OpenVPN can't read the new configuration file
by Jason.nix from LinuxQuestions.org on (#6D3H7)
Hello,
I created an OpenVPN server and connected a Windows client to it and it worked very good. I added a new NIC to my server and I want to connect new clients to my OpenVPN server via this new NIC. My new NIC name is enp0s9:
Code:# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link>
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
RX packets 34889 bytes 3339713 (3.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31352 bytes 3453218 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe74:6397 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:74:63:97 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17 bytes 1286 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.4.15 netmask 255.255.255.0 broadcast 10.0.4.255
inet6 fe80::a00:27ff:fe48:eba4 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:48:eb:a4 txqueuelen 1000 (Ethernet)
RX packets 2 bytes 1180 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1900 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0I created a new directory under "/etc/openvpn" directory for new clients and started to create keys:
Code:# mkdir /etc/openvpn/New
# cp -r /usr/share/easy-rsa /etc/openvpn/New
# cd /etc/openvpn/New/easy-rsa/
# mv vars.example vars
# nano vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="NY"
export KEY_ORG="MyName"
export KEY_EMAIL="admin@example.com"
export KEY_OU="OpenVPN"Then:
Code:# ./easyrsa init-pki
# ./easyrsa build-ca nopassWhen it asked Common Name (eg: your user, host, or server name) [Easy-RSA CA]: then I entered server2. After it:
Code:# ./easyrsa gen-req server2 nopass
# ./easyrsa sign-req server server2
# ./easyrsa gen-dh
# openvpn --genkey secret ta.keyThen, I created a new directory and copied the files that have been created:
Code:# mkdir /etc/openvpn/server2
# cp ta.key /etc/openvpn/server2
# cp pki/ca.crt /etc/openvpn/server2
# cp pki/private/server2.key /etc/openvpn/server2
# cp pki/issued/server2.crt /etc/openvpn/server2
# cp pki/dh.pem /etc/openvpn/server2After it, I generated client certificate and key:
Code:# ./easyrsa gen-req client2 nopass
# ./easyrsa sign-req client client2Then:
Code:# mkdir /etc/openvpn/client2
# cp pki/ca.crt /etc/openvpn/client2/
# cp pki/issued/client2.crt /etc/openvpn/client2/
# cp pki/private/client2.key /etc/openvpn/client2/Finally, I created the new OpenVPN configuration file:
Code:# touch /etc/openvpn/server2.confAnd filled it with the following lines:
Code:port 1194
proto udp
dev tun
ca /etc/openvpn/server2/ca.crt
cert /etc/openvpn/server2/server2.crt
key /etc/openvpn/server2/server2.key
dh /etc/openvpn/server2/dh.pem
server 10.9.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth /etc/openvpn/server2/ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1As you see, I defined the location of the new certificate and Key and defined a new IP address too:
Code:server 10.9.0.0 255.255.255.0After it, I started the OpenVPN server as below:
Code:# service openvpn start /etc/openvpn/server2.confBut, the new NIC that it created is:
Code:tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::2f29:1de1:626a:65ca prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 48 (48.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0This is 10.8.0.1 not 10.9.0.1. The problem is that it never read server2.conf file. What is wrong?
I tried:
Code:# systemctl start openvpn@server /etc/openvpn/server2.conf
Failed to start etc-openvpn-server2.conf.mount: Unit etc-openvpn-server2.conf.mount not found.
Thank you.
I created an OpenVPN server and connected a Windows client to it and it worked very good. I added a new NIC to my server and I want to connect new clients to my OpenVPN server via this new NIC. My new NIC name is enp0s9:
Code:# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link>
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
RX packets 34889 bytes 3339713 (3.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31352 bytes 3453218 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe74:6397 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:74:63:97 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17 bytes 1286 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.4.15 netmask 255.255.255.0 broadcast 10.0.4.255
inet6 fe80::a00:27ff:fe48:eba4 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:48:eb:a4 txqueuelen 1000 (Ethernet)
RX packets 2 bytes 1180 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1900 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0I created a new directory under "/etc/openvpn" directory for new clients and started to create keys:
Code:# mkdir /etc/openvpn/New
# cp -r /usr/share/easy-rsa /etc/openvpn/New
# cd /etc/openvpn/New/easy-rsa/
# mv vars.example vars
# nano vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="NY"
export KEY_ORG="MyName"
export KEY_EMAIL="admin@example.com"
export KEY_OU="OpenVPN"Then:
Code:# ./easyrsa init-pki
# ./easyrsa build-ca nopassWhen it asked Common Name (eg: your user, host, or server name) [Easy-RSA CA]: then I entered server2. After it:
Code:# ./easyrsa gen-req server2 nopass
# ./easyrsa sign-req server server2
# ./easyrsa gen-dh
# openvpn --genkey secret ta.keyThen, I created a new directory and copied the files that have been created:
Code:# mkdir /etc/openvpn/server2
# cp ta.key /etc/openvpn/server2
# cp pki/ca.crt /etc/openvpn/server2
# cp pki/private/server2.key /etc/openvpn/server2
# cp pki/issued/server2.crt /etc/openvpn/server2
# cp pki/dh.pem /etc/openvpn/server2After it, I generated client certificate and key:
Code:# ./easyrsa gen-req client2 nopass
# ./easyrsa sign-req client client2Then:
Code:# mkdir /etc/openvpn/client2
# cp pki/ca.crt /etc/openvpn/client2/
# cp pki/issued/client2.crt /etc/openvpn/client2/
# cp pki/private/client2.key /etc/openvpn/client2/Finally, I created the new OpenVPN configuration file:
Code:# touch /etc/openvpn/server2.confAnd filled it with the following lines:
Code:port 1194
proto udp
dev tun
ca /etc/openvpn/server2/ca.crt
cert /etc/openvpn/server2/server2.crt
key /etc/openvpn/server2/server2.key
dh /etc/openvpn/server2/dh.pem
server 10.9.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth /etc/openvpn/server2/ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1As you see, I defined the location of the new certificate and Key and defined a new IP address too:
Code:server 10.9.0.0 255.255.255.0After it, I started the OpenVPN server as below:
Code:# service openvpn start /etc/openvpn/server2.confBut, the new NIC that it created is:
Code:tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::2f29:1de1:626a:65ca prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 48 (48.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0This is 10.8.0.1 not 10.9.0.1. The problem is that it never read server2.conf file. What is wrong?
I tried:
Code:# systemctl start openvpn@server /etc/openvpn/server2.conf
Failed to start etc-openvpn-server2.conf.mount: Unit etc-openvpn-server2.conf.mount not found.
Thank you.