# openvpn has started, but is inactive

## Jackie Lin

Hello, there.

I am trying to configure openvpn service with an vps, but meet some problem. Could anyone help me?

I followed this guidehttps://wiki.gentoo.org/wiki/OpenVPN.

The server configuration is as below:

```

port    12112

proto   udp

dev     tun0

ca      ca.crt

cert    example.crt

key     example.key

dh      dh.pem

server   10.0.0.0  255.255.255.0

persist-key

persist-tun

ifconfig-pool-persist  ipp.txt

push  "route 192.168.1.0 255.255.255.0"

#push  "dhcp-option DNS 192.168.1.1"

keepalive  10  120

comp-lzo

user  nobody

group nobody

status  openvpn-status.log

log     /etc/openvpn.log

```

The client configuration is as below:

```

client

dev tun0

proto udp

remote 172.104.122.75 12112

comp-lzo

resolv-retry 30

nobind

persist-key

persist-tun

ca  ca.crt

cert  client1.crt

key   client1.key

script-security 2

up  /etc/openvpn/up.sh

down  /etc/openvpn/down.sh

log  /etc/openvpn/openvpn.log

verb 4

```

at the server end:

```

moonlight openvpn # /etc/init.d/openvpn start

 * Starting openvpn ...                                                                                                                                                                                        [ ok ]

moonlight openvpn # ifconfig

dummy0: flags=195<UP,BROADCAST,RUNNING,NOARP>  mtu 1500

        inet6 fe80::680e:a5ff:fe12:a048  prefixlen 64  scopeid 0x20<link>

        ether 6a:0e:a5:12:a0:48  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 324  bytes 125770 (122.8 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 172.104.122.75  netmask 255.255.255.0  broadcast 172.104.122.255

        inet6 2400:8902::f03c:91ff:fe7b:6ae8  prefixlen 64  scopeid 0x0<global>

        inet6 fe80::f03c:91ff:fe7b:6ae8  prefixlen 64  scopeid 0x20<link>

        ether f2:3c:91:7b:6a:e8  txqueuelen 1000  (Ethernet)

        RX packets 13260  bytes 1096423 (1.0 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 10987  bytes 1471604 (1.4 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1  (Local Loopback)

        RX packets 16  bytes 1104 (1.0 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 16  bytes 1104 (1.0 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500

        inet 10.0.0.1  netmask 255.255.255.255  destination 10.0.0.2

        inet6 fe80::167:5812:b785:7f44  prefixlen 64  scopeid 0x20<link>

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 2  bytes 96 (96.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

at the client end:

```

moonlight openvpn # /etc/init.d/openvpn start

 * Starting openvpn ...

 * WARNING: You have defined your own up/down scripts

 * As you're running as a client, we now force Gentoo specific

 * scripts to be run for up and down events.

 * These scripts will call /etc/openvpn/openvpn-{up,down}.sh

 * where you can put your own code.                                                                                                                                                                            [ ok ]

 * WARNING: openvpn has started, but is inactive

moonlight openvpn # ifconfig

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1  (Local Loopback)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s26u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255

        inet6 fe80::a57:ff:fe30:8911  prefixlen 64  scopeid 0x20<link>

        ether 08:57:00:30:89:11  txqueuelen 1000  (Ethernet)

        RX packets 38578  bytes 22705382 (21.6 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 46331  bytes 5912862 (5.6 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

