# [Solved] OpenVPN has started, but is inactive

## concerned

[Moderator note: changed title from OpenVPN error to include the specific warning now generated. -Hu]

Hi everyone!

Am trying to setup VPN tunnel, but for some reason client side OpenVPN running on Gentoo fails to start.

As per https://wiki.gentoo.org/wiki/OpenVPN I enabled in kernel:

Network core driver support

Universal TUN/TAP device driver support

Contents of /etc/openvpn/openvpn.conf:

```
client

dev tun0

proto udp

remote 1.2.3.4 1194

resolv-retry infinite

nobind

user nobody

group nobody

persist-key

persist-tun

mute-replay-warnings

ns-cert-type server

comp-lzo

verb 3

ca /home/x/keys/ca.crt

cert /home/x/keys/client.crt

key /home/x/keys/client.key

key-direction 1

tls-auth /home/x/keys/ta.key 1
```

This is what happens when I try starting openvpn:

```
localhost /etc/openvpn # /etc/init.d/openvpn start -v

 * Executing: /lib64/rc/sh/openrc-run.sh /lib64/rc/sh/openrc-run.sh /etc/init.d/net.eth0 start

 * Bringing up interface eth0

 *   Skipping module adsl due to missing program: /usr/sbin/adsl-start /usr/sbin/pppoe-start

 *   Skipping module br2684ctl due to missing program: br2684ctl

 *   Skipping module clip due to missing program: /usr/sbin/atmsigd

 *   Skipping module netplugd due to missing program: /sbin/netplugd

 *   Skipping module ifplugd due to missing program: /usr/sbin/ifplugd

 *   Skipping module ipppd due to missing program: /usr/sbin/ipppd

 *   Skipping module firewalld due to missing program: firewall-cmd

 *   Skipping module pppd due to missing program: /usr/sbin/pppd

 *   Skipping module dhclient due to missing program: /sbin/dhclient

 *   Skipping module pump due to missing program: /sbin/pump

 *   Loaded modules: apipa arping bonding l2tp tuntap bridge ccwgroup ethtool dummy hsr macvlan macchanger macnet wpa_supplicant ssidnet iproute2 system vlan dhcpcd ip6rd ip6to4

 *   ip link set dev eth0 up

 *   Configuring eth0 for MAC address F4:30:B9:52:9A:8D ...                     [ ok ]

 *   dhcp ...

 *     Running dhcpcd ...

static assignment required                                                      [ !! ]                                                                          [ !! ]

 * ERROR: net.eth0 failed to start

 * ERROR: cannot start openvpn as net.eth0 would not start
```

Last edited by concerned on Wed Sep 05, 2018 9:09 am; edited 1 time in total

----------

## Hu

As I read that output, you are not yet far enough along to know whether your OpenVPN configuration is right.  Your problem is that net.eth0 fails to start, so the system refuses to even attempt to start openvpn.  Until you fix that, you cannot test whether your OpenVPN configuration is right.  We need more information to understand why net.eth0 failed to start.  Please post the output of cat -n /etc/conf.d/net ; cat -n /etc/dhcpcd.conf.

----------

## concerned

 *Hu wrote:*   

> As I read that output, you are not yet far enough along to know whether your OpenVPN configuration is right.  Your problem is that net.eth0 fails to start, so the system refuses to even attempt to start openvpn.  Until you fix that, you cannot test whether your OpenVPN configuration is right.  We need more information to understand why net.eth0 failed to start.  Please post the output of cat -n /etc/conf.d/net ; cat -n /etc/dhcpcd.conf.

