=== Guest16046 is now known as ikonia [00:57] What should be my first step in diagnosing why I cant ssh into my server? All other services are working fine.. [01:01] TylerGets: check /var/log/auth.log of the server you're trying to log into === markthomas|away is now known as markthomas === _ruben_ is now known as _ruben === markthomas is now known as markthomas|away [08:01] Good morning. === CiPi is now known as cipi === Lcawte|Away is now known as Lcawte === Lcawte is now known as Lcawte|Away [13:15] I have problem with openvpn, I can't connect to it, is there anyone experienced with openvpn to help me? everything was ok I didn't change anything but I can't connect anymore [13:19] you're positive it's still listening on whatever port it's running on (mine runs on 443) [13:21] if you do 'sudo netstat -ntpl' . openvpn-openss should appear under 'program name' [13:21] oh, they're gone... === balloons is now known as Guest77565 === Guest77565 is now known as balloons_ [13:29] thebwt: are you speaking to me? I use 443 too [13:29] ah, perfect! do you see the service listening on port 443? [13:29] we need to see if it just died randomly, or if it was an update or something [13:30] or a server reboot [13:30] those are the normal ways that could cut off [13:30] Check the 1194 udp port too (or what ever it was). [13:30] with netstat -ntpl command? no there is just python and sshd [13:30] and you did it with sudo right? [13:30] ah yea, you got that output [13:30] well I was root user [13:31] ah gotcha [13:31] and you've already restarted the openvpnas service? [13:31] yes, several times... [13:32] mine outputs to '/var/log/openvpnas.log' [13:32] also the vps [13:32] do you have anything in that log? [13:32] I disabled ufw [13:32] the fact that there isn't an openvon-openss on netstat tells me it's not starting up [13:33] I don't have that file [13:33] do this: "ps aux | grep openvpn" [13:34] one of those should be the full line of the command, it should have a --logfile flag [13:34] and for that matter, also a --pidfile , stop the service and make sure that pidfile doesn't exist [13:37] this is output [13:37] http://pastebin.com/A9hf2Ypp [13:37] I didn't find logfile [13:37] but there is pid [13:37] let me stop it first.. [13:38] hmm, different type of install, then stop the service and see if that pid still exsists [13:38] (it shouldn't) [13:38] its gone, [13:38] root 8850 0.0 0.0 11740 924 pts/1 S+ 13:38 0:00 grep --color=auto openvpn [13:38] its the only line [13:39] no [13:39] the actual file [13:39] @ /run/openvpn/server.pid [13:39] btw I followed this instruction: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 [13:40] hmm [13:40] fun [13:40] /run/openvpn/ is empty [13:41] I'm not sure how to help much more, try to find out how to insert the --logfile flag into the startup (init script?). [13:41] you need that log [13:41] and openvpn service is stoped [13:41] internet without openvpn is useless here :( [13:42] everything is censored [13:42] Run the openvpn server manually, that will likely tell you why it crashes (if it does). [13:43] ^ true [13:44] (and if that doesn't work, if you're just trying to do web traffic, have you looked into ssh+socks5 ? it's way easier [13:54] med_, i'm looking at week old scrollbacks and see your question about 2 boot volumes. [13:55] i would suspect that vda woudl get booted most or all of the time. [13:55] the bios probably reliably loads the grub from the "first" drive. [13:56] but then the grub there (in a ubuntu cloud image scenario) will find a kernel and initramfs and a kernel command line like 'root=LABEL=cloudimg-rootfs' [13:56] and if 2 devices have LABEL=cloudimg-rootfs, then you are not guaranteed reliable behavior. [13:57] https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/665235 [13:57] Launchpad bug 665235 in cloud-init (Ubuntu) "grub-legacy-ec2: attaching a volume to maverick instance may boot off it" [Wishlist,Won't fix] [13:57] this could potentially be fixed by using LABEL=uuid [13:57] err.. UUID=uuid [13:58] but that doesn't guarantee anything in the face of