Topic: [Solved] No tun interface with openvpn

The content of this topic has been archived on 25 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

zynex

29 Nov 2017, 13:16

Hi.

I'm trying to connect to an external VPN provider (Swedish OVPN) thru my Netgear WNDR3700v1, but I havn't succeeded yet. I have compiled my own firmware for it from the trunk branch, with openvpn and kmod-tun and everything connects as it should according to my logs.

The problem is that the tun interface is none existent. The tun module is loaded (insmod tun says module is already loaded - tun), and /etc/config/network has the tun0 configured (i can see it in LuCI). But it's not showing up in when listing the interfaces with ifconfig.

VPN config

config openvpn 'OVPN'
    option daemon '1'
    option client '1'
    option comp_lzo 'yes'
    option persist_key '1'
    option nobind '1'
    option remote_cert_tls 'server'
    list remote 'pool.prd.se.ovpn.se 1194'
    list remote 'pool.prd.se.ovpn.se 1195'
    option proto 'udp'
    option auth_user_pass '/etc/openvpn/credentials.txt'
    option auth_retry 'nointeract'
    option remote_random '1'
    option cipher 'aes-256-cbc'
    option verb '4'
    option persist_tun '1'
    option replay_window '256'
    option mute_replay_warnings '1'
    option reneg_sec '432000'
    option resolv_retry 'infinite'
    option log '/var/log/openvpn.log'
    option enabled '1'
    option tls_auth '/etc/openvpn/ovpn-tls.key'
    option pull '1'
    option ca '/etc/openvpn/ovpn-ca.crt'
    option dev 'tun'

OpenVPN log

Wed Nov 29 12:08:40 2017 us=922813 OpenVPN 2.4.2 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Nov 29 12:08:40 2017 us=923102 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Wed Nov 29 12:08:40 2017 us=928916 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 29 12:08:40 2017 us=929254 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 29 12:08:40 2017 us=929521 LZO compression initializing
Wed Nov 29 12:08:40 2017 us=930643 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Wed Nov 29 12:08:40 2017 us=975411 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Nov 29 12:08:40 2017 us=975959 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Wed Nov 29 12:08:40 2017 us=976209 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Wed Nov 29 12:08:40 2017 us=976491 TCP/UDP: Preserving recently used remote address: [AF_INET]185.86.106.135:1194
Wed Nov 29 12:08:40 2017 us=976772 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Nov 29 12:08:40 2017 us=977016 UDP link local: (not bound)
Wed Nov 29 12:08:40 2017 us=977286 UDP link remote: [AF_INET]185.86.106.135:1194

Output from ifconfig

br-lan    Link encap:Ethernet  HWaddr E2:91:F5:04:78:70  
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fde2:3524:ff5e::1/60 Scope:Global
          inet6 addr: fe80::e091:f5ff:fe04:7870/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1199 errors:0 dropped:0 overruns:0 frame:0
          TX packets:476 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:192225 (187.7 KiB)  TX bytes:67565 (65.9 KiB)

eth0      Link encap:Ethernet  HWaddr E2:91:F5:04:78:70  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:486 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:216538 (211.4 KiB)  TX bytes:69470 (67.8 KiB)
          Interrupt:4 

eth1      Link encap:Ethernet  HWaddr E0:91:F5:04:78:71  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:2904 (2.8 KiB)  TX bytes:2904 (2.8 KiB)

wlan0     Link encap:Ethernet  HWaddr E0:91:F5:04:78:70  
          inet6 addr: fe80::e291:f5ff:fe04:7870/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:786 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:180287 (176.0 KiB)

wlan1     Link encap:Ethernet  HWaddr E0:91:F5:04:78:72  
          inet6 addr: fe80::e291:f5ff:fe04:7872/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:786 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:180287 (176.0 KiB)

TUN config in /etc/config/network

config interface 'vpn'
        option proto 'none'
        option ifname 'tun0'

I've googled my ass of, but can't find anything describing this problem. I also tried ROOTer firmware, but it's the same problem there.

