Join Log in
Score:0
mrox avatar Ubuntu

Static Key OpenVPN

tk flag
mrox

I am trying to configure my server using this guide https://openvpn.net/community-resources/static-key-mini-howto/ also here https://blog.eldernode.com/setup-an-ope ... ntu-22-04/

Everything works fine, both the server and the client are connected, but something is missing. The client still has the same IP as before, yes it can ping the IP of the server, but that's about it. I tried adding --push "redirect-gateway def1" which I got it from here https://openvpn.net/community-resources/how-to/#routing-all-client-traffic-including-web-traffic-through-the-vpn into the middle of the server side code, but nothing changes.

Edit : Adding logs

This is the log from the server side

2023-02-16 08:06:12 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2023-02-16 08:06:12 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-02-16 08:06:12 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-02-16 08:06:12 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 08:06:12 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 08:06:12 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 08:06:12 TUN/TAP device tun0 opened
2023-02-16 08:06:12 net_iface_mtu_set: mtu 1500 for tun0
2023-02-16 08:06:12 net_iface_up: set tun0 up
2023-02-16 08:06:12 net_addr_ptp_v4_add: 10.8.0.1 peer 10.8.0.2 dev tun0
2023-02-16 08:06:12 Could not determine IPv4/IPv6 protocol. Using AF_INET
2023-02-16 08:06:12 UDPv4 link local (bound): [AF_INET][undef]:1194
2023-02-16 08:06:12 UDPv4 link remote: [AF_UNSPEC]
2023-02-16 08:08:23 Peer Connection Initiated with [AF_INET]:My_IP:1194
2023-02-16 08:08:24 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-16 08:08:24 Initialization Sequence Completed`

This is the log from Client side

2023-02-16 10:45:17 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2023-02-16 10:45:17 WARNING: file 'static-OpenVPN.key' is group or others accessible
2023-02-16 10:45:17 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-02-16 10:45:17 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-02-16 10:45:17 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 10:45:17 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 10:45:17 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 10:45:17 TUN/TAP device tun0 opened
2023-02-16 10:45:17 net_iface_mtu_set: mtu 1500 for tun0
2023-02-16 10:45:17 net_iface_up: set tun0 up
2023-02-16 10:45:17 net_addr_ptp_v4_add: 10.8.0.2 peer 10.8.0.1 dev tun0
2023-02-16 10:45:17 TCP/UDP: Preserving recently used remote address: [AF_INET]My_Server_IP:1194
2023-02-16 10:45:17 UDP link local (bound): [AF_INET][undef]:1194
2023-02-16 10:45:17 UDP link remote: [AF_INET]My_Server_IP:1194
2023-02-16 10:45:20 Peer Connection Initiated with [AF_INET]My_Server_IP:1194
2023-02-16 10:45:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-16 10:45:21 Initialization Sequence Completed
203
0 + 9
Organic Marble avatar
us flag
Organic Marble
If the client still has the same IP, your connection is not working, at least as it should. How, specifically, are you connecting? GUI, command line, etc? Adding some log output from the server showing the connection attempt and results to your answer would help a lot. Also, what does the title of the question have to do with anything?
0
Reply
mrox avatar
tk flag
mrox
I am connecting using command line. Added the exact logs from both server, and client. The title is just the same from the tutorial I followed from openvpn website.
0
Reply
Organic Marble avatar
us flag
Organic Marble
What does it mean in the first line of the first log that server mode isn't enabled? That line is not in my server logs. Look for a config file setting about server mode.
0
Reply
mrox avatar
tk flag
mrox
There is no config files. I ran the openvpn giving it direct commands.
0
Reply
Organic Marble avatar
us flag
Organic Marble
Your server does not have a config file??? Please add the command you use to start the server to your question then.
0
Reply
mrox avatar
tk flag
mrox
It's `sudo openvpn --dev tun 10.8.0.1 10.8.0.2 --secret static-OpenVPN.key`
0
Reply
Organic Marble avatar
us flag
Organic Marble
Are you sure that starts a server, and not just another client? I've never heard of an openvpn server without a config file. https://opensource.com/article/21/7/openvpn-firewall Notice your 2 logs are essentially identical.
0
Reply
mrox avatar
tk flag
mrox
Pretty sure. This as I understand makes a virtual network tun0 with my server having the 10.8.0.1 IP and client with 10.8.0.2 IP.
0
Reply
Organic Marble avatar
us flag
Organic Marble
Ok, best wishes!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.