OpenVPN

Question

Level 1

28 points

OpenVPN

I am trying to build a VPN to a FreeBSD Server running OpenVPN server. I am running Mac OSX 10.4.6. I have been trying both on a PowerBook
running straight to the internet and a Power PC behind a router . I have installed OpenVPN client 2.1 and tunnelblick. Tech services for my server assure me that it us running correctly and is reachable. When I use Tunnelblick i get a "waiting for demon process" and then it dies.

Anyone have any ideas on this or how I can get OpenVPN to run under Tiger?

thanks

Jason

various, Mac OS X (10.4.6)

Posted on Jun 11, 2006 12:39 PM

Reply

Answer 1

Jun 12, 2006 1:15 AM in response to Jason Hirsh

Hello,
I hope you dont mean the Openvpn software version 2.1 which is in beta currently and thus is not good to use.
The wating deamon proccess means that the error is before any actual connection is made and the problem is on th host being used as a client.
What you can do:
a. verify that keys and configurations are in the right folder, if you are using tunnelblick (which i personaly recommend) this should be the Library/openvpn in your home dir
b. open a terminal and go to Library/openvpn and run (from terminal always):
openvpn --version
openvpn --config <yourconfigname>--verbose 4
And post here the errors
could you also post here the configuration file?

Reply

Answer 2

Jason Hirsh Author

Level 1

28 points

Jun 12, 2006 7:48 AM in response to Vaggelis Georgatos

Hello,
I hope you dont mean the Openvpn software version
2.1 which is in beta currently and thus is not good
to use.

I used Darwin Ports to install and I "Believe" I have 2.07"

he wating deamon proccess means that the error is
before any actual connection is made and the problem
is on th host being used as a client.
What you can do:
a. verify that keys and configurations are in the
right folder, if you are using tunnelblick (which i
personaly recommend) this should be the
Library/openvpn in your home dir

they are there

b. open a terminal and go to Library/openvpn and run
(from terminal always):
openvpn --version
openvpn --config <yourconfigname>--verbose 4

I get a Command not found

that would seem to indicate that either my installation is incorrect or my path is messed up right?

And post here the errors

could you also post here the configuration file?

Reply

Answer 3

Jun 12, 2006 11:00 AM in response to Jason Hirsh

Or I am braindead and forget my customizations 🙂
try these two fs locations:

the
/Applications/Tunnelblick.app/Contents/Resources/openvpn for tunnelblick 3.0rc
and the /usr/local/sbin/openvpn
for 2.0.x
and yes execute whith sudo 🙂

Reply

Answer 4

Jason Hirsh Author

Level 1

28 points

Jun 12, 2006 11:40 AM in response to Vaggelis Georgatos

Its not your brain .. its mine

here is what I get

Monster2:/usr/local/sbin% sudo openvpn --version
Password:
sudo: openvpn: command not found
even though I can see an openvpn file

Reply

Answer 5

Jun 12, 2006 11:58 AM in response to Jason Hirsh

To much soccer ...
copy paste mode:

cd Library/openvpn
ls
sudo /usr/local/sbin/openvpn openvpn.conf --verb 4

Reply

Answer 6

Jason Hirsh Author

Level 1

28 points

Jun 12, 2006 12:38 PM in response to Vaggelis Georgatos

Progress I think

Monster2:~/library/openvpn% ls
openvpn.conf vpn-key
Monster2:~/library/openvpn% sudo /usr/local/sbin/openvpn openvpn.conf --verb 4
Password:
Options error: I'm trying to parse "openvpn.conf" as an --option parameter but I don't see a leading '--'
Use --help for more information.
Monster2:~/library/openvpn%

here is the config file

# Automatically generated by Plesk VPN module
#
remote 66.148.68.111

lport 1194
rport 1194
ifconfig 192.168.1.2 255.255.255.252
daemon
secret vpn-key
comp-lzo
dev tap
float
keepalive 10 60
ping-timer-rem
resolv-retry infinite

Reply

Answer 7

Jun 12, 2006 1:16 PM in response to Jason Hirsh

yiap definitly only if I hade posted it right :P

the config looks good

as you are in Library/openvpn
do a

sudo /usr/local/sbin/openvpn --config openvpn.conf --verb 4

if you connect with that ...

nad you stil fail to connect with the gui ... there is something bad with ... it ...
i wuld sugest a removal and a reinstall

Reply

Answer 8

Jason Hirsh Author

Level 1

28 points

Jun 12, 2006 4:51 PM in response to Vaggelis Georgatos

I tried that command again and got this error

Monster2:~/Library/openvpn% sudo /usr/local/sbin/openvpn --config openvpn.conf --verb 4
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.

the conf file is the same

Reply

Answer 9

Jun 13, 2006 8:58 AM in response to Jason Hirsh

Hi again,
althought this is weird ...