I read some other logs that shows that the tun interface is opened, but that's not the case for me.

...
May 27 08:58:16 wrt01 daemon.notice openvpn(IPredator)[7955]: TUN/TAP device tun1337 opened
May 27 08:58:16 wrt01 daemon.notice openvpn(IPredator)[7955]: TUN/TAP TX queue length set to 100
]...

Anyone have a clue how to get tun interface up so I can route my traffic thru it?

(Last edited by zynex on 1 Dec 2017, 19:04)

Post #2

webtron

30 Nov 2017, 07:07

I don't put any settings in the network config for the vpn. Try increasing verbosity to 9 and see if that gives you more info in the logs
option verb '9'

Post #3

WWTK

30 Nov 2017, 14:21

webtron is right there shouldn't be any tun0 in the network file. tun0 gets created when openvpn is running.

That link local not bound message is probably part of your issue. Here is what i see when mine starts..

Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: OpenVPN 2.4.4 arm-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: library versions: mbed TLS 2.6.0, LZO 2.10
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: Diffie-Hellman initialized with 2048 bit key
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: TUN/TAP device tun0 opened
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: TUN/TAP TX queue length set to 100
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: /sbin/ifconfig tun0 172.16.1.1 pointopoint 172.16.1.2 mtu 1500
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: /sbin/route add -net 172.16.1.0 netmask 255.255.255.0 gw 172.16.1.2
Thu Nov 30 08:16:37 2017 daemon.warn openvpn(sample_server)[8836]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: UDPv4 link local (bound): [AF_INET][undef]:1194
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: UDPv4 link remote: [AF_UNSPEC]
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: UID set to nobody
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: MULTI: multi_init called, r=256 v=256
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: IFCONFIG POOL: base=172.16.1.4 size=62, ipv6=0
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: IFCONFIG POOL LIST
Thu Nov 30 08:16:37 2017 daemon.notice openvpn(sample_server)[8836]: Initialization Sequence Completed

Post #4

zynex

1 Dec 2017, 13:38

I have tried both without and with tun0 in the network file, same result. The strange thing is that I have no "TUN/TAP device tun0 opened" in my log at all, neither something that could indicate a problem. I also tried verb 9, but can't see anything useful that might have something to do with this problem.

The kernel module is loaded and activated, so it should do something!?

Post #5

zynex

1 Dec 2017, 13:47

Got some more stuff in the logs with verb 9, mayebe it helps a bit. I just noticed that there is some problem with TLS handshake, maybe that's a part of the problem.

