Ubuntu

openvpn client connection issue

Asked by Christian Bongiorno

Following the copious examples, I am trying to setup an openvpn client on 15.04 and when I try to import the client.ovpn file I get the same gateway name entered a bunch of times and none of the cert information filled out.

When I fill out the details manually it just tries really hard and eventually fails.

When I try to connect from the shell, everything seems to go fine but no traffic goes through the tunnel even though tun0 exists.

Because the whole office uses a VPC, not having this feature means I can't use ubuntu for work. It would be nice to have the VPN established on our router for the office, but until then, this is all we have.

root@christian:~# openvpn --client --config client.ovpn
Tue Mar 1 11:19:11 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Apr 13 2015
Enter Auth Username: *********
Enter Auth Password: *********
Tue Mar 1 11:19:16 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Mar 1 11:19:16 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 1 11:19:16 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 1 11:19:16 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Tue Mar 1 11:19:16 2016 UDPv4 link local: [undef]
Tue Mar 1 11:19:16 2016 UDPv4 link remote: [AF_INET]52.25.249.104:1194
Tue Mar 1 11:19:16 2016 TLS: Initial packet from [AF_INET]52.25.249.104:1194, sid=140c4d57 ee7ea275
Tue Mar 1 11:19:16 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 1 11:19:18 2016 VERIFY OK: depth=1, CN=OpenVPN CA
Tue Mar 1 11:19:18 2016 VERIFY OK: nsCertType=SERVER
Tue Mar 1 11:19:18 2016 VERIFY OK: depth=0, CN=OpenVPN Server
Tue Mar 1 11:19:19 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 1 11:19:19 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 1 11:19:19 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 1 11:19:19 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 1 11:19:19 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Tue Mar 1 11:19:19 2016 [OpenVPN Server] Peer Connection Initiated with [AF_INET]52.25.249.104:1194
Tue Mar 1 11:19:21 2016 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Tue Mar 1 11:19:21 2016 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 172.27.248.1,route 172.27.224.0 255.255.240.0,route 10.0.0.0 255.254.0.0,dhcp-option DNS 10.0.0.2,register-dns,block-ipv6,ifconfig 172.27.248.54 255.255.248.0'
Tue Mar 1 11:19:21 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.2)
Tue Mar 1 11:19:21 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.2)
Tue Mar 1 11:19:21 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.2)
Tue Mar 1 11:19:21 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.3.2)
Tue Mar 1 11:19:21 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.3.2)
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: LZO parms modified
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: route options modified
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: route-related options modified
Tue Mar 1 11:19:21 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 1 11:19:21 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=10:02:b5:82:e5:d8
Tue Mar 1 11:19:21 2016 TUN/TAP device tun0 opened
Tue Mar 1 11:19:21 2016 TUN/TAP TX queue length set to 100
Tue Mar 1 11:19:21 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 1 11:19:21 2016 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 1 11:19:21 2016 /sbin/ip addr add dev tun0 172.27.248.54/21 broadcast 172.27.255.255
Tue Mar 1 11:19:27 2016 ROUTE remote_host is NOT LOCAL
Tue Mar 1 11:19:27 2016 /sbin/ip route add 52.25.249.104/32 via 192.168.1.1
Tue Mar 1 11:19:27 2016 /sbin/ip route add 172.27.224.0/20 via 172.27.248.1 metric 101
Tue Mar 1 11:19:27 2016 /sbin/ip route add 10.0.0.0/15 via 172.27.248.1 metric 101
Tue Mar 1 11:19:27 2016 Initialization Sequence Completed

root@christian:~# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.27.248.54 P-t-P:172.27.248.54 Mask:255.255.248.0
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@christian:~#

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

Vivid is EOL and no longer supported in any way. I suggest you either upgrade to Wily or wipe the install off and do a clean install of Xenial. Xenial is prerelease currently but will be released in April this year and is LTS. Xenial will be supported until April 2021.

Also, running a VPN client as root is far from wise.

Can you help with this problem?

Provide an answer of your own, or ask Christian Bongiorno for more information if necessary.

To post a message you must log in.