meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
linux:openvpn [2020/03/13 12:59] – [Installation] niziaklinux:openvpn [2020/10/19 15:52] niziak
Line 1: Line 1:
 +====== OpenVPN ======
 +
 ====== Installation ====== ====== Installation ======
     * Put client configuration into ''/etc/openvpn/client/''     * Put client configuration into ''/etc/openvpn/client/''
     * Start openvpn services <code bash>     * Start openvpn services <code bash>
 systemctl start openvpn-client@config-name systemctl start openvpn-client@config-name
 +systemctl status openvpn-client@config-name
 systemctl enable openvpn-client@config-name systemctl enable openvpn-client@config-name
 </code> </code>
 +
 +NOTE: `openvpn-client@` service doesn't contain `restart`. 
 +The result of failed openvpn daemon looks like:
 +<code bash>
 +systemctl status openvpn-client@config-name
 +...
 +   Active: activating (auto-restart) since Mon 2020-10-19 15:50:36 CEST; 15s ago
 +     Docs: man:openvpn(8)
 +           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
 +           https://community.openvpn.net/openvpn/wiki/HOWTO
 + Main PID: 19630 (code=exited, status=0/SUCCESS)
 +...
 +</code>
 +
 +To make sure your VPN is running:
 +<code bash>systemctl edit openvpn-client@config-name</code>
 +
 +and enter following config:
 +
 +<code>
 +[Service]
 +Restart=always
 +RestartSec=300
 +</code>
 +
 +===== issue =====
 +<code>
 +openvpn[281925]: Failed to query password: Timer expired
 +openvpn[281924]: ERROR: Failed retrieving username or password
 +</code>
 +
 +Solution:
 +<file | /etc/systemd/system/openvpn-client@.service.d/askpass.conf>
 +[Service]
 +ExecStart=
 +ExecStart=/usr/sbin/openvpn --suppress-timestamps --askpass --nobind --config
 +%i.conf
 +</file>
 +
  
 ===== Deprecated ===== ===== Deprecated =====
Line 110: Line 152:
 MinProtocol = TLSv1 MinProtocol = TLSv1
 </file> </file>
 +
 +**Error**: File transfer stuck 
 +**Cause**: File transfer are using maximum packet size, which probably cannot fit to MTU limitataions
 +**Solution**: Not tested, try params like:
 +<file>
 +# On one side of connection
 +mssfix 1400
 +
 +# MTU on tunX interface
 +# has to be set on both sides
 +tun-mtu 1400 
 +</file>
 +
 +More: 
 +  * [[https://community.openvpn.net/openvpn/wiki/271-i-can-ping-through-the-tunnel-but-any-real-work-causes-it-to-lock-up-is-this-an-mtu-problem]]
 +  * [[https://www.sonassi.com/help/troubleshooting/setting-correct-mtu-for-openvpn|Setting correct MTU for OpenVPN]]
 ====== rsyslog ====== ====== rsyslog ======
 <file txt /etc/rsyslog.d/20-ovpn.conf> <file txt /etc/rsyslog.d/20-ovpn.conf>