Wed Nov 29 19:42:03 2017 us=62818 OpenVPN 2.4.4 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Nov 29 19:42:03 2017 us=63061 library versions: OpenSSL 1.0.2m  2 Nov 2017, LZO 2.10
Wed Nov 29 19:42:03 2017 us=68742 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 29 19:42:03 2017 us=69164 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 29 19:42:03 2017 us=69521 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 28 bytes
Wed Nov 29 19:42:03 2017 us=69904 LZO compression initializing
Wed Nov 29 19:42:03 2017 us=81258 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Wed Nov 29 19:42:03 2017 us=115460 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Nov 29 19:42:03 2017 us=115882 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Wed Nov 29 19:42:03 2017 us=116226 calc_options_string_link_mtu: link-mtu 1622 -> 1558
Wed Nov 29 19:42:03 2017 us=116690 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Wed Nov 29 19:42:03 2017 us=117032 calc_options_string_link_mtu: link-mtu 1622 -> 1558
Wed Nov 29 19:42:03 2017 us=117458 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Wed Nov 29 19:42:03 2017 us=117844 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Wed Nov 29 19:42:03 2017 us=118237 TCP/UDP: Preserving recently used remote address: [AF_INET]46.227.67.149:1195
Wed Nov 29 19:42:03 2017 us=118628 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Nov 29 19:42:03 2017 us=119029 UDP link local (bound): [AF_INET]192.168.0.2:1194
Wed Nov 29 19:42:03 2017 us=119410 UDP link remote: [AF_INET]46.227.67.149:1195
Wed Nov 29 19:42:03 2017 us=120445  event_wait returned 1
Wed Nov 29 19:42:03 2017 us=121438 UDP WRITE [42] to [AF_INET]46.227.67.149:1195: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=0b437503 f37abf05 tls_hmac=be867196 80f2f664 a679b7b4 3050d416 ec1608a2 pid=[ #1 / time = (1511980923) Wed Nov 29 19:42:03 2017 ] [ ] pid=0 DATA 
Wed Nov 29 19:42:03 2017 us=121981 UDP write returned 42
Wed Nov 29 19:42:04 2017 us=203878  event_wait returned 0
Wed Nov 29 19:42:05 2017 us=285499  event_wait returned 0
Wed Nov 29 19:42:05 2017 us=285981  event_wait returned 1
Wed Nov 29 19:42:05 2017 us=286839 UDP WRITE [42] to [AF_INET]46.227.67.149:1195: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=0b437503 f37abf05 tls_hmac=c152d39c e4f32c47 7d17a0e1 712b65b1 25ea75b5 pid=[ #2 / time = (1511980923) Wed Nov 29 19:42:03 2017 ] [ ] pid=0 DATA 
Wed Nov 29 19:42:05 2017 us=287357 UDP write returned 42
Wed Nov 29 19:42:06 2017 us=368953  event_wait returned 0
Wed Nov 29 19:42:07 2017 us=450584  event_wait returned 0
Wed Nov 29 19:42:08 2017 us=532115  event_wait returned 0
Wed Nov 29 19:42:09 2017 us=613654  event_wait returned 0
Wed Nov 29 19:42:09 2017 us=614144  event_wait returned 1
Wed Nov 29 19:42:09 2017 us=615007 UDP WRITE [42] to [AF_INET]46.227.67.149:1195: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=0b437503 f37abf05 tls_hmac=4ade9b36 cbeeff96 7f4ff9ce 32cff27d 7a14e1d5 pid=[ #3 / time = (1511980923) Wed Nov 29 19:42:03 2017 ] [ ] pid=0 DATA 
Wed Nov 29 19:42:09 2017 us=615524 UDP write returned 42
Wed Nov 29 19:42:10 2017 us=697131  event_wait returned 0
Wed Nov 29 19:42:11 2017 us=778754  event_wait returned 0
Wed Nov 29 19:42:12 2017 us=860277  event_wait returned 0
Wed Nov 29 19:42:13 2017 us=941849  event_wait returned 0
Wed Nov 29 19:42:14 2017 us=977349  event_wait returned 0
Wed Nov 29 19:42:16 2017 us=12810  event_wait returned 0
Wed Nov 29 19:42:17 2017 us=48268  event_wait returned 0
Wed Nov 29 19:42:17 2017 us=48745  event_wait returned 1
Wed Nov 29 19:42:17 2017 us=49603 UDP WRITE [42] to [AF_INET]46.227.67.149:1195: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=0b437503 f37abf05 tls_hmac=1d6a5c36 c97f4849 661f4254 704078a7 c6ec219b pid=[ #4 / time = (1511980923) Wed Nov 29 19:42:03 2017 ] [ ] pid=0 DATA 
