V
V
verified2014-03-26 11:16:27
openvpn
verified, 2014-03-26 11:16:27

How to fix error when starting OpenVPN on VPS?

Unable to start OpenVPN on a remote VPS (CentOS). When you try to start it service openvpn startis displayed Starting openvpn: [FAILED]
What could be the problem?
openvpn.log

Wed Mar 26 12:07:52 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS$
Wed Mar 26 12:07:52 2014 Diffie-Hellman initialized with 2048 bit key
Wed Mar 26 12:07:52 2014 Socket Buffers: R=[124928->131072] S=[124928->131072]
Wed Mar 26 12:07:52 2014 ROUTE_GATEWAY 10.0.20.227/255.255.0.0 IFACE=eth0 HWADDR=fa:16:3e:78:75:57
Wed Mar 26 12:07:52 2014 TUN/TAP device tun1 opened
Wed Mar 26 12:07:52 2014 TUN/TAP TX queue length set to 100
Wed Mar 26 12:07:52 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 26 12:07:52 2014 /sbin/ip link set dev tun1 up mtu 1500
Wed Mar 26 12:07:52 2014 /sbin/ip addr add dev tun1 local 10.8.0.1 peer 10.8.0.2
Wed Mar 26 12:07:52 2014 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Mar 26 12:07:53 2014 GID set to nobody
Wed Mar 26 12:07:53 2014 UID set to nobody
Wed Mar 26 12:07:53 2014 UDPv4 link local (bound): [undef]
Wed Mar 26 12:07:53 2014 UDPv4 link remote: [undef]
Wed Mar 26 12:07:53 2014 MULTI: multi_init called, r=256 v=256
Wed Mar 26 12:07:53 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Mar 26 12:07:53 2014 IFCONFIG POOL LIST
Wed Mar 26 12:07:53 2014 Initialization Sequence Completed

server.conf
proto udp
dev tun

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
comp-lzo

user nobody
group nobody

verb 5

persist-key
persist-tun

status /var/log/openvpn.status
log-append /var/log/openvpn.log

Answer the question

In order to leave comments, you need to log in

6 answer(s)
S
Sergey, 2014-03-26
@bk0011m

Set the verb parameter
For example
verb 5
And then look in the logs. There will be a lot of garbage, but you will see where the joint is

V
verified, 2014-03-26
@verified

@bk0011m
Before that it was verb 3, dropped out of the logs by accident. I set verb 5, below is the messages log.

Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: PLUGIN_INIT: POST /usr/lib64/openvpn-auth-pam.so '[/usr/lib64/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: PLUGIN_INIT: POST /usr/lib64/openvpn-auth-pam.so '[/usr/lib64/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: Diffie-Hellman initialized with 1024 bit key
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: WARNING: file '/etc/openvpn/easy-rsa/2.0/keys/server.key' is group or others accessible
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: Socket Buffers: R=[124928->131072] S=[124928->131072]
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: ROUTE_GATEWAY 10.0.20.227/255.255.0.0 IFACE=eth0 HWADDR=fa:16:3e:78:75:57
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: TUN/TAP device tun0 opened
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: TUN/TAP TX queue length set to 100
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 kernel: tun0: Disabled Privacy Extensions
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: /sbin/ip link set dev tun0 up mtu 1500
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: /sbin/ip addr add dev tun0 local 10.2.3.1 peer 10.2.3.2
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2440]: /sbin/ip route add 10.2.3.0/24 via 10.2.3.2
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2449]: UDPv4 link local (bound): [AF_INET]10.0.15.194:1194
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2449]: UDPv4 link remote: [undef]
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2449]: MULTI: multi_init called, r=256 v=256
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2449]: IFCONFIG POOL: base=10.2.3.4 size=62, ipv6=0
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2449]: Initialization Sequence Completed
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2453]: Options error: You must define TUN/TAP device (--dev)
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[2453]: Use --help for more information.
Mar 26 12:32:19 4dfd147a-abd5-4bde-9511-00a1cc04ec56 kernel: tun1: Disabled Privacy Extensions
Mar 26 12:32:20 4dfd147a-abd5-4bde-9511-00a1cc04ec56 ntpd[1201]: Listen normally on 9 tun0 10.2.3.1 UDP 123
Mar 26 12:32:20 4dfd147a-abd5-4bde-9511-00a1cc04ec56 ntpd[1201]: Listen normally on 10 tun1 10.8.0.1 UDP 123
Mar 26 12:32:20 4dfd147a-abd5-4bde-9511-00a1cc04ec56 ntpd[1201]: peers refreshed

B
bit_rainbow, 2014-03-26
@bit_rainbow

try removing
user nobody
group nobody

V
Vitaly Niksenkin, 2014-03-26
@404666

here is a quick guide on how to make yourself a vpn on vds

D
D1abloRUS, 2014-03-26
@D1abloRUS

In server config try to fix dev tun to dev tun0

B
bit_rainbow, 2014-03-26
@bit_rainbow

Working config

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question