Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Umm... Sorry I've not get you so well.
What you need? What I should need to do?
I've no any "tun" directory inside "/etc/" ... Is that the problem? What I've to do?
Thanks again..
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT
- Thread starter robles
- Start date
- Status
Umm... Sorry I've not get you so well.
What you need? What I should need to do?
I've no any "tun" directory inside "/etc/" ... Is that the problem? What I've to do?
Thanks again..
zoomzoom
Guru
- Joined
- Sep 6, 2015
- Messages
- 677
Do you not have a separate interface you created for the VPN? I've never set up OpenVPN on freebsd, but on Linux, Windows, or OpenWrt, you create a separate [virtual] interface to route the vpn traffic over. If you don't have a separate interface, add the local directive back and post the openvpn.log after restarting the server.
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Ok, I got it.
I tried to put the single quotes or double ones... But I get an error and a Warning on trying start up the OpenVPN in the Jail. So I removed them.
Now... I've to create a directory "/etc/tun" and "/etc/tun0" inside the Jail ?
And I've to add another line "dev tun0" under "dev tun" line into the "openvpn.conf" ?
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Ok, I'm doing it now... So maybe I understood that I've only to create the directories "tun" inside the "/etc" folder. I'm trying right now and posting you the result in the openvpn.log.
zoomzoom
Guru
- Joined
- Sep 6, 2015
- Messages
- 677
No...
First, let's add the local directive back, restart the server, then please post the openvpn log again. My hunch is the log will show errors due to not having a vpn interface, however since I've never configured OpenVPN on FreeBSD, I need to verify if this is why you're having issues.
I'm not sure where you're getting "directories" from... I was talking about network interfaces, not directories. I'm not certain how to create a new network interface on FreeBSD, but it should be fairly simple and straightforward.... however, in order to see where your original problem is from, please re-add the local directive back prior to creating a network interface
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Sorry, I'm feeling a bit lost but I'm sure we are getting to the problem. I do not see any interface TUN.
Just to not be misunderstood and to be clear: Actually I'm "SSH" into the FreeNAS and from there I "JEXEC N tcsh" into the Jail (named: OpenVPN) I'm doing everything there like suggested at the main post of this thread.
Ok, I restarted the server and I am giving you some infos about the output I'm gettin:
I don't see any TUN interface here...
Code:
root@OpenVPN:/usr/local/etc/openvpn # ifconfig -l msk0 ipfw0 lo0 bridge0 epair0a
Code:
root@OpenVPN:/usr/local/etc/openvpn # cat openvpn.conf # local 192.168.0.20 server 10.0.0.0 255.255.255.0 port 1194 proto tcp dev tun dev tun0 ifconfig-pool-persist ipp.txt # LAN network: push "route 192.168.0.0 255.255.255.0" route 192.168.0.20 255.255.255.0 10.0.0.0 [... bla bla bla... all the same]
restarted the Jail I obtain:
Code:
root@OpenVPN:/usr/local/etc/openvpn # cat openvpn.log Fri Sep 30 00:36:05 2016 us=347744 Current Parameter Settings: Fri Sep 30 00:36:05 2016 us=348106 config = '/usr/local/etc/openvpn/openvpn.conf' Fri Sep 30 00:36:05 2016 us=348169 mode = 1 Fri Sep 30 00:36:05 2016 us=348214 show_ciphers = DISABLED Fri Sep 30 00:36:05 2016 us=348257 show_digests = DISABLED Fri Sep 30 00:36:05 2016 us=348298 show_engines = DISABLED Fri Sep 30 00:36:05 2016 us=348337 genkey = DISABLED Fri Sep 30 00:36:05 2016 us=348377 key_pass_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=348428 show_tls_ciphers = DISABLED Fri Sep 30 00:36:05 2016 us=348488 Connection profiles [default]: Fri Sep 30 00:36:05 2016 us=348530 proto = tcp-server Fri Sep 30 00:36:05 2016 us=348571 local = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=348611 local_port = 1194 Fri Sep 30 00:36:05 2016 us=348651 remote = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=348692 remote_port = 1194 Fri Sep 30 00:36:05 2016 us=348733 remote_float = DISABLED Fri Sep 30 00:36:05 2016 us=348772 bind_defined = DISABLED Fri Sep 30 00:36:05 2016 us=348831 bind_local = ENABLED Fri Sep 30 00:36:05 2016 us=348874 connect_retry_seconds = 5 Fri Sep 30 00:36:05 2016 us=348915 connect_timeout = 10 Fri Sep 30 00:36:05 2016 us=348954 connect_retry_max = 0 Fri Sep 30 00:36:05 2016 us=348995 socks_proxy_server = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=349034 socks_proxy_port = 0 Fri Sep 30 00:36:05 2016 us=349073 socks_proxy_retry = DISABLED Fri Sep 30 00:36:05 2016 us=349113 tun_mtu = 1500 Fri Sep 30 00:36:05 2016 us=349152 tun_mtu_defined = ENABLED Fri Sep 30 00:36:05 2016 us=349224 link_mtu = 1500 Fri Sep 30 00:36:05 2016 us=349267 link_mtu_defined = DISABLED Fri Sep 30 00:36:05 2016 us=349307 tun_mtu_extra = 0 Fri Sep 30 00:36:05 2016 us=349347 tun_mtu_extra_defined = DISABLED Fri Sep 30 00:36:05 2016 us=349387 mtu_discover_type = -1 Fri Sep 30 00:36:05 2016 us=349437 fragment = 0 Fri Sep 30 00:36:05 2016 us=349478 mssfix = 1450 Fri Sep 30 00:36:05 2016 us=349519 explicit_exit_notification = 0 Fri Sep 30 00:36:05 2016 us=349559 Connection profiles END Fri Sep 30 00:36:05 2016 us=349618 remote_random = DISABLED Fri Sep 30 00:36:05 2016 us=349661 ipchange = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=349703 dev = 'tun0' Fri Sep 30 00:36:05 2016 us=349742 dev_type = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=349782 dev_node = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=349824 lladdr = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=349865 topology = 1 Fri Sep 30 00:36:05 2016 us=349906 tun_ipv6 = DISABLED Fri Sep 30 00:36:05 2016 us=349945 ifconfig_local = '10.0.0.1' Fri Sep 30 00:36:05 2016 us=350005 ifconfig_remote_netmask = '10.0.0.2' Fri Sep 30 00:36:05 2016 us=350048 ifconfig_noexec = DISABLED Fri Sep 30 00:36:05 2016 us=350089 ifconfig_nowarn = DISABLED Fri Sep 30 00:36:05 2016 us=350130 ifconfig_ipv6_local = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=350171 ifconfig_ipv6_netbits = 0 Fri Sep 30 00:36:05 2016 us=350212 ifconfig_ipv6_remote = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=350252 shaper = 0 Fri Sep 30 00:36:05 2016 us=350294 mtu_test = 0 Fri Sep 30 00:36:05 2016 us=350354 mlock = DISABLED Fri Sep 30 00:36:05 2016 us=350396 keepalive_ping = 30 Fri Sep 30 00:36:05 2016 us=350447 keepalive_timeout = 120 Fri Sep 30 00:36:05 2016 us=350489 inactivity_timeout = 0 Fri Sep 30 00:36:05 2016 us=350529 ping_send_timeout = 30 Fri Sep 30 00:36:05 2016 us=350570 ping_rec_timeout = 240 Fri Sep 30 00:36:05 2016 us=350610 ping_rec_timeout_action = 2 Fri Sep 30 00:36:05 2016 us=350651 ping_timer_remote = DISABLED Fri Sep 30 00:36:05 2016 us=350709 remap_sigusr1 = 0 Fri Sep 30 00:36:05 2016 us=350750 persist_tun = ENABLED Fri Sep 30 00:36:05 2016 us=350790 persist_local_ip = DISABLED Fri Sep 30 00:36:05 2016 us=350831 persist_remote_ip = DISABLED Fri Sep 30 00:36:05 2016 us=350870 persist_key = ENABLED Fri Sep 30 00:36:05 2016 us=350910 passtos = DISABLED Fri Sep 30 00:36:05 2016 us=350950 resolve_retry_seconds = 1000000000 Fri Sep 30 00:36:05 2016 us=350991 username = 'nobody' Fri Sep 30 00:36:05 2016 us=351030 groupname = 'nobody' Fri Sep 30 00:36:05 2016 us=351084 chroot_dir = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=351125 cd_dir = '/usr/local/etc/openvpn' Fri Sep 30 00:36:05 2016 us=351165 writepid = '/var/run/openvpn.pid' Fri Sep 30 00:36:05 2016 us=351205 up_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=351245 down_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=351284 down_pre = DISABLED Fri Sep 30 00:36:05 2016 us=351324 up_restart = DISABLED Fri Sep 30 00:36:05 2016 us=351364 up_delay = DISABLED Fri Sep 30 00:36:05 2016 us=351541 daemon = ENABLED Fri Sep 30 00:36:05 2016 us=351604 inetd = 0 Fri Sep 30 00:36:05 2016 us=351645 log = ENABLED Fri Sep 30 00:36:05 2016 us=351685 suppress_timestamps = DISABLED Fri Sep 30 00:36:05 2016 us=351725 nice = 0 Fri Sep 30 00:36:05 2016 us=351765 verbosity = 7 Fri Sep 30 00:36:05 2016 us=351805 mute = 0 Fri Sep 30 00:36:05 2016 us=351845 gremlin = 0 Fri Sep 30 00:36:05 2016 us=351886 status_file = '/usr/local/etc/openvpn/openvpn.status' Fri Sep 30 00:36:05 2016 us=351956 status_file_version = 1 Fri Sep 30 00:36:05 2016 us=351999 status_file_update_freq = 60 Fri Sep 30 00:36:05 2016 us=352038 occ = ENABLED Fri Sep 30 00:36:05 2016 us=352077 rcvbuf = 0 Fri Sep 30 00:36:05 2016 us=352117 sndbuf = 0 Fri Sep 30 00:36:05 2016 us=352156 sockflags = 0 Fri Sep 30 00:36:05 2016 us=352195 fast_io = DISABLED Fri Sep 30 00:36:05 2016 us=352234 lzo = 7 Fri Sep 30 00:36:05 2016 us=352275 route_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=352334 route_default_gateway = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=352376 route_default_metric = 0 Fri Sep 30 00:36:05 2016 us=352425 route_noexec = DISABLED Fri Sep 30 00:36:05 2016 us=352467 route_delay = 0 Fri Sep 30 00:36:05 2016 us=352507 route_delay_window = 30 Fri Sep 30 00:36:05 2016 us=352547 route_delay_defined = DISABLED Fri Sep 30 00:36:05 2016 us=352588 route_nopull = DISABLED Fri Sep 30 00:36:05 2016 us=352628 route_gateway_via_dhcp = DISABLED Fri Sep 30 00:36:05 2016 us=352668 max_routes = 100 Fri Sep 30 00:36:05 2016 us=352724 allow_pull_fqdn = DISABLED Fri Sep 30 00:36:05 2016 us=352769 route 192.168.0.20/255.255.255.0/10.0.0.0/nil Fri Sep 30 00:36:05 2016 us=352810 route 10.0.0.0/255.255.255.0/nil/nil Fri Sep 30 00:36:05 2016 us=352852 management_addr = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=352891 