[help] Openvpn di VPS error

lare_ndusun · 23 Nov 2009

Beberapa waktu lalu saya menginstall openvpn di sebuah vps (openvz).
Vpn belum bisa jalan karena TUN/TAP blm di-enable.
Saya kirim suport ticket agar TUN/TAP di-enable.
Setelah TUN/TAP di-enable, vpn sudah bisa jalan dengan baik.
Permasalahannya, setelah admin melakukan reboot terhadap VPS saya,
vpn tidak jalan lagi dengan error log seperti di bawah ini:

Code:

Last login: Mon Nov 23 06:23:31 2009 from 123.123.123.123
[[email protected] ~]# openvpn /etc/openvpn/server.conf
Mon Nov 23 07:41:52 2009 OpenVPN 2.0.9 i386-redhat-linux [SSL] [LZO] [EPOLL] bui
lt on Nov 18 2009
Mon Nov 23 07:41:52 2009 Diffie-Hellman initialized with 1024 bit key
Mon Nov 23 07:41:52 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
]
Mon Nov 23 07:41:52 2009 TUN/TAP device tun0 opened
[B][COLOR="Blue"]Mon Nov 23 07:41:52 2009 Note: Cannot set tx queue length on tun0: Operation not
 permitted (errno=1)[/COLOR][/B]
Mon Nov 23 07:41:52 2009 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1
500
Mon Nov 23 07:41:52 2009 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw
10.8.0.2
Mon Nov 23 07:41:52 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
0 EL:0 AF:3/1 ]
Mon Nov 23 07:41:52 2009 UDPv4 link local (bound): 99.99.99.99:53
Mon Nov 23 07:41:52 2009 UDPv4 link remote: [undef]
Mon Nov 23 07:41:52 2009 MULTI: multi_init called, r=256 v=256
Mon Nov 23 07:41:52 2009 IFCONFIG POOL: base=10.8.0.4 size=62
Mon Nov 23 07:41:52 2009 IFCONFIG POOL LIST
Mon Nov 23 07:41:52 2009 host-name,10.8.0.4
Mon Nov 23 07:41:52 2009 user-name,10.8.0.8
Mon Nov 23 07:41:52 2009 Initialization Sequence Completed
Mon Nov 23 07:42:39 2009 MULTI: multi_create_instance called
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Re-using SSL/TLS context
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 LZO compression initialized
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Control Channel MTU parms [ L:1542 D
:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Data Channel MTU parms [ L:1542 D:14
50 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Local Options hash (VER=V4): '530fdd
ed'
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Expected Remote Options hash (VER=V4
): '41690919'
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 TLS: Initial packet from 123.123.123.123:1449, sid=5759b412 045d2f01
Mon Nov 23 07:42:51 2009 123.123.123.123:1449 VERIFY OK: depth=1, /C=US/ST=CA/L=Sa
nFrancisco/O=Fort-Funston/CN=host-name/[email protected]
Mon Nov 23 07:42:51 2009 123.123.123.123:1449 VERIFY OK: depth=0, /C=US/ST=CA/L=Sa
nFrancisco/O=Fort-Funston/CN=host-name/[email protected]
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Encrypt: Cipher 'BF-CBC
' initialized with 128 bit key
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Encrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Decrypt: Cipher 'BF-CBC
' initialized with 128 bit key
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Decrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Mon Nov 23 07:42:53 2009 123.123.123.123:1449 Control Channel: TLSv1, cipher TLSv1
/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 23 07:42:53 2009 123.123.123.123:1449 [host-name] Peer Connection Initiat
ed with 123.123.123.123:1449
Mon Nov 23 07:42:53 2009 host-name/123.123.123.123:1449 MULTI: Learn: 10.8.0.6 ->
 host-name/123.123.123.123:1449
Mon Nov 23 07:42:53 2009 host-name/123.123.123.123:1449 MULTI: primary virtual IP
 for host-name/123.123.123.123:1449: 10.8.0.6
Mon Nov 23 07:42:54 2009 host-name/123.123.123.123:1449 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Mon Nov 23 07:42:54 2009 host-name/123.123.123.123:1449 SENT CONTROL [host-name]
: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,ping 5,ping-restart 30,ifconf
ig 10.8.0.6 10.8.0.5' (status=1)
Mon Nov 23 07:42:59 2009 host-name/123.123.123.123:1449 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Mon Nov 23 07:42:59 2009 host-name/123.123.123.123:1449 SENT CONTROL [host-name]
: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,ping 5,ping-restart 30,ifconf
ig 10.8.0.6 10.8.0.5' (status=1)
[B][COLOR="Blue"]Mon Nov 23 07:43:04 2009 host-name/123.123.123.123:1449 MULTI: bad source address
 from client [192.168.1.141], packet dropped
Mon Nov 23 07:43:06 2009 host-name/123.123.123.123:1449 MULTI: bad source address
 from client [192.168.1.141], packet dropped[/COLOR][/B]

