Trying to get openvpn working with OSMC on pi

Hi,
Firstly, i am not an expert on linux
I have installed osmc
I want to use openvpn and i have an external vpn supplier i wish to use
i have read lots of forums (including this one) and got parts going but not everything and i am not sure how i got the bits going that does work

openvpn starts up on boot up - not sure how i did that
ps aux | grep openvpn
shows
/usr/sbin/openvpn --daemon ovpn-vpn --status /run/openvpn/vpn.status 10 --cd /etc/openvpn --config /etc/openvpn/vpn.conf

and
wget http://ipecho.net/plain -0 - -q;echo
shows me the external ip address

service openvpn stop
service openvpn start
gives no errors

but then it doesnt start again

wget http://ipecho.net/plain -0 - -q;echo
doesnt show the right ip

ps aux | grep openvpn
doesn show it running

remember i know little about linux but i can folow scripts

can someone help me please?

how do i find errors?
i tried
cat /tmp/openvpn.log
but log file doesn’t exist

You can use VPN manager add-on. Works great just have to enter VPN details in settings and it does rest. Supports most VPN providers. Read the detailed wiki on how setup.

Download here

Like Debian 8, OSMC uses systemd, so you’ll need to issue commands like:

sudo systemctl start openvpn
sudo systemctl stop openvpn

in order to get it to stop/start. If you want, you can add a vpn manager but it’s not really necessary.

To look at the system log for openvpn log messages, try:

sudo journalctl | grep openvpn

The log is at /var/log/openvpn.log and will be your best tool in finding out why it won’t restart. Usually this is due to erroneous configuration but (depending on how it is configured) could be due to the remote end timing out.

I don’t have openvpn installed on my OSMC boxes, so am working from my knowledge gained elsewhere, eg Debian and Fedora. I always thought that the log output would go to syslog unless it was either overridden in the VPN config file or explicitly declared in the daemon start-up line. Has raspbian/OSMC deviated from Debian 8 in this respect?

That’s where my OpenVPN log file sits, but it is possible to change the location in config. You can find it with whereis openvpn.log

Do you know why openvpn is logging to that file, rather than to syslog? Is is something that’s been explicitly specified in your openvpn configuration - or is that the OSMC default?

First, it needs to be called openvpn.log for that to work and, second, that’s not my understanding of the whereis command.

osmc@osmc:~$ ls -l ~/.kodi/temp
total 120
drwxr-xr-x 2 osmc osmc  4096 Mar 19 11:29 archive_cache
-rw-r--r-- 1 osmc osmc 42324 Mar 21 17:46 kodi.log
-rw-r--r-- 1 osmc osmc 56313 Mar 19 09:21 kodi.old.log
drwxr-xr-x 2 osmc osmc  4096 Jan  1  2015 temp
osmc@osmc:~/.kodi/temp$ whereis kodi.log
kodi: /usr/bin/kodi /usr/lib/kodi /usr/include/kodi /usr/share/kodi

Just to be sure:

osmc@osmc:~$ ls -l /var/log
total 416
-rw-r--r-- 1 root root   2827 Mar 19 11:57 alternatives.log
drwxr-xr-x 2 root root   4096 Mar 17 18:20 apt
-rw------- 1 root utmp      0 Feb 26 18:11 btmp
-rw-r----- 1 root adm      31 Feb 26 18:12 dmesg
-rw-r--r-- 1 root root  28347 Mar 20 15:57 dpkg.log
-rw-r--r-- 1 root root  24024 Feb 26 18:17 faillog
drwxr-xr-x 2 root root   4096 Jan  1  2015 fsck
-rw-rw-r-- 1 root utmp 292292 Mar 21 17:49 lastlog
-rw-r--r-- 1 root root   1528 Mar 19 11:29 lircd
drwxr-xr-x 2 ntp  ntp    4096 Jul 22  2016 ntpstats
drwxr-x--- 2 root adm    4096 Dec 17 22:20 samba
-rw-rw-r-- 1 root utmp  38016 Mar 21 17:49 wtmp
osmc@osmc:~$ whereis dpkg.log
dpkg: /usr/bin/dpkg /usr/lib/dpkg /etc/dpkg /usr/share/dpkg

Here’s the man page summary from Debian:

whereis - locate the binary, source, and manual page files for a command

It didn’t locate either the kodi.log or dpkg.log file and the man page doesn’t mention log files.

unfortunately there is nothing at /var/log called openvpn.log

i agree, this doesn’t show me where the log is

Still can’t find the log

sudo journalctl

We’re using systemd here…

I mentioned this in post #4. Perhaps the OP has tried it, though I can see nothing to suggest so.