management_port = 0 Fri Sep 30 00:36:05 2016 us=352932 management_user_pass = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=352972 management_log_history_cache = 250 Fri Sep 30 00:36:05 2016 us=353027 management_echo_buffer_size = 100 Fri Sep 30 00:36:05 2016 us=353069 management_write_peer_info_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=353111 management_client_user = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=353154 management_client_group = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=353196 management_flags = 0 Fri Sep 30 00:36:05 2016 us=353236 shared_secret_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=353276 key_direction = 1 Fri Sep 30 00:36:05 2016 us=353316 ciphername_defined = ENABLED Fri Sep 30 00:36:05 2016 us=353371 ciphername = 'AES-256-CBC' Fri Sep 30 00:36:05 2016 us=353417 authname_defined = ENABLED Fri Sep 30 00:36:05 2016 us=353461 authname = 'SHA1' Fri Sep 30 00:36:05 2016 us=353501 prng_hash = 'SHA1' Fri Sep 30 00:36:05 2016 us=353542 prng_nonce_secret_len = 16 Fri Sep 30 00:36:05 2016 us=353582 keysize = 0 Fri Sep 30 00:36:05 2016 us=353621 engine = DISABLED Fri Sep 30 00:36:05 2016 us=353661 replay = ENABLED Fri Sep 30 00:36:05 2016 us=353717 mute_replay_warnings = DISABLED Fri Sep 30 00:36:05 2016 us=353758 replay_window = 64 Fri Sep 30 00:36:05 2016 us=353799 replay_time = 15 Fri Sep 30 00:36:05 2016 us=353840 packet_id_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=353880 use_iv = ENABLED Fri Sep 30 00:36:05 2016 us=353923 test_crypto = DISABLED Fri Sep 30 00:36:05 2016 us=353968 tls_server = ENABLED Fri Sep 30 00:36:05 2016 us=354009 tls_client = DISABLED Fri Sep 30 00:36:05 2016 us=354052 key_method = 2 Fri Sep 30 00:36:05 2016 us=354121 ca_file = '/usr/local/etc/openvpn/keys/ca.crt' Fri Sep 30 00:36:05 2016 us=354167 ca_path = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354208 dh_file = '/usr/local/etc/openvpn/keys/dh.pem' Fri Sep 30 00:36:05 2016 us=354248 cert_file = '/usr/local/etc/openvpn/keys/server.crt' Fri Sep 30 00:36:05 2016 us=354288 extra_certs_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354330 priv_key_file = '/usr/local/etc/openvpn/keys/server.key' Fri Sep 30 00:36:05 2016 us=354371 pkcs12_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354448 cipher_list = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354493 tls_verify = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354534 tls_export_cert = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354575 verify_x509_type = 0 Fri Sep 30 00:36:05 2016 us=354615 verify_x509_name = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354655 crl_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=354694 ns_cert_type = 0 Fri Sep 30 00:36:05 2016 us=354734 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=354791 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=354832 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=354872 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=354912 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=354952 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=354992 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355031 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355070 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355115 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355172 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355214 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355255 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355295 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355337 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355377 remote_cert_ku = 0 Fri Sep 30 00:36:05 2016 us=355422 remote_cert_eku = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=355466 ssl_flags = 0 Fri Sep 30 00:36:05 2016 us=355522 tls_timeout = 2 Fri Sep 30 00:36:05 2016 us=355564 renegotiate_bytes = 0 Fri Sep 30 00:36:05 2016 us=355606 renegotiate_packets = 0 Fri Sep 30 00:36:05 2016 us=355647 renegotiate_seconds = 3600 Fri Sep 30 00:36:05 2016 us=355689 handshake_window = 60 Fri Sep 30 00:36:05 2016 us=355729 transition_window = 3600 Fri Sep 30 00:36:05 2016 us=355769 single_session = DISABLED Fri Sep 30 00:36:05 2016 us=355808 push_peer_info = DISABLED Fri Sep 30 00:36:05 2016 us=355847 tls_exit = DISABLED Fri Sep 30 00:36:05 2016 us=355904 tls_auth_file = '/usr/local/etc/openvpn/keys/ta.key' Fri Sep 30 00:36:05 2016 us=355954 server_network = 10.0.0.0 Fri Sep 30 00:36:05 2016 us=355998 server_netmask = 255.255.255.0 Fri Sep 30 00:36:05 2016 us=356054 server_network_ipv6 = :: Fri Sep 30 00:36:05 2016 us=356097 server_netbits_ipv6 = 0 Fri Sep 30 00:36:05 2016 us=356139 server_bridge_ip = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=356184 server_bridge_netmask = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=356228 server_bridge_pool_start = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=356295 server_bridge_pool_end = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=356340 push_entry = 'route 192.168.0.0 255.255.255.0' Fri Sep 30 00:36:05 2016 us=356382 push_entry = 'route 10.0.0.1' Fri Sep 30 00:36:05 2016 us=356430 push_entry = 'topology net30' Fri Sep 30 00:36:05 2016 us=356471 push_entry = 'ping 30' Fri Sep 30 00:36:05 2016 us=356513 push_entry = 'ping-restart 120' Fri Sep 30 00:36:05 2016 us=356555 ifconfig_pool_defined = ENABLED Fri Sep 30 00:36:05 2016 us=356623 ifconfig_pool_start = 10.0.0.4 Fri Sep 30 00:36:05 2016 us=356669 ifconfig_pool_end = 10.0.0.251 Fri Sep 30 00:36:05 2016 us=356713 ifconfig_pool_netmask = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=356756 ifconfig_pool_persist_filename = 'ipp.txt' Fri Sep 30 00:36:05 2016 us=356797 ifconfig_pool_persist_refresh_freq = 600 Fri Sep 30 00:36:05 2016 us=356839 ifconfig_ipv6_pool_defined = DISABLED Fri Sep 30 00:36:05 2016 us=356882 ifconfig_ipv6_pool_base = :: Fri Sep 30 00:36:05 2016 us=356948 ifconfig_ipv6_pool_netbits = 0 Fri Sep 30 00:36:05 2016 us=356992 n_bcast_buf = 256 Fri Sep 30 00:36:05 2016 us=357032 tcp_queue_limit = 64 Fri Sep 30 00:36:05 2016 us=357073 real_hash_size = 256 Fri Sep 30 00:36:05 2016 us=357115 virtual_hash_size = 256 Fri Sep 30 00:36:05 2016 us=357158 client_connect_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=357198 learn_address_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=357238 client_disconnect_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=357306 client_config_dir = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=357350 ccd_exclusive = DISABLED Fri Sep 30 00:36:05 2016 us=357391 tmp_dir = '/tmp' Fri Sep 30 00:36:05 2016 us=357438 push_ifconfig_defined = DISABLED Fri Sep 30 00:36:05 2016 us=357487 push_ifconfig_local = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=357531 push_ifconfig_remote_netmask = 0.0.0.0 Fri Sep 30 00:36:05 2016 us=357573 push_ifconfig_ipv6_defined = DISABLED Fri Sep 30 00:36:05 2016 us=357616 push_ifconfig_ipv6_local = ::/0 Fri Sep 30 00:36:05 2016 us=357685 push_ifconfig_ipv6_remote = :: Fri Sep 30 00:36:05 2016 us=357728 enable_c2c = DISABLED Fri Sep 30 00:36:05 2016 us=357768 duplicate_cn = DISABLED Fri Sep 30 00:36:05 2016 us=357809 cf_max = 0 Fri Sep 30 00:36:05 2016 us=357850 cf_per = 0 Fri Sep 30 00:36:05 2016 us=357891 max_clients = 1024 Fri Sep 30 00:36:05 2016 us=357930 max_routes_per_client = 256 Fri Sep 30 00:36:05 2016 us=357970 auth_user_pass_verify_script = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=358027 auth_user_pass_verify_script_via_file = DISABLED Fri Sep 30 00:36:05 2016 us=358069 port_share_host = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=358110 port_share_port = 0 Fri Sep 30 00:36:05 2016 us=358150 client = DISABLED Fri Sep 30 00:36:05 2016 us=358193 pull = DISABLED Fri Sep 30 00:36:05 2016 us=358235 auth_user_pass_file = '[UNDEF]' Fri Sep 30 00:36:05 2016 us=358280 OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016 Fri Sep 30 00:36:05 2016 us=358365 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09 Fri Sep 30 00:36:05 2016 us=359922 Could not retrieve default gateway from route socket:: No such process (errno=3) Fri Sep 30 00:36:05 2016 us=446084 Diffie-Hellman initialized with 2048 bit key
Can I tell you how to verify the presence of the interface TUN or how to create it?
At the main topic of this thread there is a sort of script, this one:
Code:
#!/bin/sh
EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair0a)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.0.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}
TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0
ipfw.rules file... for the firewall I suppose, but there is a way to turn off the firewall?
If I run the script I obtain this output:
Code:
root@OpenVPN:/usr/local/etc # sh ipfw.rules ipfw: setsockopt(IP_FW_FLUSH): Operation not permitted ipfw: epair0a: cannot get interface address ipfw: getsockopt(IP_FW_ADD): Operation not permitted ipfw: getsockopt(IP_FW_ADD): Operation not permitted ifconfig: interface name does not exist root@OpenVPN:/usr/local/etc #
Last edited:
zoomzoom
Guru
- Joined
- Sep 6, 2015
- Messages
- 677
You're issue is that you have not created a virtual interface for your vpn, per the second to last line in your openvpn.log:
Googling that line comes up with these results, with this one being from the FreeBSD forum
Code:
Could not retrieve default gateway from route socket:: No such process (errno=3)
Googling that line comes up with these results, with this one being from the FreeBSD forum
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Yeah.. To be honest I noticed it days ago and I Googled too but I was into many things and I really didn't found the solution.