Here is the client end log:

```

moonlight openvpn # cat openvpn.log 

Fri Jul  7 10:47:52 2017 Multiple --up scripts defined.  The previously configured script is overridden.

Fri Jul  7 10:47:52 2017 Multiple --down scripts defined.  The previously configured script is overridden.

Fri Jul  7 10:47:52 2017 us=72485 Current Parameter Settings:

Fri Jul  7 10:47:52 2017 us=72493   config = '/etc/openvpn/openvpn.conf'

Fri Jul  7 10:47:52 2017 us=72498   mode = 0

Fri Jul  7 10:47:52 2017 us=72504   persist_config = DISABLED

Fri Jul  7 10:47:52 2017 us=72509   persist_mode = 1

Fri Jul  7 10:47:52 2017 us=72514   show_ciphers = DISABLED

Fri Jul  7 10:47:52 2017 us=72519   show_digests = DISABLED

Fri Jul  7 10:47:52 2017 us=72524   show_engines = DISABLED

Fri Jul  7 10:47:52 2017 us=72529   genkey = DISABLED

Fri Jul  7 10:47:52 2017 us=72534   key_pass_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72539   show_tls_ciphers = DISABLED

Fri Jul  7 10:47:52 2017 us=72545   connect_retry_max = 0

Fri Jul  7 10:47:52 2017 us=72550 Connection profiles [0]:

Fri Jul  7 10:47:52 2017 us=72556   proto = udp

Fri Jul  7 10:47:52 2017 us=72561   local = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72566   local_port = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72571   remote = '172.104.122.75'

Fri Jul  7 10:47:52 2017 us=72576   remote_port = '12112'

Fri Jul  7 10:47:52 2017 us=72581   remote_float = DISABLED

Fri Jul  7 10:47:52 2017 us=72586   bind_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=72591   bind_local = DISABLED

Fri Jul  7 10:47:52 2017 us=72596   bind_ipv6_only = DISABLED

Fri Jul  7 10:47:52 2017 us=72601   connect_retry_seconds = 5

Fri Jul  7 10:47:52 2017 us=72606   connect_timeout = 120

Fri Jul  7 10:47:52 2017 us=72611   socks_proxy_server = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72616   socks_proxy_port = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72621   tun_mtu = 1500

Fri Jul  7 10:47:52 2017 us=72626   tun_mtu_defined = ENABLED

Fri Jul  7 10:47:52 2017 us=72631   link_mtu = 1500

Fri Jul  7 10:47:52 2017 us=72636   link_mtu_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=72641   tun_mtu_extra = 0

Fri Jul  7 10:47:52 2017 us=72646   tun_mtu_extra_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=72664   mtu_discover_type = -1

Fri Jul  7 10:47:52 2017 us=72670   fragment = 0

Fri Jul  7 10:47:52 2017 us=72684   mssfix = 1450

Fri Jul  7 10:47:52 2017 us=72689   explicit_exit_notification = 0

Fri Jul  7 10:47:52 2017 us=72694 Connection profiles END

Fri Jul  7 10:47:52 2017 us=72699   remote_random = DISABLED

Fri Jul  7 10:47:52 2017 us=72704   ipchange = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72709   dev = 'tun0'

Fri Jul  7 10:47:52 2017 us=72714   dev_type = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72719   dev_node = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72724   lladdr = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72729   topology = 1

Fri Jul  7 10:47:52 2017 us=72734   ifconfig_local = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72739   ifconfig_remote_netmask = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72743   ifconfig_noexec = DISABLED

Fri Jul  7 10:47:52 2017 us=72748   ifconfig_nowarn = DISABLED

Fri Jul  7 10:47:52 2017 us=72753   ifconfig_ipv6_local = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72758   ifconfig_ipv6_netbits = 0

Fri Jul  7 10:47:52 2017 us=72763   ifconfig_ipv6_remote = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72768   shaper = 0

Fri Jul  7 10:47:52 2017 us=72773   mtu_test = 0

Fri Jul  7 10:47:52 2017 us=72778   mlock = DISABLED

Fri Jul  7 10:47:52 2017 us=72783   keepalive_ping = 0

Fri Jul  7 10:47:52 2017 us=72788   keepalive_timeout = 0

Fri Jul  7 10:47:52 2017 us=72793   inactivity_timeout = 0

Fri Jul  7 10:47:52 2017 us=72798   ping_send_timeout = 0

Fri Jul  7 10:47:52 2017 us=72803   ping_rec_timeout = 0

Fri Jul  7 10:47:52 2017 us=72808   ping_rec_timeout_action = 0

Fri Jul  7 10:47:52 2017 us=72813   ping_timer_remote = DISABLED

Fri Jul  7 10:47:52 2017 us=72818   remap_sigusr1 = 0

Fri Jul  7 10:47:52 2017 us=72823   persist_tun = ENABLED

Fri Jul  7 10:47:52 2017 us=72828   persist_local_ip = DISABLED

Fri Jul  7 10:47:52 2017 us=72833   persist_remote_ip = DISABLED

Fri Jul  7 10:47:52 2017 us=72838   persist_key = ENABLED

Fri Jul  7 10:47:52 2017 us=72847   passtos = DISABLED

Fri Jul  7 10:47:52 2017 us=72853   resolve_retry_seconds = 30

Fri Jul  7 10:47:52 2017 us=72858   resolve_in_advance = DISABLED

Fri Jul  7 10:47:52 2017 us=72862   username = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72867   groupname = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72872   chroot_dir = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72877   cd_dir = '/etc/openvpn'

Fri Jul  7 10:47:52 2017 us=72882   writepid = '/var/run/openvpn.pid'

Fri Jul  7 10:47:52 2017 us=72889   up_script = '/etc/openvpn/up.sh'

Fri Jul  7 10:47:52 2017 us=72894   down_script = '/etc/openvpn/down.sh'

Fri Jul  7 10:47:52 2017 us=72899   down_pre = ENABLED

Fri Jul  7 10:47:52 2017 us=72904   up_restart = ENABLED

Fri Jul  7 10:47:52 2017 us=72909   up_delay = ENABLED

Fri Jul  7 10:47:52 2017 us=72914   daemon = ENABLED

Fri Jul  7 10:47:52 2017 us=72919   inetd = 0

Fri Jul  7 10:47:52 2017 us=72924   log = ENABLED

Fri Jul  7 10:47:52 2017 us=72929   suppress_timestamps = DISABLED

