Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limitations on Fedora 29 #30

Open
Thomas-S opened this issue Nov 28, 2018 · 7 comments
Assignees

Comments

@Thomas-S
Copy link

@Thomas-S Thomas-S commented Nov 28, 2018

Hi,

first of all, this script has been working for me very well in the past. Thanks for your effort :)

Yesterday, I upgraded to Fedora 29 and my /etc/resolv.conf does not get updated anymore.

My versions:
OpenVPN 2.4.6 x86_64-redhat-linux-gnu
Fedora release 29 (Twenty Nine)

Maybe this log message helps as well:
Wed Nov 28 09:05:54 2018 /etc/openvpn/update-resolv-conf.sh tun0 1500 1604 10.242.2.21 255.255.255.0 init Unknown interface 'tun0': No such device Wed Nov 28 09:05:54 2018 SIGINT[hard,] received, process exiting

Regards,
Thomas

@LeTink

This comment has been minimized.

Copy link

@LeTink LeTink commented Nov 28, 2018

Ummm ... if there's no tun0 interface anymore, what is it called in the new version of Fedora?

@alfredopalhares

This comment has been minimized.

Copy link
Owner

@alfredopalhares alfredopalhares commented Nov 29, 2018

Hello @Thomas-S,

First of all thank you and sorry for the delay on the response.

Strange that in interface is not tun0. Can you paste a more full log, with verbose 7 on your config? Please mask the sensitive parts like IPs. If you are not sure, email me the log.

@Thomas-S

This comment has been minimized.

Copy link
Author

@Thomas-S Thomas-S commented Nov 29, 2018

Hi thanks for the response :)

Ummm ... if there's no tun0 interface anymore, what is it called in the new version of Fedora?

If I run ifconfig the interface tun0 is still there (amongst many others).

Hello @Thomas-S,

First of all thank you and sorry for the delay on the response.

Strange that in interface is not tun0. Can you paste a more full log, with verbose 7 on your config? Please mask the sensitive parts like IPs. If you are not sure, email me the log.

I don't know what you mean by verbose 7

@alfredopalhares

This comment has been minimized.

Copy link
Owner

@alfredopalhares alfredopalhares commented Nov 30, 2018

I don't know what you mean by verbose 7

This is an option that you can set on your openvpn client config file. verb 7

@Thomas-S

This comment has been minimized.

Copy link
Author

@Thomas-S Thomas-S commented Dec 3, 2018

Ah thanks. This is what comes up, verb 7 does not seem to give me more log info:

Mon Dec  3 09:54:25 2018 library versions: OpenSSL 1.1.1 FIPS  11 Sep 2018, LZO 2.08
Enter Auth Username: *******
Enter Auth Password: ****************
Mon Dec  3 09:54:38 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Dec  3 09:54:43 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]*******
Mon Dec  3 09:54:43 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Dec  3 09:54:43 2018 Attempting to establish TCP connection with [AF_INET]******* [nonblock]
Mon Dec  3 09:54:44 2018 TCP connection established with [AF_INET]*******
Mon Dec  3 09:54:44 2018 TCP_CLIENT link local: (not bound)
Mon Dec  3 09:54:44 2018 TCP_CLIENT link remote: [AF_INET]*******
Mon Dec  3 09:54:44 2018 TLS: Initial packet from [AF_INET]*******, sid=*******
Mon Dec  3 09:54:44 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Dec  3 09:54:45 2018 VERIFY OK: *******
Mon Dec  3 09:54:45 2018 VERIFY X509NAME OK: *******
Mon Dec  3 09:54:45 2018 VERIFY OK: *******
Mon Dec  3 09:54:45 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Dec  3 09:54:45 2018 [*******] Peer Connection Initiated with [AF_INET]*******
Mon Dec  3 09:54:46 2018 SENT CONTROL [*******]: 'PUSH_REQUEST' (status=1)
Mon Dec  3 09:54:52 2018 SENT CONTROL [*******]: 'PUSH_REQUEST' (status=1)
Mon Dec  3 09:54:52 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway *******,route-gateway *******,topology subnet,ping 10,ping-restart 120,route *******,route *******,route *******,route *******,route *******,route *******,route *******,dhcp-option DNS ****DNS_HERE***,dhcp-option DOMAIN *******,ifconfig *******'
Mon Dec  3 09:54:52 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec  3 09:54:52 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec  3 09:54:52 2018 OPTIONS IMPORT: route options modified
Mon Dec  3 09:54:52 2018 OPTIONS IMPORT: route-related options modified
Mon Dec  3 09:54:52 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec  3 09:54:52 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Dec  3 09:54:52 2018 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec  3 09:54:52 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Dec  3 09:54:52 2018 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec  3 09:54:52 2018 ROUTE_GATEWAY *******/******* IFACE=eno1 HWADDR=*******
Mon Dec  3 09:54:52 2018 TUN/TAP device tun0 opened
Mon Dec  3 09:54:52 2018 TUN/TAP TX queue length set to 100
Mon Dec  3 09:54:52 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Dec  3 09:54:52 2018 /sbin/ip link set dev tun0 up mtu 1500
Mon Dec  3 09:54:52 2018 /sbin/ip addr add dev tun0 *******/24 broadcast *******
Mon Dec  3 09:54:52 2018 /etc/openvpn/update-resolv-conf.sh tun0 1500 1604 ******* init
dhcp-option DOMAIN-SEARCH *******
dhcp-option DOMAIN-SEARCH *******
dhcp-option DNS *******
dhcp-option DOMAIN *******
Mon Dec  3 09:54:56 2018 /sbin/ip route add *******/32 via *******
[...]
Mon Dec  3 09:54:56 2018 /sbin/ip route add *******/16 via *******
Mon Dec  3 09:54:56 2018 Initialization Sequence Completed

# When I press Ctrl+C ...

^CMon Dec  3 09:55:30 2018 event_wait : Interrupted system call (code=4)
Mon Dec  3 09:55:30 2018 /sbin/ip route del *******/32
Mon Dec  3 09:55:30 2018 /sbin/ip route del *******/16
Mon Dec  3 09:55:30 2018 Closing TUN/TAP interface
Mon Dec  3 09:55:30 2018 /sbin/ip addr del dev tun0 *******/24
Mon Dec  3 09:55:30 2018 /etc/openvpn/update-resolv-conf.sh tun0 1500 1604 ******* init
Unknown interface 'tun0': No such device
Mon Dec  3 09:55:30 2018 SIGINT[hard,] received, process exiting```
@alfredopalhares

This comment has been minimized.

Copy link
Owner

@alfredopalhares alfredopalhares commented Dec 3, 2018

So, the problem here is that the interface is taken down before the down script is executed, so the tun interface.

Can you post your openvpn version and config? Please mask the sensistive information.

@alfredopalhares alfredopalhares self-assigned this Dec 3, 2018
@Thomas-S

This comment has been minimized.

Copy link
Author

@Thomas-S Thomas-S commented Dec 5, 2018

I already posted the version in my initial message.

The config is as follows:

verb 7
client
dev tun
proto tcp
remote **** 8877
verify-x509-name "C=de, L=Frankfurt, O=****, CN=****, emailAddress=****"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca ****.ca.crt
cert ****.user.crt
key ****.user.key
auth-user-pass
cipher AES-256-CBC
auth SHA512
comp-lzo
route-delay 4
verb 3
reneg-sec 0

# Tom
# This updates the resolvconf with dns settings
dhcp-option DOMAIN-SEARCH ****
dhcp-option DOMAIN-SEARCH ******
script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.