| 
		
			|  OpenVPN *CLIENT* on OpenVZ VPS [message #50588] | Tue, 17 September 2013 19:57  |  
			| 
				
				
					|  whoknows Messages: 2
 Registered: September 2013
 | Junior Member |  |  |  
	| Hi, 
 I tried to post in the Support forum, but I wasn't able to. I hope it's okay if I post here.
 
 Part of my code needs to connect to a remote VPN. For testing purposes, I wrote a script that connects to the VPN, checks my IP address, disconnects from the VPN, and checks my IP address again. It works perfectly on KVM, but OpenVZ has given me a huge headache.
 
 It seems to connect to the VPN:
 
 ...
Tue Sep 17 14:39:24 2013 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.0.1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1,ifconfig 10.200.2.179 255.255.252.0'
Tue Sep 17 14:39:24 2013 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 17 14:39:24 2013 OPTIONS IMPORT: route options modified
Tue Sep 17 14:39:24 2013 OPTIONS IMPORT: route-related options modified
Tue Sep 17 14:39:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 17 14:39:24 2013 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Tue Sep 17 14:39:24 2013 TUN/TAP device tun0 opened
Tue Sep 17 14:39:24 2013 TUN/TAP TX queue length set to 100
Tue Sep 17 14:39:24 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Sep 17 14:39:24 2013 /sbin/ip link set dev tun0 up mtu 1500
Tue Sep 17 14:39:24 2013 /sbin/ip addr add dev tun0 10.200.2.179/22 broadcast 10.200.3.255
Tue Sep 17 14:39:24 2013 /sbin/ip route add [remote server IP]/32 via 0.0.0.0
RTNETLINK answers: No such device
Tue Sep 17 14:39:24 2013 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Sep 17 14:39:24 2013 /sbin/ip route add 0.0.0.0/1 via 10.200.0.1
Tue Sep 17 14:39:24 2013 /sbin/ip route add 128.0.0.0/1 via 10.200.0.1
Tue Sep 17 14:39:24 2013 Initialization Sequence Completed
 But it's unable to fetch the IP address until it disconnects. Specifically, it can't resolve the target page's host address. After trying for ~30 seconds, I get:
 
 RTNETLINK answers: No such process
failed: Name or service not known.
 Then it disconnects from the VPN, and I can immediately retrieve the page.
 
 My host, WiredTree, was really great and spent a lot of time trying to help me, but they eventually had to give up. (OpenVPN isn't part of their support package, so they really went above and beyond in their efforts.) Their final conclusion was that it seems to be a problem with iptables.
 
 There does seem to be a problem with my routes, as I think that OpenVPN is complaining about my 0.0.0.0 via 0.0.0.0 setup. But I don't know how to change it, or whether I need to find and set a different gateway.
 
 
 # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0
 I have spent waaay too much time searching the internet, trying in vain to find a solution. It seems like everything is geared toward helping people set up OpenVPN servers, not toward using a client. I've played around with iptables a lot, but I don't know much about it and haven't made any visible progress. So, here I am, begging you all for help.
  Do you have any ideas or pointers for me? I feel like I've been banging my head against the wall for days now, and I would really appreciate some guidance. 
 My OpenVZ VPS has CentOS 6 and the 2.6.32-042stab079.6 kernel. And Tun/Tap is enabled, despite my container's claims to the contary.
 
 Thanks!
 |  
	|  |  | 
	|  |