Fri Jul  7 10:47:52 2017 us=72934   machine_readable_output = DISABLED

Fri Jul  7 10:47:52 2017 us=72939   nice = 0

Fri Jul  7 10:47:52 2017 us=72944   verbosity = 4

Fri Jul  7 10:47:52 2017 us=72948   mute = 0

Fri Jul  7 10:47:52 2017 us=72953   gremlin = 0

Fri Jul  7 10:47:52 2017 us=72958   status_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=72963   status_file_version = 1

Fri Jul  7 10:47:52 2017 us=72968   status_file_update_freq = 60

Fri Jul  7 10:47:52 2017 us=72973   occ = ENABLED

Fri Jul  7 10:47:52 2017 us=72978   rcvbuf = 0

Fri Jul  7 10:47:52 2017 us=72983   sndbuf = 0

Fri Jul  7 10:47:52 2017 us=72988   mark = 0

Fri Jul  7 10:47:52 2017 us=72993   sockflags = 0

Fri Jul  7 10:47:52 2017 us=72998   fast_io = DISABLED

Fri Jul  7 10:47:52 2017 us=73003   comp.alg = 2

Fri Jul  7 10:47:52 2017 us=73008   comp.flags = 1

Fri Jul  7 10:47:52 2017 us=73013   route_script = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73018   route_default_gateway = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73023   route_default_metric = 0

Fri Jul  7 10:47:52 2017 us=73028   route_noexec = DISABLED

Fri Jul  7 10:47:52 2017 us=73033   route_delay = 0

Fri Jul  7 10:47:52 2017 us=73038   route_delay_window = 30

Fri Jul  7 10:47:52 2017 us=73043   route_delay_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=73048   route_nopull = DISABLED

Fri Jul  7 10:47:52 2017 us=73053   route_gateway_via_dhcp = DISABLED

Fri Jul  7 10:47:52 2017 us=73058   allow_pull_fqdn = DISABLED

Fri Jul  7 10:47:52 2017 us=73064   management_addr = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73069   management_port = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73074   management_user_pass = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73079   management_log_history_cache = 250

Fri Jul  7 10:47:52 2017 us=73084   management_echo_buffer_size = 100

Fri Jul  7 10:47:52 2017 us=73089   management_write_peer_info_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73094   management_client_user = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73099   management_client_group = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73104   management_flags = 0

Fri Jul  7 10:47:52 2017 us=73110   shared_secret_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73115   key_direction = 0

Fri Jul  7 10:47:52 2017 us=73120   ciphername = 'BF-CBC'

Fri Jul  7 10:47:52 2017 us=73125   ncp_enabled = ENABLED

Fri Jul  7 10:47:52 2017 us=73130   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'

Fri Jul  7 10:47:52 2017 us=73135   authname = 'SHA1'

Fri Jul  7 10:47:52 2017 us=73140   prng_hash = 'SHA1'

Fri Jul  7 10:47:52 2017 us=73145   prng_nonce_secret_len = 16

Fri Jul  7 10:47:52 2017 us=73150   keysize = 0

Fri Jul  7 10:47:52 2017 us=73155   engine = DISABLED

Fri Jul  7 10:47:52 2017 us=73160   replay = ENABLED

Fri Jul  7 10:47:52 2017 us=73165   mute_replay_warnings = DISABLED

Fri Jul  7 10:47:52 2017 us=73170   replay_window = 64

Fri Jul  7 10:47:52 2017 us=73175   replay_time = 15

Fri Jul  7 10:47:52 2017 us=73180   packet_id_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73185   use_iv = ENABLED

Fri Jul  7 10:47:52 2017 us=73190   test_crypto = DISABLED

Fri Jul  7 10:47:52 2017 us=73195   tls_server = DISABLED

Fri Jul  7 10:47:52 2017 us=73203   tls_client = ENABLED

Fri Jul  7 10:47:52 2017 us=73208   key_method = 2

Fri Jul  7 10:47:52 2017 us=73213   ca_file = 'ca.crt'

Fri Jul  7 10:47:52 2017 us=73218   ca_path = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73223   dh_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73228   cert_file = 'client1.crt'

Fri Jul  7 10:47:52 2017 us=73233   extra_certs_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73238   priv_key_file = 'client1.key'

Fri Jul  7 10:47:52 2017 us=73243   pkcs12_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73248   cipher_list = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73253   tls_verify = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73258   tls_export_cert = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73263   verify_x509_type = 0

Fri Jul  7 10:47:52 2017 us=73268   verify_x509_name = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73273   crl_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73278   ns_cert_type = 0

Fri Jul  7 10:47:52 2017 us=73283   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73288   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73293   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73298   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73303   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73308   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73312   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73317   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73322   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73327   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73332   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73336   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73341   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73346   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73351   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73356   remote_cert_ku[i] = 0

Fri Jul  7 10:47:52 2017 us=73361   remote_cert_eku = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73366   ssl_flags = 0

