RAK VPN setup not working

Issue: Following setup instructions for RAK OpenVPN connectivity to 7240

Setup: Cloud instance on Digital Ocean - running Linux Ubuntu 20.4

LoRa® Server: N/A

Details: I followed directions from RAK Industrial LPWAN Gateway Remote Management - OpenVPN. After completing all the steps and trying to install Tap0 on the server - however, it does not show with the command ifconfig. I checked my setup and it all seems to be accurate. I want to be able to remotely access my 7240 for monitoring and provisioning.

I followed the documentation on an AWS EC2 Ubuntu instance and it worked without any issues.

Hello @simplice Can you show me the content of config.ovpn (or config.conf if you make it to run the config on start) and interface-up.sh? The interface-up.sh is the script that brings up the tap0 interface, make sure that it is executable.

I followed the steps to copy config.ovpn to config.conf to run at the start.

# openvpn server
cd /etc/openvpn/server
daemon
dev tap
proto udp
#local ipaddr to bind . Change it with Server
local 172.31.37.37
port 1194
server-bridge 10.0.8.1 255.255.255.0 10.0.8.11 10.0.8.100
ifconfig-pool-persist ip_pool.txt
up interface-up.sh
client-to-client
keepalive 10 120
comp-lzo
user root
group root
persist-key
persist-tun
ca /etc/openvpn/easyrsa/pki/ca.crt
cert /etc/openvpn/easyrsa/pki/issued/server.crt
key /etc/openvpn/easyrsa/pki/private/server.key
dh /etc/ openvpn/easyrsa/pki/dh.pem
crl-verify /etc/openvpn/easyrsa/pki/crl.pem
status /var/log/openvpn-status-server.log
log /var/log/openvpn-server.log
verb 3
script-security 2

This is interface-up.sh and I did make it executable.

#!/bin/sh
/sbin/ifconfig $1 10.0.8.1 netmask 255.255.255.0 broadcast 10.0.8.0

I was first using Digital Ocean and then switched to AWS but ended up with the same problem. I suspect there is something wrong in the config - but will have RAK confirm…

Hm… strange. Can you run manually interface-up.sh and check with ifconfig that tap0 is up?

sh interface-up.sh

SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
10.0.8.1: ERROR while getting interface flags: No such device

I tried the same command in both instances - AWS and Digital Ocean with the same output…

@simplice I have found the problem :slight_smile: This is due to changes in Ubuntu 20.04 tun/tap management. In all versions under 20.04, everything works like in the manual for the OpenVPN.
So, this is a workaround, I will think of a more elegant way :slight_smile:
Please install the tunctl by running sudo apt install uml-utilities. Then change your interface-up.sh script like follows:

#!/bin/sh
sudo tunctl
/sbin/ifconfig tap0 10.0.8.1 netmask 255.255.255.0 broadcast 10.0.8.0

Run sudo ./interface-up.sh and then ifconfig to check that the tap0 is up.

Thank you Velev –

I was able to bring up Tap0 now. I imported the .ovpn file into OpenVPN GUI. When I try to connect from my laptop, it shows the below. What do you think is causing the problems? I cannot connect, the client never connects and turns green.

Is there something easy I missed?

Jeff

Fri Oct 23 01:14:29 2020 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.

Fri Oct 23 01:14:29 2020 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as a fallback when cipher negotiation failed in this case. If you need this fallback please add ‘–data-ciphers-fallback BF-CBC’ to your configuration and/or add BF-CBC to --data-ciphers.

