OpenVPN Unrecognized option or missing or extra parameter

I have a .conf file which contains below information but openvpn says something is missing.

cat ./vpnconf.conf
client

gateway [IP]
ID GRDVPN
secret [SECRET]
username [USERNAME]
password [PASSWORD]
MTU 1380

sudo openvpn --config  ./vpnconf.conf 
Options error: Unrecognized option or missing or extra parameter(s) in ./VPN_access_to_VF_lab_-_keep_confidential/copy-conf.vpn:4: gateway (2.4.4)
Use --help for more information.

What I am doing wrong?

Go to Source
Author: AVarf

Connecting to an OpenVPN Server

I’m still very new to understanding all this VPN / Server stuff so please bear in mind when helping.

I am trying to connect to an OpenVPN Server set up by my client.
I am wondering how to do I connect as a client to this server via the Ubuntu terminal?
All they have provided to me is the key and the WAN and LAN of their network.

Thank you.

Go to Source
Author: Louise Finch

Malformed packets for OpenVPN

I have setup OpenVPN on pfsense 2.4.5, and captured sample data for my OpenVPN traffic. However, I observed that most of packets captures for OpenVPN is malformed.

What are the possible reasons? I have placed a sample of the captures in this link for your reference. Any suggestion is helpful!

Thanks!
Openvpn Sample Capture

Go to Source
Author: meta_warrior

openvpn fails silently in systemd only

Brand new server.

I can start openvpn as a client at the cli using

openvpn --config /etc/openvpn/client.conf --verb 3

and pull a VPN ip address on the tun0 interface and ping the server just fine. But systemd fails silently without an error in any log.

service openvpn start

I did a standard

apt install openvpn

without any issues.

journalctl output:

Jun 11 06:19:12 fl.trader.com systemd[1]: Starting OpenVPN service...
Jun 11 06:19:12 fl.trader.com systemd[1]: Started OpenVPN service.

root@fl:/home/user# cat /etc/*-release

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian

root@fl:/home/user# openvpn –version

OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

root@flounder:/home/kermit# cat /etc/openvpn/client.conf

client
remote my-server-ip
dev tun
nobind
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/trader.com.crt
key /etc/openvpn/trader.com.key
comp-lzo
verb 3
ping-restart 60

log /var/log/openvpn/openvpn.log

server:

root@vortex:/pki# cat /etc/openvpn/server.conf

mode server
tls-server
port 1194
proto udp
dev tun

ca      /pki/ca.crt
cert    /pki/issued/trader.com.crt
key     /pki/private/trader.com.key
dh      /pki/dh.pem

server 10.9.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo         # Compression - must be turned on at both end
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 4  # verbose mode
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
client-to-client
push "redirect-gateway bypass-dhcp"
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 4.2.2.2"

log /var/log/openvpn/openvpn.log

How do I get openvpn to start in systemd?

Go to Source
Author: brad

AWS LightSail OpenVPN + ASUS RT-3200 – TLS Error: Key negotiation failed

AWS LightSail OpenVPN + ASUS RT-3200 – TLS Error: Key negotiation failed

Using https://github.com/angristan/openvpn-install i have installed openvpn on AWS Lightsail Instance (Ubuntu 18.04 LTS). My server config file is as follows:

    port 33434
    proto udp
    dev tun
    user nobody
    group nogroup
    persist-key
    persist-tun
    keepalive 10 120
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    push "redirect-gateway def1 bypass-dhcp"
    dh dh.pem
    tls-auth tls-auth.key 0
    crl-verify crl.pem
    ca ca.crt
    cert server_VYtknmf1PC80WpTG.crt
    key server_VYtknmf1PC80WpTG.key
    auth SHA512
    cipher AES-256-CBC
    ncp-ciphers AES-256-CBC
    tls-server
    client-config-dir /etc/openvpn/ccd
    status /var/log/openvpn/status.log
    verb 3

And my client.ovpn is as follows:

client
proto udp
explicit-exit-notify
remote 35.173.69.115 33434
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_VYtknmf1PC80WpTG name
auth SHA512
auth-nocache
cipher AES-256-CBC
tls-client
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

I have added port ‘33434’ UDP in Firewall rule of AWS instance.

I added a new profile in VPN Client section of the asus router and uploaded the client.ovpn file. And clicked activate and get follow message in the log.

May 15 22:29:43 vpnclient1[17419]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 15 22:29:43 vpnclient1[17419]: Socket Buffers: R=[122880->122880] S=[122880->122880]
May 15 22:29:43 vpnclient1[17419]: UDPv4 link local: [undef]
May 15 22:29:43 vpnclient1[17419]: UDPv4 link remote: [AF_INET]35.173.69.115:33434
May 15 22:29:43 vpnclient1[17419]: TLS: Initial packet from [AF_INET]35.173.69.115:33434, sid=61d9df2d 1f97bdd0
May 15 22:30:02 rc_service: service 17718:notify_rc restart_letsencrypt
May 15 22:30:43 vpnclient1[17419]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 15 22:30:43 vpnclient1[17419]: TLS Error: TLS handshake failed
May 15 22:30:43 vpnclient1[17419]: SIGUSR1[soft,tls-error] received, process restarting
May 15 22:30:43 vpnclient1[17419]: Restart pause, 2 second(s)

Please suggest how to fix the issue. Thank you.

Go to Source
Author: Saad Bashir