# [Solved]Is my openvpn ok or not?

## skorefish

hello,

i' m trying to connect 2 Gentoo boxes with openvpn 

```
server 192.168.2.99, client 192.168.2.50

         

         server : * Starting openvpn ...                                                                               [ ok ]

         client:  * Starting openvpn ...                                                                               [ ok ]

                    * WARNING: openvpn has started, but is inactive

                    ....Mon Feb  1 12:59:15 2016 us=754287 Initialization Sequence Completed

         

```

openvpn.conf(server): https://bpaste.net/show/4d0dd3bf7cf7

openvpn.log(server): https://bpaste.net/show/edf2adcdb6f4

openvpn.conf(client):  https://bpaste.net/show/08e6564916f9

openvpn.log(client):  https://bpaste.net/show/ba882ed2b210

what am I doing wrong/ what do I have to do more ? ...

```

#pushing route tables

push "route 192.168.2.1 255.255.255.255"

#push "dhcp-options DNS 192.168.2.1"

user nobody 

group nobody

```

Can someone explain me what this does? ok I found http://unix.stackexchange.com/questions/91071/openvpn-push-a-route-to-client-with-a-different-gatewayLast edited by skorefish on Sat Mar 19, 2016 8:25 pm; edited 1 time in total

----------

## depontius

I believe I may have seen messages like that before, I can't remember now.  This is a message from your client, so start the client and then run "netstat -Nr" to see what your routing tables look like.  If you see the routes you're expecting, try it out.  I'm not sure about this, but "started, but inactive" might mean that the tunnel is created, but not currently being used.  I'll defer to other opinions on this, but so far there appear to be none.

----------

## skorefish

Kernel IP routing table

```

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 enp5s1

10.100.0.1      10.100.0.5      255.255.255.255 UGH       0 0          0 tun0

10.100.0.5      0.0.0.0         255.255.255.255 UH        0 0          0 tun0

127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo

192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 enp5s1

```

I can not ping 10.100.0.5 , is there something wrong with this table?

----------

## depontius

 *skorefish wrote:*   

> Kernel IP routing table
> 
> ```
> 
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> ...

 

That third line doesn't look right to me, but I'm not certain.  I'd have to look at one of my systems with OpenVPN running, to tell.  I may have to bring my personal laptop to work tomorrow, connect on the vistors' network, and start OpenVPN to tell.

That is, unless someone else has better advice before then.

----------

## skorefish

 *depontius wrote:*   

>  *skorefish wrote:*   Kernel IP routing table
> 
> ```
> 
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> ...

 

thanks a lot for that !!! 

when I run ifconfig I get

```

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500

        inet 10.100.0.6  netmask 255.255.255.255  destination 10.100.0.5

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)

        RX packets 14  bytes 1984 (1.9 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 50  bytes 5064 (4.9 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

this confuses me... When I run ssh root@10.100.0.6 

I log in to the client sshd and not the one of the server running through the tunnel

----------

## skorefish

I think I found a test 

vpn server on:

```

lenovo ~ # tracepath 10.100.0.1

 1?: [LOCALHOST]                                         pmtu 1500

 1:  10.100.0.1                                            0.894ms reached

 1:  10.100.0.1                                            0.785ms reached

     Resume: pmtu 1500 hops 1 back 64

```

```

vpn server off

lenovo ~ # tracepath 10.100.0.1

 1?: [LOCALHOST]                                         pmtu 1500

 1:  no reply

^C

```

but :

```
 ssh root@10.100.0.1

ssh: connect to host 10.100.0.1 port 22: Connection refused

```

Why is this ?

----------

## audiodef

I was about to post my own VPN question when I found this thread, which looks similar to what I wanted to know about. I think I've set mine up correctly. No errors, the logs show a connection established, but when traceroute a server (gentoo.org, google.com, etc.) I see no evidence of my wifi connection touching my VPN server. Not sure what I need to do to make that happen.

----------

## audiodef

 *skorefish wrote:*   

> 
> 
> ```
> 
>                     * WARNING: openvpn has started, but is inactive
> ...

 

I'm learning, too. I came across this question elsewhere and this message might be normal for a Gentoo system. You have to check the actual logs to verify what is/isn't working. (Mine is set up by /etc/openvpn/openvpn.conf to be /etc/openvpn/openvpn.log, but there might also be files in /var/log.)

----------

## skorefish

The tunnel is working and so is ssh

i put->  ListenAddress 0.0.0.0 -> /etc/ssh/ssd_config

maybe not the safest solution but 4 today i'm happy, maybe i can use the tunnel address   :Cool: 

----------

## depontius

Testing on my known-working laptop.

```
localhost ~ # /etc/init.d/openvpn start

 * Starting openvpn...

 * WARNING: You are dropping root privileges!

 * As such openvpn may not be able to change ip, routing

 * or DNS configuration.                                                  [ ok ]

 * WARNING: openvpn.edgehp has started, but is inactive

localhost ~ # netstat -Nr

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

0.0.0.0         10.61.144.1     0.0.0.0         UG        0 0          0 wlan0

10.61.144.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo

192.168.nn.1    192.168.nn.129  255.255.255.255 UGH       0 0          0 tun0

192.168.nn.129  0.0.0.0         255.255.255.255 UH        0 0          0 tun0

192.168.nx.1    192.168.nn.129  255.255.255.255 UGH       0 0          0 tun0

192.168.ny.0    192.168.nn.129  255.255.255.0   UG        0 0          0 tun0

192.168.nz.0    192.168.nn.129  255.255.255.0   UG        0 0          0 tun0

localhost ~ # 
```

I also connected to my internal mail server and sshed to one of my (not the VPN endpoint) machines.  I also push a few extra routes, so I can get to my LAN, my DMZ, and my cable modem.

----------

