| === Guest16046 is now known as ikonia | ||
| TylerGets | What should be my first step in diagnosing why I cant ssh into my server? All other services are working fine.. | 00:57 |
|---|---|---|
| pmatulis | TylerGets: check /var/log/auth.log of the server you're trying to log into | 01:01 |
| === markthomas|away is now known as markthomas | ||
| === _ruben_ is now known as _ruben | ||
| === markthomas is now known as markthomas|away | ||
| lordievader | Good morning. | 08:01 |
| === CiPi is now known as cipi | ||
| === Lcawte|Away is now known as Lcawte | ||
| === Lcawte is now known as Lcawte|Away | ||
| atralheaven_ | I have problem with openvpn, I can't connect to it, is there anyone experienced with openvpn to help me? everything was ok I didn't change anything but I can't connect anymore | 13:15 |
| thebwt | you're positive it's still listening on whatever port it's running on (mine runs on 443) | 13:19 |
| thebwt | if you do 'sudo netstat -ntpl' . openvpn-openss should appear under 'program name' | 13:21 |
| thebwt | oh, they're gone... | 13:21 |
| === balloons is now known as Guest77565 | ||
| === Guest77565 is now known as balloons_ | ||
| atralheaven_ | thebwt: are you speaking to me? I use 443 too | 13:29 |
| thebwt | ah, perfect! do you see the service listening on port 443? | 13:29 |
| thebwt | we need to see if it just died randomly, or if it was an update or something | 13:29 |
| thebwt | or a server reboot | 13:30 |
| thebwt | those are the normal ways that could cut off | 13:30 |
| lordievader | Check the 1194 udp port too (or what ever it was). | 13:30 |
| atralheaven_ | with netstat -ntpl command? no there is just python and sshd | 13:30 |
| thebwt | and you did it with sudo right? | 13:30 |
| thebwt | ah yea, you got that output | 13:30 |
| atralheaven_ | well I was root user | 13:30 |
| thebwt | ah gotcha | 13:31 |
| thebwt | and you've already restarted the openvpnas service? | 13:31 |
| atralheaven_ | yes, several times... | 13:31 |
| thebwt | mine outputs to '/var/log/openvpnas.log' | 13:32 |
| atralheaven_ | also the vps | 13:32 |
| thebwt | do you have anything in that log? | 13:32 |
| atralheaven_ | I disabled ufw | 13:32 |
| thebwt | the fact that there isn't an openvon-openss on netstat tells me it's not starting up | 13:32 |
| atralheaven_ | I don't have that file | 13:33 |
| thebwt | do this: "ps aux | grep openvpn" | 13:33 |
| thebwt | one of those should be the full line of the command, it should have a --logfile flag | 13:34 |
| thebwt | and for that matter, also a --pidfile , stop the service and make sure that pidfile doesn't exist | 13:34 |
| atralheaven_ | this is output | 13:37 |
| atralheaven_ | http://pastebin.com/A9hf2Ypp | 13:37 |
| atralheaven_ | I didn't find logfile | 13:37 |
| atralheaven_ | but there is pid | 13:37 |
| atralheaven_ | let me stop it first.. | 13:37 |
| thebwt | hmm, different type of install, then stop the service and see if that pid still exsists | 13:38 |
| thebwt | (it shouldn't) | 13:38 |
| atralheaven_ | its gone, | 13:38 |
| atralheaven_ | root 8850 0.0 0.0 11740 924 pts/1 S+ 13:38 0:00 grep --color=auto openvpn | 13:38 |
| atralheaven_ | its the only line | 13:38 |
| thebwt | no | 13:39 |
| thebwt | the actual file | 13:39 |
| thebwt | @ /run/openvpn/server.pid | 13:39 |
| atralheaven_ | btw I followed this instruction: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 | 13:39 |
| thebwt | hmm | 13:40 |
| thebwt | fun | 13:40 |
| atralheaven_ | /run/openvpn/ is empty | 13:40 |
| thebwt | I'm not sure how to help much more, try to find out how to insert the --logfile flag into the startup (init script?). | 13:41 |
| thebwt | you need that log | 13:41 |
| atralheaven_ | and openvpn service is stoped | 13:41 |
| atralheaven_ | internet without openvpn is useless here :( | 13:41 |
| atralheaven_ | everything is censored | 13:42 |
| lordievader | Run the openvpn server manually, that will likely tell you why it crashes (if it does). | 13:42 |
