Configuring openvpn Roadwarrior

Felipe_Barbosa · December 14, 2018, 2:16pm

NethServer Version: your_version
Module: your_module

Hello guys,

I hope u can help me to figure out why my openvpn is not working. Currently i have virtualized nethserver 7.5 with vnics (red,green). I’ve installed openvpn and configured this way:

Not sure if it’s normal. I’ve set port forwarding on my router but I don’t see 1194 port listening from outside of my network.
This is what I get from logs:

Fri Dec 14 11:04:29 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
Fri Dec 14 11:04:29 2018 Diffie-Hellman initialized with 1024 bit key 
Fri Dec 14 11:04:29 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=ens192 HWADDR=00:0c:29:aa:47:f2 
Fri Dec 14 11:04:29 2018 TUN/TAP device tunrw opened 
Fri Dec 14 11:04:29 2018 TUN/TAP TX queue length set to 100 
Fri Dec 14 11:04:29 2018 do_ifconfig, tt-&gt;did_ifconfig_ipv6_setup=0 
Fri Dec 14 11:04:29 2018 /sbin/ip link set dev tunrw up mtu 1500 
Fri Dec 14 11:04:29 2018 /sbin/ip addr add dev tunrw local 192.168.1.1 peer 192.168.1.2 
Fri Dec 14 11:04:29 2018 /sbin/ip route add 192.168.1.0/24 via 192.168.1.2 RTNETLINK answers: File exists 
Fri Dec 14 11:04:29 2018 ERROR: Linux route add command failed: external program exited with error status: 2 
Fri Dec 14 11:04:29 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET 
Fri Dec 14 11:04:29 2018 Socket Buffers: R=[212992-&gt;212992] S=[212992-&gt;212992] 
Fri Dec 14 11:04:29 2018 UDPv4 link local (bound): [AF_INET][undef]:1194 
Fri Dec 14 11:04:29 2018 UDPv4 link remote: [AF_UNSPEC] 
Fri Dec 14 11:04:29 2018 MULTI: multi_init called, r=256 v=256 
Fri Dec 14 11:04:29 2018 IFCONFIG POOL: base=192.168.1.4 size=62, ipv6=0 
Fri Dec 14 11:04:29 2018 ifconfig_pool_read(), in='', TODO: IPv6 
Fri Dec 14 11:04:29 2018 IFCONFIG POOL LIST 
Fri Dec 14 11:04:29 2018 Initialization Sequence Completed

Something that I don’t understand very well is the following the range of my network is 192.168.0.X so to configure the VPN it needs 2 vnics in my understanding and also request a different IP range. Needs an extra config? Any Ip route is created for that? because i don’t see it on the nethserver

Thanks for the help!

mrmarkuz · December 15, 2018, 9:34pm

Did you correctly set/check UDP port? You may check it with nmap.

Are the service ports open in “Network services” in web UI?

grafik

In “routed mode” it should work like that. No extra config needed.

Something like this should be in your route output:
192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 tunrw

From your logs it’s created but may be already set:

Felipe_Barbosa · December 17, 2018, 2:51pm

Hi @mrmarkuz

Thank you for your inputs. Yes, the service is enabled and running

But the weird thing is this I can’t see the port listening:

[root@nethserver ~]# netstat -an | grep 1194 | grep -i listen
[root@nethserver ~]# netstat -an | grep 2222 | grep -i listen
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
tcp6 0 0 :::2222 :::* LISTEN
[root@nethserver ~]# netstat -an | grep 80 | grep -i listen
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::980 :::* LISTEN
tcp6 0 0 127.0.0.1:58009 :::* LISTEN
tcp6 0 0 127.0.0.1:58080 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 34980 /var/run/dovecot/auth-worker
[root@nethserver ~]# netstat -an | grep 1194 | grep -i listen
[root@nethserver ~]#

so i believe that’s why I can’t connect from outside. I’m also worndering if over here I configured correctly:

Uploading…

Not sure what I have to set in the remote network field

Thanks

mrmarkuz · December 17, 2018, 9:53pm

Are there errors in the logfiles in /var/log/openvpn/* or at client side?

To check the UDP port you may use

nmap -sU -p1194 localhost

or instead of netstat:

lsof -i -P | grep 1194.

Felipe_Barbosa · December 18, 2018, 1:21pm

Thank you @mrmarkuz

[root@nethserver ~]# nmap -sU -p1194 localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-18 10:07 -03
Nmap scan report for localhost (127.0.0.1)
Host is up.
PORT STATE SERVICE
1194/udp open|filtered openvpn

Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds
[root@nethserver ~]# lsof -i -P | grep 1194
openvpn 15367 root 7u IPv4 568651 0t0 UDP *:1194
[root@nethserver ~]#

It seems to be up.
This is what I get from client and server

Timeout from client and nothing from server side. I have set port forward in my router, firewalld disabled but nothing…

have nothing at this time, tried everything.

m.traeumner · January 9, 2019, 1:01pm

@support_team Has Somebody else an idea here?

saitobenkei · January 9, 2019, 1:12pm

Let’s try leaving empty the “Reserved IP”, “Network Address” and “Network mask” in “Roadwarrior account”

Whch is the Operating System of the client? If it’s Windows, remember to launch the OpenVPN Client in administrative mode (click with the right button of the mouse on the OpenVPN Client icon, then select “Start as administrator”) otherwise OpenVPN Client isn’t able to create the correct route to the server.