Fri Jul  7 10:47:52 2017 us=73370   tls_timeout = 2

Fri Jul  7 10:47:52 2017 us=73375   renegotiate_bytes = -1

Fri Jul  7 10:47:52 2017 us=73380   renegotiate_packets = 0

Fri Jul  7 10:47:52 2017 us=73385   renegotiate_seconds = 3600

Fri Jul  7 10:47:52 2017 us=73390   handshake_window = 60

Fri Jul  7 10:47:52 2017 us=73395   transition_window = 3600

Fri Jul  7 10:47:52 2017 us=73400   single_session = DISABLED

Fri Jul  7 10:47:52 2017 us=73405   push_peer_info = DISABLED

Fri Jul  7 10:47:52 2017 us=73410   tls_exit = DISABLED

Fri Jul  7 10:47:52 2017 us=73415   tls_auth_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73420   tls_crypt_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73427   server_network = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73432   server_netmask = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73452   server_network_ipv6 = ::

Fri Jul  7 10:47:52 2017 us=73458   server_netbits_ipv6 = 0

Fri Jul  7 10:47:52 2017 us=73464   server_bridge_ip = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73469   server_bridge_netmask = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73475   server_bridge_pool_start = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73481   server_bridge_pool_end = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73493   ifconfig_pool_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=73499   ifconfig_pool_start = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73504   ifconfig_pool_end = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73510   ifconfig_pool_netmask = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73515   ifconfig_pool_persist_filename = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73520   ifconfig_pool_persist_refresh_freq = 600

Fri Jul  7 10:47:52 2017 us=73525   ifconfig_ipv6_pool_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=73531   ifconfig_ipv6_pool_base = ::

Fri Jul  7 10:47:52 2017 us=73536   ifconfig_ipv6_pool_netbits = 0

Fri Jul  7 10:47:52 2017 us=73541   n_bcast_buf = 256

Fri Jul  7 10:47:52 2017 us=73546   tcp_queue_limit = 64

Fri Jul  7 10:47:52 2017 us=73551   real_hash_size = 256

Fri Jul  7 10:47:52 2017 us=73556   virtual_hash_size = 256

Fri Jul  7 10:47:52 2017 us=73561   client_connect_script = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73569   learn_address_script = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73574   client_disconnect_script = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73580   client_config_dir = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73585   ccd_exclusive = DISABLED

Fri Jul  7 10:47:52 2017 us=73590   tmp_dir = '/tmp'

Fri Jul  7 10:47:52 2017 us=73595   push_ifconfig_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=73600   push_ifconfig_local = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73606   push_ifconfig_remote_netmask = 0.0.0.0

Fri Jul  7 10:47:52 2017 us=73611   push_ifconfig_ipv6_defined = DISABLED

Fri Jul  7 10:47:52 2017 us=73616   push_ifconfig_ipv6_local = ::/0

Fri Jul  7 10:47:52 2017 us=73621   push_ifconfig_ipv6_remote = ::

Fri Jul  7 10:47:52 2017 us=73626   enable_c2c = DISABLED

Fri Jul  7 10:47:52 2017 us=73632   duplicate_cn = DISABLED

Fri Jul  7 10:47:52 2017 us=73637   cf_max = 0

Fri Jul  7 10:47:52 2017 us=73642   cf_per = 0

Fri Jul  7 10:47:52 2017 us=73647   max_clients = 1024

Fri Jul  7 10:47:52 2017 us=73656   max_routes_per_client = 256

Fri Jul  7 10:47:52 2017 us=73661   auth_user_pass_verify_script = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73667   auth_user_pass_verify_script_via_file = DISABLED

Fri Jul  7 10:47:52 2017 us=73672   auth_token_generate = DISABLED

Fri Jul  7 10:47:52 2017 us=73677   auth_token_lifetime = 0

Fri Jul  7 10:47:52 2017 us=73682   port_share_host = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73687   port_share_port = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73692   client = ENABLED

Fri Jul  7 10:47:52 2017 us=73697   pull = ENABLED

Fri Jul  7 10:47:52 2017 us=73702   auth_user_pass_file = '[UNDEF]'

Fri Jul  7 10:47:52 2017 us=73708 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  6 2017

Fri Jul  7 10:47:52 2017 us=73718 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09

Fri Jul  7 10:47:52 2017 us=73926 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Fri Jul  7 10:47:52 2017 us=73942 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Fri Jul  7 10:47:52 2017 us=74233 WARNING: Your certificate is not yet valid!

Fri Jul  7 10:47:52 2017 us=74296 LZO compression initializing

Fri Jul  7 10:47:52 2017 us=74348 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]

Fri Jul  7 10:47:52 2017 us=74368 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]

Fri Jul  7 10:47:52 2017 us=74385 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

Fri Jul  7 10:47:52 2017 us=74391 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'

Fri Jul  7 10:47:52 2017 us=74401 TCP/UDP: Preserving recently used remote address: [AF_INET]172.104.122.75:12112

Fri Jul  7 10:47:52 2017 us=74419 Socket Buffers: R=[212992->212992] S=[212992->212992]

Fri Jul  7 10:47:52 2017 us=74426 UDP link local: (not bound)

Fri Jul  7 10:47:52 2017 us=74432 UDP link remote: [AF_INET]172.104.122.75:12112

Fri Jul  7 10:47:52 2017 us=271449 TLS: Initial packet from [AF_INET]172.104.122.75:12112, sid=d3350ad4 e9f44057