duplicate uuid, which you would have in a snaphost case. === alai` is now known as alai === balloons_ is now known as balloons === cz2 is now known as NetworkManager === NetworkManager is now known as pulseaudio === wendar_ is now known as wendar === Lcawte|Away is now known as Lcawte === SpamapS_ is now known as SpamapS === armyriad2 is now known as armyriad === markthomas|away is now known as markthomas === cipi is now known as cip === cip is now known as cipi === mfisch` is now known as mfisch === mfisch is now known as Guest27947 === Guest27947 is now known as mfisch === Guest9808 is now known as Adri2000 [18:44] http://open-zfs.org/wiki/Main_Page ZFS Devsummit :) === cipi is now known as cip [19:40] thebwt: hello...? [19:40] howdy [19:41] thebwt: sorry my internet was disconnected [19:41] do you remember me? I had problem with openvpn [19:45] I do, are you just trying to pass web traffic through? [19:46] thebwt: yes, to pass the censorship [19:47] you know you could just use an ssh tunnel with a socks proxy to do that right? [19:47] and you wouldn't have to manage this whole openvpn service [19:47] the block it [19:47] and on my phone I can't use it [19:47] they can't block openvpn easily [19:47] because you reached the extent of my openvpn knowledge [19:47] ah hotcha [19:47] gotcha* [19:48] hence the https/443 [19:48] unless they use DPI [19:48] yes [19:48] openvpn was not on netstat list, what does that mean exactly? [19:49] if they use DPI, I will use obfsproxy or something like this, and they can do nothing about it! [19:49] Hey All, I'm having some issues with LACP on ubuntu server, problem described here http://serverfault.com/questions/541917/lacp-with-2-nics-working-when-either-one-is-down-not-when-both-are-up [19:49] has anyone ever seen this before? === jwitk0 is now known as jwitko [19:50] atralheaven_: it means that the program isn't bound to that port, possibly because it's failing to start [19:50] I'm actually trying on ubuntu 14.04 at this point [19:51] thebwt: how can I start it manually, to check if the problem is because of that? I tried restarting the service, rebooting, it didn't help [19:52] thebwt: can it be because no one is connected to it? [19:52] I'm not positive, look at the init script for it in /etc/inti.d/openvpnsomethinsomethingstometing [19:52] I doubt it [19:53] I have /etc/inti.d/openvpn file [19:54] yup dig through that ,that has the commands the system uses to start it) [19:54] .* [19:58] its a long file with alot of options, I think it write configs to server.conf file, maybe [19:59] is "/etc/init.d/openvpn start" different from "service openvpn start"? [20:00] thebwt: status says that: * VPN 'server' is running [20:01] if no one is connected to openvpn, should it be listed on output of netstat -ntpl? [20:08] yes, it's the thing that waits for people to connect === Guest44026 is now known as TheEternalAbyss === TheEternalAbyss is now known as Guest44216 === Guest44216 is now known as TheEternalAbyss [20:33] atralheaven_: /usr/bin/openvpn --config $CONFIG_DIR/$NAME.conf [20:37] lordievader: may you explain more? [20:37] atralheaven_: That is what I got from the init file. [20:37] I.e. that is what upstary/sysv-init runs. [20:39] lordievader: how can I make sure its running? [20:39] lordievader: "service openvpn status" says its running [20:39] but its not listed on netstat [20:41] atralheaven_: Does ps list it? [20:42] no :| [20:42] lordievader: what is ps? [20:43] atralheaven_: ps - report a snapshot of the current processes. See 'man ps'. [20:45] lordievader: what should I do? [20:46] lordievader: why shouldn't it be running now? [20:47] atralheaven_: 'ps aux|grep openvpn' does that return anything? [20:48] yes [20:49] when I stop openvpn service, its the output: [20:49] root 13514 0.0 0.0 11740 924 pts/2 S+ 20:49 0:00 grep --color=auto openvpn [20:50] when its running, its more [20:51] Okay, so it does run. Check it's log why it ain't claiming the ports. [20:51] where is the log file? I couldn't find it [20:51] http://askubuntu.com/questions/276664/where-are-the-openvpn-connection-logs-and-configuration-files [20:52] what should I be looking for in the logs? [20:53] atralheaven_: Why it ain't claiming the ports. Read them and see what it is and is not doing. [20:58] I don't have "/var/log/openvpn.log" file, and "grep VPN /var/log/syslog" just says that openvpn ... built on ..... [21:04] http://ubuntuforums.org/showthread.php?t=2198079 [21:10] lordievader: I've set verb to 6, im going to check again... [21:20] lordievader: I found this: TLS key negotiation failed to occur within 60 seconds (check your network connectivi$ [21:20] lordievader: TLS Error: TLS handshake failed [21:25] That is rather unlikely the reason for him not listening to the ports. [21:25] Are you sure you have a server configuration? [21:27] what do you mean? [21:27] server.conf file? [21:28] atralheaven_: I don't think a server should try and setup an ssl connection. That'll come when a client tries to connect. [21:28] Hence the TLS handshake stikes me as odd for a server. [21:29] I use port 443 for openvpn [21:29] That is not what I am saying... Could you pastebin your server config? [21:29] and openvpn uses easy-rsa for making keys [21:29] sure [21:32] lordievader: http://pastebin.com/qDAiHxgY [21:34] what is strange for me is why it was working fine, and stopped working when I didn't do anything [21:36] Updates? [21:36] Something must have changed. [21:37] The config you gave works fine. [21:38] You should have seen a connection in the logs. [21:39] Wasn't there some country firewall there? [21:39] If so you might want to make it connect over tcp:80 instead of udp:1194/ [21:43] it may be because of country firewalling [21:43] I used port 443 for it [21:43] but there can be DPI [21:44] that's why I wanted you to check if it connects [21:44] and sent you the .ovpn file [21:44] DPI doesn't really come in to play, they read garbage. [21:44] Anyhow openvpn really communicates over udp:1194. [21:45] what do you mean? [21:46] they can block 119 [21:46] 4 easily [21:46] atralheaven_: Precisely the point ;) [21:46] Hence the advice to use a common port like tcp:80 ;) [21:47] ok so I changed it to 443 [21:47] How? [21:47] on the config file [21:47] and user file too [21:47] but if they use DPI, it wont work anymore [21:48] DPI has nothing to do with this. [21:48] so I wanted someone from another country to check if he can connect to it [21:48] The packet contents is encrypted. [21:49] thats why tor team made obfsproxy [21:49] because of DPI === utlemming_sprint is now known as utlemming [21:52] lordievader: I have to go soon, what do you suggest to do? [21:52] Are vpn's illegal there? [21:52] yes [21:52] where I live [21:53] Then I cannot give any advice. Read the guidelines. [21:53] vpn is illegal where I live, not where you live! [21:53] I use vpn to bypass censorship [21:54] True, but if I help you in doing something illegal I am still an acomplice. [21:54] but where you live, in your law, its not illegal [21:54] Search the web, figure this one out on your own. There are plenty of resources on this. [21:55] for us its illegal but only on paper.... every person use something to change her/his ip, internet is useless without it! [21:55] Anyhow you have ssh, use that as a proxy. [21:55] I don't understand why you are worry about it? I should be worry not you [21:56] yes I can, but only on my laptop [21:56] and they have blocked it before, I don't know it works now or not [21:56] I have agreed to the CoC, hence I cannot help you in doing something illegal. That it ain't illegal here doesn't matter, that it is illegal there does. [21:57] you can't help me doing something illegal in which law? [21:57] law of where? [21:57] The Code of Conduct ain't a law. [22:00] I don't understand :| where I live, we have countless stupid laws that are only on paper, many people don't even know they exist, internet without a vpn/proxy is useless here, you can do nothing with it... [22:00] it shouldn't be illegal on this channel too [22:00] but its ok... [22:01] I will do something myself :| [22:02] thanks === Lcawte is now known as Lcawte|Away