 

Hu, thanks for the reply,

x ~ $ cat -n /etc/conf.d/net

```
     1   config_eth0="dhcp"

     2   dhcp_eth0="nodns"

     3   dhcpcd_eth0="-t 10 -S 8.8.8.8"

     4   dns_servers="8.8.8.8"
```

x ~ $ cat -n /etc/dhcpcd.conf 

```
     1   # A sample configuration for dhcpcd.

     2   # See dhcpcd.conf(5) for details.

     3   

     4   # Allow users of this group to interact with dhcpcd via the control socket.

     5   #controlgroup wheel

     6   

     7   # Inform the DHCP server of our hostname for DDNS.

     8   hostname

     9   

    10   # Use the hardware address of the interface for the Client ID.

    11   #clientid

    12   # or

    13   # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.

    14   # Some non-RFC compliant DHCP servers do not reply with this set.

    15   # In this case, comment out duid and enable clientid above.

    16   duid

    17   

    18   # Persist interface configuration when dhcpcd exits.

    19   persistent

    20   

    21   # Rapid commit support.

    22   # Safe to enable by default because it requires the equivalent option set

    23   # on the server to actually work.

    24   option rapid_commit

    25   

    26   # A list of options to request from the DHCP server.

    27   option domain_name_servers, domain_name, domain_search, host_name

    28   nooption host_name

    29   option classless_static_routes

    30   # Most distributions have NTP support.

    31   option ntp_servers

    32   # Respect the network MTU. This is applied to DHCP routes.

    33   option interface_mtu

    34   

    35   # A ServerID is required by RFC2131.

    36   require dhcp_server_identifier

    37   

    38   # Generate Stable Private IPv6 Addresses instead of hardware based ones

    39   slaac private
```

----------

## Hu

You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use.  That would explain the error message you showed.  What are you trying to achieve with that directive?

----------

## concerned

 *Hu wrote:*   

> You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use.  That would explain the error message you showed.  What are you trying to achieve with that directive?

 

Hu, that is exactly what was causing the error!

I want to override default DNS address assigned by DHCP. I read the man dhcpcd, and see that I need to use -S domain_name_servers=8.8.8.8 ( have done this long ago, probably I made a typo while setting up )

After making this change, it goes further, but still doesn't make the connection

```
 * Starting openvpn ...

 * WARNING: You have defined your own up/down scripts

 * As you're running as a client, we now force Gentoo specific

 * scripts to be run for up and down events.

 * These scripts will call /etc/openvpn/openvpn-{up,down}.sh

 * where you can put your own code.                                                                                                [ ok ]

 * WARNING: openvpn has started, but is inactive
```

----------

## Hu

Sorry, I haven't seen this failure mode and don't know how to debug it without reading the OpenVPN sources and/or Gentoo additions to it.  I changed your thread title to reference the message you get now.  Hopefully someone familiar with this usage mode will see it and step in.

----------

## concerned

 *Hu wrote:*   

> Sorry, I haven't seen this failure mode and don't know how to debug it without reading the OpenVPN sources and/or Gentoo additions to it.  I changed your thread title to reference the message you get now.  Hopefully someone familiar with this usage mode will see it and step in.

 

Thanks, I think that's a good idea. In the meanwhile, I will do a research myself.

Cheers,

----------

## Anon-E-moose

I always get the Warning started but inactive message ... as it's coming up, it always connects.

What does your openvpn.conf look like

----------

## Hu

The opening post has the original openvpn configuration, and none of the changes described here should have affected it.  What was shown then is probably still current.

----------

## concerned

 *concerned wrote:*   

>  *Hu wrote:*   You set -S 8.8.8.8, but as I interpret man dhcpcd, that does not appear to be a valid use.  That would explain the error message you showed.  What are you trying to achieve with that directive? 
> 
> Hu, that is exactly what was causing the error!
> 
> I want to override default DNS address assigned by DHCP. I read the man dhcpcd, and see that I need to use -S domain_name_servers=8.8.8.8 ( have done this long ago, probably I made a typo while setting up )
> ...

 

Anon-E-Moose, this is the latest state.

What I did was fixing mistyped dhcp directive in /etc/conf.d/net as caught by Hu

----------

## Anon-E-moose

I'm not quite following what you're doing or trying to do.

