Comments (29)
PLEASE STAY ON TOPIC - THIS IS ABOUT PKCS12 CERTIFICATE/PRIVATE KEY BUNDLES
from openvpn3-linux.
Can you first try to start this configuration using the openvpn2
command using --verb 6
? Also, you do not need to start VPN sessions as root (even via sudo
) with OpenVPN 3 Linux. Unless you really want root
to own the VPN session.
Just try this first:
user@host ~ $ openvpn2 --config FILENAME.ovpn --verb 6
The openvpn2
command is emulating the old OpenVPN 2.x command line, only supporting most of the client options.
from openvpn3-linux.
Thanks for the quick reply!
When I use openvpn2
I get a different, also confusing, error: pyOpenSSL library is not installed. Cannot parse PKCS#12 files.
I've checked (using pip
, also using python
then import OpenSSL
), but I do have pyOpenSSL installed in my Python environment (both python2
and python
).
from openvpn3-linux.
You need the Python 3 packaging for these dependencies. python
is just pointing at your python2
environment. python3
is "independent" of the Python 2.x installation.
So check for python3
packages and use pip3
if you don't find it via apt
. I believe you might need python3-openssl
on Ubuntu 18.04.
from openvpn3-linux.
Btw, are you installing OpenVPN 3 Linux from the apt repositories, or have you done a build yourself?
Details here: https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux
from openvpn3-linux.
Btw, are you installing OpenVPN 3 Linux from the apt repositories, or have you done a build yourself?
From the APT repositories. I followed the instructions from that page, under "Pre-built packages" -> "Debian, Ubuntu".
You need the Python 3 packaging for these dependencies.
python
is just pointing at yourpython2
environment.python3
is "independent" of the Python 2.x installation.
I actually mapped python
to python3
. My bad, should have mentioned. But this did actually get me further, because I realized I installed PyOpenSSL for Python 2, not for Python 3.
Now there seems to be an incompatibility of some sort in my config file. The new error message is:
/usr/bin/openvpn2: error: unrecognized arguments: --ncp-ciphers AES-256-GCM:AES-128-GCM`
from openvpn3-linux.
I actually mapped
python
topython3
. My bad, should have mentioned. But this did actually get me further, because I realized I installed PyOpenSSL for Python 2, not for Python 3.
In regards to openvpn2
that shouldn't change anything, as it should be hard-coded to use python3
.
Now there seems to be an incompatibility of some sort in my config file. The new error message is:
/usr/bin/openvpn2: error: unrecognized arguments: --ncp-ciphers AES-256-GCM:AES-128-GCM`
Ouch! That's not your fault. That's actually something missing in the config parser in the openvpn3 python module. Okay, so this approach didn't work as smooth as it usually does. Lets go to plan B.
Have two terminals handy. In the first one, we will start a process watching for logs:
user@host: ~ $ openvpn3 log --log-level 6 --config FILENAME.ovpn
In the second terminal, run this:
user@host: ~ $ openvpn3 session-start --config FILENAME.ovpn
(the openvpn2
approach would result in the same, but with a single command)
from openvpn3-linux.
Output of session-start
:
Using configuration profile from file: FILENAME.ovpn
Session path: /net/openvpn/v3/sessions/8de70a1bse232s46a5sac7csf08a030b7ddf
session-start: ** ERROR ** Failed to start new session: Failed calling D-Bus method Ready: GDBus.Error:net.openvpn.v3.sessions.error: Backend VPN process have died. Session is no longer valid.
Output of log
:
Waiting for session to start ... Done
Attaching to session /net/openvpn/v3/sessions/8de70a1bse232s46a5sac7csf08a030b7ddf
** ERROR ** Failed setting new property value on 'receive_log_events': Failed to retrieve unique bus ID for bus name 'net.openvpn.v3.backends.be7541': Failed calling D-Bus method GetNameOwner: Could not get owner of name 'net.openvpn.v3.backends.be7541': no such name
from openvpn3-linux.
Okay, this makes it a bit clearer. It's the openvpn3-service-client
crashing. The challenge now is to figure out why. I'll get back to you over the weekend with some approaches to debug this better.