Now I don't know where to go.
I succeded on creating the interface TUN ...
On my FreeNAS there are: "tun1" and "epair0a"
Code:
[freenas@freenas] ~% ifconfig -l msk0 ipfw0 lo0 tun1 bridge0 epair0a
On my Jail there are: "tun0" and "epair0b"
Code:
root@OpenVPN:/ # ifconfig -l lo0 epair0b tun0
My "openvpn.conf" file report as parameter only: "dev tun0"
The "rc.conf" is this one:
Code:
root@OpenVPN:/ # cat /etc/rc.conf portmap_enable="NO" sshd_enable="NO" sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" hostname="OpenVPN" devfs_enable="YES" devfs_system_ruleset="devfsrules_common" openvpn_enable="YES" openvpn_if="tun" openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf" openvpn_dir="/usr/local/etc/openvpn" cloned_interfaces="tun" gateway_enable="YES" firewall_enable="YES" firewall_script="/usr/local/etc/ipfw.rules"
I've also added these rules to the "/etc/devfs.rules"
Code:
root@OpenVPN:/ # cat /etc/devfs.rules # # The following are some default rules for devfs(5) mounts. [...blablabla...] # Devices typically needed to support logged-in users. # Requires: devfsrules_hide_all # [devfsrules_unhide_login=3] add path 'ptyp*' unhide [...blablabla...] add path tun0 unhide add path tun1 unhide add path tun unhide
So actually restarting the Jail still no openvpn service running and again an "openvpn.status" to 0 bytes and an "openvpn.log" like this (without errors):
Code:
root@OpenVPN:/usr/local/etc/openvpn # cat openvpn.log Fri Sep 30 01:21:26 2016 us=6373 Current Parameter Settings: Fri Sep 30 01:21:26 2016 us=6701 config = '/usr/local/etc/openvpn/openvpn.conf' Fri Sep 30 01:21:26 2016 us=6745 mode = 1 Fri Sep 30 01:21:26 2016 us=6786 show_ciphers = DISABLED Fri Sep 30 01:21:26 2016 us=6827 show_digests = DISABLED Fri Sep 30 01:21:26 2016 us=6868 show_engines = DISABLED Fri Sep 30 01:21:26 2016 us=6907 genkey = DISABLED Fri Sep 30 01:21:26 2016 us=6946 key_pass_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=6986 show_tls_ciphers = DISABLED Fri Sep 30 01:21:26 2016 us=7040 Connection profiles [default]: Fri Sep 30 01:21:26 2016 us=7080 proto = tcp-server Fri Sep 30 01:21:26 2016 us=7119 local = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=7158 local_port = 1194 Fri Sep 30 01:21:26 2016 us=7196 remote = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=7236 remote_port = 1194 Fri Sep 30 01:21:26 2016 us=7275 remote_float = DISABLED Fri Sep 30 01:21:26 2016 us=7314 bind_defined = DISABLED Fri Sep 30 01:21:26 2016 us=7352 bind_local = ENABLED Fri Sep 30 01:21:26 2016 us=7401 connect_retry_seconds = 5 Fri Sep 30 01:21:26 2016 us=7451 connect_timeout = 10 Fri Sep 30 01:21:26 2016 us=7490 connect_retry_max = 0 Fri Sep 30 01:21:26 2016 us=7529 socks_proxy_server = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=7568 socks_proxy_port = 0 Fri Sep 30 01:21:26 2016 us=7606 socks_proxy_retry = DISABLED Fri Sep 30 01:21:26 2016 us=7644 tun_mtu = 1500 Fri Sep 30 01:21:26 2016 us=7682 tun_mtu_defined = ENABLED Fri Sep 30 01:21:26 2016 us=7721 link_mtu = 1500 Fri Sep 30 01:21:26 2016 us=7770 link_mtu_defined = DISABLED Fri Sep 30 01:21:26 2016 us=7809 tun_mtu_extra = 0 Fri Sep 30 01:21:26 2016 us=7848 tun_mtu_extra_defined = DISABLED Fri Sep 30 01:21:26 2016 us=7886 mtu_discover_type = -1 Fri Sep 30 01:21:26 2016 us=7924 fragment = 0 Fri Sep 30 01:21:26 2016 us=7962 mssfix = 1450 Fri Sep 30 01:21:26 2016 us=8001 explicit_exit_notification = 0 Fri Sep 30 01:21:26 2016 us=8039 Connection profiles END Fri Sep 30 01:21:26 2016 us=8077 remote_random = DISABLED Fri Sep 30 01:21:26 2016 us=8126 ipchange = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=8165 dev = 'tun0' Fri Sep 30 01:21:26 2016 us=8205 dev_type = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=8244 dev_node = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=8283 lladdr = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=8322 topology = 1 Fri Sep 30 01:21:26 2016 us=8361 tun_ipv6 = DISABLED Fri Sep 30 01:21:26 2016 us=8400 ifconfig_local = '10.0.0.1' Fri Sep 30 01:21:26 2016 us=8458 ifconfig_remote_netmask = '10.0.0.2' Fri Sep 30 01:21:26 2016 us=8510 ifconfig_noexec = DISABLED Fri Sep 30 01:21:26 2016 us=8550 ifconfig_nowarn = DISABLED Fri Sep 30 01:21:26 2016 us=8589 ifconfig_ipv6_local = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=8628 ifconfig_ipv6_netbits = 0 Fri Sep 30 01:21:26 2016 us=8675 ifconfig_ipv6_remote = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=8714 shaper = 0 Fri Sep 30 01:21:26 2016 us=8753 mtu_test = 0 Fri Sep 30 01:21:26 2016 us=8792 mlock = DISABLED Fri Sep 30 01:21:26 2016 us=8831 keepalive_ping = 30 Fri Sep 30 01:21:26 2016 us=8881 keepalive_timeout = 120 Fri Sep 30 01:21:26 2016 us=8920 inactivity_timeout = 0 Fri Sep 30 01:21:26 2016 us=8959 ping_send_timeout = 30 Fri Sep 30 01:21:26 2016 us=8998 ping_rec_timeout = 240 Fri Sep 30 01:21:26 2016 us=9037 ping_rec_timeout_action = 2 Fri Sep 30 01:21:26 2016 us=9075 ping_timer_remote = DISABLED Fri Sep 30 01:21:26 2016 us=9114 remap_sigusr1 = 0 Fri Sep 30 01:21:26 2016 us=9153 persist_tun = ENABLED Fri Sep 30 01:21:26 2016 us=9203 persist_local_ip = DISABLED Fri Sep 30 01:21:26 2016 us=9241 persist_remote_ip = DISABLED Fri Sep 30 01:21:26 2016 us=9280 persist_key = ENABLED Fri Sep 30 01:21:26 2016 us=9319 passtos = DISABLED Fri Sep 30 01:21:26 2016 us=9358 resolve_retry_seconds = 1000000000 Fri Sep 30 01:21:26 2016 us=9398 username = 'nobody' Fri Sep 30 01:21:26 2016 us=9446 groupname = 'nobody' Fri Sep 30 01:21:26 2016 us=9485 chroot_dir = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=9524 cd_dir = '/usr/local/etc/openvpn' Fri Sep 30 01:21:26 2016 us=9576 writepid = '/var/run/openvpn.pid' Fri Sep 30 01:21:26 2016 us=9616 up_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=9655 down_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=9694 down_pre = DISABLED Fri Sep 30 01:21:26 2016 us=9733 up_restart = DISABLED Fri Sep 30 01:21:26 2016 us=9772 up_delay = DISABLED Fri Sep 30 01:21:26 2016 us=9810 daemon = ENABLED Fri Sep 30 01:21:26 2016 us=9849 inetd = 0 Fri Sep 30 01:21:26 2016 us=9888 log = ENABLED Fri Sep 30 01:21:26 2016 us=9940 suppress_timestamps = DISABLED Fri Sep 30 01:21:26 2016 us=9979 nice = 0 Fri Sep 30 01:21:26 2016 us=10018 verbosity = 7 Fri Sep 30 01:21:26 2016 us=10057 mute = 0 Fri Sep 30 01:21:26 2016 us=10096 gremlin = 0 Fri Sep 30 01:21:26 2016 us=10135 status_file = '/usr/local/etc/openvpn/openvpn.status' Fri Sep 30 01:21:26 2016 us=10174 status_file_version = 1 Fri Sep 30 01:21:26 2016 us=10213 status_file_update_freq = 60 Fri Sep 30 01:21:26 2016 us=10251 occ = ENABLED Fri Sep 30 01:21:26 2016 us=10303 rcvbuf = 0 Fri Sep 30 01:21:26 2016 us=10343 sndbuf = 0 Fri Sep 30 01:21:26 2016 us=10382 sockflags = 0 Fri Sep 30 01:21:26 2016 us=10438 fast_io = DISABLED Fri Sep 30 01:21:26 2016 us=10478 lzo = 7 Fri Sep 30 01:21:26 2016 us=10518 route_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=10557 route_default_gateway = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=10597 route_default_metric = 0 Fri Sep 30 01:21:26 2016 us=10635 route_noexec = DISABLED Fri Sep 30 01:21:26 2016 us=10686 route_delay = 0 Fri Sep 30 01:21:26 2016 us=10725 route_delay_window = 30 Fri Sep 30 01:21:26 2016 us=10765 route_delay_defined = DISABLED Fri Sep 30 01:21:26 2016 us=10804 route_nopull = DISABLED Fri Sep 30 01:21:26 2016 us=10843 route_gateway_via_dhcp = DISABLED Fri Sep 30 01:21:26 2016 us=10882 max_routes = 100 Fri Sep 30 01:21:26 2016 us=10921 allow_pull_fqdn = DISABLED Fri Sep 30 01:21:26 2016 us=10962 route 192.168.0.20/255.255.255.0/10.0.0.0/nil Fri Sep 30 01:21:26 2016 us=11013 route 10.0.0.0/255.255.255.0/nil/nil Fri Sep 30 01:21:26 2016 us=11053 management_addr = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=11092 management_port = 0 Fri Sep 30 01:21:26 2016 us=11131 management_user_pass = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=11171 management_log_history_cache = 250 Fri Sep 30 01:21:26 2016 us=11210 management_echo_buffer_size = 100 Fri Sep 30 01:21:26 2016 us=11249 management_write_peer_info_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=11288 management_client_user = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=11339 management_client_group = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=11378 management_flags = 0 Fri Sep 30 01:21:26 2016 us=11425 shared_secret_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=11464 key_direction = 1 Fri Sep 30 01:21:26 2016 us=11503 ciphername_defined = ENABLED Fri Sep 30 01:21:26 2016 us=11543 ciphername = 'AES-256-CBC' Fri Sep 30 01:21:26 2016 us=11582 authname_defined = ENABLED Fri Sep 30 01:21:26 2016 us=11622 authname = 'SHA1' Fri Sep 30 01:21:26 2016 us=11673 prng_hash = 'SHA1' Fri Sep 30 01:21:26 2016 us=11713 prng_nonce_secret_len = 16 Fri Sep 30 01:21:26 2016 us=11753 keysize = 0 Fri Sep 30 01:21:26 2016 us=11793 engine = DISABLED Fri Sep 30 01:21:26 2016 us=11832 replay = ENABLED Fri Sep 30 01:21:26 2016 us=11872 mute_replay_warnings = DISABLED Fri Sep 30 01:21:26 2016 us=11911 replay_window = 64 Fri Sep 30 01:21:26 2016 us=11951 replay_time = 15 Fri Sep 30 01:21:26 2016 us=11990 packet_id_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12041 