Are you letting openvpn try and bring up the network? Or is the network up and you're then trying to bring up openvpn?

Personally, I would fix the problems with the network first, have it come up clean, then worry about openvpn.

----------

## concerned

 *Anon-E-moose wrote:*   

> I'm not quite following what you're doing or trying to do.
> 
> Are you letting openvpn try and bring up the network? Or is the network up and you're then trying to bring up openvpn?
> 
> Personally, I would fix the problems with the network first, have it come up clean, then worry about openvpn.

 

Network at server side is up, only OpenVPN is new

----------

## Anon-E-moose

```
 * Starting openvpn ...

 * WARNING: You are dropping root privileges!

 * As such openvpn may not be able to change ip, routing

 * or DNS configuration.                                                                                          [ ok ]

 * WARNING: openvpn has started, but is inactive
```

This is the message I get when I start up openvpn 

If I do an "ip route" the routing for it shows up, and I can go out the tun adapter.

The only real difference I see between my openvpn.conf and your's is I ref  "dev tun" not tun0 

What does /var/log/openvpn/openvpn.log show?

----------

## concerned

 *Anon-E-moose wrote:*   

> 
> 
> ```
>  * Starting openvpn ...
> 
> ...

 

In the beginning I had dev tun as well, but added a 0, because I thought that is the reason it fails.

My ip route stays same, tun interface doesn't show up at all. It only appears on the server

