Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu 16.04 #2

Open
qd3v opened this issue Aug 16, 2017 · 0 comments
Open

Ubuntu 16.04 #2

qd3v opened this issue Aug 16, 2017 · 0 comments

Comments

@qd3v
Copy link

qd3v commented Aug 16, 2017

Server config script reports "yay!", but services start fail here
https://github.com/xl-tech/OpenVPN-easy-setup/blob/master/openvpnsetup.sh#L360-L362
Clean ubuntu box,

root@3237:~# ./openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
iptables is already the newest version (1.6.0-2ubuntu3).
easy-rsa is already the newest version (2.2.2-2).
iptables-persistent is already the newest version (1.0.4).
netfilter-persistent is already the newest version (1.0.4).
curl is already the newest version (7.47.0-1ubuntu2.2).
openssl is already the newest version (1.0.2g-1ubuntu4.8).
openvpn is already the newest version (2.3.10-1ubuntu2.1).
0 upgraded, 0 newly installed, 0 to remove and 144 not upgraded.
./openvpnsetup.sh: line 50: ufw: command not found
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.102.64 2001:41d0:1:777c:200:c0a8:6640:0  (in case you are behind NAT)
2) External IP - 87.250.250.242

1
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)

3
Enter proto and port (like tcp 80 or udp 53): tcp 51262
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)

3
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No

2
Check your selection
Server will listen on 192.168.102.64 2001:41d0:1:777c:200:c0a8:6640:0
Server will listen on tcp 51262
Server will use AES-128-CBC cipher
IPv6 - 0 (1 is enabled, 0 is disabled)
Press enter to continue...
mkdir: cannot create directory '/etc/openvpn/easy-rsa': File exists
mkdir: cannot create directory '/etc/openvpn/easy-rsa/keys': File exists
mkdir: cannot create directory '/etc/openvpn/logs': File exists
mkdir: cannot create directory '/etc/openvpn/bundles': File exists
mkdir: cannot create directory '/etc/openvpn/ccd': File exists
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................................+++
.....................+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
.............................................................+++
.......................+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName            :PRINTABLE:'server-cert'
name                  :PRINTABLE:'EasyRSA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Aug 15 08:43:21 2022 GMT (1825 days)
failed to update database
TXT_DB error number 2
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.............................................+.....................+..................................................................................................................................................................................................................................................................+....................................................................................+..............................+........+.......................................................................................................................................................................................................................................................................................................................................................................................+......................................................+...............................+...+...+..............................................................+.........................+..............................+......................+..........................................................................................................+...........+...................................................................................................................................+.................................+....................................................................................+..............................+.....................................+......................................................................................................+....................................................................+..........................................................................................+......+.....................................................................................................................................................+......+.........................................................+.............+............................................................................+........................................................................................................................................................................................................................................+.......................................+............................................+...................................................................................................................................+..........................................................................................+....................................................+.................................................................................................................................................................................................................................................+....................................................................................................................................................+...........................+.............................................................................+............................................................................+....................................................................................+..............................................................................................+..........................+....................................................................................................................................................................................................................+.........................................................................................................................................+......................................................................................................................................................+.............+..........................................................................+........................................................................................................................+..................................................................................................................................................................................................................................................................................................................................................................................................................................................+...............................................................................+...........................+...........................+........................+................................+..................................................................................................................................................+.............................................................................................................................+...........+........................................+...........................................................................................................................................................................................................................................................................+.......................................................................................................................................................................................................................................................................................................................+...............................+..................................................................................................................................................................................+...........................................................................................................................................+..........................................................+........................+................................................+....+................................+..............................................+..........................................................................................+.............................+.......................................................................................................+..........................................+.......................................................................................................................................................................................................................................+......................................++*++*
Generating a 2048 bit RSA private key
...........................................................................................................................................+++
...........................+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName            :PRINTABLE:'revoked'
name                  :PRINTABLE:'EasyRSA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Aug 15 08:44:57 2022 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 02.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = [email protected]
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
Synchronizing state of netfilter-persistent.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable netfilter-persistent
Job for netfilter-persistent.service failed because the control process exited with error code. See "systemctl status netfilter-persistent.service" and "journalctl -xe" for details.
Job for [email protected] failed because the control process exited with error code. See "systemctl status [email protected]" and "journalctl -xe" for details.
Job for netfilter-persistent.service failed because the control process exited with error code. See "systemctl status netfilter-persistent.service" and "journalctl -xe" for details.
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config

journalctl -xe output:

Aug 16 04:47:14 3237 systemd[1]: Starting OpenVPN connection to server...
-- Subject: Unit [email protected] has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit [email protected] has begun starting up.
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Aug 16 04:47:14 3237 systemd[1]: [email protected]: Control process exited, code=exited status=1
Aug 16 04:47:14 3237 systemd[1]: Failed to start OpenVPN connection to server.
-- Subject: Unit [email protected] has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit [email protected] has failed.
--
-- The result is failed.
Aug 16 04:47:14 3237 systemd[1]: [email protected]: Unit entered failed state.
Aug 16 04:47:14 3237 systemd[1]: [email protected]: Failed with result 'exit-code'.
Aug 16 04:47:14 3237 systemd[1]: Stopped netfilter persistent configuration.
-- Subject: Unit netfilter-persistent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit netfilter-persistent.service has finished shutting down.
Aug 16 04:47:14 3237 systemd[1]: Starting netfilter persistent configuration...
-- Subject: Unit netfilter-persistent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit netfilter-persistent.service has begun starting up.
Aug 16 04:47:14 3237 netfilter-persistent[4679]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Aug 16 04:47:14 3237 netfilter-persistent[4679]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Aug 16 04:47:14 3237 netfilter-persistent[4679]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 2
Aug 16 04:47:14 3237 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Aug 16 04:47:14 3237 systemd[1]: Failed to start netfilter persistent configuration.
-- Subject: Unit netfilter-persistent.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit netfilter-persistent.service has failed.
--
-- The result is failed.
Aug 16 04:47:14 3237 systemd[1]: netfilter-persistent.service: Unit entered failed state.
Aug 16 04:47:14 3237 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@qd3v