OpenVPN issues on NS 7.2 Alpha3

Support
1

First issue (minor?) - on the dashboard it shows vpn_disabled (Screen 1) - but in services openvpn is running (Screen 2):

Screen 1

Screenshot_20160617_110534.png1625Ă—869 68.2 KB

Screen 2

Screenshot_20160617_110558.png1625Ă—869 121 KB

Second issue (major) - using the OpenVPN settings (Screen 3) - bad openvpn config for user.

Screen 3

Screenshot_20160617_110621.png1625Ă—869 87.7 KB

I generated a new user and got this ovpn file to download.

dev tun
client
remote gw1.dmginc.com
port 
float
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
MIIEOjCCAyKgAwIBAgIEV2LBVjANBgkqhkiG9w0BAQsFADCBtTEQMA4GA1UEAwwH
Z2F0ZXdheTEgMB4GA1UECgwXRGFudmlsbGUgTWF5IEdyb3VwIEluYy4xCzAJBgNV
<...removed...>
qjRfK/C7Ov6sy5LCtMIBdBSuijX3QyerLliCVnz0
-----END CERTIFICATE-----
</ca>
comp-lzo
explicit-exit-notify 1
verb 3
persist-key
persist-tun
nobind

Knowing that it was wrong, I looked at config show and got this listing.

openvpn=
openvpn@host-to-net=service
    AuthMode=certificate
    BridgeEndIP=
    BridgeName=br0
    BridgeStartIP=
    ClientToClient=disabled
    Compression=enabled
    Mode=routed
    Netmask=255.255.255.0
    Network=192.168.33.0
    Remote=gateway.dmginc.com
    RouteToVPN=disabled
    TapInterface=tap0
    UDPPort=1194
    access=public
    status=enabled

Why both openvpn= with nothing and openvpn@host-to-net with something?

I went directly to /var/lib/nethserver/certs and removed all user certs (three residual .p12 not removed before), reset serial and certindex. I deleted and regenerated the user. Got this screen.

Screenshot_20160617_110207.png1625Ă—869 74.7 KB

Went to the download and requested ovpn download and was told it was a zero length file:

Forget this path - I need my vpn access. Knowing that I had an old vpn (alpha2) file that did work, I copied and removed the keys/certificates like so:

NethServer OpenVPN client configuration #########

dev tun
client
remote gateway.dmginc.com
port 1194
float
# Authentication: certificate
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
comp-lzo
explicit-exit-notify 1
verb 3
persist-key
persist-tun
nobind

Then I downloaded a PEM file, copied and pasted the certificates/key from it and then my client could connect.

Ideas??

2

I will work on OpenVPN on Monday, I will let u know my findings.

1 Like
3

Finally I had the time to work on it, a new RPM is available: http://packages.nethserver.org/nethserver/7.2.1511/testing/x86_64/Packages/nethserver-openvpn-1.3.1-1.12.g47f37ff.ns7.noarch.rpm
It should fix all reported problems, also it adds a field to reserve a specific IP for a user.

Before installing it, remove nethserver-vpn package:

rpm -e nethserver-vpn
4 Likes
4

Thanks for the update, Giacomo.

I am familiar with using rpm at the command line. So removing the vpn package is not a problem.

Up to now, on nethserver, I have only been using the web interface to install (which I just love). In order to use the testing repository - it that something to do at the command line? If so, I can do so. I am familiar with both OpenSuSE and Ubuntu installs. From what I see in nethserver, it is more like Ubuntu, correct? Or do I just pull down the rpm and install?

5

After removing the rpm, just execute the following command which temporary enables the testing repository and updates the package:

yum --enablerepo=nethserver-testing install nethserver-openvpn
1 Like
6

OK. Here goes the results…

When I first tried to remove nethserver-vpn - there were two dependencies (which I removed as follows):

[root@gw1 ~]# rpm -e nethserver-vpn
error: Failed dependencies:
        nethserver-vpn is needed by (installed) nethserver-ipsec-1.1.5-1.11.ge61d0c0.ns7.noarch
        nethserver-vpn is needed by (installed) nethserver-openvpn-1.3.1-1.7.g451d39a.ns7.noarch
[root@gw1 ~]# rpm -e nethserver-openvpn
[root@gw1 ~]# rpm -e nethserver-ipsec
warning: /etc/ipsec.d/nsspassword saved as /etc/ipsec.d/nsspassword.rpmsave
[root@gw1 ~]# rpm -e nethserver-vpn

I then installed according to your instructions:

