Mageia forum

[AstorBG]

Greetings mageicians,

I wanted to connect to the university VPN using the command suggested "openvpn --config univpn.conf". The univpn.conf file is provided by the
University. After entering my user name and pass it seems connecting
and on the final steps it fails and when I check I am still not connected to the vpn. The partial output where the rors happened of the command is:

Code: Select all

.
.
.
Tue Apr  4 17:39:42 2017 TUN/TAP device tun0 opened
Tue Apr  4 17:39:42 2017 TUN/TAP TX queue length set to 100
Tue Apr  4 17:39:42 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr  4 17:39:42 2017 /usr/sbin/ifconfig tun0 172.18.2.45 netmask 255.255.255.224 mtu 1500 broadcast 172.18.2.63
Tue Apr  4 17:39:47 2017 ROUTE remote_host is NOT LOCAL
Tue Apr  4 17:39:47 2017 /usr/sbin/route add -net 193.40.12.54 netmask 255.255.255.255 gw 192.168.0.1
Tue Apr  4 17:39:47 2017 /usr/sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.18.2.33
SIOCADDRT: Network is unreachable
Tue Apr  4 17:39:47 2017 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Apr  4 17:39:47 2017 /usr/sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.18.2.33
SIOCADDRT: Network is unreachable
Tue Apr  4 17:39:47 2017 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Apr  4 17:39:47 2017 Initialization Sequence Completed

Then I Ctrl+C to stop it and it spits out:

Code: Select all

^CTue Apr  4 17:39:58 2017 event_wait : Interrupted system call (code=4)
Tue Apr  4 17:39:58 2017 SIGTERM received, sending exit notification to peer
Tue Apr  4 17:39:59 2017 /usr/sbin/route del -net 193.40.12.54 netmask 255.255.255.255
Tue Apr  4 17:39:59 2017 /usr/sbin/route del -net 0.0.0.0 netmask 128.0.0.0
SIOCDELRT: No such process
Tue Apr  4 17:39:59 2017 ERROR: Linux route delete command failed: external program exited with error status: 7
Tue Apr  4 17:39:59 2017 /usr/sbin/route del -net 128.0.0.0 netmask 128.0.0.0
SIOCDELRT: No such process
Tue Apr  4 17:39:59 2017 ERROR: Linux route delete command failed: external program exited with error status: 7
Tue Apr  4 17:39:59 2017 Closing TUN/TAP interface
Tue Apr  4 17:39:59 2017 /usr/sbin/ifconfig tun0 0.0.0.0
Tue Apr  4 17:39:59 2017 SIGTERM[soft,exit-with-notification] received, process exiting

I tried then Kubuntu 16.04 in VirtualBox with (bridged network adapter opion in the VBox) and it connected fine without errors and I was able to connect to the uni VPN. The Kubuntu command output which is different than my M5 KDE is:

Code: Select all

.
.
.
Tue Apr  4 17:36:33 2017 TUN/TAP device tun0 opened
Tue Apr  4 17:36:33 2017 TUN/TAP TX queue length set to 100
Tue Apr  4 17:36:33 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr  4 17:36:33 2017 /sbin/ip link set dev tun0 up mtu 1500
Tue Apr  4 17:36:33 2017 /sbin/ip addr add dev tun0 172.18.2.45/27 broadcast 172.18.2.63
Tue Apr  4 17:36:39 2017 ROUTE remote_host is NOT LOCAL
Tue Apr  4 17:36:39 2017 /sbin/ip route add 193.40.12.54/32 via 192.168.0.1
Tue Apr  4 17:36:39 2017 /sbin/ip route add 0.0.0.0/1 via 172.18.2.33
Tue Apr  4 17:36:39 2017 /sbin/ip route add 128.0.0.0/1 via 172.18.2.33
Tue Apr  4 17:36:39 2017 Initialization Sequence Completed


After Ctrl+C

Code: Select all

^CTue Apr  4 17:37:52 2017 event_wait : Interrupted system call (code=4)
Tue Apr  4 17:37:52 2017 SIGTERM received, sending exit notification to peer
Tue Apr  4 17:37:53 2017 /sbin/ip route del 193.40.12.54/32
Tue Apr  4 17:37:53 2017 /sbin/ip route del 0.0.0.0/1
Tue Apr  4 17:37:53 2017 /sbin/ip route del 128.0.0.0/1
Tue Apr  4 17:37:53 2017 Closing TUN/TAP interface
Tue Apr  4 17:37:53 2017 /sbin/ip addr del dev tun0 172.18.2.45/27
Tue Apr  4 17:37:53 2017 SIGTERM[soft,exit-with-notification] received, process exiting

I also opened the ports 1194 in both my firewall and router for the tests
as well as switching off the msec.
Can someone point me toward the right direction to tackle this problem?