| thebwt | ^ true | 13:43 |
| thebwt | (and if that doesn't work, if you're just trying to do web traffic, have you looked into ssh+socks5 ? it's way easier | 13:44 |
| smoser | med_, i'm looking at week old scrollbacks and see your question about 2 boot volumes. | 13:54 |
| smoser | i would suspect that vda woudl get booted most or all of the time. | 13:55 |
| smoser | the bios probably reliably loads the grub from the "first" drive. | 13:55 |
| smoser | but then the grub there (in a ubuntu cloud image scenario) will find a kernel and initramfs and a kernel command line like 'root=LABEL=cloudimg-rootfs' | 13:56 |
| smoser | and if 2 devices have LABEL=cloudimg-rootfs, then you are not guaranteed reliable behavior. | 13:56 |
| smoser | https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/665235 | 13:57 |
| ubottu | Launchpad bug 665235 in cloud-init (Ubuntu) "grub-legacy-ec2: attaching a volume to maverick instance may boot off it" [Wishlist,Won't fix] | 13:57 |
| smoser | this could potentially be fixed by using LABEL=uuid | 13:57 |
| smoser | err.. UUID=uuid | 13:57 |
| smoser | but that doesn't guarantee anything in the face of duplicate uuid, which you would have in a snaphost case. | 13:58 |
| === alai` is now known as alai | ||
| === balloons_ is now known as balloons | ||
| === cz2 is now known as NetworkManager | ||
| === NetworkManager is now known as pulseaudio | ||
| === wendar_ is now known as wendar | ||
| === Lcawte|Away is now known as Lcawte | ||
| === SpamapS_ is now known as SpamapS | ||
| === armyriad2 is now known as armyriad | ||
| === markthomas|away is now known as markthomas | ||
| === cipi is now known as cip | ||
| === cip is now known as cipi | ||
| === mfisch` is now known as mfisch | ||
| === mfisch is now known as Guest27947 | ||
| === Guest27947 is now known as mfisch | ||
| === Guest9808 is now known as Adri2000 | ||
| bittin | http://open-zfs.org/wiki/Main_Page ZFS Devsummit :) | 18:44 |
| === cipi is now known as cip | ||
| atralheaven_ | thebwt: hello...? | 19:40 |
| thebwt | howdy | 19:40 |
| atralheaven_ | thebwt: sorry my internet was disconnected | 19:41 |
| atralheaven_ | do you remember me? I had problem with openvpn | 19:41 |
| thebwt | I do, are you just trying to pass web traffic through? | 19:45 |
| atralheaven_ | thebwt: yes, to pass the censorship | 19:46 |
| thebwt | you know you could just use an ssh tunnel with a socks proxy to do that right? | 19:47 |
| thebwt | and you wouldn't have to manage this whole openvpn service | 19:47 |
| atralheaven_ | the block it | 19:47 |
| atralheaven_ | and on my phone I can't use it | 19:47 |
| atralheaven_ | they can't block openvpn easily | 19:47 |
| thebwt | because you reached the extent of my openvpn knowledge | 19:47 |
| thebwt | ah hotcha | 19:47 |
| thebwt | gotcha* | 19:47 |
| thebwt | hence the https/443 | 19:48 |
| atralheaven_ | unless they use DPI | 19:48 |
| atralheaven_ | yes | 19:48 |
| atralheaven_ | openvpn was not on netstat list, what does that mean exactly? | 19:48 |
| atralheaven_ | if they use DPI, I will use obfsproxy or something like this, and they can do nothing about it! | 19:49 |
| jwitk0 | Hey All, I'm having some issues with LACP on ubuntu server, problem described here http://serverfault.com/questions/541917/lacp-with-2-nics-working-when-either-one-is-down-not-when-both-are-up | 19:49 |
| jwitk0 | has anyone ever seen this before? | 19:49 |
| === jwitk0 is now known as jwitko | ||
| thebwt | atralheaven_: it means that the program isn't bound to that port, possibly because it's failing to start | 19:50 |
| jwitko | I'm actually trying on ubuntu 14.04 at this point | 19:50 |
| atralheaven_ | thebwt: how can I start it manually, to check if the problem is because of that? I tried restarting the service, rebooting, it didn't help | 19:51 |
| atralheaven_ | thebwt: can it be because no one is connected to it? | 19:52 |
