3

Hi I get the following error when I try to run openvpn in my Ubuntu Server

Fri Jan  8 02:12:59 2010 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar  9 2009  
Fri Jan  8 02:12:59 2010 WARNING: --keepalive option is missing from server config  
Fri Jan  8 02:12:59 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts  
Fri Jan  8 02:12:59 2010 Diffie-Hellman initialized with 1024 bit key  
Fri Jan  8 02:12:59 2010 WARNING: file '/etc/openvpn/easy-rsa/2.0/keys/server.key' is group or others accessible    
Fri Jan  8 02:12:59 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>    
Fri Jan  8 02:12:59 2010 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]     
Fri Jan  8 02:12:59 2010 ROUTE default_gateway=192.0.2.1     
Fri Jan  8 02:12:59 2010 Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied 
(errno=13)   
Fri Jan  8 02:12:59 2010 Note: Attempting fallback to kernel 2.2 TUN/TAP interface   
Fri Jan  8 02:12:59 2010 Cannot allocate TUN/TAP dev dynamically   
Fri Jan  8 02:12:59 2010 Exiting

This is my config file for server side:

dev tun
proto tcp
port 1194

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0 255.255.255.0

persist-key
persist-tun

#status openvpn-status.log
#verb 3
client-to-client

push "redirect-gateway def1"

log-append /var/log/openvpn
comp-lzo

I'm runining from my root account. So I don't know why the permission is denied. Also if I type in modprobe tun I get the following output.

WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Could not load /lib/modules/2.6.18-128.2.1.el5.028stab064.7ent/modules.dep: No such file or directory
Daniel Serodio
  • 249
  • 3
  • 10
  • The only directory in /lib/modules is '2.6.18-028stab062.3'. Actually this is a VPS, and I have installed the image provided by my provider. –  Jan 08 '10 at 04:45
  • So, the image is broken. You need to get a kernel properly installed by some means, I suggest asking them about it. Or get a distribution kernel package and install that to get all the modules right. – Andrew McGregor Jan 08 '10 at 04:53

3 Answers3

7

I wish I had caught this before, as this is something that has happened to me many times before.

You're running on an OpenVZ VPS. Therefore, kernel modules such as tun will not work. You will need your provider to enable them for you.

Consequently, things such as FUSE will not work without the provider enabling that as well, and also things like swap cannot work whatsoever.

2

The tun/tap module isn't loading, because it looks like your kernel isn't installed correctly. Therefore while you probably do have permission to use the device node, there's no device answering on the kernel side. Resolve the modprobe errors (just running depmod -a as root might do it) and see what happens then.

Andrew McGregor
  • 1,152
  • 7
  • 4
  • I ran depmod -a and got the following output WARNING: Couldn't open directory /lib/modules/2.6.18-128.2.1.el5.028stab064.7ent: No such file or directory FATAL: Could not open /lib/modules/2.6.18-128.2.1.el5.028stab064.7ent/modules.dep.temp for writing: No such file or directory –  Jan 08 '10 at 01:09
  • So, /lib/modules/2.6.18-128.2.1.el5.028stab064.7ent actually exists? If not, something is badly wrong with your kernel installation, and you want to track that down. I presume you ran depmod as root. – Andrew McGregor Jan 08 '10 at 04:27
  • No, it doesn't exist, the only directory in /lib/modules is '2.6.18-028stab062.3'. Yes all these were done as root. –  Jan 08 '10 at 05:21
  • Ok, there is a problem with the way the kernel was installed in that VM image. So, either contact the provider, or install a new kernel yourself. – Andrew McGregor Jan 08 '10 at 05:38
  • I contacted my VPN provider and they fixed it for me. Thanks for your help. –  Jan 08 '10 at 09:18
0

Hope this helps

http://forums.quantact.com/viewtopic.php?f=25&t=1106

  • wat that is described in the link is the exact problem i'm having. –  Jan 08 '10 at 05:12
  • The link seems dead now. However, following this: https://bbs.archlinux.org/viewtopic.php?id=163377 - maybe all you need is a reboot, so kernel modules can load properly (e.g. after a kernel upgrade via package manager). – Tomasz Gandor Oct 19 '19 at 17:44