Error configuring Openvpn@host-to-net (Roadwarrior)

NethServer Version: 7.9.2009
Module: Openvpn@host-to-net

Hello, so I installed on my NS an openvpn@host-to-net, but when I wanna to make it run I am getting an error like that:

dns.service_action_error
The following command has failed:
system-services/update
Unfortunately we couldn’t catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.

Logs from systemctl status openvpn@host-to-net:

Jul 27 18:41:17 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net…
Jul 27 18:41:17 openvpn[7719]: Options error: Unrecognized option or missing or extra parameter(s) in host-to-net.conf:10: server (2.4.12)
Jul 27 18:41:17 openvpn[7719]: Use --help for more information.
Jul 27 18:41:17 systemd[1]: openvpn@host-to-net.service: main process exited, code=exited, status=1/FAILURE
Jul 27 18:41:17 systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net.
Jul 27 18:41:17 systemd[1]: Unit openvpn@host-to-net.service entered failed state.
Jul 27 18:41:17 systemd[1]: openvpn@host-to-net.service failed.

journalctl -xe

Jul 27 19:00:23 systemd[1]: Unit openvpn@host-to-net.service entered failed state.
Jul 27 19:00:23 systemd[1]: openvpn@host-to-net.service failed.
Jul 27 19:00:23 polkitd[836]: Unregistered Authentication Agent for unix-process:13014:357483 (system bus name :1.1279, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Jul 27 19:00:52 sudo[13148]: root : TTY=unknown ; PWD=/run/user/0 ; USER=root ; COMMAND=/usr/libexec/nethserver/api/system-services/update
Jul 27 19:00:52 sudo[13148]: pam_unix(sudo:session): session opened for user root by root(uid=0)
Jul 27 19:00:52 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net…
– Subject: Unit openvpn@host-to-net.service has begun start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
–
– Unit openvpn@host-to-net.service has begun starting up.
Jul 27 19:00:53 openvpn[13166]: Options error: Unrecognized option or missing or extra parameter(s) in host-to-net.conf:10: server (2.4.12)
Jul 27 19:00:53 openvpn[13166]: Use --help for more information.
Jul 27 19:00:53 systemd[1]: openvpn@host-to-net.service: main process exited, code=exited, status=1/FAILURE
Jul 27 19:00:53 systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net.
– Subject: Unit openvpn@host-to-net.service has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
–
– Unit openvpn@host-to-net.service has failed.
–
– The result is failed.
Jul 27 19:00:53 systemd[1]: Unit openvpn@host-to-net.service entered failed state.
Jul 27 19:00:53 systemd[1]: openvpn@host-to-net.service failed.
Jul 27 19:00:53 sudo[13148]: pam_unix(sudo:session): session closed for user root

Could anyone help please?

Do you have the command output?

config show openvpn@host-to-net
db vpn show

(on the output you can mask any private information you don’t want us to see)

@dnutan
about the first command “config show openvpn@host-to-net”

[root@ns ~]# config show openvpn@host-to-net
openvpn@host-to-net=service
AuthMode=password
BridgeEndIP=
BridgeName=br0
BridgeStartIP=
Cipher=
ClientToClient=disabled
Compression=disabled
CustomRoutes=
Digest=
Mode=routed
Netmask=
Network=
NotifyAddresses=
NotifyStatus=disabled
PushDhcpOptionsStatus=enabled
PushDns=
PushDomain=
PushExtraRoutes=enabled
PushNbdd=
PushWins=
Remote=
RouteToVPN=disabled
TapInterface=tap0
TlsVersionMin=
Topology=subnet
UDPPort=1194
access=green,red
status=enabled

the command " db vpn show" just accepts iteslf and move into the other line to type any other command.

Unless you left it out intentionally, the configuration is missing Network, Netmask and public IP/Host (Remote=), but it is required when configuring routed mode from GUI.

When I try to set up private IP (from GUI - from the position OpenVPN RoadWarrior) I am receiving a error “Validation failed: Invalid network address” so I can’t even solve it.

Make sure you are writing a network address, not a host IP address.

I am writing for example 10.0.0.1 with 255.255.255.0 it says the message above. When i leave it blank, it says:

Validation failed: Invalid IPv4 address: it should be something like ‘10.0.0.1’

Validation failed: Invalid IPv4 network mask: it should be something like ‘255.255.255.0’

so it itself points out to an network address which I am trying to make it as server.

Here are a couple of examples:

This is strange. It saved, but why something like 192.168.2.1 with 255.255.255.0 does not work?

Because 10.0.0.1 represents a single IP address while 10.0.0.0 kind of represents a whole network.
On the VPN page you are setting the network for the hosts that will connect through the VPN, they will be assigned some of those IPs in the range (according the submask).

A device’s IP address actually consists of two separate parts:

• Network ID: The network ID is a part of the IP address starting from the left that identifies the specific network on which the device is located. On a typical home network, where a device has the IP address 192.168.1.34, the 192.168.1 part of the address will be the network ID. It’s custom to fill in the missing final part with a zero, so we might say that the network ID of the device is 192.168.1.0.

• Host ID: The host ID is the part of the IP address not taken up by the network ID. It identifies a specific device (in the TCP/IP world, we call devices “hosts”) on that network. Continuing our example of the IP address 192.168.1.34, the host ID would be 34—the host’s unique ID on the 192.168.1.0 network.

On your home network, then, you might see several devices with IP address like 192.168.1.1, 192.168.1.2, 192.168.1 30, and 192.168.1.34. All of these are unique devices (with host IDs 1, 2, 30, and 34 in this case) on the same network (with the network ID 192.168.1.0).
Source