VectorLinux
August 29, 2014, 02:04:01 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: Problem with openvpn Linux ip link set failed  (Read 4263 times)
Mr. Creosote
Member
*
Posts: 15


« on: March 17, 2013, 11:16:48 am »

Hi all

I'm trying to get openvpn running on my machine and am testing it against openvpn's test facility.

I'm getting the following error to -sudo openvpn client.ovpn
*************
Sun Mar 17 15:36:32 2013 OpenVPN 2.2.2 i486-slackware-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 11 2012
Sun Mar 17 15:36:32 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Mar 17 15:36:32 2013 Control Channel Authentication: tls-auth using INLINE static key file
Sun Mar 17 15:36:32 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 17 15:36:32 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 17 15:36:32 2013 LZO compression initialized
Sun Mar 17 15:36:32 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 17 15:36:32 2013 Socket Buffers: R=[112640->200000] S=[112640->200000]
Sun Mar 17 15:36:32 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 17 15:36:32 2013 Local Options hash (VER=V4): '504e774e'
Sun Mar 17 15:36:32 2013 Expected Remote Options hash (VER=V4): '14168603'
Sun Mar 17 15:36:32 2013 UDPv4 link local: [undef]
Sun Mar 17 15:36:32 2013 UDPv4 link remote: 50.76.49.82:1194
Sun Mar 17 15:36:33 2013 TLS: Initial packet from 50.76.49.82:1194, sid=fbd9d6a1 34dd0200
Sun Mar 17 15:36:33 2013 VERIFY OK: depth=1, /CN=GeoTrust_SSL_CA
Sun Mar 17 15:36:33 2013 VERIFY OK: nsCertType=SERVER
Sun Mar 17 15:36:33 2013 VERIFY OK: depth=0, /CN=shop.xumeishan.com
Sun Mar 17 15:36:34 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 17 15:36:34 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 17 15:36:34 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 17 15:36:34 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 17 15:36:34 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 17 15:36:34 2013 [shop.xumeishan.com] Peer Connection Initiated with 50.76.49.82:1194
Sun Mar 17 15:36:36 2013 SENT CONTROL [shop.xumeishan.com]: 'PUSH_REQUEST' (status=1)
Sun Mar 17 15:36:36 2013 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,redirect-private bypass-dns,route-gateway 10.99.202.1,route 10.99.100.1,route 173.245.80.2,route 10.99.200.0 255.255.254.0,comp-lzo yes,ifconfig 10.99.202.175 255.255.255.0'
Sun Mar 17 15:36:36 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.2)
Sun Mar 17 15:36:36 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.2)
Sun Mar 17 15:36:36 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.2)
Sun Mar 17 15:36:36 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 17 15:36:36 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Mar 17 15:36:36 2013 OPTIONS IMPORT: LZO parms modified
Sun Mar 17 15:36:36 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 17 15:36:36 2013 OPTIONS IMPORT: route options modified
Sun Mar 17 15:36:36 2013 OPTIONS IMPORT: route-related options modified
Sun Mar 17 15:36:36 2013 TUN/TAP device tun0 opened
Sun Mar 17 15:36:36 2013 TUN/TAP TX queue length set to 100
Sun Mar 17 15:36:36 2013 ip link set dev tun0 up mtu 1500
Sun Mar 17 15:36:36 2013 Linux ip link set failed: could not execute external program
Sun Mar 17 15:36:36 2013 Exiting
************************

I've installed the iproute2 package to get ip and the tun module appears to be enabled in the kernel kernel/drivers/net/tun.ko.

I'm not particularly network savvy so I may be missing something obvious.  Any suggestions would be appreciated.



Logged
bigpaws
Vectorian
****
Posts: 1847


« Reply #1 on: March 17, 2013, 07:07:32 pm »

Did you follow the directions on the Test server page?

Did you download the the client config?

If not where did you get the config file?

The problem I see are the push directives are off.

Is this a bridged or routed setup?

TCP or UDP being used?

What is your goal? 

Bigpaws

Logged
Mr. Creosote
Member
*
Posts: 15


« Reply #2 on: March 18, 2013, 04:52:49 pm »

Hi bigpaws

1. Yes.  I followed the instructions on this reference page to generate the autologin config file http://docs.openvpn.net/under-the-hood/openvpn-access-server-test-server/ prior to proceeding and have tried both the auto login and manual login options.  I have no openvpn based software running at my end.  I've also got a test account with Astrill and have also tried used their client config files for various servers with the same result.

