Hi,
I'm trying to follow Debian 8 + Ubuntu 16.04 guide but since I'm running Fedora I've had to make a number of modifications as I go. The biggest change being a move to update-systemd-resolve instead of update-resolv-conf. I've managed to work through all of the steps and can successfully start openvpn@openvpn.service but curl under the vpn user can not reach anything and I'm getting errors when I try to stop the service.
Here is the result of systemctl status after starting the service:
I think everything looks good here, expect I don't know where the 10.29.10.10 and 10.29.10.9 IPs come from. I'm configuring this with PIA as my VPN. However, journalctl -xe returns a bunch of errors like below:
When stopping the VPN the status becomes:
Does anyone have any advice on how to debug/work through this?
Thanks
I'm trying to follow Debian 8 + Ubuntu 16.04 guide but since I'm running Fedora I've had to make a number of modifications as I go. The biggest change being a move to update-systemd-resolve instead of update-resolv-conf. I've managed to work through all of the steps and can successfully start openvpn@openvpn.service but curl under the vpn user can not reach anything and I'm getting errors when I try to stop the service.
Here is the result of systemctl status after starting the service:
Code:
● openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/etc/systemd/system/openvpn@openvpn.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-01-29 21:26:42 EST; 6s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 2706 ExecStart=/usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/openvpn.conf --
Main PID: 2707 (openvpn)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/system-openvpn.slice/openvpn@openvpn.service
└─2707 /usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/openvpn.conf --writepid
Jan 29 21:26:44 localhost.localdomain ovpn-openvpn[2707]: /sbin/ip link set dev tun0 up mtu 1500
Jan 29 21:26:44 localhost.localdomain ovpn-openvpn[2707]: /sbin/ip addr add dev tun0 local 10.29.10.10 peer 10.29.10.9
Jan 29 21:26:44 localhost.localdomain ovpn-openvpn[2707]: /etc/openvpn/iptables.sh tun0 1500 1570 10.29.10.10 10.29.10.9 init
Jan 29 21:26:44 localhost.localdomain update-systemd-resolved[2762]: Link 'tun0' coming up
Jan 29 21:26:44 localhost.localdomain update-systemd-resolved[2767]: Adding DNS Routed Domain .
Jan 29 21:26:44 localhost.localdomain update-systemd-resolved[2769]: Adding IPv4 DNS Server 8.8.8.8
Jan 29 21:26:44 localhost.localdomain update-systemd-resolved[2770]: Adding IPv4 DNS Server 209.222.18.222
Jan 29 21:26:44 localhost.localdomain update-systemd-resolved[2771]: Adding IPv4 DNS Server 209.222.18.218
Jan 29 21:26:44 localhost.localdomain update-systemd-resolved[2773]: SetLinkDNS(3 3 2 4 8 8 8 8 2 4 209 222 18 222 2 4 209 222 18 218)
Jan 29 21:26:44 localhost.localdomain ovpn-openvpn[2707]: Initialization Sequence Completed
I think everything looks good here, expect I don't know where the 10.29.10.10 and 10.29.10.9 IPs come from. I'm configuring this with PIA as my VPN. However, journalctl -xe returns a bunch of errors like below:
Code:
SELinux is preventing iptables from create access on the rawip_socket Unknown
SELinux is preventing iptables from read access on the file xtables.lock
When stopping the VPN the status becomes:
Code:
● openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/etc/systemd/system/openvpn@openvpn.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2018-01-29 21:29:15 EST; 3s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 2706 ExecStart=/usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/openvpn.conf --
Main PID: 2707 (code=exited, status=1/FAILURE)
Jan 29 21:26:44 localhost.localdomain ovpn-openvpn[2707]: Initialization Sequence Completed
Jan 29 21:29:15 localhost.localdomain ovpn-openvpn[2707]: event_wait : Interrupted system call (code=4)
Jan 29 21:29:15 localhost.localdomain systemd[1]: Stopping OpenVPN connection to openvpn...
Jan 29 21:29:15 localhost.localdomain ovpn-openvpn[2707]: /etc/openvpn/update-systemd-resolved tun0 1500 1570 10.29.10.10 10.29.10.9 init
Jan 29 21:29:15 localhost.localdomain ovpn-openvpn[2707]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
Jan 29 21:29:15 localhost.localdomain ovpn-openvpn[2707]: Exiting due to fatal error
Jan 29 21:29:15 localhost.localdomain systemd[1]: openvpn@openvpn.service: Main process exited, code=exited, status=1/FAILURE
Jan 29 21:29:15 localhost.localdomain systemd[1]: Stopped OpenVPN connection to openvpn.
Jan 29 21:29:15 localhost.localdomain systemd[1]: openvpn@openvpn.service: Unit entered failed state.
Jan 29 21:29:15 localhost.localdomain systemd[1]: openvpn@openvpn.service: Failed with result 'exit-code'.
Does anyone have any advice on how to debug/work through this?
Thanks