use_iv = ENABLED Fri Sep 30 01:21:26 2016 us=12081 test_crypto = DISABLED Fri Sep 30 01:21:26 2016 us=12120 tls_server = ENABLED Fri Sep 30 01:21:26 2016 us=12159 tls_client = DISABLED Fri Sep 30 01:21:26 2016 us=12198 key_method = 2 Fri Sep 30 01:21:26 2016 us=12237 ca_file = '/usr/local/etc/openvpn/keys/ca.crt' Fri Sep 30 01:21:26 2016 us=12276 ca_path = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12316 dh_file = '/usr/local/etc/openvpn/keys/dh.pem' Fri Sep 30 01:21:26 2016 us=12371 cert_file = '/usr/local/etc/openvpn/keys/server.crt' Fri Sep 30 01:21:26 2016 us=12427 extra_certs_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12469 priv_key_file = '/usr/local/etc/openvpn/keys/server.key' Fri Sep 30 01:21:26 2016 us=12509 pkcs12_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12548 cipher_list = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12587 tls_verify = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12626 tls_export_cert = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12682 verify_x509_type = 0 Fri Sep 30 01:21:26 2016 us=12722 verify_x509_name = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12761 crl_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=12800 ns_cert_type = 0 Fri Sep 30 01:21:26 2016 us=12840 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=12878 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=12917 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=12956 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=12995 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13050 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13089 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13128 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13167 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13206 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13244 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13283 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13321 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13360 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13419 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13460 remote_cert_ku = 0 Fri Sep 30 01:21:26 2016 us=13500 remote_cert_eku = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=13539 ssl_flags = 0 Fri Sep 30 01:21:26 2016 us=13579 tls_timeout = 2 Fri Sep 30 01:21:26 2016 us=13618 renegotiate_bytes = 0 Fri Sep 30 01:21:26 2016 us=13657 renegotiate_packets = 0 Fri Sep 30 01:21:26 2016 us=13696 renegotiate_seconds = 3600 Fri Sep 30 01:21:26 2016 us=13735 handshake_window = 60 Fri Sep 30 01:21:26 2016 us=13787 transition_window = 3600 Fri Sep 30 01:21:26 2016 us=13827 single_session = DISABLED Fri Sep 30 01:21:26 2016 us=13867 push_peer_info = DISABLED Fri Sep 30 01:21:26 2016 us=13906 tls_exit = DISABLED Fri Sep 30 01:21:26 2016 us=13945 tls_auth_file = '/usr/local/etc/openvpn/keys/ta.key' Fri Sep 30 01:21:26 2016 us=13989 server_network = 10.0.0.0 Fri Sep 30 01:21:26 2016 us=14031 server_netmask = 255.255.255.0 Fri Sep 30 01:21:26 2016 us=14077 server_network_ipv6 = :: Fri Sep 30 01:21:26 2016 us=14130 server_netbits_ipv6 = 0 Fri Sep 30 01:21:26 2016 us=14173 server_bridge_ip = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=14215 server_bridge_netmask = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=14257 server_bridge_pool_start = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=14298 server_bridge_pool_end = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=14338 push_entry = 'route 192.168.0.0 255.255.255.0' Fri Sep 30 01:21:26 2016 us=14377 push_entry = 'route 10.0.0.1' Fri Sep 30 01:21:26 2016 us=14450 push_entry = 'topology net30' Fri Sep 30 01:21:26 2016 us=14493 push_entry = 'ping 30' Fri Sep 30 01:21:26 2016 us=14532 push_entry = 'ping-restart 120' Fri Sep 30 01:21:26 2016 us=14571 ifconfig_pool_defined = ENABLED Fri Sep 30 01:21:26 2016 us=14612 ifconfig_pool_start = 10.0.0.4 Fri Sep 30 01:21:26 2016 us=14653 ifconfig_pool_end = 10.0.0.251 Fri Sep 30 01:21:26 2016 us=14694 ifconfig_pool_netmask = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=14732 ifconfig_pool_persist_filename = 'ipp.txt' Fri Sep 30 01:21:26 2016 us=14785 ifconfig_pool_persist_refresh_freq = 600 Fri Sep 30 01:21:26 2016 us=14825 ifconfig_ipv6_pool_defined = DISABLED Fri Sep 30 01:21:26 2016 us=14864 ifconfig_ipv6_pool_base = :: Fri Sep 30 01:21:26 2016 us=14904 ifconfig_ipv6_pool_netbits = 0 Fri Sep 30 01:21:26 2016 us=14943 n_bcast_buf = 256 Fri Sep 30 01:21:26 2016 us=14981 tcp_queue_limit = 64 Fri Sep 30 01:21:26 2016 us=15020 real_hash_size = 256 Fri Sep 30 01:21:26 2016 us=15058 virtual_hash_size = 256 Fri Sep 30 01:21:26 2016 us=15110 client_connect_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=15150 learn_address_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=15189 client_disconnect_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=15228 client_config_dir = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=15266 ccd_exclusive = DISABLED Fri Sep 30 01:21:26 2016 us=15305 tmp_dir = '/tmp' Fri Sep 30 01:21:26 2016 us=15343 push_ifconfig_defined = DISABLED Fri Sep 30 01:21:26 2016 us=15385 push_ifconfig_local = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=15445 push_ifconfig_remote_netmask = 0.0.0.0 Fri Sep 30 01:21:26 2016 us=15485 push_ifconfig_ipv6_defined = DISABLED Fri Sep 30 01:21:26 2016 us=15526 push_ifconfig_ipv6_local = ::/0 Fri Sep 30 01:21:26 2016 us=15566 push_ifconfig_ipv6_remote = :: Fri Sep 30 01:21:26 2016 us=15605 enable_c2c = DISABLED Fri Sep 30 01:21:26 2016 us=15644 duplicate_cn = DISABLED Fri Sep 30 01:21:26 2016 us=15683 cf_max = 0 Fri Sep 30 01:21:26 2016 us=15736 cf_per = 0 Fri Sep 30 01:21:26 2016 us=15775 max_clients = 1024 Fri Sep 30 01:21:26 2016 us=15814 max_routes_per_client = 256 Fri Sep 30 01:21:26 2016 us=15852 auth_user_pass_verify_script = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=15891 auth_user_pass_verify_script_via_file = DISABLED Fri Sep 30 01:21:26 2016 us=15929 port_share_host = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=15968 port_share_port = 0 Fri Sep 30 01:21:26 2016 us=16006 client = DISABLED Fri Sep 30 01:21:26 2016 us=16044 pull = DISABLED Fri Sep 30 01:21:26 2016 us=16096 auth_user_pass_file = '[UNDEF]' Fri Sep 30 01:21:26 2016 us=16137 OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016 Fri Sep 30 01:21:26 2016 us=16183 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09 Fri Sep 30 01:21:26 2016 us=103224 Diffie-Hellman initialized with 2048 bit key
and try to running it again:
Code:
root@OpenVPN:/usr/local/etc/openvpn # /usr/local/etc/rc.d/openvpn start Starting openvpn. root@OpenVPN:/usr/local/etc/openvpn # /usr/local/etc/rc.d/openvpn status openvpn is not running. root@OpenVPN:/usr/local/etc/openvpn #
Really what to do now? I've no idea...
Last edited:
robles
Explorer
- Joined
- Jul 29, 2014
- Messages
- 89
Why does your openvpn.conf have two dev tun?
Try and check your /etc/rc.conf, do you have your cloned_interfaces="tun" line? Your firewall script is failing because it can't find your tunnel interface.
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Hello Robles, thank you for your answer.
Actually, I have already removed the two
dev tun in openvpn.conf. I left only " dev tun" but I did try also with " dev tun0".Yes, my
rc.conf has the line cloned_interfaces="tun".My firewall scripting now is running and the result is only on the last line of it:
Code:
root@OpenVPN:/usr/local/etc # sh ipfw.rules ifconfig: ioctl (set name): File exists
Is there a way to exclude the firewall just for a try? Do you think it can be the problem?
robles
Explorer
- Joined
- Jul 29, 2014
- Messages
- 89
Is your openvpn log complete? it ends on
Code:
Fri Sep 30 00:36:05 2016 us=446084 Diffie-Hellman initialized with 2048 bit key
But it should display the TUN/TAP interface after the ROUTE_GATEWAY line. I see you have verbosity set to 7 so it's not that, since I can see that on level 5.
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Seems yes... Here is like it ends:
Code:
root@OpenVPN:/usr/local/etc/openvpn # tail openvpn.log Fri Sep 30 02:13:43 2016 us=59807 auth_user_pass_verify_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59845 auth_user_pass_verify_script_via_file = DISABLED Fri Sep 30 02:13:43 2016 us=59884 port_share_host = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59922 port_share_port = 0 Fri Sep 30 02:13:43 2016 us=59973 client = DISABLED Fri Sep 30 02:13:43 2016 us=60013 pull = DISABLED Fri Sep 30 02:13:43 2016 us=60051 auth_user_pass_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=60091 OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016 Fri Sep 30 02:13:43 2016 us=60136 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09 Fri Sep 30 02:13:43 2016 us=146633 Diffie-Hellman initialized with 2048 bit key
robles
Explorer
- Joined
- Jul 29, 2014
- Messages
- 89
That's strange. I have no leads here. I'll post my log at verbosity 7 here in hopes it may give you a clue on what to do. I'd advice to upgrade to FreeNAS 9.10 but you mentioned it wasn't an option. Try and upgrade everything you can in the jail with pkg update; pkg upgrade.
