# [solved] Gentoo OpenVPN-Client as Gateway

## MasterGollom

Hi guys,

I'm new to OpenVPN and I can't find any tutorials for a setup I want to achieve.

So, what I want to do is this:

```
                          +-------------------------+

               (public IP)|                         |

  {INTERNET}=============={     Router              |

                          |                         |

                          |         LAN switch      |

                          +------------+------------+

                                       | (192.168.1.1)

                                       |

                                       |              +-----------------------+

                                       |              |                       |

                                       |              |        OpenVPN        |  eth1: 192.168.1.207/24

                                       +--------------{eth1    Client         |  eth0: 10.0.0.1/24            +-------------------+

                                       |              |                       |                               |                   |

                                       |              |                   eth0}-------------------------------+ Other LAN clients |

                                       |              +-----------------------+                               |                   |

                                       |                                                                      |    10.0.0.0/24    |

                              +--------+-----------+                                                          |   (internal net)  |

                              |                    |                                                          +-------------------+

                              |  Other LAN clients |

                              |                    |

                              |   192.168.1.0/24   |

                              |   (internal net)   |

                              +--------------------+

```

I have OpenVPN installed on my Box and I've put the config file from my provider on it. When I start OpenVPN I can enter the credentials and after this it tells me something like this:

```

WARNING: openvpn has started, but is inactive

```

EDIT: 

Here's the OpenVPN conf from my provider:

```
root@vpn # cat /etc/openvpn/openvpn.conf

client

dev tun

proto udp

remote 123.456.789.123 1194

resolv-retry infinite

nobind

persist-key

persist-tun

persist-remote-ip

#ca vpn.crt

tls-client

remote-cert-tls server

auth-user-pass

comp-lzo

log /etc/openvpn/openvpn.log

verb 3

auth SHA256

cipher AES-256-CBC

<ca>

-----BEGIN CERTIFICATE-----

[u][b]I removed this[/b][/u]

-----END CERTIFICATE-----

</ca>                       
```

Here's what my openvpn.log says:

```
root@vpn # cat /etc/openvpn/openvpn.log

Mon May 23 16:53:50 2016 OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 22 2016

Mon May 23 16:53:50 2016 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08

Enter Auth Username:Enter Auth Password:

Mon May 23 16:54:01 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Mon May 23 16:54:01 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]

Mon May 23 16:54:01 2016 UDPv4 link local: [undef]

Mon May 23 16:54:01 2016 UDPv4 link remote: [AF_INET]81.xxx.xxx.xxx:1194

Mon May 23 16:54:01 2016 TLS: Initial packet from [AF_INET]81.xxx.xxx.xxx:1194, sid=8a65a303 7de0bc77

Mon May 23 16:54:01 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Mon May 23 16:54:01 2016 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN

Mon May 23 16:54:01 2016 Validating certificate key usage

Mon May 23 16:54:01 2016 ++ Certificate has key usage  00a0, expects 00a0

Mon May 23 16:54:01 2016 VERIFY KU OK

Mon May 23 16:54:01 2016 Validating certificate extended key usage

Mon May 23 16:54:01 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Mon May 23 16:54:01 2016 VERIFY EKU OK

Mon May 23 16:54:01 2016 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN

Mon May 23 16:54:07 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Mon May 23 16:54:07 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Mon May 23 16:54:07 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Mon May 23 16:54:07 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Mon May 23 16:54:07 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Mon May 23 16:54:07 2016 [vpn] Peer Connection Initiated with [AF_INET]81.xxx.xxx.xxx:1194 
```

and here's what I get from ipinfo.io:

```
root@vpn # wget http://ipinfo.io/ip -qO -

85.xxx.xxx.xxx
```

ifconfig -a doesn't even show me tun0.

```
root@vpn # ifconfig -a

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.1.207  netmask 255.255.255.0  broadcast 192.168.1.255

        inet6 fe80::20c:29ff:fe1e:4fdc  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:1e:4f:dc  txqueuelen 1000  (Ethernet)

        RX packets 81873  bytes 20522651 (19.5 MiB)

        RX errors 0  dropped 17  overruns 0  frame 0

        TX packets 1683  bytes 510799 (498.8 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255

        inet6 fe80::20c:29ff:fe1e:4fe6  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:1e:4f:e6  txqueuelen 1000  (Ethernet)

        RX packets 79924  bytes 20338976 (19.3 MiB)

        RX errors 0  dropped 17  overruns 0  frame 0

        TX packets 8  bytes 648 (648.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1  (Local Loopback)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0   
```

/dev/tun is present an loaded, so dmesg shows it.

```
root@vpn # dmesg | grep tun

[   19.241340] tun: Universal TUN/TAP device driver, 1.6

[   19.241347] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
```

I hope someone could help me getting this running

thanks in advanceLast edited by MasterGollom on Sat May 28, 2016 12:30 pm; edited 1 time in total

----------

## patrix_neo

I can see right away that your config states dev tun

Here: https://wiki.gentoo.org/wiki/OpenVPN

it says dev tun0

If you haven't read the document above, I'd check my kernel config as well as any iptable rules you might have.

I had this behaviour too a while back. Not 100% sure, but make it so that you have all necessary kernel modules loaded (=m) or that your kernel supports it (=y).

----------

## MasterGollom

Got everything running now.

Due to a wrong username (my stupidity) the login on my vpn service failed and tun0 hasn't been opened.

thanks anyway

----------