Here is what a fresh client log looks like after /etc/init.d/openvpn start && /etc/init.d/openvpn stop

```
Sun Sep  2 22:39:34 2018 Multiple --up scripts defined.  The previously configured script is overridden.

Sun Sep  2 22:39:34 2018 Multiple --down scripts defined.  The previously configured script is overridden.

Sun Sep  2 22:39:34 2018 us=117751 Current Parameter Settings:

Sun Sep  2 22:39:34 2018 us=117758   config = '/etc/openvpn/openvpn.conf'

Sun Sep  2 22:39:34 2018 us=117763   mode = 0

Sun Sep  2 22:39:34 2018 us=117768   persist_config = DISABLED

Sun Sep  2 22:39:34 2018 us=117773   persist_mode = 1

Sun Sep  2 22:39:34 2018 us=117778   show_ciphers = DISABLED

Sun Sep  2 22:39:34 2018 us=117782   show_digests = DISABLED

Sun Sep  2 22:39:34 2018 us=117786   show_engines = DISABLED

Sun Sep  2 22:39:34 2018 us=117791   genkey = DISABLED

Sun Sep  2 22:39:34 2018 us=117795   key_pass_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117800   show_tls_ciphers = DISABLED

Sun Sep  2 22:39:34 2018 us=117804   connect_retry_max = 0

Sun Sep  2 22:39:34 2018 us=117809 Connection profiles [0]:

Sun Sep  2 22:39:34 2018 us=117814   proto = udp

Sun Sep  2 22:39:34 2018 us=117818   local = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117823   local_port = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117828   remote = '1.3.3.1'

Sun Sep  2 22:39:34 2018 us=117832   remote_port = '1331'

Sun Sep  2 22:39:34 2018 us=117837   remote_float = DISABLED

Sun Sep  2 22:39:34 2018 us=117841   bind_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=117846   bind_local = DISABLED

Sun Sep  2 22:39:34 2018 us=117852   bind_ipv6_only = DISABLED

Sun Sep  2 22:39:34 2018 us=117856   connect_retry_seconds = 5

Sun Sep  2 22:39:34 2018 us=117861   connect_timeout = 120

Sun Sep  2 22:39:34 2018 us=117866   socks_proxy_server = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117870   socks_proxy_port = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117874   tun_mtu = 1500

Sun Sep  2 22:39:34 2018 us=117879   tun_mtu_defined = ENABLED

Sun Sep  2 22:39:34 2018 us=117883   link_mtu = 1500

Sun Sep  2 22:39:34 2018 us=117888   link_mtu_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=117892   tun_mtu_extra = 0

Sun Sep  2 22:39:34 2018 us=117896   tun_mtu_extra_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=117901   mtu_discover_type = -1

Sun Sep  2 22:39:34 2018 us=117905   fragment = 0

Sun Sep  2 22:39:34 2018 us=117910   mssfix = 1450

Sun Sep  2 22:39:34 2018 us=117914   explicit_exit_notification = 0

Sun Sep  2 22:39:34 2018 us=117919 Connection profiles END

Sun Sep  2 22:39:34 2018 us=117923   remote_random = DISABLED

Sun Sep  2 22:39:34 2018 us=117928   ipchange = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117932   dev = 'tun0'

Sun Sep  2 22:39:34 2018 us=117936   dev_type = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117941   dev_node = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117945   lladdr = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117949   topology = 1

Sun Sep  2 22:39:34 2018 us=117954   ifconfig_local = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117958   ifconfig_remote_netmask = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117963   ifconfig_noexec = DISABLED

Sun Sep  2 22:39:34 2018 us=117967   ifconfig_nowarn = DISABLED

Sun Sep  2 22:39:34 2018 us=117971   ifconfig_ipv6_local = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117976   ifconfig_ipv6_netbits = 0

Sun Sep  2 22:39:34 2018 us=117980   ifconfig_ipv6_remote = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=117985   shaper = 0

Sun Sep  2 22:39:34 2018 us=117989   mtu_test = 0

Sun Sep  2 22:39:34 2018 us=117993   mlock = DISABLED

Sun Sep  2 22:39:34 2018 us=117998   keepalive_ping = 0

Sun Sep  2 22:39:34 2018 us=118002   keepalive_timeout = 0

Sun Sep  2 22:39:34 2018 us=118006   inactivity_timeout = 0

Sun Sep  2 22:39:34 2018 us=118011   ping_send_timeout = 0

Sun Sep  2 22:39:34 2018 us=118015   ping_rec_timeout = 0

Sun Sep  2 22:39:34 2018 us=118019   ping_rec_timeout_action = 0

Sun Sep  2 22:39:34 2018 us=118024   ping_timer_remote = DISABLED

Sun Sep  2 22:39:34 2018 us=118028   remap_sigusr1 = 0

Sun Sep  2 22:39:34 2018 us=118033   persist_tun = ENABLED

Sun Sep  2 22:39:34 2018 us=118037   persist_local_ip = DISABLED

Sun Sep  2 22:39:34 2018 us=118041   persist_remote_ip = DISABLED