If you feel adventurous doing some debugging on your own in the meantime, have a look here: https://github.com/OpenVPN/openvpn3-linux/blob/master/docs/debugging.md ... The best is if you are able to enable and track down some coredumps or a backtrace of the crash, but I don't quite remember how that works on Ubuntu.
from openvpn3-linux.
I've managed to install openvpn
with the debugging options enabled, but I'm kind of lost with the debugging instructions.
from openvpn3-linux.
Good! So I've put together a pretty simple debug helper script in Python. First, you need to import the configuration profile you want to test with. This debug script does not support configurations requiring username/passwords. If your config requires that, let me know and I'll expand this script to provide this information as well.
First, import the configuration profile:
[user@host ~]$ openvpn3 config-import --config FILENAME.ovpn --name CONFIGNAME
Then save the script below:
#!/usr/bin/python3
import sys
import os
import time
import dbus
import openvpn3
if len(sys.argv) != 2:
print("Usage: %s <pre-imported config name>" % sys.argv[0])
sys.exit(1)
# Get a connection to the D-Bus System Bus
sysbus = dbus.SystemBus()
# Get a connection to the Config Manager and retrieve
# a configuration object representing this config
cfgmgr = openvpn3.ConfigurationManager(sysbus)
cfgpaths = cfgmgr.LookupConfigName(sys.argv[1])
if len(cfgpaths) == 0:
print("No configuration profile found")
sys.exit(1)
elif len(cfgpaths) > 1:
print("More than one configuration profile found using the first match")
print("Retrieving configuration profile from %s" % cfgpaths[0])
cfg = cfgmgr.Retrieve(cfgpaths[0])
# Connecting to the Session Manager and starting a new tunnel session
sesmgr = openvpn3.SessionManager(sysbus)
session = sesmgr.NewTunnel(cfg)
time.sleep(1) # Simplistic method to ensure the backend client settles
print("New VPN session initiated: %s" % session.GetPath())
pid = int(session.GetProperty("backend_pid"))
host = os.uname().nodename.split('.')[0]
print("Backend client PID: %i\n" % pid)
print("In a different terminal, run the following command as root:\n")
print(" [root@%s ~]# gdb --pid %i\n" % (host, pid))
print("Inside this debugger command prompt, type: 'continue'\n")
print(" (gdb) continue\n")
input("When this is done, hit [ENTER] in this terminal ... ")
print("\nStarting VPN session ...")
session.Ready()
session.Connect()
print("Connecting, session status: %s" % str(session.GetStatus()))
time.sleep(5)
print("Session status: %s" % str(session.GetStatus()))
input("Hit [ENTER] to disconnect and shutdown session ... ")
session.Disconnect()
To use this script, let's say you named it ovpn3-debug.py
:
[user@host ~]$ python3 ovpn3-debug.py CONFIGNAME
Retrieving configuration profile from /net/openvpn/v3/configuration/4a779694x7a84x402fxad2exdf348d99c303
New VPN session initiated: /net/openvpn/v3/sessions/96ef5bb7sa909s4c9dsb568sb4b66df5295b
Backend client PID: 19304
In a different terminal, run the following command as root:
[root@optimus ~] # gdb --pid 19304
Inside this debugger command prompt, type: 'continue'
(gdb) continue
When this is done, hit [ENTER] in this terminal ...
Do what this script instructs you to do, and hit [ENTER]. It is important that you run gdb
with root privleges, otherwise you cannot attach a debugger to the openvpn3-service-client
process. I do expect your gdb
terminal to bail out with a crash. When that happens, type: thread apply all bt
and copy-paste everything you see from the beginning of the gdb
command to this ticket.
from openvpn3-linux.
Thanks for the very extensive instructions! The connection does indeed require username & password however...
from openvpn3-linux.
