service openvpn start failure at centos 6

Support for security such as Firewalls and securing linux
Post Reply
loobj126
Posts: 3
Joined: 2016/12/04 11:29:18

service openvpn start failure at centos 6

Post by loobj126 » 2016/12/04 11:48:08

guys , i having issues during setup openvpn server which 'service openvpn start' failed (as per attachment). pls urgently help ~~

i am follow this link to setup .
http://www.geek-kb.com/install-and-conf ... entos-6-x/

below is server.conf .

[root@dropenvpn ~]# cd /etc/openvpn
[root@dropenvpn openvpn]# vi server.conf
plugin /usr/local/lib/openvpn-auth-pam.so openvpn
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server <ip adddress> 255.255.255.0
route <ip adddress> 255.255.255.0
route <ip adddress> 255.255.255.0
client-cert-not-required
username-as-common-name
client-config-dir /etc/openvpn/ccd
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
push "dhcp-option DOMAIN xxxx"
push "dhcp-option DNS <DNS ip adddress>"
push "dhcp-option DNS <DNS ip adddress>"
push "dhcp-option WINS <ip adddress>"
push "route <ip adddress> 255.255.255.0"
push "route <ip adddress> 255.255.255.0"
cipher AES-128-CBC
comp-lzo
max-clients 256
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
Attachments
service openvpn start.png
service openvpn start.png (3.59 KiB) Viewed 8979 times

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: service openvpn start failure at centos 6

Post by TrevorH » 2016/12/04 13:25:50

I didn't read any further than yum install gcc... and that's enough for me to know that tutorial is rubbish. You can find openvpn packages in the EPEL repo so you need to undo everything that tutorial had you do then yum install epel-release and yum install openvpn then configure and run it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: service openvpn start failure at centos 6

Post by Whoever » 2016/12/04 16:59:20

In addition to Trevor's comment, you have to edit the configuration file to match your configuration.

For example, you have to replace "<ip adddress>" with a real IP address.

loobj126
Posts: 3
Joined: 2016/12/04 11:29:18

Re: service openvpn start failure at centos 6

Post by loobj126 » 2016/12/05 03:11:27

hi guys ,
<ip addres> is masking . in real config there is correct ip address .i manage to resolve preivous issues . but now i am encounter new issue as below . can pls advise?


Mon Dec 5 11:06:13 2016 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Mon Dec 5 11:06:13 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Mon Dec 5 11:06:13 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Dec 5 11:06:13 2016 PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Dec 5 11:06:13 2016 Diffie-Hellman initialized with 2048 bit key
Mon Dec 5 11:06:13 2016 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Dec 5 11:06:13 2016 Control Channel Authentication: using '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' as a free-form passphrase file
Mon Dec 5 11:06:13 2016 DEPRECATED OPTION: Using freeform files for tls-auth is deprecated and is not supported in OpenVPN 2.4 or newer versions
Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter
Mon Dec 5 11:06:13 2016 Exiting due to fatal error





attached my latest config

mode server
tls-server
port 1194
proto tcp-server
management 127.0.0.1 25340
management-log-cache 1000
dev tun
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
ca /etc/openvpn/EasyRSA-2.2.2/keys/ca.crt
cert /etc/openvpn/EasyRSA-2.2.2/keys/server.crt
key /etc/openvpn/EasyRSA-2.2.2/keys/server.key
dh /etc/openvpn/EasyRSA-2.2.2/keys/dh1024.pem
server <masking> 255.255.255.0
route <masking> 255.255.255.0
route <masking> 255.255.255.0
client-cert-not-required
username-as-common-name
#duplicate-cn
client-config-dir /etc/openvpn/ccd
#client-connect /etc/openvpn/scripts/connect.sh
#client-disconnect /etc/openvpn/scripts/disconnect.sh
keepalive 10 120
tls-auth /etc/openvpn/EasyRSA-2.2.2/keys/ta.key 0
push "dhcp-option DOMAIN <masking>"
push "dhcp-option DNS <masking>"
push "dhcp-option DNS <masking>"
push "dhcp-option WINS <masking>"
push "route <masking> 255.255.254.0"
push "route <masking> 255.255.254.0"
cipher AES-128-CBC
comp-lzo
max-clients 256
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: service openvpn start failure at centos 6

Post by Whoever » 2016/12/05 06:37:08

Well, did you try doing what the logs told you to do:

Code: Select all

Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter

loobj126
Posts: 3
Joined: 2016/12/04 11:29:18

Re: service openvpn start failure at centos 6

Post by loobj126 » 2016/12/05 06:40:32

Whoever wrote:Well, did you try doing what the logs told you to do:

Code: Select all

Mon Dec 5 11:06:13 2016 Key file '/etc/openvpn/EasyRSA-2.2.2/keys/ta.key' used in --tls-auth contains insufficient key material [keys found=1 required=2] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --tls-auth without a key direction parameter

Hi Sir , i dont really understand what action has to take ..can you able to advise?

gorbabor
Posts: 1
Joined: 2017/01/18 00:46:35

Re: service openvpn start failure at centos 6

Post by gorbabor » 2017/01/18 00:51:26

Hi, can you try this :
edit your server.conf file by changing :

explicit-exit-notify 1
to
explicit-exit-notify 0

Post Reply