guys , i having issues during setup openvpn server which 'service openvpn start' failed (as per attachment). pls urgently help ~~
i am follow this link to setup .
http://www.geek-kb.com/install-and-conf ... entos-6-x/
below is server.conf .
[root@dropenvpn ~]# cd /etc/openvpn
[root@dropenvpn openvpn]# vi server.conf
plugin /usr/local/lib/openvpn-auth-pam.so openvpn
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server <ip adddress> 255.255.255.0
route <ip adddress> 255.255.255.0
route <ip adddress> 255.255.255.0
client-cert-not-required
username-as-common-name
client-config-dir /etc/openvpn/ccd
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
push "dhcp-option DOMAIN xxxx"
push "dhcp-option DNS <DNS ip adddress>"
push "dhcp-option DNS <DNS ip adddress>"
push "dhcp-option WINS <ip adddress>"
push "route <ip adddress> 255.255.255.0"
push "route <ip adddress> 255.255.255.0"
cipher AES-128-CBC
comp-lzo
max-clients 256
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
service openvpn start failure at centos 6
service openvpn start failure at centos 6
- Attachments
-
- service openvpn start.png (3.59 KiB) Viewed 8980 times
Re: service openvpn start failure at centos 6
I didn't read any further than yum install gcc... and that's enough for me to know that tutorial is rubbish. You can find openvpn packages in the EPEL repo so you need to undo everything that tutorial had you do then yum install epel-release and yum install openvpn then configure and run it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: service openvpn start failure at centos 6
In addition to Trevor's comment, you have to edit the configuration file to match your configuration.
For example, you have to replace "<ip adddress>" with a real IP address.
For example, you have to replace "<ip adddress>" with a real IP address.
Re: service openvpn start failure at centos 6
hi guys ,
<ip addres> is masking . in real config there is correct ip address .i manage to resolve preivous issues . but now i am encounter new issue as below . can pls advise?
Mon Dec 5 11:06:13 2016 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Mon Dec 5 11:06:13 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Mon Dec 5 11:06:13 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Dec 5 11:06:13 2016 PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Dec 5 11:06:13 2016 Diffie-Hellman initialized with 2048 bit key
Mon Dec 5 11:06:13 2016 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Dec 5 11:06:13 2016 Control Channel Authentication: using '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' as a free-form passphrase file
Mon Dec 5 11:06:13 2016 DEPRECATED OPTION: Using freeform files for tls-auth is deprecated and is not supported in OpenVPN 2.4 or newer versions
Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter
Mon Dec 5 11:06:13 2016 Exiting due to fatal error
attached my latest config
mode server
tls-server
port 1194
proto tcp-server
management 127.0.0.1 25340
management-log-cache 1000
dev tun
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
ca /etc/openvpn/EasyRSA-2.2.2/keys/ca.crt
cert /etc/openvpn/EasyRSA-2.2.2/keys/server.crt
key /etc/openvpn/EasyRSA-2.2.2/keys/server.key
dh /etc/openvpn/EasyRSA-2.2.2/keys/dh1024.pem
server <masking> 255.255.255.0
route <masking> 255.255.255.0
route <masking> 255.255.255.0
client-cert-not-required
username-as-common-name
#duplicate-cn
client-config-dir /etc/openvpn/ccd
#client-connect /etc/openvpn/scripts/connect.sh
#client-disconnect /etc/openvpn/scripts/disconnect.sh
keepalive 10 120
tls-auth /etc/openvpn/EasyRSA-2.2.2/keys/ta.key 0
push "dhcp-option DOMAIN <masking>"
push "dhcp-option DNS <masking>"
push "dhcp-option DNS <masking>"
push "dhcp-option WINS <masking>"
push "route <masking> 255.255.254.0"
push "route <masking> 255.255.254.0"
cipher AES-128-CBC
comp-lzo
max-clients 256
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
<ip addres> is masking . in real config there is correct ip address .i manage to resolve preivous issues . but now i am encounter new issue as below . can pls advise?
Mon Dec 5 11:06:13 2016 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Mon Dec 5 11:06:13 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Mon Dec 5 11:06:13 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Dec 5 11:06:13 2016 PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Dec 5 11:06:13 2016 Diffie-Hellman initialized with 2048 bit key
Mon Dec 5 11:06:13 2016 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Dec 5 11:06:13 2016 Control Channel Authentication: using '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' as a free-form passphrase file
Mon Dec 5 11:06:13 2016 DEPRECATED OPTION: Using freeform files for tls-auth is deprecated and is not supported in OpenVPN 2.4 or newer versions
Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter
Mon Dec 5 11:06:13 2016 Exiting due to fatal error
attached my latest config
mode server
tls-server
port 1194
proto tcp-server
management 127.0.0.1 25340
management-log-cache 1000
dev tun
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
ca /etc/openvpn/EasyRSA-2.2.2/keys/ca.crt
cert /etc/openvpn/EasyRSA-2.2.2/keys/server.crt
key /etc/openvpn/EasyRSA-2.2.2/keys/server.key
dh /etc/openvpn/EasyRSA-2.2.2/keys/dh1024.pem
server <masking> 255.255.255.0
route <masking> 255.255.255.0
route <masking> 255.255.255.0
client-cert-not-required
username-as-common-name
#duplicate-cn
client-config-dir /etc/openvpn/ccd
#client-connect /etc/openvpn/scripts/connect.sh
#client-disconnect /etc/openvpn/scripts/disconnect.sh
keepalive 10 120
tls-auth /etc/openvpn/EasyRSA-2.2.2/keys/ta.key 0
push "dhcp-option DOMAIN <masking>"
push "dhcp-option DNS <masking>"
push "dhcp-option DNS <masking>"
push "dhcp-option WINS <masking>"
push "route <masking> 255.255.254.0"
push "route <masking> 255.255.254.0"
cipher AES-128-CBC
comp-lzo
max-clients 256
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
Re: service openvpn start failure at centos 6
Well, did you try doing what the logs told you to do:
Code: Select all
Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter
Re: service openvpn start failure at centos 6
Whoever wrote:Well, did you try doing what the logs told you to do:Code: Select all
Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter
Hi Sir , i dont really understand what action has to take ..can you able to advise?
Re: service openvpn start failure at centos 6
Hi, can you try this :
edit your server.conf file by changing :
explicit-exit-notify 1
to
explicit-exit-notify 0
edit your server.conf file by changing :
explicit-exit-notify 1
to
explicit-exit-notify 0