Sun Sep  2 22:39:34 2018 us=118050   persist_key = ENABLED

Sun Sep  2 22:39:34 2018 us=118055   passtos = DISABLED

Sun Sep  2 22:39:34 2018 us=118060   resolve_retry_seconds = 30

Sun Sep  2 22:39:34 2018 us=118064   resolve_in_advance = DISABLED

Sun Sep  2 22:39:34 2018 us=118069   username = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118073   groupname = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118077   chroot_dir = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118082   cd_dir = '/etc/openvpn'

Sun Sep  2 22:39:34 2018 us=118086   writepid = '/var/run/openvpn.pid'

Sun Sep  2 22:39:34 2018 us=118091   up_script = '/etc/openvpn/up.sh'

Sun Sep  2 22:39:34 2018 us=118095   down_script = '/etc/openvpn/down.sh'

Sun Sep  2 22:39:34 2018 us=118100   down_pre = ENABLED

Sun Sep  2 22:39:34 2018 us=118104   up_restart = ENABLED

Sun Sep  2 22:39:34 2018 us=118109   up_delay = ENABLED

Sun Sep  2 22:39:34 2018 us=118113   daemon = ENABLED

Sun Sep  2 22:39:34 2018 us=118124   inetd = 0

Sun Sep  2 22:39:34 2018 us=118132   log = ENABLED

Sun Sep  2 22:39:34 2018 us=118139   suppress_timestamps = DISABLED

Sun Sep  2 22:39:34 2018 us=118144   machine_readable_output = DISABLED

Sun Sep  2 22:39:34 2018 us=118148   nice = 0

Sun Sep  2 22:39:34 2018 us=118153   verbosity = 4

Sun Sep  2 22:39:34 2018 us=118157   mute = 0

Sun Sep  2 22:39:34 2018 us=118161   gremlin = 0

Sun Sep  2 22:39:34 2018 us=118166   status_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118170   status_file_version = 1

Sun Sep  2 22:39:34 2018 us=118175   status_file_update_freq = 60

Sun Sep  2 22:39:34 2018 us=118179   occ = ENABLED

Sun Sep  2 22:39:34 2018 us=118183   rcvbuf = 0

Sun Sep  2 22:39:34 2018 us=118188   sndbuf = 0

Sun Sep  2 22:39:34 2018 us=118192   mark = 0

Sun Sep  2 22:39:34 2018 us=118196   sockflags = 0

Sun Sep  2 22:39:34 2018 us=118201   fast_io = DISABLED

Sun Sep  2 22:39:34 2018 us=118205   comp.alg = 2

Sun Sep  2 22:39:34 2018 us=118210   comp.flags = 1

Sun Sep  2 22:39:34 2018 us=118214   route_script = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118219   route_default_gateway = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118223   route_default_metric = 0

Sun Sep  2 22:39:34 2018 us=118228   route_noexec = DISABLED

Sun Sep  2 22:39:34 2018 us=118233   route_delay = 0

Sun Sep  2 22:39:34 2018 us=118237   route_delay_window = 30

Sun Sep  2 22:39:34 2018 us=118242   route_delay_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=118246   route_nopull = DISABLED

Sun Sep  2 22:39:34 2018 us=118250   route_gateway_via_dhcp = DISABLED

Sun Sep  2 22:39:34 2018 us=118255   allow_pull_fqdn = DISABLED

Sun Sep  2 22:39:34 2018 us=118260   management_addr = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118264   management_port = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118269   management_user_pass = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118274   management_log_history_cache = 250

Sun Sep  2 22:39:34 2018 us=118278   management_echo_buffer_size = 100

Sun Sep  2 22:39:34 2018 us=118283   management_write_peer_info_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118287   management_client_user = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118292   management_client_group = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118296   management_flags = 0

Sun Sep  2 22:39:34 2018 us=118301   shared_secret_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118305   key_direction = 1

Sun Sep  2 22:39:34 2018 us=118310   ciphername = 'BF-CBC'

Sun Sep  2 22:39:34 2018 us=118315   ncp_enabled = ENABLED

Sun Sep  2 22:39:34 2018 us=118319   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'

Sun Sep  2 22:39:34 2018 us=118324   authname = 'SHA1'

Sun Sep  2 22:39:34 2018 us=118328   prng_hash = 'SHA1'

Sun Sep  2 22:39:34 2018 us=118333   prng_nonce_secret_len = 16

Sun Sep  2 22:39:34 2018 us=118337   keysize = 0

Sun Sep  2 22:39:34 2018 us=118342   engine = DISABLED

Sun Sep  2 22:39:34 2018 us=118346   replay = ENABLED

Sun Sep  2 22:39:34 2018 us=118351   mute_replay_warnings = DISABLED

Sun Sep  2 22:39:34 2018 us=118355   replay_window = 64

Sun Sep  2 22:39:34 2018 us=118360   replay_time = 15

Sun Sep  2 22:39:34 2018 us=118364   packet_id_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118372   use_iv = ENABLED

Sun Sep  2 22:39:34 2018 us=118377   test_crypto = DISABLED

Sun Sep  2 22:39:34 2018 us=118381   tls_server = DISABLED

