meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:openvpn [2020/03/13 11:59] – [Installation] niziaklinux:openvpn [2020/10/19 13:53] (current) niziak
Line 1: Line 1:
 +====== OpenVPN ======
 +
 ====== Installation ====== ====== Installation ======
     * Put client configuration into ''/etc/openvpn/client/''     * Put client configuration into ''/etc/openvpn/client/''
     * Start openvpn services <code bash>     * Start openvpn services <code bash>
 systemctl start openvpn-client@config-name systemctl start openvpn-client@config-name
 +systemctl status openvpn-client@config-name
 systemctl enable openvpn-client@config-name systemctl enable openvpn-client@config-name
 </code> </code>
 +
 +NOTE: `openvpn-client@` service doesn't contain `restart`. 
 +The result of failed openvpn daemon looks like:
 +<code bash>
 +systemctl status openvpn-client@config-name
 +...
 +   Active: activating (auto-restart) since Mon 2020-10-19 15:50:36 CEST; 15s ago
 +     Docs: man:openvpn(8)
 +           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
 +           https://community.openvpn.net/openvpn/wiki/HOWTO
 + Main PID: 19630 (code=exited, status=0/SUCCESS)
 +...
 +</code>
 +
 +To make sure your VPN is running:
 +<code bash>systemctl edit openvpn-client@config-name</code>
 +
 +and enter following config:
 +
 +<code>
 +[Service]
 +Restart=always
 +RestartSec=300
 +</code>
 +
 +<code bash>systemctl daemon-reload</code>
 +
 +===== issue =====
 +<code>
 +openvpn[281925]: Failed to query password: Timer expired
 +openvpn[281924]: ERROR: Failed retrieving username or password
 +</code>
 +
 +Solution:
 +<file | /etc/systemd/system/openvpn-client@.service.d/askpass.conf>
 +[Service]
 +ExecStart=
 +ExecStart=/usr/sbin/openvpn --suppress-timestamps --askpass --nobind --config
 +%i.conf
 +</file>
 +
  
 ===== Deprecated ===== ===== Deprecated =====
Line 110: Line 154:
 MinProtocol = TLSv1 MinProtocol = TLSv1
 </file> </file>
 +
 +**Error**: File transfer stuck 
 +**Cause**: File transfer are using maximum packet size, which probably cannot fit to MTU limitataions
 +**Solution**: Not tested, try params like:
 +<file>
 +# On one side of connection
 +mssfix 1400
 +
 +# MTU on tunX interface
 +# has to be set on both sides
 +tun-mtu 1400 
 +</file>
 +
 +More: 
 +  * [[https://community.openvpn.net/openvpn/wiki/271-i-can-ping-through-the-tunnel-but-any-real-work-causes-it-to-lock-up-is-this-an-mtu-problem]]
 +  * [[https://www.sonassi.com/help/troubleshooting/setting-correct-mtu-for-openvpn|Setting correct MTU for OpenVPN]]
 ====== rsyslog ====== ====== rsyslog ======
 <file txt /etc/rsyslog.d/20-ovpn.conf> <file txt /etc/rsyslog.d/20-ovpn.conf>