```

at the client end:

```

moonlight openvpn # ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.

64 bytes from 10.0.0.1: icmp_seq=1 ttl=250 time=4.18 ms

64 bytes from 10.0.0.1: icmp_seq=2 ttl=250 time=3.98 ms

64 bytes from 10.0.0.1: icmp_seq=3 ttl=250 time=3.63 ms

64 bytes from 10.0.0.1: icmp_seq=4 ttl=250 time=3.27 ms

64 bytes from 10.0.0.1: icmp_seq=5 ttl=250 time=4.50 ms

64 bytes from 10.0.0.1: icmp_seq=6 ttl=250 time=3.77 ms

64 bytes from 10.0.0.1: icmp_seq=7 ttl=250 time=5.02 ms

^C

--- 10.0.0.1 ping statistics ---

7 packets transmitted, 7 received, 0% packet loss, time 6008ms

rtt min/avg/max/mdev = 3.271/4.053/5.023/0.539 ms

```

It is my first time to configure openvpn service. Could anyone help me? Thanks in advance!

----------

## bbgermany

Hi,

it seems, your tunnel is working. So I cannot see the issue, just because its telling you, that the service is inactive?

Can you post the output of ifconfig on the client side again? Maybe as "ifconfig -a", just to make sure, you show all interfaces.

thanks and greets, bb

----------

## Jackie Lin

Thanks for reply, bbgermany.

client side:

```

moonlight openvpn # ifconfig -a

enp3s0: flags=4098<BROADCAST,MULTICAST>  mtu 1500

        ether d4:3d:7e:df:f5:3d  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1  (Local Loopback)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s26u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255

        inet6 fe80::a57:ff:fe30:8911  prefixlen 64  scopeid 0x20<link>

        ether 08:57:00:30:89:11  txqueuelen 1000  (Ethernet)

        RX packets 49695  bytes 32796042 (31.2 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 59042  bytes 7610631 (7.2 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

The first time I ran /etc/init.d/openvpn start, there was tun0 interface. But it disappeared subsequently.

and no client1.csr file was generated when I followed the guide.

----------

## Jackie Lin

client end:

```

moonlight openvpn # ls -al

total 92

drwxr-xr-x  2 root root  4096 Jul  7 10:42 .

drwxr-xr-x 71 root root  4096 Jul  7 06:24 ..