Code:
[root@openvpn /usr/local/etc/openvpn]# openvpn --verb 7 --config /usr/local/etc/openvpn/openvpn.conf Thu Sep 29 19:29:00 2016 us=351017 Current Parameter Settings: Thu Sep 29 19:29:00 2016 us=351316 config = '/usr/local/etc/openvpn/openvpn.conf' Thu Sep 29 19:29:00 2016 us=351335 mode = 1 Thu Sep 29 19:29:00 2016 us=351348 show_ciphers = DISABLED Thu Sep 29 19:29:00 2016 us=351361 show_digests = DISABLED Thu Sep 29 19:29:00 2016 us=351373 show_engines = DISABLED Thu Sep 29 19:29:00 2016 us=351386 genkey = DISABLED Thu Sep 29 19:29:00 2016 us=351399 key_pass_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351411 show_tls_ciphers = DISABLED Thu Sep 29 19:29:00 2016 us=351424 Connection profiles [default]: Thu Sep 29 19:29:00 2016 us=351438 proto = udp Thu Sep 29 19:29:00 2016 us=351450 local = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351463 local_port = 10011 Thu Sep 29 19:29:00 2016 us=351476 remote = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351489 remote_port = 10011 Thu Sep 29 19:29:00 2016 us=351502 remote_float = DISABLED Thu Sep 29 19:29:00 2016 us=351512 bind_defined = DISABLED Thu Sep 29 19:29:00 2016 us=351523 bind_local = ENABLED Thu Sep 29 19:29:00 2016 us=351532 connect_retry_seconds = 5 Thu Sep 29 19:29:00 2016 us=351541 connect_timeout = 10 Thu Sep 29 19:29:00 2016 us=351550 connect_retry_max = 0 Thu Sep 29 19:29:00 2016 us=351559 socks_proxy_server = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351568 socks_proxy_port = 0 Thu Sep 29 19:29:00 2016 us=351577 socks_proxy_retry = DISABLED Thu Sep 29 19:29:00 2016 us=351586 tun_mtu = 1500 Thu Sep 29 19:29:00 2016 us=351595 tun_mtu_defined = ENABLED Thu Sep 29 19:29:00 2016 us=351604 link_mtu = 1500 Thu Sep 29 19:29:00 2016 us=351613 link_mtu_defined = DISABLED Thu Sep 29 19:29:00 2016 us=351622 tun_mtu_extra = 0 Thu Sep 29 19:29:00 2016 us=351631 tun_mtu_extra_defined = DISABLED Thu Sep 29 19:29:00 2016 us=351640 mtu_discover_type = -1 Thu Sep 29 19:29:00 2016 us=351650 fragment = 0 Thu Sep 29 19:29:00 2016 us=351658 mssfix = 1450 Thu Sep 29 19:29:00 2016 us=351667 explicit_exit_notification = 0 Thu Sep 29 19:29:00 2016 us=351676 Connection profiles END Thu Sep 29 19:29:00 2016 us=351685 remote_random = DISABLED Thu Sep 29 19:29:00 2016 us=351694 ipchange = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351703 dev = 'tun' Thu Sep 29 19:29:00 2016 us=351712 dev_type = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351720 dev_node = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351729 lladdr = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351738 topology = 1 Thu Sep 29 19:29:00 2016 us=351747 tun_ipv6 = DISABLED Thu Sep 29 19:29:00 2016 us=351756 ifconfig_local = '172.16.8.1' Thu Sep 29 19:29:00 2016 us=351765 ifconfig_remote_netmask = '172.16.8.2' Thu Sep 29 19:29:00 2016 us=351774 ifconfig_noexec = DISABLED Thu Sep 29 19:29:00 2016 us=351782 ifconfig_nowarn = DISABLED Thu Sep 29 19:29:00 2016 us=351791 ifconfig_ipv6_local = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351800 ifconfig_ipv6_netbits = 0 Thu Sep 29 19:29:00 2016 us=351809 ifconfig_ipv6_remote = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351818 shaper = 0 Thu Sep 29 19:29:00 2016 us=351827 mtu_test = 0 Thu Sep 29 19:29:00 2016 us=351836 mlock = DISABLED Thu Sep 29 19:29:00 2016 us=351845 keepalive_ping = 10 Thu Sep 29 19:29:00 2016 us=351853 keepalive_timeout = 120 Thu Sep 29 19:29:00 2016 us=351862 inactivity_timeout = 0 Thu Sep 29 19:29:00 2016 us=351871 ping_send_timeout = 10 Thu Sep 29 19:29:00 2016 us=351879 ping_rec_timeout = 240 Thu Sep 29 19:29:00 2016 us=351888 ping_rec_timeout_action = 2 Thu Sep 29 19:29:00 2016 us=351897 ping_timer_remote = DISABLED Thu Sep 29 19:29:00 2016 us=351906 remap_sigusr1 = 0 Thu Sep 29 19:29:00 2016 us=351915 persist_tun = ENABLED Thu Sep 29 19:29:00 2016 us=351925 persist_local_ip = DISABLED Thu Sep 29 19:29:00 2016 us=351933 persist_remote_ip = DISABLED Thu Sep 29 19:29:00 2016 us=351942 persist_key = ENABLED Thu Sep 29 19:29:00 2016 us=351951 passtos = DISABLED Thu Sep 29 19:29:00 2016 us=351960 resolve_retry_seconds = 1000000000 Thu Sep 29 19:29:00 2016 us=351969 username = 'nobody' Thu Sep 29 19:29:00 2016 us=351977 groupname = 'nobody' Thu Sep 29 19:29:00 2016 us=351986 chroot_dir = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=351995 cd_dir = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352004 writepid = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352013 up_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352022 down_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352031 down_pre = DISABLED Thu Sep 29 19:29:00 2016 us=352039 up_restart = DISABLED Thu Sep 29 19:29:00 2016 us=352048 up_delay = DISABLED Thu Sep 29 19:29:00 2016 us=352057 daemon = DISABLED Thu Sep 29 19:29:00 2016 us=352065 inetd = 0 Thu Sep 29 19:29:00 2016 us=352075 log = DISABLED Thu Sep 29 19:29:00 2016 us=352083 suppress_timestamps = DISABLED Thu Sep 29 19:29:00 2016 us=352093 nice = 0 Thu Sep 29 19:29:00 2016 us=352101 verbosity = 5 Thu Sep 29 19:29:00 2016 us=352110 mute = 0 Thu Sep 29 19:29:00 2016 us=352119 gremlin = 0 Thu Sep 29 19:29:00 2016 us=352127 status_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352136 status_file_version = 1 Thu Sep 29 19:29:00 2016 us=352147 status_file_update_freq = 60 Thu Sep 29 19:29:00 2016 us=352156 occ = ENABLED Thu Sep 29 19:29:00 2016 us=352165 rcvbuf = 0 Thu Sep 29 19:29:00 2016 us=352174 sndbuf = 0 Thu Sep 29 19:29:00 2016 us=352183 sockflags = 0 Thu Sep 29 19:29:00 2016 us=352191 fast_io = DISABLED Thu Sep 29 19:29:00 2016 us=352200 lzo = 7 Thu Sep 29 19:29:00 2016 us=352209 route_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352218 route_default_gateway = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352227 route_default_metric = 0 Thu Sep 29 19:29:00 2016 us=352235 route_noexec = DISABLED Thu Sep 29 19:29:00 2016 us=352244 route_delay = 0 Thu Sep 29 19:29:00 2016 us=352253 route_delay_window = 30 Thu Sep 29 19:29:00 2016 us=352262 route_delay_defined = DISABLED Thu Sep 29 19:29:00 2016 us=352271 route_nopull = DISABLED Thu Sep 29 19:29:00 2016 us=352280 route_gateway_via_dhcp = DISABLED Thu Sep 29 19:29:00 2016 us=352289 max_routes = 100 Thu Sep 29 19:29:00 2016 us=352298 allow_pull_fqdn = DISABLED Thu Sep 29 19:29:00 2016 us=352308 route 172.16.8.0/255.255.255.0/nil/nil Thu Sep 29 19:29:00 2016 us=352318 management_addr = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352327 management_port = 0 Thu Sep 29 19:29:00 2016 us=352336 management_user_pass = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352345 management_log_history_cache = 250 Thu Sep 29 19:29:00 2016 us=352354 management_echo_buffer_size = 100 Thu Sep 29 19:29:00 2016 us=352363 management_write_peer_info_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352372 management_client_user = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352381 management_client_group = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352390 management_flags = 0 Thu Sep 29 19:29:00 2016 us=352399 shared_secret_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352408 key_direction = 1 Thu Sep 29 19:29:00 2016 us=352416 ciphername_defined = ENABLED Thu Sep 29 19:29:00 2016 us=352425 ciphername = 'AES-256-CBC' Thu Sep 29 19:29:00 2016 us=352434 authname_defined = ENABLED Thu Sep 29 19:29:00 2016 us=352443 authname = 'SHA1' Thu Sep 29 19:29:00 2016 us=352452 prng_hash = 'SHA1' Thu Sep 29 19:29:00 2016 us=352461 prng_nonce_secret_len = 16 Thu Sep 29 19:29:00 2016 us=352470 keysize = 0 Thu Sep 29 19:29:00 2016 us=352478 engine = DISABLED Thu Sep 29 19:29:00 2016 us=352487 replay = ENABLED Thu Sep 29 19:29:00 2016 us=352496 mute_replay_warnings = DISABLED Thu Sep 29 19:29:00 2016 us=352505 replay_window = 64 Thu Sep 29 19:29:00 2016 us=352514 replay_time = 15 Thu Sep 29 19:29:00 2016 us=352523 packet_id_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352532 use_iv = ENABLED Thu Sep 29 19:29:00 2016 us=352541 test_crypto = DISABLED Thu Sep 29 19:29:00 2016 us=352550 tls_server = ENABLED Thu Sep 29 19:29:00 2016 us=352559 tls_client = DISABLED Thu Sep 29 19:29:00 2016 us=352568 key_method = 2 Thu Sep 29 19:29:00 2016 us=352577 ca_file = 'ca.crt' Thu Sep 29 19:29:00 2016 us=352586 ca_path = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352594 dh_file = 'dh.pem' Thu Sep 29 19:29:00 2016 us=352603 cert_file = 'openvpn-server.crt' Thu Sep 29 19:29:00 2016 us=352612 extra_certs_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352621 priv_key_file = 'openvpn-server.key' Thu