Sorry, i did try it but didn have time this morning to show the results
This is after startup and openvpn working:
Mar 22 19:59:24 osmcpi ovpn-vpn[335]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 22 19:59:33 osmcpi ovpn-vpn[335]: /etc/openvpn/update-resolv-conf tun0 1500 1558 43.228.156.66 255.255.255.224 init

so i stop and start:
root@osmcpi:/home/osmc# sudo systemctl stop openvpn
root@osmcpi:/home/osmc# sudo systemctl start openvpn

and i get:

Mar 22 19:59:24 osmcpi ovpn-vpn[335]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 22 19:59:33 osmcpi ovpn-vpn[335]: /etc/openvpn/update-resolv-conf tun0 1500 1558 43.228.156.66 255.255.255.224 init
Mar 22 20:04:23 osmcpi sudo[650]: root : TTY=pts/0 ; PWD=/home/osmc ; USER=root ; COMMAND=/bin/systemctl stop openvpn
Mar 22 20:04:26 osmcpi ovpn-vpn[335]: /etc/openvpn/update-resolv-conf tun0 1500 1558 43.228.156.66 255.255.255.224 init
Mar 22 20:04:32 osmcpi sudo[684]: root : TTY=pts/0 ; PWD=/home/osmc ; USER=root ; COMMAND=/bin/systemctl start openvpn

wget http://ipecho.net/plain -O - -q;echo
is now not showing the ip that i expected

so i can not get a log? even if i put some settings in the conf file?
thanks for the help

another question
when i do this:
sudo systemctl start openvpn
what is it using as a configuration file?

this looks as if it is using /etc/openvpn/vpn.conf on startup

root@osmcpi:/home/osmc# ps aux | grep openvpn
root 323 1.1 0.4 4836 3556 ? Ss 20:35 0:00 /usr/sbin/openvpn --daemon ovpn-vpn --status /run/openvpn/vpn.status 10 --cd /etc/openvpn --config /etc/openvpn/vpn.conf
root 600 0.0 0.0 2156 552 pts/0 S+ 20:36 0:00 grep openvpn
root@osmcpi:/home/osmc#

I am not sure how i got this to use vpn.config
i can confirm that it is using it by changing this file to a different remote ip
but what does sudo systemctl start openvpn use?

also, while i was trying to get it to start on reboot, i tried all sorts of things
one of them was to create a startup file and register using
sudo update-rc.d startOpenVPN defaults
I got this from this forum, not sure if it has an effect or not
I tried to change startOpenVPN but it made no difference
how do i unregister it?
cheers

after reboot
service --status-all
shows openvpn

root@osmcpi:/etc/init.d# service openvpn status

  • openvpn.service - OpenVPN service
    Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
    Active: active (exited) since Wed 2017-03-22 20:35:36 NZDT; 16min ago
    Process: 338 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
    Main PID: 338 (code=exited, status=0/SUCCESS)
    CGroup: /system.slice/openvpn.service

Mar 22 20:35:36 osmcpi systemd[1]: Started OpenVPN service.
root@osmcpi:/etc/init.d#

this shows it is working

root@osmcpi:/etc/init.d# service openvpn stop
root@osmcpi:/etc/init.d# service openvpn status

  • openvpn.service - OpenVPN service
    Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
    Active: inactive (dead) since Wed 2017-03-22 20:52:32 NZDT; 1s ago
    Process: 338 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
    Main PID: 338 (code=exited, status=0/SUCCESS)

Mar 22 20:35:36 osmcpi systemd[1]: Started OpenVPN service.
Mar 22 20:52:32 osmcpi systemd[1]: Stopping OpenVPN service…
Mar 22 20:52:32 osmcpi systemd[1]: Stopped OpenVPN service.
root@osmcpi:/etc/init.d# service openvpn status

  • openvpn.service - OpenVPN service
    Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
    Active: inactive (dead) since Wed 2017-03-22 20:52:32 NZDT; 8s ago
    Process: 338 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
    Main PID: 338 (code=exited, status=0/SUCCESS)