No worries, here's an updated debug script which will expect user credentials to be provided:
#!/usr/bin/python3
import sys
import os
import time
import getpass
import dbus
import openvpn3
if len(sys.argv) != 2:
print("Usage: %s <pre-imported config name>" % sys.argv[0])
sys.exit(1)
# Get a connection to the D-Bus System Bus
sysbus = dbus.SystemBus()
# Get a connection to the Config Manager and retrieve
# a configuration object representing this config
cfgmgr = openvpn3.ConfigurationManager(sysbus)
cfgpaths = cfgmgr.LookupConfigName(sys.argv[1])
if len(cfgpaths) == 0:
print("No configuration profile found")
sys.exit(1)
elif len(cfgpaths) > 1:
print("More than one configuration profile found using the first match")
print("Retrieving configuration profile from %s" % cfgpaths[0])
cfg = cfgmgr.Retrieve(cfgpaths[0])
# Connecting to the Session Manager and starting a new tunnel session
sesmgr = openvpn3.SessionManager(sysbus)
session = sesmgr.NewTunnel(cfg)
time.sleep(1) # Simplistic method to ensure the backend client settles
# Provide user credentials
for uislot in session.FetchUserInputSlots():
if uislot.GetInputMask():
val = getpass.getpass("%s: " % uislot.GetLabel())
else:
val = input("%s: " % uislot.GetLabel())
uislot.ProvideInput(val)
print("\nNew VPN session initiated: %s" % session.GetPath())
pid = int(session.GetProperty("backend_pid"))
host = os.uname().nodename.split('.')[0]
print("Backend client PID: %i\n" % pid)
print("In a different terminal, run the following command as root:\n")
print(" [root@%s ~]# gdb --pid %i\n" % (host, pid))
print("Inside this debugger command prompt, type: 'continue'\n")
print(" (gdb) continue\n")
input("When this is done, hit [ENTER] in this terminal ... ")
print("\nStarting VPN session ...")
session.Ready()
session.Connect()
print("Connecting, session status: %s" % str(session.GetStatus()))
time.sleep(5)
print("Session status: %s" % str(session.GetStatus()))
input("Hit [ENTER] to disconnect and shutdown session ... ")
session.Disconnect()
from openvpn3-linux.
Here we go. The output of the debug script:
Starting VPN session ...
Traceback (most recent call last):
File "./magicscript.py", line 47, in <module>
session.Connect()
File "/usr/lib/python3.6/site-packages/openvpn3/SessionManager.py", line 138, in __delete_checker
return func(self, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/openvpn3/SessionManager.py", line 188, in Connect
self.__session_intf.Connect()
File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib/python3/dist-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.gtk.GDBus.UnmappedGError.Quark._g_2dio_2derror_2dquark.Code36: GDBus.Error:net.openvpn.v3.sessions.error: Failed communicating with VPN backend: Failed calling D-Bus method Connect: GDBus.Error:net.openvpn.v3.backend.error.standard: Failed executing D-Bus call 'Connect': Configuration pre-parsing failed: option_error: option <pkcs12> was not properly closed out
The gdb
terminal did actually not crash. It stays at Continuing.
from openvpn3-linux.
Wow! That's interesting! But at least now we have an error which makes some sense. And there more issues being triggered in parallel. The trigger point is here:
Configuration pre-parsing failed: option_error: option <pkcs12> was not properly closed out
The --pkcs12
feature has not been thoroughly tested, so it is definitely related to this.
Could you try to run this config against the classic OpenVPN 2.x and see if that behaves as expected?
from openvpn3-linux.
I believe I did this, before we went through the debugging route: #25 (comment)
I got this error then, and the same now:
/usr/bin/openvpn2: error: unrecognized arguments: --ncp-ciphers AES-256-GCM:AES-128-GCM`
I don't think I can run openvpn2
with the debugging tools, right? Since your script initiates the session, instead of using the command-line API.
from openvpn3-linux.
Ahh, the openvpn2
command is not the same as the classic OpenVPN 2.x version. The openvpn2
command is provided by openvpn3-linux. You need the one provided by apt install openvpn
and use the openvpn
command.
from openvpn3-linux.
I wasn't aware. My apologies!
With openvpn
, I can connect to the server. :)
from openvpn3-linux.
Alright, so the configuration file is not corrupt. I'll run some more testing with --pkcs12
.
from openvpn3-linux.
