[ / / / / / / / / / / / / / ] [ dir / random / 93 / biohzrd / hkacade / hkpnd / tct / utd / uy / yebalnia ]

/slackware/ - Slackware Linux

#slackware@irc.rizon.net

Name
Email
Subject
REC
STOP
Comment *
File
Password (Randomized for file and post deletion; you may also set your own.)
Archive
* = required field[▶Show post options & limits]
Confused? See the FAQ.
Options

Allowed file types:jpg, jpeg, gif, png, webp,webm, mp4, mov
Max filesize is16 MB.
Max image dimensions are15000 x15000.
You may upload5 per post.


File: b3d1d7fa9f4c0a4⋯.png (30.31 KB,1312x270,656:135,a0ba9624.png)

 No.9

Slackware Current and Stable OpenVPN packages have been upgraded to version 2.4.6.

This has brought issues not because of OpenVPN itself, but /etc/rc.d/rc.openvpn has changed and I had to adapt.

After the upgrade, I noticed that the OpenVPN process was closing somehow, and I would be "disconnected" from the internet. "Disconnected" because I have IPTables rules in place that only allow access to the internet through the VPN.

I triple checked the VPN .conf files and nothing worked. Next thing was to check if anything appeared in /var/log/, and indeed /var/log/syslog gave some clues:

Apr 28 00:01:29 compass openvpn[17181]: Error opening 'Auth' auth file: /etc/openvpn/credentials.txt: Permission denied (errno=13)

Apr 28 00:01:29 compass openvpn[17181]: ERROR: Linux route delete command failed: external program exited with error status: 2

Apr 28 00:01:29 compass last message repeated 3 times

Apr 28 00:01:29 compass openvpn[17181]: Linux ip addr del failed: external program exited with error status: 2

Apr 28 07:24:14 compass openvpn[15891]: WARNING: file '/etc/openvpn/credentials.txt' is group or others accessible

Apr 28 07:24:14 compass openvpn[15892]: WARNING: you are using user/group/chroot/setcon without persist-tun – this may cause restarts to fail

Apr 28 07:24:14 compass openvpn[15892]: WARNING: you are using user/group/chroot/setcon without persist-key – this may cause restarts to fail

Apr 28 07:24:15 compass openvpn[15892]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1570'

Apr 28 07:24:15 compass openvpn[15892]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-128-CBC'

Apr 28 07:24:15 compass openvpn[15892]: WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

Apr 28 07:24:15 compass openvpn[15892]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

Apr 28 07:32:50 compass openvpn[15892]: event_wait : Interrupted system call (code=4)

Apr 28 07:32:50 compass openvpn[15892]: ERROR: Linux route delete command failed: external program exited with error status: 2

Apr 28 07:32:50 compass last message repeated 3 times

Apr 28 07:32:50 compass openvpn[15892]: Linux ip addr del failed: external program exited with error status: 2

Apr 28 07:34:13 compass openvpn[16641]: WARNING: file '/etc/openvpn/credentials.txt' is group or others accessible

Apr 28 07:34:14 compass openvpn[16642]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1570'

Apr 28 07:34:14 compass openvpn[16642]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-128-CBC'

Apr 28 07:34:14 compass openvpn[16642]: WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

Apr 28 07:34:14 compass openvpn[16642]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

So basically I had to do two things:

1. Make /etc/openvpn/credentials.txt root:nobody instead of root:root, because /etc/rc.d/rc.openvpn (check it out) now runs as user:group nobody:nobody.

2. Add persist-tun and persist-key to my OpenVPN config files.

You'll notice above that credentials.txt has the "Permission denied" message, and then "group or others accessible". That's because I changed the user:group and syslog caught up on that.

It's a good a idea to keep the old rc.openvpn around if you upgrade OpenVPN, so you can check what changed between versions.

With OpenVPN 2.4.* you can now use cipher negotiation (GCM was added), so you have more options to choose from if your VPN provider supports them.

The warnings link-mtu, cipher and so on are nothing to worry about from what I researched.

The "Linux route" and "ip addr" messages are because OpenVPN is trying to create a route that already exists (from what I've read), so they would probably go away if I restarted my network.

I'll make a separate thread soon with my /etc/rc.d/rc.firewall configuration.

If you're in a hurry or want something else, check /usr/doc/openvpn-2.4.6/sample-config-files/ where you can find plenty of examples.

____________________________
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
Post last edited at


[Return][Go to top][Catalog][Nerve Center][Random][Post a Reply]
Delete Post [ ]
[]
[ / / / / / / / / / / / / / ] [ dir / random / 93 / biohzrd / hkacade / hkpnd / tct / utd / uy / yebalnia ]