| thebwt | I'm not positive, look at the init script for it in /etc/inti.d/openvpnsomethinsomethingstometing | 19:52 |
| thebwt | I doubt it | 19:52 |
| atralheaven_ | I have /etc/inti.d/openvpn file | 19:53 |
| thebwt | yup dig through that ,that has the commands the system uses to start it) | 19:54 |
| thebwt | .* | 19:54 |
| atralheaven_ | its a long file with alot of options, I think it write configs to server.conf file, maybe | 19:58 |
| atralheaven_ | is "/etc/init.d/openvpn start" different from "service openvpn start"? | 19:59 |
| atralheaven_ | thebwt: status says that: * VPN 'server' is running | 20:00 |
| atralheaven_ | if no one is connected to openvpn, should it be listed on output of netstat -ntpl? | 20:01 |
| thebwt | yes, it's the thing that waits for people to connect | 20:08 |
| === Guest44026 is now known as TheEternalAbyss | ||
| === TheEternalAbyss is now known as Guest44216 | ||
| === Guest44216 is now known as TheEternalAbyss | ||
| lordievader | atralheaven_: /usr/bin/openvpn --config $CONFIG_DIR/$NAME.conf | 20:33 |
| atralheaven_ | lordievader: may you explain more? | 20:37 |
| lordievader | atralheaven_: That is what I got from the init file. | 20:37 |
| lordievader | I.e. that is what upstary/sysv-init runs. | 20:37 |
| atralheaven_ | lordievader: how can I make sure its running? | 20:39 |
| atralheaven_ | lordievader: "service openvpn status" says its running | 20:39 |
| atralheaven_ | but its not listed on netstat | 20:39 |
| lordievader | atralheaven_: Does ps list it? | 20:41 |
| atralheaven_ | no :| | 20:42 |
| atralheaven_ | lordievader: what is ps? | 20:42 |
| lordievader | atralheaven_: ps - report a snapshot of the current processes. See 'man ps'. | 20:43 |
| atralheaven_ | lordievader: what should I do? | 20:45 |
| atralheaven_ | lordievader: why shouldn't it be running now? | 20:46 |
| lordievader | atralheaven_: 'ps aux|grep openvpn' does that return anything? | 20:47 |
| atralheaven_ | yes | 20:48 |
| atralheaven_ | when I stop openvpn service, its the output: | 20:49 |
| atralheaven_ | root 13514 0.0 0.0 11740 924 pts/2 S+ 20:49 0:00 grep --color=auto openvpn | 20:49 |
| atralheaven_ | when its running, its more | 20:50 |
| lordievader | Okay, so it does run. Check it's log why it ain't claiming the ports. | 20:51 |
| atralheaven_ | where is the log file? I couldn't find it | 20:51 |
| lordievader | http://askubuntu.com/questions/276664/where-are-the-openvpn-connection-logs-and-configuration-files | 20:51 |
| atralheaven_ | what should I be looking for in the logs? | 20:52 |
| lordievader | atralheaven_: Why it ain't claiming the ports. Read them and see what it is and is not doing. | 20:53 |
| atralheaven_ | I don't have "/var/log/openvpn.log" file, and "grep VPN /var/log/syslog" just says that openvpn ... built on ..... | 20:58 |
| lordievader | http://ubuntuforums.org/showthread.php?t=2198079 | 21:04 |
| atralheaven_ | lordievader: I've set verb to 6, im going to check again... | 21:10 |
| atralheaven_ | lordievader: I found this: TLS key negotiation failed to occur within 60 seconds (check your network connectivi$ | 21:20 |
| atralheaven_ | lordievader: TLS Error: TLS handshake failed | 21:20 |
| lordievader | That is rather unlikely the reason for him not listening to the ports. | 21:25 |
| lordievader | Are you sure you have a server configuration? | 21:25 |
| atralheaven_ | what do you mean? | 21:27 |
| atralheaven_ | server.conf file? | 21:27 |
| lordievader | atralheaven_: I don't think a server should try and setup an ssl connection. That'll come when a client tries to connect. | 21:28 |
| lordievader | Hence the TLS handshake stikes me as odd for a server. | 21:28 |
| atralheaven_ | I use port 443 for openvpn | 21:29 |
| lordievader | That is not what I am saying... Could you pastebin your server config? | 21:29 |
| atralheaven_ | and openvpn uses easy-rsa for making keys | 21:29 |
| atralheaven_ | sure | 21:29 |
| atralheaven_ | lordievader: http://pastebin.com/qDAiHxgY | 21:32 |