Sep 29 19:29:00 2016 us=352630 pkcs12_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352639 cipher_list = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352648 tls_verify = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352657 tls_export_cert = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352666 verify_x509_type = 0 Thu Sep 29 19:29:00 2016 us=352675 verify_x509_name = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352684 crl_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352693 ns_cert_type = 0 Thu Sep 29 19:29:00 2016 us=352702 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352710 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352719 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352728 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352736 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352745 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352754 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352763 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352771 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352780 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352788 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352797 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352806 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352814 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352823 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352832 remote_cert_ku = 0 Thu Sep 29 19:29:00 2016 us=352840 remote_cert_eku = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=352849 ssl_flags = 0 Thu Sep 29 19:29:00 2016 us=352858 tls_timeout = 2 Thu Sep 29 19:29:00 2016 us=352867 renegotiate_bytes = 0 Thu Sep 29 19:29:00 2016 us=352876 renegotiate_packets = 0 Thu Sep 29 19:29:00 2016 us=352885 renegotiate_seconds = 3600 Thu Sep 29 19:29:00 2016 us=352893 handshake_window = 60 Thu Sep 29 19:29:00 2016 us=352902 transition_window = 3600 Thu Sep 29 19:29:00 2016 us=352911 single_session = DISABLED Thu Sep 29 19:29:00 2016 us=352920 push_peer_info = DISABLED Thu Sep 29 19:29:00 2016 us=352929 tls_exit = DISABLED Thu Sep 29 19:29:00 2016 us=352938 tls_auth_file = 'ta.key' Thu Sep 29 19:29:00 2016 us=352949 server_network = 172.16.8.0 Thu Sep 29 19:29:00 2016 us=352960 server_netmask = 255.255.255.0 Thu Sep 29 19:29:00 2016 us=352972 server_network_ipv6 = :: Thu Sep 29 19:29:00 2016 us=352982 server_netbits_ipv6 = 0 Thu Sep 29 19:29:00 2016 us=352992 server_bridge_ip = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353003 server_bridge_netmask = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353013 server_bridge_pool_start = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353024 server_bridge_pool_end = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353033 push_entry = 'route 192.168.1.0 255.255.255.0' Thu Sep 29 19:29:00 2016 us=353042 push_entry = 'route 172.16.8.1' Thu Sep 29 19:29:00 2016 us=353051 push_entry = 'topology net30' Thu Sep 29 19:29:00 2016 us=353060 push_entry = 'ping 10' Thu Sep 29 19:29:00 2016 us=353069 push_entry = 'ping-restart 120' Thu Sep 29 19:29:00 2016 us=353078 ifconfig_pool_defined = ENABLED Thu Sep 29 19:29:00 2016 us=353089 ifconfig_pool_start = 172.16.8.4 Thu Sep 29 19:29:00 2016 us=353099 ifconfig_pool_end = 172.16.8.251 Thu Sep 29 19:29:00 2016 us=353110 ifconfig_pool_netmask = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353119 ifconfig_pool_persist_filename = 'ipp.txt' Thu Sep 29 19:29:00 2016 us=353128 ifconfig_pool_persist_refresh_freq = 600 Thu Sep 29 19:29:00 2016 us=353137 ifconfig_ipv6_pool_defined = DISABLED Thu Sep 29 19:29:00 2016 us=353152 ifconfig_ipv6_pool_base = :: Thu Sep 29 19:29:00 2016 us=353162 ifconfig_ipv6_pool_netbits = 0 Thu Sep 29 19:29:00 2016 us=353171 n_bcast_buf = 256 Thu Sep 29 19:29:00 2016 us=353180 tcp_queue_limit = 64 Thu Sep 29 19:29:00 2016 us=353189 real_hash_size = 256 Thu Sep 29 19:29:00 2016 us=353198 virtual_hash_size = 256 Thu Sep 29 19:29:00 2016 us=353207 client_connect_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353216 learn_address_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353225 client_disconnect_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353234 client_config_dir = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353243 ccd_exclusive = DISABLED Thu Sep 29 19:29:00 2016 us=353252 tmp_dir = '/tmp' Thu Sep 29 19:29:00 2016 us=353261 push_ifconfig_defined = DISABLED Thu Sep 29 19:29:00 2016 us=353272 push_ifconfig_local = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353282 push_ifconfig_remote_netmask = 0.0.0.0 Thu Sep 29 19:29:00 2016 us=353291 push_ifconfig_ipv6_defined = DISABLED Thu Sep 29 19:29:00 2016 us=353301 push_ifconfig_ipv6_local = ::/0 Thu Sep 29 19:29:00 2016 us=353311 push_ifconfig_ipv6_remote = :: Thu Sep 29 19:29:00 2016 us=353320 enable_c2c = DISABLED Thu Sep 29 19:29:00 2016 us=353329 duplicate_cn = DISABLED Thu Sep 29 19:29:00 2016 us=353338 cf_max = 0 Thu Sep 29 19:29:00 2016 us=353347 cf_per = 0 Thu Sep 29 19:29:00 2016 us=353356 max_clients = 1024 Thu Sep 29 19:29:00 2016 us=353365 max_routes_per_client = 256 Thu Sep 29 19:29:00 2016 us=353374 auth_user_pass_verify_script = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353383 auth_user_pass_verify_script_via_file = DISABLED Thu Sep 29 19:29:00 2016 us=353392 port_share_host = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353401 port_share_port = 0 Thu Sep 29 19:29:00 2016 us=353410 client = DISABLED Thu Sep 29 19:29:00 2016 us=353419 pull = DISABLED Thu Sep 29 19:29:00 2016 us=353427 auth_user_pass_file = '[UNDEF]' Thu Sep 29 19:29:00 2016 us=353438 OpenVPN 2.3.11 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 26 2016 Thu Sep 29 19:29:00 2016 us=353452 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09 Thu Sep 29 19:29:00 2016 us=354013 Diffie-Hellman initialized with 2048 bit key Thu Sep 29 19:29:00 2016 us=355015 WARNING: file 'ta.key' is group or others accessible Thu Sep 29 19:29:00 2016 us=355035 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Thu Sep 29 19:29:00 2016 us=355056 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 29 19:29:00 2016 us=355069 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 29 19:29:00 2016 us=355093 TLS-Auth MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ] Thu Sep 29 19:29:00 2016 us=355118 Socket Buffers: R=[42080->42080] S=[9216->9216] Thu Sep 29 19:29:00 2016 us=355196 ROUTE_GATEWAY 192.168.1.1 Thu Sep 29 19:29:00 2016 us=355266 TUN/TAP device /dev/tun0 opened Thu Sep 29 19:29:00 2016 us=355283 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Sep 29 19:29:00 2016 us=355317 /sbin/ifconfig tun0 172.16.8.1 172.16.8.2 mtu 1500 netmask 255.255.255.255 up Thu Sep 29 19:29:00 2016 us=357379 /sbin/route add -net 172.16.8.0 172.16.8.2 255.255.255.0 add net 172.16.8.0: gateway 172.16.8.2 Thu Sep 29 19:29:00 2016 us=358615 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Thu Sep 29 19:29:00 2016 us=359255 GID set to nobody Thu Sep 29 19:29:00 2016 us=359284 UID set to nobody Thu Sep 29 19:29:00 2016 us=359307 UDPv4 link local (bound): [undef] Thu Sep 29 19:29:00 2016 us=359321 UDPv4 link remote: [undef] Thu Sep 29 19:29:00 2016 us=359343 MULTI: multi_init called, r=256 v=256 Thu Sep 29 19:29:00 2016 us=359387 IFCONFIG POOL: base=172.16.8.4 size=62, ipv6=0 Thu Sep 29 19:29:00 2016 us=359429 ifconfig_pool_read(), in='jesus,172.16.8.4', TODO: IPv6 Thu Sep 29 19:29:00 2016 us=359450 succeeded -> ifconfig_pool_set() Thu Sep 29 19:29:00 2016 us=359468 IFCONFIG POOL LIST Thu Sep 29 19:29:00 2016 us=359485 jesus,172.16.8.4 Thu Sep 29 19:29:00 2016 us=359521 Initialization Sequence Completed ^CThu Sep 29 19:29:01 2016 us=958766 event_wait : Interrupted system call (code=4) Thu Sep 29 19:29:01 2016 us=959018 TCP/UDP: Closing socket Thu Sep 29 19:29:01 2016 us=959090 /sbin/route delete -net 172.16.8.0 172.16.8.2 255.255.255.0 route: must be root to alter routing table Thu Sep 29 19:29:01 2016 us=960610 ERROR: FreeBSD route delete command failed: external program exited with error status: 77 Thu Sep 29 19:29:01 2016 us=960656 Closing TUN/TAP interface Thu Sep 29 19:29:01 2016 us=960766 /sbin/ifconfig tun0 destroy ifconfig: SIOCIFDESTROY: Operation not permitted Thu Sep 29 19:29:01 2016 us=962611 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1 Thu Sep 29 19:29:01 2016 us=962713 SIGINT[hard,] received, process exiting
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
I post here again my last openvpn.conf and my last openvpn.log - yes verbosity is set to 7.
