I have a Slate running 3.025 . I have two different OpenVPN servers I use(different endpoint options for me). One is a OPNSense device and other is Linux. I have the OpenVPN connection to the OPNSense box working fine.
I went to build my server and it works just fine on the laptop, when I take the config and install it on the slate it required a password.
My configuration on the Linux machine is certificates only with password protection on the certificates. I gave up and decided just to add a password to the private key so it would play nice with my Slate.
Log
Mon Dec 2 10:51:28 2019 user.info : 1317: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn2, serverfile=slate.ovpn
Mon Dec 2 10:51:28 2019 user.info : 1373: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn2/slate.ovpn, glconfig.openvpn.clientid=ovpn2
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6299]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6299]: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Mon Dec 2 10:51:33 2019 daemon.warn openvpn[6306]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: UDP link local: (not bound)
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=db2a3215 5bef79ab
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: VERIFY OK: depth=1, CN=DropCA
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: VERIFY KU OK
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: Validating certificate extended key usage
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: VERIFY EKU OK
Mon Dec 2 10:51:33 2019 daemon.notice openvpn[6306]: VERIFY OK: depth=0, CN=host.name
Mon Dec 2 10:51:34 2019 daemon.notice openvpn[6306]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Dec 2 10:51:34 2019 daemon.notice openvpn[6306]: [host.name] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: SENT CONTROL [host.name]: ‘PUSH_REQUEST’ (status=1)
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM’
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: route options modified
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: peer-id set
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: OPTIONS IMPORT: data channel crypto options modified
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: Data Channel: using negotiated cipher ‘AES-256-GCM’
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: TUN/TAP device tun0 opened
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: TUN/TAP TX queue length set to 100
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Mon Dec 2 10:51:35 2019 daemon.notice openvpn[6306]: /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.6 10.8.0.5 init
Mon Dec 2 10:51:37 2019 daemon.notice openvpn[6306]: /sbin/route add -net xx.xx.xx.xx netmask 255.255.255.255 gw 172.20.10.1
Mon Dec 2 10:51:37 2019 daemon.warn openvpn[6306]: ERROR: Linux route add command failed: external program exited with error status: 1
Mon Dec 2 10:51:37 2019 daemon.notice openvpn[6306]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Mon Dec 2 10:51:37 2019 daemon.warn openvpn[6306]: ERROR: Linux route add command failed: external program exited with error status: 1
Mon Dec 2 10:51:37 2019 daemon.notice openvpn[6306]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Mon Dec 2 10:51:38 2019 daemon.warn openvpn[6306]: ERROR: Linux route add command failed: external program exited with error status: 1
Mon Dec 2 10:51:38 2019 daemon.notice openvpn[6306]: /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Mon Dec 2 10:51:38 2019 daemon.warn openvpn[6306]: ERROR: Linux route add command failed: external program exited with error status: 1
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7613]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7613]: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Mon Dec 2 10:51:47 2019 daemon.warn openvpn[7623]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: UDP link local: (not bound)
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Mon Dec 2 10:51:47 2019 daemon.notice openvpn[7623]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=a1b73c98 6238f0e1
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: VERIFY OK: depth=1, CN=DropCA
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: VERIFY KU OK
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: Validating certificate extended key usage
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: VERIFY EKU OK
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: VERIFY OK: depth=0, CN=host.name
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Dec 2 10:51:48 2019 daemon.notice openvpn[7623]: [host.name] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: SENT CONTROL [host.name]: ‘PUSH_REQUEST’ (status=1)
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9,peer-id 1,cipher AES-256-GCM’
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: route options modified
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: peer-id set
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: OPTIONS IMPORT: data channel crypto options modified
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: Data Channel: using negotiated cipher ‘AES-256-GCM’
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Mon Dec 2 10:51:49 2019 daemon.err openvpn[7623]: ERROR: Cannot ioctl TUNSETIFF tun0: Resource busy (errno=16)
Mon Dec 2 10:51:49 2019 daemon.notice openvpn[7623]: Exiting due to fatal error
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: GID set to nogroup
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: UID set to nobody
Mon Dec 2 10:51:54 2019 daemon.warn openvpn[6306]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: Initialization Sequence Completed
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: /sbin/route del -net xx.xx.xx.xx netmask 255.255.255.255
Mon Dec 2 10:51:54 2019 daemon.warn openvpn[6306]: ERROR: Linux route delete command failed: external program exited with error status: 1
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Mon Dec 2 10:51:54 2019 daemon.warn openvpn[6306]: ERROR: Linux route delete command failed: external program exited with error status: 1
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Mon Dec 2 10:51:54 2019 daemon.warn openvpn[6306]: ERROR: Linux route delete command failed: external program exited with error status: 1
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: Closing TUN/TAP interface
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: /sbin/ifconfig tun0 0.0.0.0
Mon Dec 2 10:51:54 2019 daemon.warn openvpn[6306]: Linux ip addr del failed: external program exited with error status: 1
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.6 10.8.0.5 init
Mon Dec 2 10:51:54 2019 daemon.notice openvpn[6306]: SIGINT[hard,] received, process exiting
Mon Dec 2 10:52:08 2019 user.info : 1317: gl-vpn-client>> Stop, vpnpath=/etc/openvpn/ovpn2, serverfile=slate.ovpn
Client config:
client
dev tun
proto udp
remote host.name 1194
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3
key-direction 1
…REMOVED…
…REMOVED…
…REMOVED…
#
# 2048 bit OpenVPN static key
#
…REMOVED…
daemon
askpass /etc/openvpn/ovpn2/auth/passphrase.txt
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Happy to post the server config if that is wanted, but this post is already pretty long.
Anyone have any suggestions as to what to do next for troubleshooting?