Beruflich Dokumente
Kultur Dokumente
While setting up OpenVPN I came accross some common errors or workarounds that make life easier. To
make it easier to remember these I have documented them in this blog. Maybe they are useful for others
as well.
You’ll have to enter one more time the pass phrase of the key, and then a new server.key file is written
without the pass phrase. You can see this when looking into the key files.
1/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
Note: file starts with: BEGIN ENCRYPTED PRIVATE KEY
more /etc/init.d/openvpn
2/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
The file should already be copied by yum to /etc/rc.d/init.d/openvpn
Check whether or not openvpn is already configured to run as a service. For each run level, the status is
either on or off. In case of on, openvpn is already configured to run as a service. In this example, opevpn
is not configured to run as a service in any runlevel.
3/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
OpenVPN will now be started as a service in the run levels 2, 3, 4 and 5. Output of openvpn is then written
to /var/log/messages
Systemd
To start and control openvpn via systemd. Check status of openvpn.
4/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
Edit service configuration
Insert the client configuration to start automatically. Here, I am going to start client1.conf:
AUTOSTART=”client1”
Start service
sudo systemctl start openvpn sudo systemctl status openvpn
5/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
Solving common OpenVPN connection error message
Some information on how to solve common OpenVPN error message on the server and client. Most occur
when trying to start OpenVPN for the first time.
TA.KEY
Client starts connecting but no connection is established.
Error message
Cause
Solution
Copy the ta.key into the openvpn configuration directory and specify its location in the conf file.
Error message
Cause
Server and client are using different algorithms for encryption and decryption. On the server, the log gives
more information:
Solution
Server uses AES-256-CBC, while the client is using BF-CBC. Adjust the client configuration in client.conf.
Insert cipher AES-256-CBC in client.conf
6/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
Other parameters to adjust
During first startup, some warning message may be written on the server log. Most common they refer to
link-mtu, cipher, keysize or comp-lzo.
Solution
Adjust the parameters in the client.conf file so that they match the server configuration. Also good to check
this way if a not controlled/configured client is connecting to your server.
Link-mtu
Configure the client to use the same mtu size as the server. Insert parameter link-mtu into client.conf.
link-mtu 1557
Keysize
Keysize used by client and server should be the same. Insert parameter keysize into client.conf.
keysize 256
Comp-lzo
7/8
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de