Code:
root@OpenVPN:/usr/local/etc/openvpn # cat openvpn.conf # local 192.168.0.20 server 10.0.0.0 255.255.255.0 port 1194 proto udp dev tun ifconfig-pool-persist ipp.txt push "route 192.168.0.0 255.255.255.0" route 192.168.0.20 255.255.255.0 10.0.0.0 ca /usr/local/etc/openvpn/keys/ca.crt cert /usr/local/etc/openvpn/keys/server.crt key /usr/local/etc/openvpn/keys/server.key dh /usr/local/etc/openvpn/keys/dh.pem status /usr/local/etc/openvpn/openvpn.status log-append /usr/local/etc/openvpn/openvpn.log tls-auth /usr/local/etc/openvpn/keys/ta.key 0 #crl-verify keys/crl.pem cipher AES-256-CBC group nobody user nobody comp-lzo persist-key persist-tun keepalive 30 120 verb 7
Code:
root@OpenVPN:/usr/local/etc/openvpn # cat openvpn.log Fri Sep 30 02:13:43 2016 us=50616 Current Parameter Settings: Fri Sep 30 02:13:43 2016 us=50904 config = '/usr/local/etc/openvpn/openvpn.conf' Fri Sep 30 02:13:43 2016 us=50946 mode = 1 Fri Sep 30 02:13:43 2016 us=50986 show_ciphers = DISABLED Fri Sep 30 02:13:43 2016 us=51025 show_digests = DISABLED Fri Sep 30 02:13:43 2016 us=51064 show_engines = DISABLED Fri Sep 30 02:13:43 2016 us=51103 genkey = DISABLED Fri Sep 30 02:13:43 2016 us=51142 key_pass_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=51180 show_tls_ciphers = DISABLED Fri Sep 30 02:13:43 2016 us=51239 Connection profiles [default]: Fri Sep 30 02:13:43 2016 us=51279 proto = udp Fri Sep 30 02:13:43 2016 us=51317 local = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=51356 local_port = 1194 Fri Sep 30 02:13:43 2016 us=51394 remote = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=51432 remote_port = 1194 Fri Sep 30 02:13:43 2016 us=51470 remote_float = DISABLED Fri Sep 30 02:13:43 2016 us=51509 bind_defined = DISABLED Fri Sep 30 02:13:43 2016 us=51547 bind_local = ENABLED Fri Sep 30 02:13:43 2016 us=51596 connect_retry_seconds = 5 Fri Sep 30 02:13:43 2016 us=51635 connect_timeout = 10 Fri Sep 30 02:13:43 2016 us=51674 connect_retry_max = 0 Fri Sep 30 02:13:43 2016 us=51712 socks_proxy_server = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=51751 socks_proxy_port = 0 Fri Sep 30 02:13:43 2016 us=51789 socks_proxy_retry = DISABLED Fri Sep 30 02:13:43 2016 us=51828 tun_mtu = 1500 Fri Sep 30 02:13:43 2016 us=51866 tun_mtu_defined = ENABLED Fri Sep 30 02:13:43 2016 us=51915 link_mtu = 1500 Fri Sep 30 02:13:43 2016 us=51953 link_mtu_defined = DISABLED Fri Sep 30 02:13:43 2016 us=51991 tun_mtu_extra = 0 Fri Sep 30 02:13:43 2016 us=52029 tun_mtu_extra_defined = DISABLED Fri Sep 30 02:13:43 2016 us=52068 mtu_discover_type = -1 Fri Sep 30 02:13:43 2016 us=52106 fragment = 0 Fri Sep 30 02:13:43 2016 us=52144 mssfix = 1450 Fri Sep 30 02:13:43 2016 us=52182 explicit_exit_notification = 0 Fri Sep 30 02:13:43 2016 us=52224 Connection profiles END Fri Sep 30 02:13:43 2016 us=52274 remote_random = DISABLED Fri Sep 30 02:13:43 2016 us=52313 ipchange = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=52351 dev = 'tun' Fri Sep 30 02:13:43 2016 us=52390 dev_type = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=52428 dev_node = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=52466 lladdr = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=52505 topology = 1 Fri Sep 30 02:13:43 2016 us=52542 tun_ipv6 = DISABLED Fri Sep 30 02:13:43 2016 us=52581 ifconfig_local = '10.0.0.1' Fri Sep 30 02:13:43 2016 us=52630 ifconfig_remote_netmask = '10.0.0.2' Fri Sep 30 02:13:43 2016 us=52669 ifconfig_noexec = DISABLED Fri Sep 30 02:13:43 2016 us=52707 ifconfig_nowarn = DISABLED Fri Sep 30 02:13:43 2016 us=52745 ifconfig_ipv6_local = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=52783 ifconfig_ipv6_netbits = 0 Fri Sep 30 02:13:43 2016 us=52822 ifconfig_ipv6_remote = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=52860 shaper = 0 Fri Sep 30 02:13:43 2016 us=52898 mtu_test = 0 Fri Sep 30 02:13:43 2016 us=52936 mlock = DISABLED Fri Sep 30 02:13:43 2016 us=52984 keepalive_ping = 30 Fri Sep 30 02:13:43 2016 us=53022 keepalive_timeout = 120 Fri Sep 30 02:13:43 2016 us=53060 inactivity_timeout = 0 Fri Sep 30 02:13:43 2016 us=53098 ping_send_timeout = 30 Fri Sep 30 02:13:43 2016 us=53136 ping_rec_timeout = 240 Fri Sep 30 02:13:43 2016 us=53174 ping_rec_timeout_action = 2 Fri Sep 30 02:13:43 2016 us=53215 ping_timer_remote = DISABLED Fri Sep 30 02:13:43 2016 us=53254 remap_sigusr1 = 0 Fri Sep 30 02:13:43 2016 us=53304 persist_tun = ENABLED Fri Sep 30 02:13:43 2016 us=53342 persist_local_ip = DISABLED Fri Sep 30 02:13:43 2016 us=53381 persist_remote_ip = DISABLED Fri Sep 30 02:13:43 2016 us=53419 persist_key = ENABLED Fri Sep 30 02:13:43 2016 us=53457 passtos = DISABLED Fri Sep 30 02:13:43 2016 us=53496 resolve_retry_seconds = 1000000000 Fri Sep 30 02:13:43 2016 us=53534 username = 'nobody' Fri Sep 30 02:13:43 2016 us=53572 groupname = 'nobody' Fri Sep 30 02:13:43 2016 us=53611 chroot_dir = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=53662 cd_dir = '/usr/local/etc/openvpn' Fri Sep 30 02:13:43 2016 us=53700 writepid = '/var/run/openvpn.pid' Fri Sep 30 02:13:43 2016 us=53739 up_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=53777 down_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=53819 down_pre = DISABLED Fri Sep 30 02:13:43 2016 us=53858 up_restart = DISABLED Fri Sep 30 02:13:43 2016 us=53896 up_delay = DISABLED Fri Sep 30 02:13:43 2016 us=53934 daemon = ENABLED Fri Sep 30 02:13:43 2016 us=53985 inetd = 0 Fri Sep 30 02:13:43 2016 us=54023 log = ENABLED Fri Sep 30 02:13:43 2016 us=54061 suppress_timestamps = DISABLED Fri Sep 30 02:13:43 2016 us=54099 nice = 0 Fri Sep 30 02:13:43 2016 us=54137 verbosity = 7 Fri Sep 30 02:13:43 2016 us=54175 mute = 0 Fri Sep 30 02:13:43 2016 us=54218 gremlin = 0 Fri Sep 30 02:13:43 2016 us=54256 status_file = '/usr/local/etc/openvpn/openvpn.status' Fri Sep 30 02:13:43 2016 us=54295 status_file_version = 1 Fri Sep 30 02:13:43 2016 us=54333 status_file_update_freq = 60 Fri Sep 30 02:13:43 2016 us=54384 occ = ENABLED Fri Sep 30 02:13:43 2016 us=54423 rcvbuf = 0 Fri Sep 30 02:13:43 2016 us=54461 sndbuf = 0 Fri Sep 30 02:13:43 2016 us=54499 sockflags = 0 Fri Sep 30 02:13:43 2016 us=54537 fast_io = DISABLED Fri Sep 30 02:13:43 2016 us=54575 lzo = 7 Fri Sep 30 02:13:43 2016 us=54613 route_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=54651 route_default_gateway = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=54690 route_default_metric = 0 Fri Sep 30 02:13:43 2016 us=54739 route_noexec = DISABLED Fri Sep 30 02:13:43 2016 us=54778 route_delay = 0 Fri Sep 30 02:13:43 2016 us=54816 route_delay_window = 30 Fri Sep 30 02:13:43 2016 us=54854 route_delay_defined = DISABLED Fri Sep 30 02:13:43 2016 us=54893 route_nopull = DISABLED Fri Sep 30 02:13:43 2016 us=54931 route_gateway_via_dhcp = DISABLED Fri Sep 30 02:13:43 2016 us=54969 max_routes = 100 Fri Sep 30 02:13:43 2016 us=55007 allow_pull_fqdn = DISABLED Fri Sep 30 02:13:43 2016 us=55060 route 192.168.0.20/255.255.255.0/10.0.0.0/nil Fri Sep 30 02:13:43 2016 us=55100 route 10.0.0.0/255.255.255.0/nil/nil Fri Sep 30 02:13:43 2016 us=55139 management_addr = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=55178 management_port = 0 Fri Sep 30 02:13:43 2016 us=55221 management_user_pass = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=55261 management_log_history_cache = 250 Fri Sep 30 02:13:43 2016 us=55299 management_echo_buffer_size = 100 Fri Sep 30 02:13:43 2016 us=55338 management_write_peer_info_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=55388 management_client_user = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=55428 management_client_group = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=55467 management_flags = 0 Fri Sep 30 02:13:43 2016 us=55505 shared_secret_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=55543 key_direction = 1 Fri Sep 30 02:13:43 2016 us=55581 ciphername_defined = ENABLED Fri Sep 30 02:13:43 2016 us=55620 ciphername = 'AES-256-CBC' Fri Sep 30 02:13:43 2016 us=55658 authname_defined = ENABLED Fri Sep 30 02:13:43 2016 us=55708 authname = 'SHA1' Fri Sep 30 02:13:43 2016 us=55746 prng_hash = 'SHA1' Fri Sep 30 02:13:43 2016 us=55785 prng_nonce_secret_len = 16 Fri Sep 30 02:13:43 2016 us=55823 keysize = 0 Fri Sep 30 02:13:43 2016 us=55862 engine = DISABLED Fri Sep 30 02:13:43 2016 us=55900 replay = ENABLED Fri Sep 30 02:13:43 2016 us=55938 mute_replay_warnings = DISABLED Fri Sep 30 02:13:43 2016 us=55977 replay_window = 64 Fri Sep 30 02:13:43 2016 us=56015 replay_time = 15 Fri Sep 30 02:13:43 2016 us=56065 packet_id_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56105 use_iv = ENABLED Fri Sep 30 02:13:43 2016 us=56144 test_crypto = DISABLED Fri Sep 30 02:13:43 2016 us=56183 tls_server = ENABLED Fri Sep 30 02:13:43 2016 us=56226 tls_client = DISABLED Fri Sep 30 02:13:43 2016 us=56264 key_method = 2 Fri Sep 30 02:13:43 2016 us=56303 ca_file = '/usr/local/etc/openvpn/keys/ca.crt' Fri Sep 30 02:13:43 2016 us=56341 ca_path = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56394 dh_file = '/usr/local/etc/openvpn/keys/dh.pem' Fri Sep 30 02:13:43 2016 us=56433 cert_file = '/usr/local/etc/openvpn/keys/server.crt' Fri Sep 30 02:13:43 2016 us=56472 extra_certs_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56511 priv_key_file = '/usr/local/etc/openvpn/keys/server.key' Fri Sep 30 02:13:43 2016 us=56549 pkcs12_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56587 cipher_list = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56626 tls_verify = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56679 tls_export_cert = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56718 verify_x509_type = 0 Fri Sep 30 02:13:43 2016 us=56756 verify_x509_name = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56795 crl_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=56833 ns_cert_type = 0 Fri Sep 30 02:13:43 2016 us=56871 