Fri Oct 23 01:14:29 2020 OpenVPN 2.5_rc2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 30 2020

Fri Oct 23 01:14:29 2020 Windows version 10.0 (Windows 10 or greater) 64bit

Fri Oct 23 01:14:29 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

Fri Oct 23 01:14:29 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

Fri Oct 23 01:14:29 2020 Need hold release from management interface, waiting…

Fri Oct 23 01:14:30 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘state on’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘log all on’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘echo all on’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘bytecount 5’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘hold off’

Fri Oct 23 01:14:30 2020 MANAGEMENT: CMD ‘hold release’

Fri Oct 23 01:14:30 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:14:30 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:14:30 2020 UDP link local: (not bound)

Fri Oct 23 01:14:30 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:14:30 2020 MANAGEMENT: >STATE:1603433670,WAIT,

Fri Oct 23 01:15:31 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Oct 23 01:15:31 2020 TLS Error: TLS handshake failed

Fri Oct 23 01:15:31 2020 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 23 01:15:31 2020 MANAGEMENT: >STATE:1603433731,RECONNECTING,tls-error,

Fri Oct 23 01:15:31 2020 Restart pause, 5 second(s)

Fri Oct 23 01:15:36 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:15:36 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:15:36 2020 UDP link local: (not bound)

Fri Oct 23 01:15:36 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:15:36 2020 MANAGEMENT: >STATE:1603433736,WAIT,

Fri Oct 23 01:16:36 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Oct 23 01:16:36 2020 TLS Error: TLS handshake failed

Fri Oct 23 01:16:36 2020 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 23 01:16:36 2020 MANAGEMENT: >STATE:1603433796,RECONNECTING,tls-error,

Fri Oct 23 01:16:36 2020 Restart pause, 5 second(s)

Fri Oct 23 01:16:41 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:16:41 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:16:41 2020 UDP link local: (not bound)

Fri Oct 23 01:16:41 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:16:41 2020 MANAGEMENT: >STATE:1603433801,WAIT,

Fri Oct 23 01:17:41 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Oct 23 01:17:41 2020 TLS Error: TLS handshake failed

Fri Oct 23 01:17:41 2020 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 23 01:17:41 2020 MANAGEMENT: >STATE:1603433861,RECONNECTING,tls-error,

Fri Oct 23 01:17:41 2020 Restart pause, 5 second(s)

Fri Oct 23 01:17:46 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:17:46 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Oct 23 01:17:46 2020 UDP link local: (not bound)

Fri Oct 23 01:17:46 2020 UDP link remote: [AF_INET]64.225.88.83:1194

Fri Oct 23 01:17:46 2020 MANAGEMENT: >STATE:1603433866,WAIT,

I was able to get the Tap0 interface up. I rebooted the server but the interface did not come up automatically. That was might be another issue to solve.

I still cannot connect to the DO server. The error log message has
Fri Oct 23 11:44:14 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Oct 23 11:44:14 2020 MANAGEMENT: >STATE:1603471454,RECONNECTING,tls-error,
Fri Oct 23 11:44:14 2020 Restart pause, 5 second(s)
Fri Oct 23 11:44:19 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.225.88.83:1194
Fri Oct 23 11:44:19 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Oct 23 11:44:19 2020 UDP link local: (not bound)
Fri Oct 23 11:44:19 2020 UDP link remote: [AF_INET]64.225.88.83:1194
Fri Oct 23 11:44:19 2020 MANAGEMENT: >STATE:1603471459,WAIT,
Fri Oct 23 11:45:19 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Oct 23 11:45:19 2020 TLS Error: TLS handshake failed

Do you have any thoughts on the problem? I did check the server and UDP port 1194 is open.

I will try it on AWS to even see if it’s a DO problem or Ubuntu. I have Ubuntu 20.10 not 20.04…is that an issue itself?

@simplice All new versions of Ubuntu have this change with the tap interfaces. I will check all procedure tomorrow and will update asap.

This can be a cert problem. I will check this also.

Thank you Todor - let me know if you need anything else from me.

Hi Velev - is the documentation updated for Ubuntu 20.0.4 ?

Thank you velev! Work for me too

1 Like

Fortunately, there is a way to configure the server name, port, username, and password so that the VPN can access the network. To do this, you need to open the VPN window. When you are in the “Options” window, select the “Remote Systems” category, and then click on the “New Remote System” button. In the “New Remote System” window, you can enter the server name, port, username, and password. After entering this information, click “OK,” and the VPN should be able to access the network. This mini-proxy server (https://soax.com/mini-proxy-online) might be a good alternative for you. I hope this helps you and wish you good luck!