Trying to get openvpn working with OSMC on pi

stephr1 · 22 March 2017 17:25

Not sure if I should start a new topic for this, but then I’ve been flamed in the past for doing so, so…

I have set up openvpn on a RPI 3/OSMC system. It seems that openvpn works to a point (using the free vpn services to start).

Here’s where I’ve gotten to – when I execute:

openvpn --remote <ipaddr of the vpn server> --dev tun1 --ifconfig 10.9.8.1 10.9.8.2

I get as a result:

Wed Mar 22 10:13:50 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Wed Mar 22 10:13:50 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Wed Mar 22 10:13:50 2017 ******* WARNING *******: all encryption and authentication features disabled – all data will be tunnelled as cleartext
Wed Mar 22 10:13:50 2017 TUN/TAP device tun1 opened
Wed Mar 22 10:13:50 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 22 10:13:50 2017 /sbin/ip link set dev tun1 up mtu 1500
Wed Mar 22 10:13:50 2017 /sbin/ip addr add dev tun1 local 10.9.8.1 peer 10.9.8.2
Wed Mar 22 10:13:50 2017 UDPv4 link local (bound): [undef]
Wed Mar 22 10:13:50 2017 UDPv4 link remote: [AF_INET]176.126.237.207:1194

…and the output stops, as if it’s waiting (which may be the right result).

Then if I execute ifconfig -a I get:

(eth0 and lo info…snip…)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.9.8.1  P-t-P:10.9.8.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

So the command line version seems to work. However, if I try to run

sudo openvpn /etc/openvpn/.vpn_config/FreeVPN.me-TCP443.ovpn

I get this msg (among other warnings):

…snip…
ERROR: Cannot ioctl TUNSETIFF tun1: Operation not permitted (errno=1)
Exiting due to fatal error

and running ifconfig -a shows me my eth0 and lo info, but the tun1 info is nowhere to be found.

This feels like a permissions issue, but could be something more subtle.

Thx for any help on this…

dillthedog · 22 March 2017 17:59

Not my forum and not my call, but it’s unrelated to the OP’s problem, so probably best to keep the two separate, IMO.

stephr1 · 22 March 2017 18:26

Appreciate the feedback. I have created a new topic and I’ll just have to wait and see from which direction help arrives…if it does

john_edwards · 23 March 2017 08:29

ok, so that killed it
doesn work now
got rid of all the .ovpn files, only got myNZ.conf for .conf files

root@osmcpi:/etc/default# cat openvpn
# This is the configuration file for /etc/init.d/openvpn

#
# Start only these VPNs automatically via init script.
# Allowed values are “all”, “none” or space separated list of
# names of the VPNs. If empty, “all” is assumed.
# The VPN name refers to the VPN configutation file name.
# i.e. “home” would be /etc/openvpn/home.conf
#
# If you’re running systemd, changing this variable will
# require running “systemctl daemon-reload” followed by
# a restart of the openvpn service (if you removed entries
# you may have to stop those manually)
#
#AUTOSTART=“all”
#AUTOSTART=“none”
#AUTOSTART=“home office”
#AUTOSTART = “all”
AUTOSTART = “myNZ”
#
# WARNING: If you’re running systemd the rest of the
# options in this file are ignored.
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
# Optional arguments to openvpn’s command line
OPTARGS=“”
#
# If you need openvpn running after sendsigs, i.e.
# to let umountnfs work over the vpn, set OMIT_SENDSIGS
# to 1 and include umountnfs as Required-Stop: in openvpn’s
# init.d script (remember to run insserv after that)
#
OMIT_SENDSIGS=0
root@osmcpi:/etc/default#

only one autostart

root@osmcpi:/etc/default# sudo journalctl | grep openvpn
Mar 23 21:01:13 osmcpi systemd[132]: /lib/systemd/system-generators/openvpn-generator failed with error code 127.
Mar 23 21:01:13 osmcpi systemd[1]: Starting system-openvpn.slice.
Mar 23 21:01:13 osmcpi systemd[1]: Created slice system-openvpn.slice.
Mar 23 21:01:14 osmcpi ovpn-vpn[314]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/vpn.conf
Mar 23 21:01:14 osmcpi systemd[1]: openvpn@vpn.service: control process exited, code=exited status=1
Mar 23 21:01:14 osmcpi systemd[1]: Unit openvpn@vpn.service entered failed state.
Mar 23 21:01:15 osmcpi startOpenVPN[347]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/myLondon.ovpn
root@osmcpi:/etc/default#

myNZ.conf:
root@osmcpi:/etc/openvpn# cat myNZ.conf
client
management localhost 3117
dev tun
proto udp
remote someNZServer.com 53
float
redirect-gateway def1
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
tls-auth /etc/openvpn/Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 3
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass /etc/openvpn/pass.txt
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
root@osmcpi:/etc/openvpn#

as you will see i have tried all sorts of things
cheers

john_edwards · 23 March 2017 08:43

got rid of the startOpenVPN error by doing this:
update-rc.d -f startOpenVPN remove

now got:
root@osmcpi:/home/osmc# sudo journalctl | grep openvpn
Mar 23 21:37:26 osmcpi systemd[129]: /lib/systemd/system-generators/openvpn-generator failed with error code 127.
Mar 23 21:37:26 osmcpi systemd[1]: Starting system-openvpn.slice.
Mar 23 21:37:26 osmcpi systemd[1]: Created slice system-openvpn.slice.
Mar 23 21:37:27 osmcpi ovpn-vpn[312]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/vpn.conf
Mar 23 21:37:27 osmcpi systemd[1]: openvpn@vpn.service: control process exited, code=exited status=1
Mar 23 21:37:27 osmcpi systemd[1]: Unit openvpn@vpn.service entered failed state.
root@osmcpi:/home/osmc#

so something thinks i want to use /etc/openvpn/vpn.conf

dillthedog · 23 March 2017 10:02

Remove the spaces either size of the = sign.

Just to clarify what’s happening, type this:

AAA="zzz"
echo $AAA
BBB = "yyy"
echo $BBB

See?

I’ll leave it at that for now.

john_edwards · 24 March 2017 06:05

Great!
ok, that seems to have made it work
i stopped it and started it again and it started again
so, how do i change to a different site?

any changes i need to do to myNZ.conf?

cheers and thank you very much

dillthedog · 24 March 2017 07:55

The best methos, IMO, is to have a bunch of .conf files in your /etc/openvpn directory and then edit /etc/default/openvpn to point to your server du jour. It’s a lot easier then having one master .conf file that you constantly re-edit, plus less prone to error.

Anyway, good to see that you’re finally up and running.

So the tl;dr is:

Give your config files a .conf suffix, rather than .ovpn (though it seems that might no longer be 100% necessary)
Put config files in /etc/openvpn
Point to the one you want to run in /etc/default/openvpn
Restart OSMC (just to ensure a clean start)

Now why did that take so long?

john_edwards · 24 March 2017 20:47

Great, thank you very much for all your help

sentut · 13 August 2017 21:44

Is there a way of supplying openvpn arugments via the service rather than coding it into the vpn.conf file?

dillthedog · 14 August 2017 11:34

The only argument that I’m aware of that can be supplied when starting the openvpn service is to specify which .conf file (and therefore which service/server) to use.

Other than that, you’d need to edit /lib/systemd/system/openvpn@.service and hard-code your arguments into the openvpn start command, which doesn’t make a lot of sense.