NethServer Version: 7.8.2003
Module: OpenVPN RoadWarrior

Hello, I installed a clean NethServer in a virtual environment at a client’s network, and I wanted to test the access through OpenVPN. This is what I did:
installed VPN app
enabled OpenVPN RoadWarrior with user, password and certificate authentication
added a system user

And then, I saw that there is a notification in Services that says:

Please, review the following settings: * openvpn@host-to-net : The service is either not running or not enabled

From the chart, I see that service is not running. Status is showing me:

• openvpn@host-to-netservice - OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net
  Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/openvpn@.service.d
  `-host-to-net.conf
  Active: failed (Result: exit-code) since Tue 2020-05-26 18:01:20 -03; 24min ago
  Process: 4823 ExecStopPost=/etc/openvpn/openvpn-shutdown (code=exited, status=0/SUCCESS)
  Process: 4821 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
  Process: 4810 ExecStartPre=/etc/openvpn/openvpn-startup (code=exited, status=0/SUCCESS)
  Main PID: 4821 (code=exited, status=1/FAILURE)

May 26 18:01:19 nshost.clientsnet systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net…
May 26 18:01:20 nshost.clientsnet openvpn-startup[4810]: Tue May 26 18:01:20 2020 TUN/TAP device tap0 opened
May 26 18:01:20 nshost.clientsnet openvpn-startup[4810]: Tue May 26 18:01:20 2020 Persist state set to: ON
May 26 18:01:20 nshost.clientsnet systemd[1]: openvpn@host-to-net.service: main process exited, code=exited, status=1/FAILURE
May 26 18:01:20 nshost.clientsnet openvpn-shutdown[4823]: Tue May 26 18:01:20 2020 TUN/TAP device tap0 opened
May 26 18:01:20 nshost.clientsnet openvpn-shutdown[4823]: Tue May 26 18:01:20 2020 Persist state set to: OFF
May 26 18:01:20 nshost.clientsnet systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net.
May 26 18:01:20 nshost.clientsnet systemd[1]: Unit openvpn@host-to-net.service entered failed state.
May 26 18:01:20 nshost.clientsnet systemd[1]: openvpn@host-to-net.service failed.

If I try to start it, it shows:

Error

dns.service_action_error

The following command has failed:
system-services/update
Unfortunately we couldn’t catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.

The “command” and output of that:

[root@nshost ~]# echo ‘{“action”:“start”,“name”:“openvpn@host-to-net”}’ | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-services/update | jq
{
“id”: “1590526880”,
“type”: “EventFailed”,
“message”: “Action failed”
}
[root@nshost ~]#

Any suggestion? Already rebooted, if that’s what you have in mind.

I just started with this distro, and we are trying to use it as a DC with MX and FS roles, witch are not yet implemented. I’ll probably be around here and there asking some questions…

Thank you in advanced,

Hi, well, as openvpn.log says, my problem was:
tail -f /var/log/openvpn/openvpn.log
Options error: --server-bridge IP addresses 10.5.6.220 and 172.16.45.100 are not in the same 255.255.255.0 subnet

I changed from bridged to routed, and now the service is running.

Now I do have a different problem. From a client connected to my Nethserver’s OpenVPN, I cannot reach VPN network neither the remote network. If I try to ping the OpenVPN interface from my client, it says “Request time out”.

If I do a route print in the client, I see that those 2 networks (OpenVPN and remote office) has an entry in that table:

Rutas activas:
Destino de red Máscara de red Puerta de enlace Interfaz Métrica
0.0.0.0 0.0.0.0 192.168.250.200 192.168.250.107 55
10.5.6.0 255.255.255.0 172.16.45.1 172.16.45.2 291
127.0.0.0 255.0.0.0 En vínculo 127.0.0.1 331
127.0.0.1 255.255.255.255 En vínculo 127.0.0.1 331
127.255.255.255 255.255.255.255 En vínculo 127.0.0.1 331
172.16.45.0 255.255.255.0 En vínculo 172.16.45.2 291
172.16.45.2 255.255.255.255 En vínculo 172.16.45.2 291
172.16.45.255 255.255.255.255 En vínculo 172.16.45.2 291
192.168.56.0 255.255.255.0 En vínculo 192.168.56.1 281
192.168.56.1 255.255.255.255 En vínculo 192.168.56.1 281
192.168.56.255 255.255.255.255 En vínculo 192.168.56.1 281
192.168.250.0 255.255.255.0 En vínculo 192.168.250.107 311
192.168.250.107 255.255.255.255 En vínculo 192.168.250.107 311
192.168.250.255 255.255.255.255 En vínculo 192.168.250.107 311
224.0.0.0 240.0.0.0 En vínculo 127.0.0.1 331
224.0.0.0 240.0.0.0 En vínculo 192.168.56.1 281
224.0.0.0 240.0.0.0 En vínculo 192.168.250.107 311
224.0.0.0 240.0.0.0 En vínculo 172.16.45.2 291
255.255.255.255 255.255.255.255 En vínculo 127.0.0.1 331
255.255.255.255 255.255.255.255 En vínculo 192.168.56.1 281
255.255.255.255 255.255.255.255 En vínculo 192.168.250.107 311
255.255.255.255 255.255.255.255 En vínculo 172.16.45.2 291

Rutas persistentes:
Ninguno

So, to reach the remote network, it should go via 172.16.45.1 (Nethserver OpenVPN interface), but it doesn’t.

Probably to solve the problem, I should add an entry in iptables allowing access from that network to anywhere I want. But shouldn’t this be automatic? Or am I missing something?

Thank you!

I should say that I have this allowed:

Traffic between OpenVPN roadwarrior, OpenVPN tunnels and IPSec tunnels

And the output of my iptables regarding of the vpn network:

iptables -vnL | grep 172.16.45
0 0 loc_frwd all – * * 172.16.45.0/24 0.0.0.0/0
0 0 net2loc all – * br0 0.0.0.0/0 172.16.45.0/24
0 0 loc2fw all – * * 172.16.45.0/24 0.0.0.0/0
0 0 ACCEPT all – * br0 0.0.0.0/0 172.16.45.0/24

Please omit these post, I had a problem with the .ovpn file in my computer. This can be closed.

Thank you anyway!