Openvpn on n900 not connecting
 

Hey guys,

I've been fiddling alot with my n900 lately, but one thing I cannot get to work: Openvpn

I have installed both the program and the applet via extras-dev, and used the applet to locate the configuration files (Configuration file:client4.ovpn, Key file: client4.key, Cert file: client4.crt, Ca file:ca.crt)
Pressed Import and tried to connect. It says "starting openvpn connection" when I click "connect to: client", but that's it. It keeps saying "no active connections" under OpenVPN

I use the default udp port (1194) and a dyndns.org address for the server which is redirected to the server's ip.

I've tried the configuration and client4.* files on a computer, and they seem fine.

Something I'm missing here? Please help!

Re: Openvpn on n900 not connecting
 

Use test "Test" function from applet and post the resulting log here.

Re: Openvpn on n900 not connecting
 

When I click test I just get a white screen with Test Connection above it :confused:

Waited for a couple of minutes, no change, just a white screen (can't click it)

Tried removing them, first installing the main app, then the applet, no change.

Openvpn version: 2.1~rc20-3maemo3 and the Applet 0.5.2-1

Re: Openvpn on n900 not connecting
 

For some reason openvpn is not starting at all then. Could you post you configuration file here? You can removed addresses&etc from the file first

Re: Openvpn on n900 not connecting
 

Here's the content of client.ovpn:

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote [my server].dyndns.org 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client4.crt
key client4.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

Re: Openvpn on n900 not connecting
 

When I installed openvpn applet, it wouldn't let me choose anything outside /etc/openvpn.
So I had to sudo gainroot (install rootsh from extras-testing) and cp these manually into /etc/openvpn

To copy files manually: (install rootsh from extras-testing)
Open an X terminal
sudo gainroot
cd /etc/openvpn
cp /media/mmc1/openvpn/* . <-- or whereever your configs are locally


To get log info, (install rootsh from extras-testing)
Open an X terminal
sudo gainroot
cd /etc/openvpn
openvpn --config client.conf

this will output the log to the screen, also you could set "verb 9"
This will give you way to much info for normal running but could be helpful for debugging


P.S. Another thought, is your desktop a windows machine?
It is possible that using a windows ascii formatted file causes issues (Windows uses CR and LF to terminate a line, unix/linux just uses CR - I've seen other programs barf because of this)

P.P.S. I call my config file client.conf not client.ovpn

Can't do any testing at the moment as the place I'm at in Dubai only allows proxy access, and it seems quite locked down for tunnelling :-(

Re: Openvpn on n900 not connecting
 

Ah it seems we're getting somehwere: when running from the X terminal it gives the following error: Unrecognized option or missing paramters in clien.ovpn:1 : EA:DWNA:97,1 (2.1_rc20)

I'll try recreating the config file

Recreated the file as a unicode type and saved it as client1.conf, no dice.:(

Re: Openvpn on n900 not connecting
 

Again, applet has import function so that you don't need to copy files manually. Of course you can, it has been one of the design principle.

Re: Openvpn on n900 not connecting
 

It is saying that line 1 says: EA:DWNA:97,1
vi the file and check the first line!

Re: Openvpn on n900 not connecting
 

What does no dice mean exactly? Same error or something else? Please copy&paste from terminal, so it's absolutely clear what's happening.

Could make a new configuration file with leafpad for example, type there manually couple of the first parameters (doesn't have to be complete config, can be of course) and compare the error messages?

Re: Openvpn on n900 not connecting
 

By no dice I meant same error

Tried copy pasting the sample file into Notes (and selecting Text only). All of a sudden it read the location of the other files immediately (ca, key and cert). But since it can only save as a txt, it isn't recognized as a config file afterwards

Tried messing by copying it to a .conf, but then Openvpn says it doesn't recognize the "client" command, or whatever is on the first line (it was the ##################### first, after removing the absolete lines client was the first line)

I'll try the leaf thingy

How do I copy/paste from the terminal btw?

Re: Openvpn on n900 not connecting
 

Wrong line breaks or wrong encoding is probably the reason then. With leafpad you can name the file correctly.

There's arrow button on toolbar which let's you select text, then copy text from pull down menu. ctrl+v to paste to other programs.

Re: Openvpn on n900 not connecting
 

Please specify error messages each time - it helps others hopping in somewhat later in the thread.

Sorry, by Notes you mean Windows ? In which case it is quite likely the Windows/Unix <EOL> problem. Windows is <CR><LF>, Unix only <LF>. In which case you'll have to convert the file to Unix <EOL>. It doesn't look like dos2unix exists on N900 so try the following :

Re: Openvpn on n900 not connecting
 

I used the Notes on the N900 sorry for being unclear

clien.ovpn:1 : EAWNA:105,1 (2.1_rc20) was the error

Tried tr -d '\r' config.conf conf.conf but it didn't work, gave me an empty line after I pressed enter, the ~ thingy didn't reappear and had to close the terminal before I could use it again

I'll try installing Leafpad, and have to untar, so give me a couple of mins
(sorry but I'm a REAL Linux noob)

Right so I'm stuck. When I try to un-tar the Leafpad.tar.bz2 file, it gives me the "tar: invalid gzip magic" error. please help :(
EDIT Nevermind I've tried the .tar.gz file which seems to work
EDIT2 it didn't but found another way:

apt-get install leafpad

Started the download and installation of Leafpad
Geez this is confusing lol didn't know it could download from the terminal *blush*

Re: Openvpn on n900 not connecting
 

Please install applications with Application Manager.