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=56910 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=56948 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=56986 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57037 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57076 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57115 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57153 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57194 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57233 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57271 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57309 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57347 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57402 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57441 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57479 remote_cert_ku = 0 Fri Sep 30 02:13:43 2016 us=57517 remote_cert_eku = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=57555 ssl_flags = 0 Fri Sep 30 02:13:43 2016 us=57594 tls_timeout = 2 Fri Sep 30 02:13:43 2016 us=57632 renegotiate_bytes = 0 Fri Sep 30 02:13:43 2016 us=57670 renegotiate_packets = 0 Fri Sep 30 02:13:43 2016 us=57708 renegotiate_seconds = 3600 Fri Sep 30 02:13:43 2016 us=57758 handshake_window = 60 Fri Sep 30 02:13:43 2016 us=57797 transition_window = 3600 Fri Sep 30 02:13:43 2016 us=57836 single_session = DISABLED Fri Sep 30 02:13:43 2016 us=57874 push_peer_info = DISABLED Fri Sep 30 02:13:43 2016 us=57912 tls_exit = DISABLED Fri Sep 30 02:13:43 2016 us=57951 tls_auth_file = '/usr/local/etc/openvpn/keys/ta.key' Fri Sep 30 02:13:43 2016 us=57992 server_network = 10.0.0.0 Fri Sep 30 02:13:43 2016 us=58033 server_netmask = 255.255.255.0 Fri Sep 30 02:13:43 2016 us=58088 server_network_ipv6 = :: Fri Sep 30 02:13:43 2016 us=58127 server_netbits_ipv6 = 0 Fri Sep 30 02:13:43 2016 us=58168 server_bridge_ip = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=58213 server_bridge_netmask = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=58255 server_bridge_pool_start = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=58295 server_bridge_pool_end = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=58334 push_entry = 'route 192.168.0.0 255.255.255.0' Fri Sep 30 02:13:43 2016 us=58385 push_entry = 'route 10.0.0.1' Fri Sep 30 02:13:43 2016 us=58424 push_entry = 'topology net30' Fri Sep 30 02:13:43 2016 us=58462 push_entry = 'ping 30' Fri Sep 30 02:13:43 2016 us=58501 push_entry = 'ping-restart 120' Fri Sep 30 02:13:43 2016 us=58539 ifconfig_pool_defined = ENABLED Fri Sep 30 02:13:43 2016 us=58580 ifconfig_pool_start = 10.0.0.4 Fri Sep 30 02:13:43 2016 us=58621 ifconfig_pool_end = 10.0.0.251 Fri Sep 30 02:13:43 2016 us=58662 ifconfig_pool_netmask = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=58713 ifconfig_pool_persist_filename = 'ipp.txt' Fri Sep 30 02:13:43 2016 us=58753 ifconfig_pool_persist_refresh_freq = 600 Fri Sep 30 02:13:43 2016 us=58792 ifconfig_ipv6_pool_defined = DISABLED Fri Sep 30 02:13:43 2016 us=58831 ifconfig_ipv6_pool_base = :: Fri Sep 30 02:13:43 2016 us=58870 ifconfig_ipv6_pool_netbits = 0 Fri Sep 30 02:13:43 2016 us=58908 n_bcast_buf = 256 Fri Sep 30 02:13:43 2016 us=58947 tcp_queue_limit = 64 Fri Sep 30 02:13:43 2016 us=58998 real_hash_size = 256 Fri Sep 30 02:13:43 2016 us=59036 virtual_hash_size = 256 Fri Sep 30 02:13:43 2016 us=59075 client_connect_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59113 learn_address_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59152 client_disconnect_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59194 client_config_dir = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59233 ccd_exclusive = DISABLED Fri Sep 30 02:13:43 2016 us=59271 tmp_dir = '/tmp' Fri Sep 30 02:13:43 2016 us=59323 push_ifconfig_defined = DISABLED Fri Sep 30 02:13:43 2016 us=59364 push_ifconfig_local = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=59405 push_ifconfig_remote_netmask = 0.0.0.0 Fri Sep 30 02:13:43 2016 us=59444 push_ifconfig_ipv6_defined = DISABLED Fri Sep 30 02:13:43 2016 us=59484 push_ifconfig_ipv6_local = ::/0 Fri Sep 30 02:13:43 2016 us=59524 push_ifconfig_ipv6_remote = :: Fri Sep 30 02:13:43 2016 us=59563 enable_c2c = DISABLED Fri Sep 30 02:13:43 2016 us=59601 duplicate_cn = DISABLED Fri Sep 30 02:13:43 2016 us=59652 cf_max = 0 Fri Sep 30 02:13:43 2016 us=59692 cf_per = 0 Fri Sep 30 02:13:43 2016 us=59730 max_clients = 1024 Fri Sep 30 02:13:43 2016 us=59768 max_routes_per_client = 256 Fri Sep 30 02:13:43 2016 us=59807 auth_user_pass_verify_script = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59845 auth_user_pass_verify_script_via_file = DISABLED Fri Sep 30 02:13:43 2016 us=59884 port_share_host = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=59922 port_share_port = 0 Fri Sep 30 02:13:43 2016 us=59973 client = DISABLED Fri Sep 30 02:13:43 2016 us=60013 pull = DISABLED Fri Sep 30 02:13:43 2016 us=60051 auth_user_pass_file = '[UNDEF]' Fri Sep 30 02:13:43 2016 us=60091 OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016 Fri Sep 30 02:13:43 2016 us=60136 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09 Fri Sep 30 02:13:43 2016 us=146633 Diffie-Hellman initialized with 2048 bit key
Last edited:
robles
Explorer
- Joined
- Jul 29, 2014
- Messages
- 89
I just ran a diff with your output and mine's but I can't spot anything out of the ordinary. Other than updating your OpenSSL library since your log seems to stop after opening the DH parameters, I don't know what else to suggest.
Try and create another jail and starting over again. I see you added the
Code:
route 192.168.0.20 255.255.255.0 10.0.0.0
line to your config, which was part of the old version of this tutorial, but not needed anymore.
Also, after doing everything, try and reboot your whole server. Still haven't pinned down what causes the interfaces to load correctly after a whole system reboot.
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Thank you Robles.
Yes I restarted the whole server many times also now... But nothing changes.
Actually you arrived at my same conclusion... seems really the openssl the problem...
In fact look here:
Code:
root@OpenVPN:/usr/local/etc/openvpn # openvpn --config /usr/local/etc/openvpn/openvpn.conf Segmentation fault
In particular on the last few lines of the file openvpn.log:
Code:
Fri Sep 30 02:51:57 2016 us=569298 OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016 Fri Sep 30 02:51:57 2016 us=569629 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09 Fri Sep 30 02:51:57 2016 us=664528 Diffie-Hellman initialized with 2048 bit key
But really now before to reboot the whole system I've updated the OpenSSL as you can see in the: "OpenSSL 1.0.2j,1"
Code:
root@OpenVPN:/usr/local/etc/openvpn # pkg info openssl openssl-1.0.2j,1 Name : openssl Version : 1.0.2j,1 Installed on : Fri Sep 30 02:38:12 2016 CEST Origin : security/openssl Architecture : freebsd:9:x86:32 Prefix : /usr/local Categories : security devel Licenses : OpenSSL Maintainer : brnrd@FreeBSD.org WWW : http://www.openssl.org/ Comment : SSL and crypto library [.......]
Could be this the problem about the "Segmentation fault" when I run manually the openvpn?!
There is a way to force and change the default OpenSSL loaded by the Jail and run the last one I installed?
Steo
Dabbler
- Joined
- Sep 28, 2016
- Messages
- 17
Another, and last question, I've... What is the Jail container named "customplugin_1" ?
Does anyone of you have it?
I founded it since from the beginin and what is the VIMAGE parameter on the Jail option? Should I have to turn it on or off?
Thanks again.
Does anyone of you have it?
I founded it since from the beginin and what is the VIMAGE parameter on the Jail option? Should I have to turn it on or off?
Thanks again.
robles
Explorer
- Joined
- Jul 29, 2014
- Messages
- 89
VIMAGE should be selected when creating a jail, but it should be named whatever you named it in the first step.
Before v1.2.0 of this tutorial, I also had trouble with OpenVPN segfaulting. Only after I recreated the keys with OpenSSL 1.0+ was I able to get rid of it.
zoomzoom
Guru
- Joined
- Sep 6, 2015
- Messages
- 677
dev tun is the directive establishing the server as a tunnel, not a TAP.
dev tunx would be specifying the interface tun0 as the interface to run the server on. Is it necessary to do so on a single server config no, but it does make one's life easier should they choose to add a second server to the same config (unless FreeBSD runs OpenVPN differently, you should be able to run more than one server from the same config file).
zoomzoom
Guru
- Joined
- Sep 6, 2015
- Messages
- 677
Saw a few things, which you could very well already be aware:
- ta.key needs to have 400 or 600 permissions... it's critical for security
- SHA1 isn't secure, and if you're running a x64 system, utilize SHA512 since 64bit systems process SHA512 substantially faster than SHA256. If not using an x64 system, SHA256 should be utilized.
- DH cert must exceed the encryption value you want for you connection, so if you want 2048bit, your DH cert must be atleast 3072bit... I always recommend 4096 since it provides flexibility.
- It appears you utilized Easy-RSA for certificate generation, which does not create secure certs for VPNs. It's convenient, but it would be more convenient if OpenVPN simply packaged a secure openssl.cnf to generate a CA and certs via OpenSSL directly. There's a link in my signature to a pre-built openssl.cnf on my GitHub, which has all commands required starting at line 507. You'll need to customize the SAN [SubjectAlternativeName] section with the applicable IPs and DNS names [IP.1, IP.2, etc.).
- Status
Related topics on forums.truenas.com for thread: "How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT"
Similar threads