Sun Sep  2 22:39:34 2018 us=118385   tls_client = ENABLED

Sun Sep  2 22:39:34 2018 us=118390   key_method = 2

Sun Sep  2 22:39:34 2018 us=118394   ca_file = '/home/x/keys/ca.crt'

Sun Sep  2 22:39:34 2018 us=118399   ca_path = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118403   dh_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118408   cert_file = '/home/x/keys/client.crt'

Sun Sep  2 22:39:34 2018 us=118413   extra_certs_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118418   priv_key_file = '/home/x/keys/client.key'

Sun Sep  2 22:39:34 2018 us=118423   pkcs12_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118427   cipher_list = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118431   tls_cert_profile = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118436   tls_verify = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118440   tls_export_cert = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118445   verify_x509_type = 0

Sun Sep  2 22:39:34 2018 us=118449   verify_x509_name = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118454   crl_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118458   ns_cert_type = 0

Sun Sep  2 22:39:34 2018 us=118463   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118467   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118471   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118476   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118480   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118484   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118489   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118493   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118497   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118502   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118506   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118510   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118514   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118519   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118523   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118527   remote_cert_ku[i] = 0

Sun Sep  2 22:39:34 2018 us=118532   remote_cert_eku = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118536   ssl_flags = 0

Sun Sep  2 22:39:34 2018 us=118541   tls_timeout = 2

Sun Sep  2 22:39:34 2018 us=118545   renegotiate_bytes = -1

Sun Sep  2 22:39:34 2018 us=118550   renegotiate_packets = 0

Sun Sep  2 22:39:34 2018 us=118554   renegotiate_seconds = 3600

Sun Sep  2 22:39:34 2018 us=118558   handshake_window = 60

Sun Sep  2 22:39:34 2018 us=118563   transition_window = 3600

Sun Sep  2 22:39:34 2018 us=118567   single_session = DISABLED

Sun Sep  2 22:39:34 2018 us=118572   push_peer_info = DISABLED

Sun Sep  2 22:39:34 2018 us=118576   tls_exit = DISABLED

Sun Sep  2 22:39:34 2018 us=118581   tls_auth_file = '/home/x/keys/ta.key'

Sun Sep  2 22:39:34 2018 us=118585   tls_crypt_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118592   server_network = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118597   server_netmask = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118607   server_network_ipv6 = ::

Sun Sep  2 22:39:34 2018 us=118612   server_netbits_ipv6 = 0

Sun Sep  2 22:39:34 2018 us=118617   server_bridge_ip = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118622   server_bridge_netmask = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118627   server_bridge_pool_start = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118632   server_bridge_pool_end = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118637   ifconfig_pool_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=118642   ifconfig_pool_start = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118647   ifconfig_pool_end = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118653   ifconfig_pool_netmask = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118658   ifconfig_pool_persist_filename = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118663   ifconfig_pool_persist_refresh_freq = 600

Sun Sep  2 22:39:34 2018 us=118667   ifconfig_ipv6_pool_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=118672   ifconfig_ipv6_pool_base = ::

Sun Sep  2 22:39:34 2018 us=118682   ifconfig_ipv6_pool_netbits = 0

Sun Sep  2 22:39:34 2018 us=118687   n_bcast_buf = 256

Sun Sep  2 22:39:34 2018 us=118692   tcp_queue_limit = 64

