# Connecting to openvpn server

## Letharion

I'm trying to set up a openvpn connection between two servers. I have control only over my end.

I have been given a few files:

```
-ca.crt

-client.crt

-client.key

-client.ovpn

-tls.key
```

From reading on openvpn.net I've tried the below as a first insecure attempt:

```
mkdir /dev/net

mknod /dev/net/tun c 10 200

openvpn --remote remote.side.com --dev /dev/net/tun --ifconfig 10.4.0.1 10.4.0.2 --verb 9
```

I don't know what I'm supposed to use for ip adresses.

This is the error I get

```
Wed Oct 28 20:59:17 2009 us=168284 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext

Wed Oct 28 20:59:17 2009 us=168299 MTU DYNAMIC mtu=1450, flags=2, 1500 -> 1450

Wed Oct 28 20:59:17 2009 us=169367 RESOLVE: NOTE: remote.side.com resolves to 3 addresses, choosing one by random

Wed Oct 28 20:59:17 2009 us=169530 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=1

Wed Oct 28 20:59:17 2009 us=169543 Error: problem with tun vs. tap setting

Wed Oct 28 20:59:17 2009 us=169556 Exiting
```

----------

## Letharion

```
openvpn --mktun --dev tun
```

 was giving me two "Operation not permitted".

One of seemed was resolved by conntacting the VPS-hoster, it seems I didn't have access to the tun device.

Now however, they think the remaining problem:

```
# openvpn --mktun --dev tun

Mon Nov  2 10:54:04 2009 TUN/TAP device tun0 opened

Mon Nov  2 10:54:04 2009 Cannot ioctl TUNSETPERSIST(1) tun: Operation not permitted (errno=1)

Mon Nov  2 10:54:04 2009 Exiting
```

 is caused by udev. They asked me to snapshot and remove udev to see what happens.

I expect the system not to start at all if I remove udev. Sure, I will be able to restore the snapshot if that's the case, but I would like some input on the subject.

Options to removing udev?

----------

## gringo

what happen if you create the needed interfaces in /dev manually ? Does vpn work afterwards ?

cheers

----------

## Letharion

 *gringo wrote:*   

> what happen if you create the needed interfaces in /dev manually ? Does vpn work afterwards ?
> 
> cheers

 

I still did

```
mkdir /dev/net

mknod /dev/net/tun c 10 200

openvpn --mktun --dev tun
```

 even after talking to the hoster. Doesn't help.

Is that what you meant?  :Smile: 

----------

## gringo

 *Quote:*   

> Is that what you meant?

 

yes, sorry, somehow i missed that part in your first post ...

don´t know if this is needed but : did you stop udev so that it doesn´t interferes with the new created interface ? 

cheers

----------

## Letharion

```
# /etc/init.d/udev stop

 * WARNING:  udev has not yet been started.
```

It doesn't seem to be running in the first place? That's wierd, I thought it always ran?

Edit: I figured I'd try to start it, but since I'm on stable, I got an error message about not using it with baselayout-1. Maybe there's another script I should stop? /etc/init.d/udev-postmount can be stopped/started, but I'm not sure what it does. I stopped it, created the tun device, and tried again, but the error message remains.

----------

## gringo

 *Quote:*   

> It doesn't seem to be running in the first place? That's wierd, I thought it always ran?

 

in a default gentoo setup, yes, otherwise you should have an almost empty /dev and lots of errors when loading the system.

What version of udev and what kernel are you running ?

 *Quote:*   

> /etc/init.d/udev-postmount can be stopped/started, but I'm not sure what it does

 

i´m not sure either, but afaik it does some extra operations after udev has been invoked because udev cannot detect them by itself. 

In modern version of udev it will actually do lots of stuff like, f.ex., setup the bluetooth devices ( no init script needed anymore).

cheers

----------

## Letharion

Udev is latest stable, 141.

```
# cat /proc/version

Linux version 2.6.18-128.2.1.el5.028stab064.7 (root@rhel5-64-build) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Wed Aug 26 15:47:17 MSD 2009
```

The above might be related, not being a gentoo kernel. Not sure how this VPS thing works, but I don't seem to have a lot of control over my kernel.

----------

## gringo

ah, ok, this is rhel, i suggest you to use the instructions of redhat because they (almost) always do things their own way.

A quick search in google gave me this link, hopefully it helps you :

http://www.linuxtopia.org/online_books/rhel5/rhel5_administration/rhel5_ch-vpn.html

there are surely more documents available.

cheers

----------

## Letharion

 *gringo wrote:*   

> ah, ok, this is rhel, i suggest you to use the instructions of redhat because they (almost) always do things their own way.
> 
> A quick search in google gave me this link, hopefully it helps you :
> 
> http://www.linuxtopia.org/online_books/rhel5/rhel5_administration/rhel5_ch-vpn.html
> ...

 

Thanks, I'll look at it. This wasn't quite what I expected when I selected "gentoo" from the server list.

----------

