.conf when I get home. Is there a recommended solution in the meantime?
Reply With Quote
  #6  
Old 8th May 2012, 01:57 AM
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,282
linuxfirefox
Re: Openvpn Fedora 16 x64

Client and Server config probably don't agree. Look at hardening, you'll see a paragraph wrt using tls-auth (ta.key).

At worst, someone between your server and client has substitute their tls key for your own.

---------- Post added at 09:57 PM ---------- Previous post was at 09:56 PM ----------

http://openvpn.net/index.php/open-so....html#security
Reply With Quote
  #7  
Old 8th May 2012, 06:08 AM
Proxin Offline
Registered User
 
Join Date: May 2012
Location: United States
Posts: 23
linuxfirefox
Re: Openvpn Fedora 16 x64

Quote:
Originally Posted by beaker_ View Post
Client and Server config probably don't agree. Look at hardening, you'll see a paragraph wrt using tls-auth (ta.key).

At worst, someone between your server and client has substitute their tls key for your own.
Very informing page. I followed the guide on setting up ta.key but still have the same issue.
Here is my server.conf:
http://pastebin.com/pfYNinwN

Here's a different part of the error...
Code:
Local Options hash (VER=V4): '14168604''
Expected Remote Options hash (VER=V4): '504e775e'
TLS: Initial packet from <my client's ip address>, sid blablabla
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sorry to keep bugging with this... I wish I could just not have these issues :/
Reply With Quote
  #8  
Old 8th May 2012, 01:19 PM
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,282
linuxfirefox
Re: Openvpn Fedora 16 x64

From here I guess they weren't signed by the same or trusted certificate authority.

I'm assuming you used the easy-rsa script and that your procedure looked pretty much like http://openvpn.net/index.php/open-so...howto.html#pki .

From here you server.conf looks stock enough to fly with little-no troubleshooting so here's a winbloz client conf. I've deleted detail to be vague. .\\VPN_Name\\ is relative so I have a directory named VPN_Name under config. I also use a different cipher so don't dwell over it.

Code:
dev tun
proto udp
remote SomeNameIDontKnow 1194
resolv-retry 90
nobind
persist-key
persist-tun
ca .\\VPN_Name\\ca.crt
cert .\\VPN_Name\\RemoteClientName.crt
key .\\VPN_Name\\RemoteClientName .key
ns-cert-type server
tls-auth .\\VPN_Name\\ta.key 1
tls-client
cipher AES-256-CBC
comp-lzo
verb 3
I suspect you've beat on it enough that you've lost track for which key's were generated when and with who. Probably best to revisit the easy-rsa script, verify that vars is to your liking. And then do a:
source ./vars
./clean-all

Rebuild your CA, dh parameters, cert and keys. Rebuild your ta.key wouldn't hurt but shouldn't be necessary.
Reply With Quote
  #9  
Old 8th May 2012, 07:35 PM
Proxin Offline
Registered User
 
Join Date: May 2012
Location: United States
Posts: 23
linuxfirefox
Re: Openvpn Fedora 16 x64

Quote:
Originally Posted by beaker_ View Post
From here I guess they weren't signed by the same or trusted certificate authority.

I'm assuming you used the easy-rsa script and that your procedure looked pretty much like http://openvpn.net/index.php/open-so...howto.html#pki .

From here you server.conf looks stock enough to fly with little-no troubleshooting so here's a winbloz client conf. I've deleted detail to be vague. .\\VPN_Name\\ is relative so I have a directory named VPN_Name under config. I also use a different cipher so don't dwell over it.

Code:
dev tun
proto udp
remote SomeNameIDontKnow 1194
resolv-retry 90
nobind
persist-key
persist-tun
ca .\\VPN_Name\\ca.crt
cert .\\VPN_Name\\RemoteClientName.crt
key .\\VPN_Name\\RemoteClientName .key
ns-cert-type server
tls-auth .\\VPN_Name\\ta.key 1
tls-client
cipher AES-256-CBC
comp-lzo
verb 3
I suspect you've beat on it enough that you've lost track for which key's were generated when and with who. Probably best to revisit the easy-rsa script, verify that vars is to your liking. And then do a:
source ./vars
./clean-all

Rebuild your CA, dh parameters, cert and keys. Rebuild your ta.key wouldn't hurt but shouldn't be necessary.
What you said about me messing with it so much that I lost track- that was quite correct
I did what you said and rebuilt all of the keys etc. and now it's working great.
Thanks for the help beaker_. Finally got this working
Reply With Quote
Reply

Tags
fedora, openvpn, x64

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FC16 x86_64 - nm-openvpn-service-openvpn-helper did not receive a valid IP4 hyperplus Using Fedora 1 29th January 2012 06:44 PM
openvpn on fedora 14 mathboy314 Servers & Networking 7 13th September 2011 03:51 AM
OpenVPN on Fedora 12 zabidin2 EOL (End Of Life) Versions 2 25th May 2011 01:35 PM
OpenVPN on Fedora 9 ajamison Servers & Networking 0 7th February 2009 03:19 AM
Configure OpenVPN Fedora 8 ear9mrn Servers & Networking 4 7th May 2008 05:08 PM


Current GMT-time: 09:28 (Saturday, 19-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat