Arch Linux

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

[SOLVED] Problem starting openVPN / error loading config file

Solution

Hi, I am having trouble using openVPN. I just installed arch today, but I need openVPN to connect to the internet (university provides internet service at dorm).

So I installed openVPN using pacman -S openvpn. I got the config files provided by the university and moved them to /home/username/.openvpn. I tried running it like this:

openvpn /path/config.ovpn
openvpn --config /path/config.ovpn

but neither worked, as it always says an error occurs opening the config file

Any pointer what could be wrong?

This is the config file I want to use:

# [a number, not sure if sensitive]
client
dev tun
proto tcp
ca cachain.crt
remote [a domain name].de 2711
remote [a domain name].de 2712
remote [a domain name].de 2713
remote [a domain name].de 2714
remote-random
tls-remote [a domain name].de
resolv-retry 0
connect-retry 2
#connect-retry-max 2
connect-timeout 2
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
tls-auth ta.key 1
auth-user-pass
auth-retry interact
comp-lzo no
reneg-sec 43200

Last edited by mrkernelpanic (2014-10-03 13:02:10)

mrlamud

Member

Registered: 2014-09-27

Posts: 104

Re: [SOLVED] Problem starting openVPN / error loading config file

Any experts are welcome to correct this answer if I was wrong.

I think your openvpn config file is a bit strange. I use config file from vpngate.net. Here is how it looks like.

dev tun



proto tcp



remote vpn956716021.opengw.net 1703



;http-proxy-retry
;http-proxy [proxy server] [proxy port]



cipher AES-128-CBC
auth SHA1



resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3



<ca>
-----BEGIN CERTIFICATE-----
MIIDJDCCAgygAwIBAgIFFoNFKGIwDQYJKoZIhvcNAQELBQAwSTEeMBwGA1UEAwwV
enBwZTB4cDBmMTZ6ZDIyZ2EubmV0MRowGAYDVQQKDBEwd2xiejZ0b2FrdSBsMjk5
bDELMAkGA1UEBhMCVVMwHhcNMTQwOTI4MDM0MzA2WhcNMTkwODIwMDM0MzA2WjBJ
MR4wHAYDVQQDDBV6cHBlMHhwMGYxNnpkMjJnYS5uZXQxGjAYBgNVBAoMETB3bGJ6
NnRvYWt1IGwyOTlsMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALX1eUjuWC7qSQbkgaIrWEOjbTCf+VP8sqWw3i+3tfFflOv6iUow
LXCCsaQOAxvUj/xv/irjgxbeZIq2we97iQe3ZaVUvtx5FBjb7XuyIu3t49RI6j8p
q6k+Trhgy9mY5LqqwpG39vGLBN2ZHLJWjB5AeWvSNpkcLM6lOB+BorliGkH/gVhV
nAe4JTR+mBF8DaM7ybwlGqIAPg15f73gx/h8nKJBd61eeXusDJ4g6dXfYTe5FRv4
RN9Ef3yfTRmmZ9cZqzKpv1zyYdZGx23qiaXvIL/H0xQM2yajFirXGFcB8rXaTuxA
ejHMWnPYxTx1eRQBOC+AUcHZu//YeXM/imkCAwEAAaMTMBEwDwYDVR0TAQH/BAUw
AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAnlQlPkJ7mt4j5la1sXbn9NKB+dLu6f/7
oCRTEu7gjC0XdqtYDyRHuKDI+TEc7H+CqehbpKWODl0IHlHkJ81z43qLvRJdqJDD
FjSPFsIkoT2K6sTzOptaA0HijA7RkjzV4/Zh5QQna4J612riBCyhHjDH3fcnf/b2
PzxHhDPjsdtb6doygon55H/rm19P5VTjyzhno5mWIQ98afMX0IbGdWJIhKfx+wR0
QYAYwWMDNu/gF813NatCL/ZAQ7rzArVS7fn5WRe2g3wvUUcNJjkNEjQu9Ywp1zsz
WJMiE7p0MFLe0w9r90eAHnBsuMx1LatDDuuptqIvSd+E8vmXRiFG1Q==
-----END CERTIFICATE-----

</ca>



<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----

</key>

or form openvpn.net will look like this

sample-config-files/client.conf
    client
    ;dev tap
    dev tun
    ;dev-node MyTap
    ;proto tcp
    proto udp
    remote my-server-1 1194
    ;remote my-server-2 1194
    ;remote-random
    resolv-retry infinite
    nobind
    ;user nobody
    ;group nobody
    persist-key
    persist-tun
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]
    ;mute-replay-warnings
    ca ca.crt
    cert client.crt
    key client.key
    ;ns-cert-type server
    ;tls-auth ta.key 1
    ;cipher x
    comp-lzo
    verb 3
    ;mute 20

However config openvpn is a bit tricky for linux although you get the correct config file like the one from vpngate. I have never use command line to config it but success using networkmanager with the trick from this url http://howto.praqma.net/ubuntu/vpn/open … -on-ubuntu .

Last edited by mrlamud (2014-09-30 09:25:28)

jasonwryan

Anarchist

From: .nz

Registered: 2009-05-09

Posts: 30,424

Website

Re: [SOLVED] Problem starting openVPN / error loading config file

Please use code tags, not quote tags, when pasting to the boards. Also, 90% of that config is commented, you could remove the comments before pasting for clarity with:

egrep -v "^[ \t]*#|^[ \t]*$" file > nocomment

---

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

mrlamud, the config file is provided as is by the university. To prevent misunderstandings: The parts in [this] brackets are censored by me as this might be sensitive data.

Aditional info: openvpn does not give me an advanced error, it just tells me there was an error loading the file and i should consult --help.

Edit:
Later when I am back home i will try changing the following lines

ca cachain.crt
tls-auth ta.key 1

to this:

ca /path/to/cachain.crt
tls-auth /path/to/ta.key 1

Last edited by mrkernelpanic (2014-09-30 11:16:29)

mrlamud

Member

Registered: 2014-09-27

Posts: 104

Re: [SOLVED] Problem starting openVPN / error loading config file

Please try openvpn with option --config as root before you modify your original config file.

 sudo openvpn --config [file_name].ovpn

Last edited by mrlamud (2014-09-30 12:35:58)

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

Hi there,

sudo openvpn --config /path/to/filename.ovpn

did work! opnVPN started... It looks something like this:

DEPRACTED OPTION: --tls-remote, please update your configuration
[using cachain.crt or ta.key, don't remember exactly, but it seemed to work]
[another working thing]
[enter auth name]
[enter auth password]
RESOLVE: Cannot resolve host adress: openvpn-int.[a domain name].de: Name or service not knwon (I would have retried this name query if ou had specified the --resolfe-retrz option).
Exiting due to fatal error

So my next guess is, that
-the config file provided is simply wrong
-that I have something queer/wrong/nothing configured for the networks (I think I actually used none of the options and I could just acces the web without further action like i did during the installation (note: it was just a temporay solution to install arch with less complications, but it won't work for home of course) (wich I think may be possible)
-or that

pacman -S openvpn

was not enough and other packages are missing.

Can anybody confirm that the problem is simply a wrong config file? If so, I can stop troubleshooting and request a correct config file from the university.

Thanks for your help so far!

Last edited by mrkernelpanic (2014-09-30 18:14:50)

mrlamud

Member

Registered: 2014-09-27

Posts: 104

Re: [SOLVED] Problem starting openVPN / error loading config file

If you would like to know your arch linux or openvpn package installation is working, just goto vpngate.net and download one of openvpn config from available list then try it. You should know if your system is ok by refreshing vpngate.net page and see your ip - which should be changed- stated in the middle of neary top of the page under the image banner .

And if the above works , then try one remote at a time by commenting out others in your config file (don't forget to back up before modify it)

remote [a domain name].de 2711
;remote [a domain name].de 2712
;remote [a domain name].de 2713
;remote [a domain name].de 2714
;remote-random

 
After all, If I were you, I would search for help on campus' vpn help page - if there shoule be available or ask for advice from M.I.S.

Good luck, pal.

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

If you would like to know your arch linux or openvpn package installation is working, just goto vpngate.net and download one of openvpn config from available list then try it. You should know if your system is ok by refreshing vpngate.net page and see your ip - which should be changed- stated in the middle of neary top of the page under the image banner .

Hi,

as I am directly connected to the university and (no other internet service available/unlocked) I can only try this when I acces the working connection again. However, I did write the support team.

Thanks for your help! I will report back what was the problem once I know!

mrlamud

Member

Registered: 2014-09-27

Posts: 104

Re: [SOLVED] Problem starting openVPN / error loading config file

Your report back is a good benefit for the others.

Thanks.

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

Uni replied that the config file is definitely correct So what I suspect could be wrong:

- lack of user-rights (e.g. accesing ethernet)
- dhcpd.service active (I will try with it turned off)
- the package openvpn is not enough
- ethernet not activated/configured properly (unlikely, as internet connection behind a router works out of the box)

If anyone has more pointers that would definetly help. I will try foreclosing the possible errors mentioned above, but it may take some days.

mrlamud

Member

Registered: 2014-09-27

Posts: 104

Re: [SOLVED] Problem starting openVPN / error loading config file

Hi, mrkernelpanic. I'm also newbie like others but willing to help you however lack of my experience might not so useful to you as you expected.

I just noticed some waring from your output

DEPRACTED OPTION: --tls-remote, please update your configuration
..
..
..
..

I'm not good in English and don't know much in technical. However searching the warning message in google came out some interesting results.

http://forum.ipfire.org/index.php?topic=11182.0
http://lists.ipfire.org/pipermail/devel … 00569.html
https://forum.pfsense.org/index.php?topic=67538.0

Please observe given links - especially, the first one. It mentioned something like:

appears since OpenVPN version 2.3, so the clientside directive "--tls-remote" will be removed from OpenVPN in one of the next versions --> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage 

I don't know if this help or will mess you more but this is the way I learn to use linux

1.Read.
2.Try and if any error found.
3.Search from the internet and try again.

Cheer up - don't give up.

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

Hi mrlamud,

--tls-remote will be removed in V2.4 or V2.5. But we will have to see if uni updates the server (then they have to send out an update note and new configs to everybody on campus) or simply stays with 2.3.2 So right now this command should not make any trouble.

But thanks anyway!

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

I found something really strange:

I sometimes have the issue on Windows, that I have to restart the PC so that the network gets detected properly. I had a look at the logs, and it had the same output as with linux!

RESOLVE: Cannot resolve host adress: openvpn-int.[a domain name].de: Name or service not knwon (I would have retried this name query if ou had specified the --resolfe-retrz option).
Exiting due to fatal error

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

It seems I had a little trouble with the ethernet being deactivated and stuff. I checked if everything is working how it should, and these were the logs (run as root right after reboot):

#systemctl status dhcdpcd.serivce 

● dhcpcd.service - dhcpcd on all interfaces
   Loaded: loaded (/usr/lib/systemd/system/dhcpcd.service; enabled)
   Active: active (running) since Fri 2014-10-03 15:40:58 CEST; 38s ago
  Process: 261 ExecStart=/usr/bin/dhcpcd -q -b (code=exited, status=0/SUCCESS)
 Main PID: 266 (dhcpcd)
   CGroup: /system.slice/dhcpcd.service
           └─266 /usr/bin/dhcpcd -q -b

Oct 03 15:40:58 lenovo_arch dhcpcd[266]: wlp2s0: carrier lost
Oct 03 15:40:59 lenovo_arch dhcpcd[266]: wlp2s0: soliciting a DHCP lease
Oct 03 15:41:00 lenovo_arch dhcpcd[266]: enp8s0: carrier acquired
Oct 03 15:41:00 lenovo_arch dhcpcd[266]: enp8s0: IAID 0e:69:ff:09
Oct 03 15:41:01 lenovo_arch dhcpcd[266]: enp8s0: rebinding lease of 192.168.33.___
Oct 03 15:41:01 lenovo_arch dhcpcd[266]: enp8s0: soliciting an IPv6 router
Oct 03 15:41:09 lenovo_arch dhcpcd[266]: enp8s0: leased 192.168.33.___ for 3600 seconds
Oct 03 15:41:09 lenovo_arch dhcpcd[266]: enp8s0: adding route to 192.168.32.0_/__
Oct 03 15:41:09 lenovo_arch dhcpcd[266]: enp8s0: adding default route via 192.168.32.___
Oct 03 15:41:14 lenovo_arch dhcpcd[266]: enp8s0: no IPv6 Routers available

#ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 3c:97:0e:69:ff:09 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
    link/ether 60:36:dd:e3:57:b0 brd ff:ff:ff:ff:ff:ff

#openvpn /etc/openvpn/config.ovpn

Fri Oct  3 15:43:11 2014 DEPRECATED OPTION: --tls-remote, please update your configuration
Fri Oct  3 15:43:11 2014 OpenVPN 2.3.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May  3 2014
Fri Oct  3 15:43:11 2014 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.08
Fri Oct  3 15:43:17 2014 WARNING: file '/etc/openvpn/ta.key' is group or others accessible
Fri Oct  3 15:43:17 2014 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Fri Oct  3 15:43:17 2014 failed to find GID for group nogroup
Fri Oct  3 15:43:17 2014 Exiting due to fatal error

So now the problem seems to focus on:

Fri Oct  3 15:43:17 2014 failed to find GID for group nogroup
Fri Oct  3 15:43:17 2014 Exiting due to fatal error

Any ideas what this mens?

Last edited by mrkernelpanic (2014-10-03 12:57:09)

mrkernelpanic

Member

Registered: 2014-01-30

Posts: 43

Re: [SOLVED] Problem starting openVPN / error loading config file

Help, my openVPN is not working!

SOLUTION:

Step 1: Make sure you use paths to keys and certificates in your config file.
Step 2: Make sure your ethernet is up and running (dhcpcd can be active).
Step 3: Run

groudapp nogroup

Your openVPN should now connect! Now I just need to find a way to "exit" the command (after Connection Established it keeps staying in openvpn and you can not enter a new command. Maybe & works as it does with graphical programms?)

Edit:
Sources:
http://www.clarencejames.my/2012/11/09/ … n-log.html
https://bugs.debian.org/cgi-bin/bugrepo … bug=592527
http://abautu.blogspot.de/2010/07/worki … twork.html

Last edited by mrkernelpanic (2014-10-03 13:01:09)