| atralheaven_ | what is strange for me is why it was working fine, and stopped working when I didn't do anything | 21:34 |
| lordievader | Updates? | 21:36 |
| lordievader | Something must have changed. | 21:36 |
| lordievader | The config you gave works fine. | 21:37 |
| lordievader | You should have seen a connection in the logs. | 21:38 |
| lordievader | Wasn't there some country firewall there? | 21:39 |
| lordievader | If so you might want to make it connect over tcp:80 instead of udp:1194/ | 21:39 |
| atralheaven_ | it may be because of country firewalling | 21:43 |
| atralheaven_ | I used port 443 for it | 21:43 |
| atralheaven_ | but there can be DPI | 21:43 |
| atralheaven_ | that's why I wanted you to check if it connects | 21:44 |
| atralheaven_ | and sent you the .ovpn file | 21:44 |
| lordievader | DPI doesn't really come in to play, they read garbage. | 21:44 |
| lordievader | Anyhow openvpn really communicates over udp:1194. | 21:44 |
| atralheaven_ | what do you mean? | 21:45 |
| atralheaven_ | they can block 119 | 21:46 |
| atralheaven_ | 4 easily | 21:46 |
| lordievader | atralheaven_: Precisely the point ;) | 21:46 |
| lordievader | Hence the advice to use a common port like tcp:80 ;) | 21:46 |
| atralheaven_ | ok so I changed it to 443 | 21:47 |
| lordievader | How? | 21:47 |
| atralheaven_ | on the config file | 21:47 |
| atralheaven_ | and user file too | 21:47 |
| atralheaven_ | but if they use DPI, it wont work anymore | 21:47 |
| lordievader | DPI has nothing to do with this. | 21:48 |
| atralheaven_ | so I wanted someone from another country to check if he can connect to it | 21:48 |
| lordievader | The packet contents is encrypted. | 21:48 |
| atralheaven_ | thats why tor team made obfsproxy | 21:49 |
| atralheaven_ | because of DPI | 21:49 |
| === utlemming_sprint is now known as utlemming | ||
| atralheaven_ | lordievader: I have to go soon, what do you suggest to do? | 21:52 |
| lordievader | Are vpn's illegal there? | 21:52 |
| atralheaven_ | yes | 21:52 |
| atralheaven_ | where I live | 21:52 |
| lordievader | Then I cannot give any advice. Read the guidelines. | 21:53 |
| atralheaven_ | vpn is illegal where I live, not where you live! | 21:53 |
| atralheaven_ | I use vpn to bypass censorship | 21:53 |
| lordievader | True, but if I help you in doing something illegal I am still an acomplice. | 21:54 |
| atralheaven_ | but where you live, in your law, its not illegal | 21:54 |
| lordievader | Search the web, figure this one out on your own. There are plenty of resources on this. | 21:54 |
| atralheaven_ | for us its illegal but only on paper.... every person use something to change her/his ip, internet is useless without it! | 21:55 |
| lordievader | Anyhow you have ssh, use that as a proxy. | 21:55 |
| atralheaven_ | I don't understand why you are worry about it? I should be worry not you | 21:55 |
| atralheaven_ | yes I can, but only on my laptop | 21:56 |
| atralheaven_ | and they have blocked it before, I don't know it works now or not | 21:56 |
| lordievader | I have agreed to the CoC, hence I cannot help you in doing something illegal. That it ain't illegal here doesn't matter, that it is illegal there does. | 21:56 |
| atralheaven_ | you can't help me doing something illegal in which law? | 21:57 |
| atralheaven_ | law of where? | 21:57 |
| lordievader | The Code of Conduct ain't a law. | 21:57 |
| atralheaven_ | I don't understand :| where I live, we have countless stupid laws that are only on paper, many people don't even know they exist, internet without a vpn/proxy is useless here, you can do nothing with it... | 22:00 |
| atralheaven_ | it shouldn't be illegal on this channel too | 22:00 |
| atralheaven_ | but its ok... | 22:00 |
| atralheaven_ | I will do something myself :| | 22:01 |
| atralheaven_ | thanks | 22:02 |
| === Lcawte is now known as Lcawte|Away | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!