Mar 22 20:35:36 osmcpi systemd[1]: Started OpenVPN service.
Mar 22 20:52:32 osmcpi systemd[1]: Stopping OpenVPN service…
Mar 22 20:52:32 osmcpi systemd[1]: Stopped OpenVPN service.

root@osmcpi:/etc/init.d# service openvpn start

root@osmcpi:/etc/init.d# service openvpn status

  • openvpn.service - OpenVPN service
    Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
    Active: active (exited) since Wed 2017-03-22 20:52:48 NZDT; 4s ago
    Process: 1159 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
    Main PID: 1159 (code=exited, status=0/SUCCESS)

Mar 22 20:52:48 osmcpi systemd[1]: Started OpenVPN service.

looks like it has started again
but
root@osmcpi:/etc/init.d# ps aux | grep openvpn
root 1166 0.0 0.0 2152 544 pts/0 S+ 20:53 0:00 grep openvpn
root@osmcpi:/etc/init.d#

doesnt show it running
and the ip is not right
wondering if i am going down the wrong road here

First your error message [quote]WARNING: No server certificate verification method has been enabled
[/quote]

It probably means that you’re missing the line remote-cert-tls server in your VPN config file. But since you’re using a commercial service, it should just be a matter of copy/paste from one of their example templates, so such things shouldn’t have been omitted.

Since you seem to have reached your current situation more by accident than by design, here are a few things to revisit and make sure that they’re correctly configured.

1 Since the server P address sems to be in Australia, we’ll call the service mypn-au. Your configuration file should therefore be named /etc/openvpn/myvpn-au.conf. This choice of name, now gives us the chance to create other vpn config files such as myvpn-uk.conf, myvpn-us.conf, and so on, that point to different servers, so if it’s not actually going to an Australian server, you should adjust the name accordingly. Note: on Linux, the files should be named something.conf and not something.ovpn.

2 Edit file /etc/default/openvpn (using sudo) so that it contains the line:

AUTOSTART="myvpn-au"

This will cause openvpn to look for a file called myvpn-au.conf in directory /etc/openvpn. (If you want to change the VPN so that it points elsewhere, it’s best to do it in /etc/default/openvpn.)

3 Try to start openvpn with:

sudo systemctl start openvpn

and check in the system log using

sudo journalctl | grep ovpn-myvpn-au

4 Report back!

I called my configuration file myNZ.conf

I did this:

root@osmcpi:/etc/openvpn# cp myNZ.ovpn myNZ.conf
root@osmcpi:/etc/openvpn# cd /etc/default
root@osmcpi:/etc/default# nano openvpn
root@osmcpi:/etc/default# sudo systemctl start openvpn
root@osmcpi:/etc/default# sudo journalctl | grep ovpn-myNZ
root@osmcpi:/etc/default#

i edited openvpn and put in
AUTOSTART = “myNZ”

i changed the command to:

root@osmcpi:/etc/default# sudo journalctl | grep myNZ
Mar 22 21:34:51 osmcpi /etc/openvpn/myNZ.ovpn[668]: Options error: You must define TUN/TAP device (–dev)
Mar 22 21:34:51 osmcpi /etc/openvpn/myNZ.ovpn[668]: Use --help for more information.
root@osmcpi:/etc/default#

i am totally confused
I rebooted
and now i get:
root@osmcpi:/home/osmc# ps aux | grep openvpn
root 358 1.9 0.4 4860 3656 ? S 22:12 0:05 openvpn /etc/openvpn/myLondon.ovpn
root 606 0.0 0.0 2152 552 pts/0 S+ 22:16 0:00 grep openvpn

myLondon.ovpn is what is in startOpenVPN (see 14 above)

Hey, you’re not the only one! :slight_smile:

I think part of the problem is that you’re not starting with a clean install and something you’ve already done is causing a few issues.

First, I see that you copied myNZ.ovpn to myNZ.conf rather than rename it. That creates a potential issue.

Second, where did myLondon come from?

So, make sure there are no .ovpn files in /etc/openvpn and let’s see a list of the config files you have there.

Make sure that there is only one active AUTOSTART line in /etc/default/openvpn.

And show me the myNZ.conf file. You can obfuscate any IP addresses if you wish.