[root@gw1 ~]# yum --enablerepo=nethserver-testing install nethserver-openvpn
Loaded plugins: changelog, fastestmirror, nethserver_events
base                                                                                                                | 3.6 kB  00:00:00     
epel/x86_64/metalink                                                                                                |  12 kB  00:00:00     
extras                                                                                                              | 3.4 kB  00:00:00     
nethserver-base                                                                                                     | 3.6 kB  00:00:00     
nethserver-testing                                                                                                  | 2.9 kB  00:00:00     
nethserver-updates                                                                                                  | 4.1 kB  00:00:00     
updates                                                                                                             | 3.4 kB  00:00:00     
(1/3): nethserver-updates/7/x86_64/group_gz                                                                         |  11 kB  00:00:00     
(2/3): nethserver-testing/7/x86_64/primary_db                                                                       | 198 kB  00:00:00     
(3/3): nethserver-updates/7/x86_64/primary_db                                                                       |  62 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: centos.bhs.mirrors.ovh.net
 * epel: mirror.csclub.uwaterloo.ca
 * extras: centos.bhs.mirrors.ovh.net
 * nethserver-base: mirror.framassa.org
 * nethserver-updates: mirror.framassa.org
 * updates: centos.bhs.mirrors.ovh.net
Resolving Dependencies
--> Running transaction check
---> Package nethserver-openvpn.noarch 0:1.3.1-1.12.g47f37ff.ns7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================
 Package                           Arch                  Version                                   Repository                         Size
===========================================================================================================================================
Installing:
 nethserver-openvpn                noarch                1.3.1-1.12.g47f37ff.ns7                   nethserver-testing                 54 k

Transaction Summary
===========================================================================================================================================
Install  1 Package

Total download size: 54 k
Installed size: 128 k
Is this ok [y/d/N]: y
Downloading packages:
nethserver-openvpn-1.3.1-1.12.g47f37ff.ns7.noarch.rpm                                                               |  54 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : nethserver-openvpn-1.3.1-1.12.g47f37ff.ns7.noarch                                                                       1/1 
  Verifying  : nethserver-openvpn-1.3.1-1.12.g47f37ff.ns7.noarch                                                                       1/1 

Installed:
  nethserver-openvpn.noarch 0:1.3.1-1.12.g47f37ff.ns7                                                                                      

Complete!

On refreshing the dashboard, I noticed that the VPN tab was removed and on the navigation pane the VPN link disappeared. In its place I found OpenVPN links (one under Status and one under Gateway).

Going to the Gateway I reviewed the OpenVPN tab to make sure that the RoadWarrior settings were unchanged. They are still the same. I went to the Accounts tab, saw the kisaacs-r2 account and downloaded the opvn file. It looks good. I then replaced my hacked ovpn file with the one that I downloaded and

IT WORKED!!

Finally, I went to the Status OpenVPN page and got the following (my account is indeed active - but it indicates that OpenVPN server is disabled)

Screenshot_20160622_155603.png1625Ă—869 67 KB

Not bad for a day’s work! :sunglasses:

Thanks for the fix!

7 Likes
7

Great, thanks for the bug report and QA :clap:

1 Like
8

Thanks to Ken report, I already did the fix on Dashboard bug.

Updated RPM will be on updates repository later today. :wink:

2 Likes
9

A simple question - regarding activating a new repository. I noticed a lot of new updates (see following screenshots). As I compared the version numbers all the way down, there seem to be a number of “discrepancies” between “version” and “release”. Since this is a production system, I need an explanation before I commit to performing the update. Basically am I “safe” to proceed - or is there the possibility that I could upset the great balance that I have?

Screenshots 1&2

Screenshot_20160624_130651.png1625Ă—869 106 KB

Screenshot_20160624_130707.png1625Ă—869 108 KB

10

You can safely update :slight_smile:

1 Like
11

You’re on the cutting edge. News will be available soon

12

I have a issue here, not anymore on Alpha, now beta stage :stuck_out_tongue:

When i try to activate roadwarrior on OpenVPN the dashboard gives me:

Nethgui:

500 - Internal server error

1366796122+1325669847

When i try to initialize OpenVPN Service the following msg apears:

Oct 5 11:30:19 fwonline control-service: openvpn@host-to-net start
Oct 5 11:30:19 fwonline systemd: Starting OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net…
Oct 5 11:30:20 fwonline openvpn[14501]: Options error: Unrecognized option or missing parameter(s) in host-to-net.conf:13: server (2.3.12)
Oct 5 11:30:20 fwonline openvpn[14501]: Use --help for more information.
Oct 5 11:30:20 fwonline systemd: openvpn@host-to-net.service: control process exited, code=exited status=1
Oct 5 11:30:20 fwonline systemd: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net.
Oct 5 11:30:20 fwonline systemd: Unit openvpn@host-to-net.service entered failed state.
Oct 5 11:30:20 fwonline systemd: openvpn@host-to-net.service failed.

And i just saw another error on log:

Options error: --ifconfig-pool/–ifconfig-pool-persist requires --mode server
Use --help for more information.

Any idea how to fix this?!

Thanks!

13

Can you please past the content of /etc/openvpn/host-to-net.conf ?

14

I was literally missing something important, set an other class of IP on server routed configurations…

It is all ok now :slight_smile:
Thanks!

1 Like