Hello, I faced the same problem when trying to run openvpn3 inside docker.
With
openvpn
, I can connect to the server. :)
But when I use openvpn --config config_file.ovpn --verb 6
It fails with Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
To fix this I've added
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
to Dockerfile
And now it fails with Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Can you give me advice that should I do to fix this?
Docker image adoptopenjdk/openjdk11:jdk-11.0.9.1_1-ubuntu
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
from openvpn3-linux.
Hello, I faced the same problem when trying to run openvpn3 inside docker.
With
openvpn
, I can connect to the server. :)But when I use
openvpn --config config_file.ovpn --verb 6
It fails withCannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
This is confusing. This issue is not about running OpenVPN 3 Linux in Docker. In addition, you talk about openvpn
which is the OpenVPN 2.x version, not OpenVPN 3 Linux. And running OpenVPN (any version) inside a Docker container is a questionable use case to start with. But that is not something we will discuss in this ticket.
This issue is about PKCS12 files not being handled correctly in the OpenVPN 3 Python module. Please stay on topic within in the issue tickets.
from openvpn3-linux.
Was there ever any progress on this? I'm having the exact same issues and identical errors when trying the debug steps in previous comments. I can also connect using openvpn but not openvpn3. It may be coincidence, but I had a router failure and this issue started after I replaced it -- however I tried purging/reinstalling both openvpn and openvpn3 (via apt) as well as removing and re-adding my configs after fixing the router and neither had any effect. I am on Ubuntu 20.04.
from openvpn3-linux.
@benfreefly Does your configuration profile contain --pkcs12
? If yes, then this is not properly solved yet.
from openvpn3-linux.
Hi All, I faced the same problem [https://github.com//issues/25#issue-713533453]. What worked for me was to simply downgrade the openvpn3 version to 13.
This is the command for Ubuntu 20.04: sudo apt install openvpn3=13~beta-1+focal
I haven't checked for other Distros but should work fine by replacing with the distro name which can be found on OpenVpn official website
Thanks!
from openvpn3-linux.
Hi All, I faced the same problem What worked for me was to simply downgrade the openvpn3 version to 13. This is the command for Ubuntu 20.04:
sudo apt install openvpn3=13~beta-1+focal
I haven't checked for other Distros but should work fine by replacing with the distro name which can be found on OpenVpn official website Thanks!
@coolgoel18 This doesn't make sense. --pkcs12
option support has never been properly supported in OpenVPN 3 Linux, due to lack of support of it in the OpenVPN 3 Core library. Using the openvpn2
command line wrapper from the OpenVPN 3 Linux project is able to handle this, because it uses the Python OpenSSL implementation to split up the .pkcs12
file into separate .pem
files for certificates, keys and CA certificate.
from openvpn3-linux.
Hi All, I faced the same problem What worked for me was to simply downgrade the openvpn3 version to 13. This is the command for Ubuntu 20.04:
sudo apt install openvpn3=13~beta-1+focal
I haven't checked for other Distros but should work fine by replacing with the distro name which can be found on OpenVpn official website Thanks!@coolgoel18 This doesn't make sense.
--pkcs12
option support has never been properly supported in OpenVPN 3 Linux, due to lack of support of it in the OpenVPN 3 Core library. Using theopenvpn2
command line wrapper from the OpenVPN 3 Linux project is able to handle this, because it uses the Python OpenSSL implementation to split up the.pkcs12
file into separate.pem
files for certificates, keys and CA certificate.
Hey man! I went through the convo above when I faced the issue, you definitely know a lot about openvpn. I am just mentioning a solution which I found on stackoverflow, not necessarily the exact solution for this thread but since I came across this thread and a solution worked for me I posted. BTW I am using wsl and if you face daemon bus issue you can start the dbus using
sudo service dbus start
I really don't know the technicalities but this worked for me so just posting it here for what its worth.
cheers!
from openvpn3-linux.
To the next commenter
Have you read carefully the initial issue comment? Have you verified your configuration does contain pkcs12
? If no, do that first.
from openvpn3-linux.