Saya sudah open support ticket lagi, tapi blm ada jawaban.
Sambil menunggu, mungkin ada di antara teman2 yg ada di sini bisa membantu.
Terima kasih

nicosoftmedia · 23 Nov 2009

VPN bisa juga bekerja di VPS yang memakai virtualisasi OpenVZ, namun biasanya ada terjadi error di bagian command eksekusi VPNnya. Lebih baik menggunakan VPS berbasis XEN karena TUN/TAPnya udah aktif tanpa harus kontak supportnya. Jika menggunakan OpenVPN menjadi masalah sekarang. Coba gunakan cara ini :

Code:

http://www.anindya.com/installing-configuring-pptp-vpn-rhel-centos/

Link diatas memberikan cara untuk mengaktifkan VPN dengan fasilitas PPTP tanpa harus mengaktifkan TUN/TAPnya dan VPN softwarenya dan jgn lupa untuk rebuild ulang OSnya dulu pake Centos Template sebelum menjalankan cara ini.

.

swaziland · 3 Dec 2009

lare_ndusun said:

Beberapa waktu lalu saya menginstall openvpn di sebuah vps (openvz).
Vpn belum bisa jalan karena TUN/TAP blm di-enable.
Saya kirim suport ticket agar TUN/TAP di-enable.
Setelah TUN/TAP di-enable, vpn sudah bisa jalan dengan baik.
Permasalahannya, setelah admin melakukan reboot terhadap VPS saya,
vpn tidak jalan lagi dengan error log seperti di bawah ini:

Code:

Last login: Mon Nov 23 06:23:31 2009 from 123.123.123.123
[[email protected] ~]# openvpn /etc/openvpn/server.conf
Mon Nov 23 07:41:52 2009 OpenVPN 2.0.9 i386-redhat-linux [SSL] [LZO] [EPOLL] bui
lt on Nov 18 2009
Mon Nov 23 07:41:52 2009 Diffie-Hellman initialized with 1024 bit key
Mon Nov 23 07:41:52 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
]
Mon Nov 23 07:41:52 2009 TUN/TAP device tun0 opened
[B][COLOR="Blue"]Mon Nov 23 07:41:52 2009 Note: Cannot set tx queue length on tun0: Operation not
 permitted (errno=1)[/COLOR][/B]
Mon Nov 23 07:41:52 2009 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1
500
Mon Nov 23 07:41:52 2009 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw
10.8.0.2
Mon Nov 23 07:41:52 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
0 EL:0 AF:3/1 ]
Mon Nov 23 07:41:52 2009 UDPv4 link local (bound): 99.99.99.99:53
Mon Nov 23 07:41:52 2009 UDPv4 link remote: [undef]
Mon Nov 23 07:41:52 2009 MULTI: multi_init called, r=256 v=256
Mon Nov 23 07:41:52 2009 IFCONFIG POOL: base=10.8.0.4 size=62
Mon Nov 23 07:41:52 2009 IFCONFIG POOL LIST
Mon Nov 23 07:41:52 2009 host-name,10.8.0.4
Mon Nov 23 07:41:52 2009 user-name,10.8.0.8
Mon Nov 23 07:41:52 2009 Initialization Sequence Completed
Mon Nov 23 07:42:39 2009 MULTI: multi_create_instance called
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Re-using SSL/TLS context
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 LZO compression initialized
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Control Channel MTU parms [ L:1542 D
:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Data Channel MTU parms [ L:1542 D:14
50 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Local Options hash (VER=V4): '530fdd
ed'
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 Expected Remote Options hash (VER=V4
): '41690919'
Mon Nov 23 07:42:39 2009 123.123.123.123:1449 TLS: Initial packet from 123.123.123.123:1449, sid=5759b412 045d2f01
Mon Nov 23 07:42:51 2009 123.123.123.123:1449 VERIFY OK: depth=1, /C=US/ST=CA/L=Sa
nFrancisco/O=Fort-Funston/CN=host-name/[email protected]
Mon Nov 23 07:42:51 2009 123.123.123.123:1449 VERIFY OK: depth=0, /C=US/ST=CA/L=Sa
nFrancisco/O=Fort-Funston/CN=host-name/[email protected]
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Encrypt: Cipher 'BF-CBC
' initialized with 128 bit key
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Encrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Decrypt: Cipher 'BF-CBC
' initialized with 128 bit key
Mon Nov 23 07:42:52 2009 123.123.123.123:1449 Data Channel Decrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Mon Nov 23 07:42:53 2009 123.123.123.123:1449 Control Channel: TLSv1, cipher TLSv1
/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 23 07:42:53 2009 123.123.123.123:1449 [host-name] Peer Connection Initiat
ed with 123.123.123.123:1449
Mon Nov 23 07:42:53 2009 host-name/123.123.123.123:1449 MULTI: Learn: 10.8.0.6 ->
 host-name/123.123.123.123:1449
Mon Nov 23 07:42:53 2009 host-name/123.123.123.123:1449 MULTI: primary virtual IP
 for host-name/123.123.123.123:1449: 10.8.0.6
Mon Nov 23 07:42:54 2009 host-name/123.123.123.123:1449 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Mon Nov 23 07:42:54 2009 host-name/123.123.123.123:1449 SENT CONTROL [host-name]
: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,ping 5,ping-restart 30,ifconf
ig 10.8.0.6 10.8.0.5' (status=1)
Mon Nov 23 07:42:59 2009 host-name/123.123.123.123:1449 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Mon Nov 23 07:42:59 2009 host-name/123.123.123.123:1449 SENT CONTROL [host-name]
: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,ping 5,ping-restart 30,ifconf
ig 10.8.0.6 10.8.0.5' (status=1)
[B][COLOR="Blue"]Mon Nov 23 07:43:04 2009 host-name/123.123.123.123:1449 MULTI: bad source address
 from client [192.168.1.141], packet dropped
Mon Nov 23 07:43:06 2009 host-name/123.123.123.123:1449 MULTI: bad source address
 from client [192.168.1.141], packet dropped[/COLOR][/B]

Saya sudah open support ticket lagi, tapi blm ada jawaban.
Sambil menunggu, mungkin ada di antara teman2 yg ada di sini bisa membantu.
Terima kasih

mungkin file configurasinya ada yang berubah?

coba cek

Code:

http://www.void.gr/kargig/blog/2008/05/17/openvpn-multi-bad-source-address-from-client-solution/

nicosoftmedia said:
VPN bisa juga bekerja di VPS yang memakai virtualisasi OpenVZ, namun biasanya ada terjadi error di bagian command eksekusi VPNnya. Lebih baik menggunakan VPS berbasis XEN karena TUN/TAPnya udah aktif tanpa harus kontak supportnya. Jika menggunakan OpenVPN menjadi masalah sekarang. Coba gunakan cara ini :

Code:

http://www.anindya.com/installing-configuring-pptp-vpn-rhel-centos/

Link diatas memberikan cara untuk mengaktifkan VPN dengan fasilitas PPTP tanpa harus mengaktifkan TUN/TAPnya dan VPN softwarenya dan jgn lupa untuk rebuild ulang OSnya dulu pake Centos Template sebelum menjalankan cara ini. .

yup... lebih baik yang berbasis XEN untuk vpn...
tapi PPTP ga bisa jalan di openvz, jadi untuk openvz setau saya cuman menggunakan openvpn saja untuk server vpn

CMIIW

lare_ndusun · 4 Dec 2009

swaziland said:
mungkin file configurasinya ada yang berubah?

coba cek

Code:

http://www.void.gr/kargig/blog/2008/05/17/openvpn-multi-bad-source-address-from-client-solution/

yup... lebih baik yang berbasis XEN untuk vpn...
tapi PPTP ga bisa jalan di openvz, jadi untuk openvz setau saya cuman menggunakan openvpn saja untuk server vpn

CMIIW

terima kasih atas reply nya
akan saya pelajari dan saya coba dulu

[help] Openvpn di VPS error

lare_ndusun

New Member

nicosoftmedia

(RIP) Community Guide

swaziland

Beginner 2.0

lare_ndusun

New Member