Monster2:~/Library/openvpn% sudo
/usr/local/sbin/openvpn --config openvpn.conf --verb
4
Options error: You must define TUN/TAP device
(--dev)
Use --help for more information.

Try the bellow as aconf file (write it in the openvpn.conf file in the above location)

remote 66.148.68.111
dev tap
lport 1194
rport 1194
ifconfig 192.168.1.2 255.255.255.252
resolv-retry infinite
daemon
secret vpn-key
comp-lzo
float
keepalive 10 60
ping-timer-rem

just rearanging the structure ...

Reply

Answer 10

Jason Hirsh Author

Level 1

28 points

Jun 13, 2006 1:06 PM in response to Vaggelis Georgatos

I get absolutely no response

Reply

Answer 11

Jun 15, 2006 6:41 AM in response to Jason Hirsh

Hi,
sory for the long silence, if you have all things in place and not geting any output is weird ...
Can we get it from the begining ?
1. What Hardware do you have (if you have one of the new intel mac the 2.0 tunnelblick wont work, it is not a UB)?
2. Can you remove completetly the tunneblick and the openvpn package it installs ? And do a "clean" install ...
3. put the certificate you must have in ~/Library/openvpn with the openvpn.conf file populated by the config you require and post me the complete output given by the previous command ....

Cheers

Reply

Answer 12

Jason Hirsh Author

Level 1

28 points

Jun 15, 2006 10:09 AM in response to Vaggelis Georgatos

I have no idea how to fully remove tunnelblick as it added drivers. I have removed and reinsatlled openvpn2

I have a g5 dual processor with cable connection
10.4.6

Essentially the same situation applies i type in the command I get asked for password and then the command line reappears

My routing table shows no change...

I must have this machine so hosed ... that OPENVPN is no longer possible but I am not willing to do an archive and reinstall. I guess I will just have to look at commercial alternatives.. thankes for your help

Reply

Answer 13

Jason Hirsh Author

Level 1

28 points

Jun 15, 2006 10:27 AM in response to Vaggelis Georgatos

OK I tried command line as follows with the following response

Monster2:~/Library/openvpn% sudo /usr/local/sbin/openvpn --remote 66.148.68.111 --lport 1194 --dev tap --secret vpn-key --ifconfig 192.168.1.2 255.255.255.252 --comp-lzo
Thu Jun 15 13:22:00 2006 OpenVPN 2.0.2 powerpc-apple-darwin8.2.0 [SSL] [LZO] built on Aug 30 2005
Thu Jun 15 13:22:00 2006 WARNING: file 'vpn-key' is group or others accessible
Thu Jun 15 13:22:00 2006 LZO compression initialized
Thu Jun 15 13:22:00 2006 TUN/TAP device /dev/tap0 opened
Thu Jun 15 13:22:00 2006 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
Thu Jun 15 13:22:00 2006 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu Jun 15 13:22:00 2006 /sbin/ifconfig tap0 192.168.1.2 netmask 255.255.255.252 mtu 1500 up
Thu Jun 15 13:22:00 2006 UDPv4 link local (bound): [undef]:1194
Thu Jun 15 13:22:00 2006 UDPv4 link remote: 66.148.68.111:1194

netstat shows the following

192.168.1/30 link#7 UC 1 0 tap0
192.168.1.3 link#7 UHLWb 0 4 tap0

so I am doing something locally

when I add the --daemon .. I get the following

Monster2:~/Library/openvpn% sudo /usr/local/sbin/openvpn --remote 66.148.68.111 --lport 1194 --dev tap --secret vpn-key --ifconfig 192.168.1.2 255.255.255.252 --comp-lzo --daemon
Monster2:~/Library/openvpn%

essentially no response... sooo I would assume that is screwed with the daemon yes??

Reply

Answer 14

Jun 15, 2006 2:01 PM in response to Jason Hirsh

This all means that it works ...

The --daemon flag seand the proccess on the background and supressess console out put ... if after that you do get the same netstat output ... you are set ...

As for hossing your system ... do not wory it cant be done in such an easy way ...

As for getting a "payware" solution ... think ... again ... I have found out that thing are not so easy in the "kingdom" of Vpns
😀

Reply

Answer 15

Jason Hirsh Author

Level 1

28 points

Jun 15, 2006 7:26 PM in response to Vaggelis Georgatos

Hmmm it might be some cleaning i did on the server from the Command line versus of your ideas on the .conf... but I THINK we do have connectivity PLUS I brought tunnelbrick 3.0 back and it is flashing as it is suppose to be...

BUT from what I read I THOUGHT I should be able to Ping both sides of the tunnel. Local IP is 172.168.1.2 and pings fine.. the Remote IP is 172.1.168.1.1 does not....

If I want to SSH to the server via the VPN which IP should I use?

Thanks you have been a great help

Reply