From @dsommers comment.
@coolgoel18 This doesn't make sense.
--pkcs12
option support has never been properly supported in OpenVPN 3 Linux, due to lack of support of it in the OpenVPN 3 Core library. Using theopenvpn2
command line wrapper from the OpenVPN 3 Linux project is able to handle this, because it uses the Python OpenSSL implementation to split up the.pkcs12
file into separate.pem
files for certificates, keys and CA certificate.
using openvpn2
command line wrapper for OpenVPN3 solved my problem of CA Not Defined
when using .p12
file.
Thanks 👍
from openvpn3-linux.
I wrapped together a quick Python script now, which can import configuration profiles (a variant of openvpn3 config-import --persistent
). I'll add that to the source repo in the nearer future as well; but here's a copy of it - only lightly tested.
#!/usr/bin/python3
#
# OpenVPN 3 Linux client -- Next generation OpenVPN client
#
# SPDX-License-Identifier: AGPL-3.0-only
#
# Copyright (C) 2017 - 2023 OpenVPN Inc <[email protected]>
# Copyright (C) 2017 - 2023 David Sommerseth <[email protected]>
#
#
# Another Python implementation of importing a configuration profile.
# This approach uses the openvpn3 Python to get a real configuration
# profile to use for the import (via the openvpn3.ConfigParser) and
# imports it using the openvpn3.ConfigurationManager.
#
# Use this as: ./configimport2.py CONFIG_NAME <openvpn 2 options>
# Example: ./configimport2.py my-config --config /path/to/config.ovpn --verb 6
#
import dbus
import openvpn3
import sys
# Simple argument pre-checks
if sys.argv[1] in ['--help','-h']:
openvpn3.ConfigParser(sys.argv, 'Imports a configuration profile')
sys.exit(0)
if len(sys.argv) < 3:
print('** ERROR ** Too few arguments')
print('Usage: %s CONFIG_NAME <openvpn options....>')
sys.exit(1)
# Parse the configuration
config_name = sys.argv[1]
parser_args = [sys.argv[0],] + sys.argv[2:]
cfgparser = openvpn3.ConfigParser(parser_args, 'Imports a configuration profile')
cfgparser.SanityCheck()
config_profile = cfgparser.GenerateConfig()
# Get a connection to the system bus
bus = dbus.SystemBus()
# Get a connection to the OpenVPN 3 Configuration Manager
config_mgr = openvpn3.ConfigurationManager(bus)
# Import the configuration as a multi-use, persistent configuration profile
config = config_mgr.Import(config_name, config_profile, False, True)
print('Configuration "%s" imported' % config_name)
print('Configuration path: ' + config.GetPath())
This will appear as src/tests/python/configimport2.py
once committed and pushed.
from openvpn3-linux.
Related Issues (20)
- Support OpenVPN3 on Fedora Silverblue HOT 31
- session-manage --cleanup doesn't always clean up? HOT 4
- Ubuntu 23.10 - Failed to execute program net.openvpn.v3.sessions: Permission denied error persists. HOT 1
- TLS Error with openvpn3 HOT 14
- Route metrics HOT 2
- non-interactive auth-user-pass mode with dummy data HOT 6
- ** ERROR ** Configuration profile name "CloudConnexa" already exists HOT 9
- StatusManagerEvent signal is sent before backend client service is ready HOT 14
- Provided script for connector installation failed HOT 1
- OpenVPN3 v21, U 23.10 and CloudConnexa DIVE HOT 1
- Failed to start session with CloudConnexa on Fedora Linux HOT 3
- D-Bus API: requests for improvements HOT 2
- OpenVPN3 doesn't set back previous DNS after disconnect using systemd-resolved in stub mode HOT 1
- Support Synology DSM? HOT 2
- Can't access sites via domain only via ip
- <connection> profiles are non-functional + unkown/unsupported option details are lacking HOT 11
- Error after ArchLinux upgrade HOT 1
- Add support for resolvconf interface HOT 1
- Support for ubuntu 24.04 HOT 4
- How to check the encryption protocol used when connecting to openvpn HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn3-linux.