Wed Nov 29 19:42:17 2017 us=50140 UDP write returned 42
Wed Nov 29 19:42:18 2017 us=85762  event_wait returned 0
Wed Nov 29 19:42:19 2017 us=120649  event_wait returned 0
Wed Nov 29 19:42:20 2017 us=156112  event_wait returned 0
Wed Nov 29 19:42:21 2017 us=190626  event_wait returned 0
Wed Nov 29 19:42:22 2017 us=226088  event_wait returned 0
Wed Nov 29 19:42:23 2017 us=260647  event_wait returned 0
Wed Nov 29 19:42:24 2017 us=520373  event_wait returned 0
Wed Nov 29 19:42:25 2017 us=780118  event_wait returned 0
Wed Nov 29 19:42:27 2017 us=39805  event_wait returned 0
Wed Nov 29 19:42:28 2017 us=299493  event_wait returned 0
Wed Nov 29 19:42:29 2017 us=559183  event_wait returned 0
Wed Nov 29 19:42:30 2017 us=818870  event_wait returned 0
Wed Nov 29 19:42:32 2017 us=78557  event_wait returned 0
Wed Nov 29 19:42:33 2017 us=338244  event_wait returned 0
Wed Nov 29 19:42:33 2017 us=338812  event_wait returned 1
Wed Nov 29 19:42:33 2017 us=339674 UDP WRITE [42] to [AF_INET]46.227.67.149:1195: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=0b437503 f37abf05 tls_hmac=21eb6d86 7577152e 9f0fe61f dedd43b9 67388831 pid=[ #5 / time = (1511980923) Wed Nov 29 19:42:03 2017 ] [ ] pid=0 DATA 
Wed Nov 29 19:42:33 2017 us=340196 UDP write returned 42
Wed Nov 29 19:42:34 2017 us=509931  event_wait returned 0
Wed Nov 29 19:42:35 2017 us=679624  event_wait returned 0
Wed Nov 29 19:42:36 2017 us=849222  event_wait returned 0
Wed Nov 29 19:42:38 2017 us=18819  event_wait returned 0
Wed Nov 29 19:42:39 2017 us=188420  event_wait returned 0
Wed Nov 29 19:42:40 2017 us=358015  event_wait returned 0
Wed Nov 29 19:42:41 2017 us=527612  event_wait returned 0
Wed Nov 29 19:42:42 2017 us=697209  event_wait returned 0
Wed Nov 29 19:42:43 2017 us=866807  event_wait returned 0
Wed Nov 29 19:42:44 2017 us=920328  event_wait returned 0
Wed Nov 29 19:42:45 2017 us=973901  event_wait returned 0
Wed Nov 29 19:42:47 2017 us=27382  event_wait returned 0
Wed Nov 29 19:42:48 2017 us=80630  event_wait returned 0
Wed Nov 29 19:42:49 2017 us=134111  event_wait returned 0
Wed Nov 29 19:42:50 2017 us=187690  event_wait returned 0
Wed Nov 29 19:42:51 2017 us=240625  event_wait returned 0
Wed Nov 29 19:42:52 2017 us=294113  event_wait returned 0
Wed Nov 29 19:42:53 2017 us=347594  event_wait returned 0
Wed Nov 29 19:42:54 2017 us=440159  event_wait returned 0
Wed Nov 29 19:42:55 2017 us=532682  event_wait returned 0
Wed Nov 29 19:42:56 2017 us=625206  event_wait returned 0
Wed Nov 29 19:42:57 2017 us=717729  event_wait returned 0
Wed Nov 29 19:42:58 2017 us=810247  event_wait returned 0
Wed Nov 29 19:42:59 2017 us=902870  event_wait returned 0
Wed Nov 29 19:43:00 2017 us=995393  event_wait returned 0
Wed Nov 29 19:43:02 2017 us=87915  event_wait returned 0
Wed Nov 29 19:43:03 2017 us=180452  event_wait returned 0
Wed Nov 29 19:43:03 2017 us=181396 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Nov 29 19:43:03 2017 us=181750 TLS Error: TLS handshake failed
Wed Nov 29 19:43:03 2017 us=182965 TCP/UDP: Closing socket
Wed Nov 29 19:43:03 2017 us=183391 SIGUSR1[soft,tls-error] received, process restarting
Wed Nov 29 19:43:03 2017 us=183822 Restart pause, 5 second(s)

Also, the router i'm trying to configure of connected to a primary router (that's connected to a mobile network) using LAN-to-LAN method (it's on the same sub net). The secondary router can access the net, so it's not a connection issue.

Post #6

zynex

1 Dec 2017, 19:04

It works now! Apparently it's almost impossible to configure the setup I had (LAN to LAN) with OpenVPN, I read some place that it's recommended to use WAN to LAN to get it up and running, witch it did

The discussion might have continued from here.

Page 1 of 1