Thx in advance!

[doktor5000]

You should at the very least add the output as root (for both cases) before starting the VPN:

Code: Select all

ifconfig -a
netstat -in
netstat -rn

[AstorBG]

Thx doktor,
here you are the outputs of the commands (as root):

Kubuntu

Code: Select all

# ifconfig -a

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:a0:18:97
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::eb82:50cb:6a7b:62fe/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7443 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13344439 (13.3 MB)  TX bytes:839069 (839.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:657 errors:0 dropped:0 overruns:0 frame:0
          TX packets:657 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:62681 (62.6 KB)  TX bytes:62681 (62.6 KB)

# netstat -in

Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
enp0s3     1500 0     10965      0      0 0          7454      0      0      0 BMRU
lo        65536 0       665      0      0 0           665      0      0      0 LRU


# netstat -rn

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 enp0s3
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 enp0s3
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s3



M5

Code: Select all

# ifconfig -a

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.103  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::a60:6eff:fe73:b10b  prefixlen 64  scopeid 0x20<link>
        ether 08:60:6e:73:b1:0b  txqueuelen 1000  (Ethernet)
        RX packets 3126  bytes 999311 (975.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3733  bytes 372106 (363.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 16  bytes 1096 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 1096 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
       
# netstat -in

Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
enp3s0    1500     3498      0      0 0          4186      0      0      0 BMRU
lo       65536       16      0      0 0            16      0      0      0 LRU


# netstat -rn

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 enp3s0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 enp3s0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 enp3s0


[wintpe]

OK, you were supplied the univpn.conf

without posting the contents here, can you tell me if the contents is a file with a few lines in it (ie short lines 10-15 lines long, or are there blocks of text that look like hex code

if the first one then you are missing the 3 cert files.

if the second, then you need to break out those bits of text into three separate files.

a cert a key and a CA

for example ca.crt, univpn.crt and univpn.key

store those in files.

and then follow the example I hgave for torguard viewtopic.php?f=25&t=10199

and here

viewtopic.php?f=25&t=6717&p=43396&hilit=openvpn#p43396

or if you want more detail here

http://www.linuxpc.co.uk/download/vpnse ... server.odt

and just look at the client part of that.

regards peter

[AstorBG]

Hi Peter,
Thx for the reply.
I extracted the files as you suggested (ca.crt, uni.crt, and key.crt) and gave their paths in uni.conf as per your examples in your posts. I configured it via mcc GUI and also tried it in CLI. It starts to connect, even I think it made the communication with remote server but ended again as before (see my first post above):
"ERROR: Linux route add command failed: external program exited with error status: 7" etc. But in Kubuntu (in VBox) it goes fine and I am able to
create the vpn. Anyway, its not big deal, I can use meanwhile kubuntu way.

Astor

[wintpe]

sounds like firewall is blocking you.
drop the mageia firewall, get the connection up and then put the firewall back, it will detect tun0 and ask you if you want to let that through

you should be able to see from ifconfig -a tun0 coming up.

you should also be able to see the log messages in /var/log/messages.

once tun0 is up, it will need to add tun0 as a route for traffic destined to your university network.

so normal traffic will go down eth0 and all univercity destined traffic will go down tun0

look at the messages and if it still does not work post the messages back here, ill check again , probably monday if i get time.

also check that the end result of your config ie /etc/sysconfig/network-scripts/vpn.d/openvpn/filename has what you expect in it



regards peter

[AstorBG]

I am now able to connect to my uni vpn. I solved the problem as executing the command

Code: Select all

# ip link set dev tun0 up mtu 1500

after I have run the normal command as root: openvpn --config uni.conf

I dont know, but it seems that ifconfig command in my M5 does not properly configures my tun device. However ip command handles it properly.
I'll mark the post as solved.

Regards,

Astor