2. It's a routed setup

3. UDP is being used

The goal is to test the functioning of a fee-for-service VPN, Astrill, to route my internet traffic. The rationale is access to country-specific content (e.g. Hula in the US) by using a US based server. I'm in Canada and services like Hula aren't available here.  Similarly, Netflix in Canada is decidedly inferior to the US version.  By testing this on my Linux box, if it appears to meets my needs, I will  reflash a router with DDRWT to run openvpn on it to do the same thing.  That way I can run US Netflix through a Roku, for example.  I'm using the vanilla openvpn config file.

I had originally thought the output was the same for the openvpn as for the Astrill server, but it's not. The Astrill server doesn't throw the PUSH-OPTIONS complaint:

Mon Mar 18 21:16:11 2013 OpenVPN 2.2.2 i486-slackware-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 11 2012
Mon Mar 18 21:16:11 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 18 21:16:11 2013 Control Channel Authentication: tls-auth using INLINE static key file
Mon Mar 18 21:16:11 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 18 21:16:11 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 18 21:16:11 2013 LZO compression initialized
Mon Mar 18 21:16:11 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Mar 18 21:16:11 2013 Socket Buffers: R=[112640->131072] S=[112640->131072]
Mon Mar 18 21:16:11 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Mar 18 21:16:11 2013 Local Options hash (VER=V4): '504e774e'
Mon Mar 18 21:16:11 2013 Expected Remote Options hash (VER=V4): '14168603'
Mon Mar 18 21:16:11 2013 UDPv4 link local: [undef]
Mon Mar 18 21:16:11 2013 UDPv4 link remote: 207.126.92.3:8292
Mon Mar 18 21:16:11 2013 TLS: Initial packet from 207.126.92.3:8292, sid=ef6d8dc9 96cc389e
Mon Mar 18 21:16:11 2013 VERIFY OK: depth=1, /C=../ST=../L=../O=../OU=../CN=ASCA/emailAddress=..
Mon Mar 18 21:16:11 2013 VERIFY OK: nsCertType=SERVER
Mon Mar 18 21:16:11 2013 VERIFY OK: depth=0, /C=../ST=../L=../O=../OU=../CN=server-207.126.92.3/emailAddress=..
Mon Mar 18 21:16:12 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Mar 18 21:16:12 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 18 21:16:12 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Mar 18 21:16:12 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 18 21:16:12 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Mar 18 21:16:12 2013 [server-207.126.92.3] Peer Connection Initiated with 207.126.92.3:8292
Mon Mar 18 21:16:14 2013 SENT CONTROL [server-207.126.92.3]: 'PUSH_REQUEST' (status=1)
Mon Mar 18 21:16:14 2013 PUSH: Received control message: 'PUSH_REPLY,sndbuf 262144,rcvbuf 262144,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 5.5.32.1,ping 10,ping-restart 90,comp-lzo no,route-gateway 5.5.32.1,topology subnet,ifconfig 5.5.32.58 255.255.248.0'
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: timers and/or timeouts modified
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: LZO parms modified
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Mar 18 21:16:14 2013 Socket Buffers: R=[131072->262142] S=[131072->262142]
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: --ifconfig/up options modified
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: route options modified
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: route-related options modified
Mon Mar 18 21:16:14 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Mar 18 21:16:14 2013 TUN/TAP device tun0 opened
Mon Mar 18 21:16:14 2013 TUN/TAP TX queue length set to 100
Mon Mar 18 21:16:14 2013 ip link set dev tun0 up mtu 1500
Mon Mar 18 21:16:14 2013 Linux ip link set failed: could not execute external program
Mon Mar 18 21:16:14 2013 Exiting

Logged
bigpaws
Vectorian
****
Posts: 1847


« Reply #3 on: March 18, 2013, 07:02:36 pm »

Check to see that a tun device is there after your connection

Type:

lsmod tun

If not try:

modprobe tun

then try connection again.

Bigpaws
Logged
Mr. Creosote
Member
*
Posts: 15


« Reply #4 on: March 18, 2013, 07:28:52 pm »

Doesn't appear to be a tun device and no change after -modprobe tun- and rerunning -openvpn-. However, the execution of the output is a matter of seconds and hitting lsmod tun repeatedly while the output is scrolling  shows no output.

modprobe -l

gives

kernel/drivers/net/tun.ko
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!