+ Reply to Thread
Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Mar 2009
    Location
    Connecticut, USA
    Posts
    3

    OpenVPN client shuts down on server error

     
    Hello,

    I'm newbie to OpenVPN, but I've read a zillion OpenVPN posts and how-to's, and the manual, and I still can't solve these three problems. I'm running the latest OpenVPN 2 on Linux Ubuntu 8.04.1 LTS server.

    The problems, which are related, are:

    1) How do I keep the OpenVPN client from exiting due to a server configuration error ?

    2) How do I set a static VPN IP address for each client ? There seems to be a mixup in whether a second parameter for ifconfig is a netmask or an IP addess.

    3) Do I need to have a route command for the ccd section for the server, when the route is implied by the address range 10.8.0.0 255.255.255.0 given for the server ?

    How do I keep the client running no matter what ? An error on the server's configuration shouldn't stop the client from trying to connect forever. The client seems to give up and stop trying to reach the server after a while.

    Here's the error that I'm getting from syslog on the B-client, whose machine name is U8W. The name of the server is U8S:

    .......................

    Mar 25 18:15:15 U8S ovpn-B-client[4729]: SENT CONTROL [U8W]: 'PUSH_REQUEST' (status=1)
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.17 255.255.255.0'
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: OPTIONS IMPORT: timers and/or timeouts modified
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: OPTIONS IMPORT: --ifconfig/up options modified
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: OPTIONS IMPORT: route options modified
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
    Mar 25 18:15:15 U8S kernel: [ 54.873973] tun: Universal TUN/TAP device driver, 1.6
    Mar 25 18:15:15 U8S kernel: [ 54.873988] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: TUN/TAP device tun0 opened
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: TUN/TAP TX queue length set to 100
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: ifconfig tun0 10.8.0.17 pointopoint 255.255.255.0 mtu 1500
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: Linux ifconfig failed: shell command exited with error status: 1
    Mar 25 18:15:15 U8S ovpn-B-client[4729]: Exiting

    ...............

    There's a number of messages just like the one above, and then they stop.

    Here's my B-client.conf:

    .....................

    client
    dev tun
    proto udp
    remote a.b.c.d 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca /etc/openvpn/keys/ca.crt
    cert /etc/openvpn/keys/B-client.crt
    key /etc/openvpn/keys/B-client.key
    verb 3
    mute 20

    ...................

    Here's my server.conf. I want many clients who talk to a server. The clients don't need to talk to each other. There aren't any subnets behind any of the machines. I want to talk to the server via the Internet, and for those communications to be fed through the server through the vpn to the clients. The clients can also talk individually to the Internet:

    ......................

    local 192.168.192.126
    port 1194
    proto udp
    dev tun0
    ca /etc/openvpn/keys/ca.crt
    cert /etc/openvpn/keys/vpn-server.crt
    key /etc/openvpn/keys/vpn-server.key # This file should be kept secret
    dh /etc/openvpn/keys/dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    client-config-dir ccd
    route 10.8.0.0 255.255.255.0
    keepalive 10 120
    comp-lzo
    max-clients 100
    persist-key
    persist-tun
    status openvpn-status.log
    log-append openvpn.log
    verb 6
    mute 20

    ...................

    Here's /etc/openvpn/ccr/B-client. I want this client to have a static IP address of 10.8.0.10 within the vpn, but it's getting .17 as you can see from syslog:

    .....................

    ifconfig-push 10.8.0.1 10.8.0.10

    ......................

    Any suggestions ?

    Thank you.

    -- NewtownGal


  2. #2
    Goverment property now GroundZero3's Avatar
    Join Date
    Oct 2001
    Location
    NOVA
    Posts
    33,903
    Blog Entries
    46
    I could never get Static DHCP addresses working

    but you might want to check this out

    Putting OpenVPN in its place | The Fugue

    Your best bet is probably have a third party DHCP server do the addressing

    How do I keep the client running no matter what ? An error on the server's configuration shouldn't stop the client from trying to connect forever. The client seems to give up and stop trying to reach the server after a while.
    If the server is not setup right, the client can not complete the connection. That is how most software works espically when it comes to security and vpns. If they aren't setup correctly they will not connect!

    3) Do I need to have a route command for the ccd section for the server, when the route is implied by the address range 10.8.0.0 255.255.255.0 given for the server ?
    If the servers are on a different subnet, yes you will need the route command for that subnet on the server.

  3. #3
    Junior Member
    Join Date
    Mar 2009
    Location
    Connecticut, USA
    Posts
    3
    Thank you, GroundZero3, for the quick reply.

    I must correct one error that I made... The OpenVPN client, does, in fact, keep trying to connect to the server. Sorry about that error.

    I'd be happy to manually assign static vpn IP addresses to the clients, and to have them on the same subnet as the server. That's what I was trying to do with the client files in /etc/openvpn/ccd, of the form ifconfig-push <server vpn IP address> <client vpn IP address>. But the server is choosing its own vpn IP address and sending it to the clients (I've tried this with more than one), and I'm getting a netmask error on the client.

    I don't need DHCP.

    Any suggestions how to setup the static vpn IP addresses for the clients ???

    Thank you.

    -- NewtownGal

  4. #4
    Goverment property now GroundZero3's Avatar
    Join Date
    Oct 2001
    Location
    NOVA
    Posts
    33,903
    Blog Entries
    46
    Other than the link I gave you, I have no other thoughts

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. OpenVPN routing to server problem
    By MarLow in forum Networking and Internet
    Replies: 1
    Last Post: February 2nd, 2009, 10:00 AM
  2. Client-server LAN mail server?
    By chrissucks in forum Networking and Internet
    Replies: 2
    Last Post: November 24th, 2005, 02:23 PM
  3. Setting up a Windows Server 2000 Advance Client-Server network
    By chrissucks in forum Networking and Internet
    Replies: 9
    Last Post: November 21st, 2005, 08:04 PM
  4. Emule Client Server p2p (like kazaa)
    By Athrun in forum General Tech Discussion
    Replies: 0
    Last Post: September 3rd, 2005, 10:20 PM
  5. win2k server shuts down
    By corics15 in forum Technical Support
    Replies: 8
    Last Post: August 31st, 2005, 11:17 PM

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Recommended Sites: ResellerRatings Store Reviews