RAK VPN setup not working

Issue: Following setup instructions for RAK OpenVPN connectivity to 7240

Setup: Cloud instance on Digital Ocean - running Linux Ubuntu 20.4

LoRa® Server: N/A

Details: I followed directions from RAK Industrial LPWAN Gateway Remote Management - OpenVPN. After completing all the steps and trying to install Tap0 on the server - however, it does not show with the command ifconfig. I checked my setup and it all seems to be accurate. I want to be able to remotely access my 7240 for monitoring and provisioning.

I followed the documentation on an AWS EC2 Ubuntu instance and it worked without any issues.

Hello @simplice Can you show me the content of config.ovpn (or config.conf if you make it to run the config on start) and interface-up.sh? The interface-up.sh is the script that brings up the tap0 interface, make sure that it is executable.

I followed the steps to copy config.ovpn to config.conf to run at the start.

# openvpn server
cd /etc/openvpn/server
daemon
dev tap
proto udp
#local ipaddr to bind . Change it with Server
local 172.31.37.37
port 1194
server-bridge 10.0.8.1 255.255.255.0 10.0.8.11 10.0.8.100
ifconfig-pool-persist ip_pool.txt
up interface-up.sh
client-to-client
keepalive 10 120
comp-lzo
user root
group root
persist-key
persist-tun
ca /etc/openvpn/easyrsa/pki/ca.crt
cert /etc/openvpn/easyrsa/pki/issued/server.crt
key /etc/openvpn/easyrsa/pki/private/server.key
dh /etc/ openvpn/easyrsa/pki/dh.pem
crl-verify /etc/openvpn/easyrsa/pki/crl.pem
status /var/log/openvpn-status-server.log
log /var/log/openvpn-server.log
verb 3
script-security 2

This is interface-up.sh and I did make it executable.

#!/bin/sh
/sbin/ifconfig $1 10.0.8.1 netmask 255.255.255.0 broadcast 10.0.8.0

I was first using Digital Ocean and then switched to AWS but ended up with the same problem. I suspect there is something wrong in the config - but will have RAK confirm…

Hm… strange. Can you run manually interface-up.sh and check with ifconfig that tap0 is up?

sh interface-up.sh

SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
10.0.8.1: ERROR while getting interface flags: No such device

I tried the same command in both instances - AWS and Digital Ocean with the same output…

@simplice I have found the problem :slight_smile: This is due to changes in Ubuntu 20.04 tun/tap management. In all versions under 20.04, everything works like in the manual for the OpenVPN.
So, this is a workaround, I will think of a more elegant way :slight_smile:
Please install the tunctl by running sudo apt install uml-utilities. Then change your interface-up.sh script like follows:

#!/bin/sh
sudo tunctl
/sbin/ifconfig tap0 10.0.8.1 netmask 255.255.255.0 broadcast 10.0.8.0

Run sudo ./interface-up.sh and then ifconfig to check that the tap0 is up.

Thank you Velev –

I was able to bring up Tap0 now. I imported the .ovpn file into OpenVPN GUI. When I try to connect from my laptop, it shows the below. What do you think is causing the problems? I cannot connect, the client never connects and turns green.

Is there something easy I missed?

Jeff

Fri Oct 23 01:14:29 2020 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.

Fri Oct 23 01:14:29 2020 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as a fallback when cipher negotiation failed in this case. If you need this fallback please add ‘–data-ciphers-fallback BF-CBC’ to your configuration and/or add BF-CBC to --data-ciphers.

Fri Oct 23 01:14:29 2020 OpenVPN 2.5_rc2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 30 2020

Fri Oct 23 01:14:29 2020 Windows version 10.0 (Windows 10 or greater) 64bit

Fri Oct 23 01:14:29 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

Fri Oct 23 01:14:29 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

Fri Oct 23 01:14:29 2020 Need hold release from management interface, waiting…

Fri Oct 23 01:14:30 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘state on’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘log all on’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘echo all on’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘bytecount 5’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘hold off’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘hold release’

Fri Oct 23 01:14:30 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:14:30 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:14:30 2020 UDP link local: (not bound)

Fri Oct 23 01:14:30 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:14:30 2020 MANAGEMENT: >STATE:1603433670,WAIT,

Fri Oct 23 01:15:31 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Oct 23 01:15:31 2020 TLS Error: TLS handshake failed

Fri Oct 23 01:15:31 2020 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 23 01:15:31 2020 MANAGEMENT: >STATE:1603433731,RECONNECTING,tls-error,

Fri Oct 23 01:15:31 2020 Restart pause, 5 second(s)

Fri Oct 23 01:15:36 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:15:36 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:15:36 2020 UDP link local: (not bound)

Fri Oct 23 01:15:36 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:15:36 2020 MANAGEMENT: >STATE:1603433736,WAIT,

Fri Oct 23 01:16:36 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Oct 23 01:16:36 2020 TLS Error: TLS handshake failed

Fri Oct 23 01:16:36 2020 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 23 01:16:36 2020 MANAGEMENT: >STATE:1603433796,RECONNECTING,tls-error,

Fri Oct 23 01:16:36 2020 Restart pause, 5 second(s)

Fri Oct 23 01:16:41 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:16:41 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:16:41 2020 UDP link local: (not bound)

Fri Oct 23 01:16:41 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:16:41 2020 MANAGEMENT: >STATE:1603433801,WAIT,

Fri Oct 23 01:17:41 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Oct 23 01:17:41 2020 TLS Error: TLS handshake failed

Fri Oct 23 01:17:41 2020 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 23 01:17:41 2020 MANAGEMENT: >STATE:1603433861,RECONNECTING,tls-error,

Fri Oct 23 01:17:41 2020 Restart pause, 5 second(s)

Fri Oct 23 01:17:46 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:17:46 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:17:46 2020 UDP link local: (not bound)

Fri Oct 23 01:17:46 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:17:46 2020 MANAGEMENT: >STATE:1603433866,WAIT,

I was able to get the Tap0 interface up. I rebooted the server but the interface did not come up automatically. That was might be another issue to solve.

I still cannot connect to the DO server. The error log message has
Fri Oct 23 11:44:14 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Oct 23 11:44:14 2020 MANAGEMENT: >STATE:1603471454,RECONNECTING,tls-error,
Fri Oct 23 11:44:14 2020 Restart pause, 5 second(s)
Fri Oct 23 11:44:19 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194
Fri Oct 23 11:44:19 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Oct 23 11:44:19 2020 UDP link local: (not bound)
Fri Oct 23 11:44:19 2020 UDP link remote: [AF_INET]64.225.88.83:1194
Fri Oct 23 11:44:19 2020 MANAGEMENT: >STATE:1603471459,WAIT,
Fri Oct 23 11:45:19 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Oct 23 11:45:19 2020 TLS Error: TLS handshake failed

Do you have any thoughts on the problem? I did check the server and UDP port 1194 is open.

I will try it on AWS to even see if it’s a DO problem or Ubuntu. I have Ubuntu 20.10 not 20.04…is that an issue itself?

@simplice All new versions of Ubuntu have this change with the tap interfaces. I will check all procedure tomorrow and will update asap.

This can be a cert problem. I will check this also.

Thank you Todor - let me know if you need anything else from me.

Hi Velev - is the documentation updated for Ubuntu 20.0.4 ?