-rw-------  1 root root  1172 Jul  7 06:53 ca.crt

-rw-------  1 root root  1834 Jul  7 06:53 ca.key

-rw-------  1 root root  4361 Jul  7 06:53 client1.crt

-rw-------  1 root root  1708 Jul  7 06:54 client1.key

-rw-------  1 root root   887 Jul  7 06:54 client1.req

-rw-------  1 root root   424 Jul  7 06:53 dh.pem

-rwxr-xr-x  1 root root   943 Jul  6 13:27 down.sh

-rw-r--r--  1 root root     0 Jul  6 13:27 .keep_net-vpn_openvpn-0

-rw-r--r--  1 root root   272 Jul  7 10:42 openvpn.conf

-rw-r--r--  1 root root   270 Jul  7 06:55 openvpn.conf~

-rw-------  1 root root 38219 Jul  7 13:30 openvpn.log

-rwxr-xr-x  1 root root  2865 Jul  6 13:27 up.sh

```

server end:

```

moonlight openvpn # ls -al

total 60

drwxr-xr-x  2 root root 4096 Jul  7 10:44 .

drwxr-xr-x 42 root root 4096 Jul  6 21:34 ..

-rw-------  1 root root 1172 Jul  7 06:45 ca.crt

-rw-------  1 root root 1834 Jul  7 06:50 ca.key

-rw-------  1 root root  424 Jul  7 06:45 dh.pem

-rwxr-xr-x  1 root root  943 Jul  6 05:38 down.sh

-rw-------  1 root root 4379 Jul  7 06:45 example.crt

-rw-------  1 root root 1704 Jul  7 06:46 example.key

-rw-------  1 root root  887 Jul  7 06:46 example.req

-rw-------  1 root root    0 Jul  7 13:29 ipp.txt

-rw-r--r--  1 root root    0 Jul  6 05:38 .keep_net-vpn_openvpn-0

-rw-r--r--  1 root root  398 Jul  7 10:44 openvpn.conf

-rw-r--r--  1 root root  396 Jul  7 06:52 openvpn.conf~

-rw-------  1 root root  294 Jul  7 13:30 openvpn-status.log

-rw-------  1 root root  636 Jul  7 06:47 ta.key

-rwxr-xr-x  1 root root 2865 Jul  6 05:38 up.sh

```

----------

## dachiod

output of 

```
cat /usr/src/linux/.config | grep CONFIG_TUN
```

 ?

----------

## Jackie Lin

```

moonlight jerry # cat /usr/src/linux/.config | grep CONFIG_TUN

CONFIG_TUN=y

# CONFIG_TUN_VNET_CROSS_LE is not set

```

----------

## bbgermany

Hi,

ok, I got another look at you config files. Please change the following:

1st: the push route stuff cannot match, since your network on the client is already 192.168.1.x, remove that line or replace the network with the one you have on your server side

2nd: change the logfile position to more suitable like /var/log instead of just /etc

3rd: add "verb 4" to the server config as well to get a bit more output, when connecting

4th: is there a special case, why you have changed the default 1194 port to 12112

5th: for testing, you should remove the "comp-lzo" config directive on both sides as well

6th: please add "pull" on the client side as config option (no additional parameters needed).

greets, bb

EDIT: I have a very very simple configuration for you. This works with my root-server.

server config:

```

port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh2048.pem

server 192.168.255.0 255.255.255.0

ifconfig-pool-persist ipp.txt

duplicate-cn

keepalive 10 120

tls-auth tls.key 0

tls-server

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 3

```

client config:

```

client

dev tun

proto udp

remote server 1194

nobind

persist-key

persist-tun

ca server.crt

cert client1.crt

key client1.key

tls-auth tls.key 1

comp-lzo

verb 1

pull

```

One other question, did you generate all the certificates (ca, server and client) on the server or did you use different systems?

----------