Sun Sep  2 22:39:34 2018 us=118697   real_hash_size = 256

Sun Sep  2 22:39:34 2018 us=118701   virtual_hash_size = 256

Sun Sep  2 22:39:34 2018 us=118706   client_connect_script = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118710   learn_address_script = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118715   client_disconnect_script = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118719   client_config_dir = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118724   ccd_exclusive = DISABLED

Sun Sep  2 22:39:34 2018 us=118728   tmp_dir = '/tmp'

Sun Sep  2 22:39:34 2018 us=118733   push_ifconfig_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=118738   push_ifconfig_local = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118743   push_ifconfig_remote_netmask = 0.0.0.0

Sun Sep  2 22:39:34 2018 us=118748   push_ifconfig_ipv6_defined = DISABLED

Sun Sep  2 22:39:34 2018 us=118753   push_ifconfig_ipv6_local = ::/0

Sun Sep  2 22:39:34 2018 us=118758   push_ifconfig_ipv6_remote = ::

Sun Sep  2 22:39:34 2018 us=118763   enable_c2c = DISABLED

Sun Sep  2 22:39:34 2018 us=118768   duplicate_cn = DISABLED

Sun Sep  2 22:39:34 2018 us=118773   cf_max = 0

Sun Sep  2 22:39:34 2018 us=118777   cf_per = 0

Sun Sep  2 22:39:34 2018 us=118782   max_clients = 1024

Sun Sep  2 22:39:34 2018 us=118786   max_routes_per_client = 256

Sun Sep  2 22:39:34 2018 us=118791   auth_user_pass_verify_script = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118796   auth_user_pass_verify_script_via_file = DISABLED

Sun Sep  2 22:39:34 2018 us=118800   auth_token_generate = DISABLED

Sun Sep  2 22:39:34 2018 us=118805   auth_token_lifetime = 0

Sun Sep  2 22:39:34 2018 us=118810   port_share_host = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118814   port_share_port = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118819   client = ENABLED

Sun Sep  2 22:39:34 2018 us=118823   pull = ENABLED

Sun Sep  2 22:39:34 2018 us=118828   auth_user_pass_file = '[UNDEF]'

Sun Sep  2 22:39:34 2018 us=118834 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 31 2018

Sun Sep  2 22:39:34 2018 us=118843 library versions: OpenSSL 1.0.2m  2 Nov 2017, LZO 2.09

Sun Sep  2 22:39:34 2018 us=119125 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Sun Sep  2 22:39:34 2018 us=119149 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Sun Sep  2 22:39:34 2018 us=119829 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Sep  2 22:39:34 2018 us=119844 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Sep  2 22:39:34 2018 us=119853 LZO compression initializing

Sun Sep  2 22:39:34 2018 us=119916 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]

Sun Sep  2 22:39:34 2018 us=119938 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]

Sun Sep  2 22:39:34 2018 us=119959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'

Sun Sep  2 22:39:34 2018 us=119965 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'

Sun Sep  2 22:39:34 2018 us=119975 TCP/UDP: Preserving recently used remote address: [AF_INET]1.3.3.1:1331

Sun Sep  2 22:39:34 2018 us=119994 Socket Buffers: R=[212992->212992] S=[212992->212992]

Sun Sep  2 22:39:34 2018 us=119999 UDP link local: (not bound)

Sun Sep  2 22:39:34 2018 us=120005 UDP link remote: [AF_INET]1.3.3.1:1331

Sun Sep  2 22:40:08 2018 us=982429 event_wait : Interrupted system call (code=4)

Sun Sep  2 22:40:08 2018 us=982605 TCP/UDP: Closing socket

Sun Sep  2 22:40:08 2018 us=982642 SIGTERM[hard,] received, process exiting
```

----------

## Anon-E-moose

It appears you're not getting communication with the peer.

You get "UDP link remote: " but it's not responding, probably something wrong with the options you're trying to send it.

```
Sun Sep  2 22:39:34 2018 us=119959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'

Sun Sep  2 22:39:34 2018 us=119965 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' 
```

That's something you'll have to get with the other end to figure out.

----------

## concerned

Anon-E-moose,

Port forwarding was causing the problem.

It is set to only forward TCP traffic to this port, and I had the server in UDP mode.

At the moment I don't have access to that router to fix the port forwarding, so I changed VPN protocol to TCP, and now it works fine.

Thanks all for your time!

Cheers

----------

## Anon-E-moose

Well that would certainly cause problems.  :Laughing: 

Glad you found what it was.

----------