There's a difference between
and

Re: Openvpn on n900 not connecting
 

Right, cheers for that, but no longer needed. couldn't find leafpad on the app mgr.

Problem is solved. I used emails with attachments to send the files to the n900, and the combination of gmail and nokia messaging gave me corrupted attachments, which i found out after editing the config file with leafpad.

thanks so much for your help guys :) ended up opening gmail in the webbrowser and downloading the attachments from it. the applet isn't clever enough to delete/overwrite all of the old files tho, so had to do that manually. I'm a happy camper now :D

EDIT: Made the post a little clearer

Re: Openvpn on n900 not connecting
 

Are you sure? Applet is supposed to be capable of overwriting the old files and also deleting the old files if it can read the configuration file.

Re: Openvpn on n900 not connecting
 

@ Mikkov

Yes 100% sure. First I deleted the old config, which included the personal cert file, but it didn't show the cert file in the list of files which it was about to delete (in the "are you sure" dialog)
Then I fed it the new files, which were all in 1 separate folder. Yet it gave some strange error during the test and didn't connect. Manually deleted all of the config related files in the openvpn folder, then tried again. All worked perfectly.
So it's probably a minor issue, since only 1 of the 4 files wasn't deleted, but still.

Re: Openvpn on n900 not connecting
 

If you had more than one connection using the same cert file, cert file isn't deleted until the last connection using it is deleted. Applet doesn't really support connections in separate directories, so that might be the reason too.

Re: Openvpn on n900 not connecting
 

Hi Guys, i don't understand. I installed OpenVpn and i've tried to configure it with negative results. In which file I have to insert IP address,user and password to access my VNP?
Thanks in advance.

Re: Openvpn on n900 not connecting
 

Can someone help me please???

Re: Openvpn on n900 not connecting
 

@alex-000:

With OpenVPN there's no password. Instead you'll have to get a set of certificate files from your OpenVPN server administrator person. In my case that's currently myself, so that was easy enough.
After installing the certifcate files in /etc/openvpn you'll have to put a configuration file there as well. If you have an openvpn system admin guy for your server then he/she should be able to help with that as well.

If you're used to set a password for your VPN connection then maybe your VPN server isn't OpenVPN at all? Could be MS PPTP or something else.

Re: Openvpn on n900 not connecting
 

Thank you for help!! I actually connect to Work Vpn with my Ubuntu Laptop and PPTP Vpn . Now I understand! I have to wait PPTP porting for N900 ????

Re: Openvpn on n900 not connecting
 

Well, yes. There's somebody else here on the forum looking into this (there's a thread or two about it). The basic problem is that there is a component missing in the original Nokia kernel which prevents PPTP from working with just a simple application installation.

Re: Openvpn on n900 not connecting
 

Hi!

I installed OpenVPN 2.1~rc20-3maemo3 and OpenVPN Applet 0.5.3-1 on my N900. After importing some config-files and the dependent certificate I pressed the test-button. A white window appeared... which remained empty.
Curious about that I went to X Terminal:
I think something went wrong. If I look at the list of installed apps in the program manager I see an OpenVPN-app which takes 880 KB. But the packet in the program catalogue takes about 1.5 MB...

Re: Openvpn on n900 not connecting
 

try with /usr/sbin/openvpn

Re: Openvpn on n900 not connecting
 

even verbosity to 2 doesn't show a single line...

//edit: looked as root at /var/log/openvpn-rwth.log:

~860 lines full of these three messages...

Re: Openvpn on n900 not connecting
 

You'll need to run openvpn as root; presumably why openvpn didn't work the first time without the PATH as /usr/sbin is probably not in user's PATH.

Re: Openvpn on n900 not connecting
 

I found the solution which works for me!

Simply remove all # comments lines from .ovpn or .conf file and everything works fine.

Here is mine conf file:

cat /etc/openvpn/MyVpn1.conf

client
;dev tap
dev tun
;dev-node
;proto tcp
proto udp
remote mysite.dyndns.org 1194
;remote xxx.xxx.xxx.xxx 1723
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert mycrt.crt
key mykey.key
;auth-user-pass
ns-cert-type server
;tls-auth ta.key 1
;cipher x
;comp-lzo
verb 3
;mute 20

Bye!

Re: Openvpn on n900 not connecting
 

If someone needs it, here it is the openvpn version 2.2.1 builded for the N900 with the same parameters of the previous version.
(it is sufficient to replace the binary)