[00:57] <TylerGets> What should be my first step in diagnosing why I cant ssh into my server? All other services are working fine..
[01:01] <pmatulis> TylerGets: check /var/log/auth.log of the server you're trying to log into
[08:01] <lordievader> Good morning.
[13:15] <atralheaven_> I have problem with openvpn, I can't connect to it, is there anyone experienced with openvpn to help me? everything was ok I didn't change anything but I can't connect anymore
[13:19] <thebwt> you're positive it's still listening on whatever port it's running on (mine runs on 443)
[13:21] <thebwt> if you do 'sudo netstat -ntpl' . openvpn-openss should appear under 'program name'
[13:21] <thebwt> oh, they're gone...
[13:29] <atralheaven_> thebwt: are you speaking to me? I use 443 too
[13:29] <thebwt> ah, perfect! do you see the service listening on port 443?
[13:29] <thebwt> we need to see if it just died randomly, or if it was an update or something
[13:30] <thebwt> or a server reboot
[13:30] <thebwt> those are the normal ways that could cut off
[13:30] <lordievader> Check the 1194 udp port too (or what ever it was).
[13:30] <atralheaven_> with netstat -ntpl command? no there is just python and sshd
[13:30] <thebwt> and you did it with sudo right?
[13:30] <thebwt> ah yea, you got that output
[13:30] <atralheaven_> well I was root user
[13:31] <thebwt> ah gotcha
[13:31] <thebwt> and you've already restarted the openvpnas service?
[13:31] <atralheaven_> yes, several times...
[13:32] <thebwt> mine outputs to '/var/log/openvpnas.log'
[13:32] <atralheaven_> also the vps
[13:32] <thebwt> do you have anything in that log?
[13:32] <atralheaven_> I disabled ufw
[13:32] <thebwt> the fact that there isn't an openvon-openss on netstat tells me it's not starting up
[13:33] <atralheaven_> I don't have that file
[13:33] <thebwt> do this: "ps aux | grep openvpn"
[13:34] <thebwt> one of those should be the full line of the command, it should have a --logfile flag
[13:34] <thebwt> and for that matter, also a --pidfile , stop the service and make sure that pidfile doesn't exist
[13:37] <atralheaven_> this is output
[13:37] <atralheaven_> http://pastebin.com/A9hf2Ypp
[13:37] <atralheaven_> I didn't find logfile
[13:37] <atralheaven_> but there is  pid
[13:37] <atralheaven_> let me stop it first..
[13:38] <thebwt> hmm, different type of install, then stop the service and see if that pid still exsists
[13:38] <thebwt> (it shouldn't)
[13:38] <atralheaven_> its gone,
[13:38] <atralheaven_> root      8850  0.0  0.0  11740   924 pts/1    S+   13:38   0:00 grep --color=auto openvpn
[13:38] <atralheaven_> its the only line
[13:39] <thebwt> no
[13:39] <thebwt> the actual file
[13:39] <thebwt> @ /run/openvpn/server.pid
[13:39] <atralheaven_> btw I followed this instruction: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
[13:40] <thebwt> hmm
[13:40] <thebwt> fun
[13:40] <atralheaven_> /run/openvpn/ is empty
[13:41] <thebwt> I'm not sure how to help much more, try to find out how to insert the --logfile flag into the startup (init script?).
[13:41] <thebwt> you need that log
[13:41] <atralheaven_> and openvpn service is stoped
[13:41] <atralheaven_> internet without openvpn is useless here :(
[13:42] <atralheaven_> everything is censored
[13:42] <lordievader> Run the openvpn server manually, that will likely tell you why it crashes (if it does).
[13:43] <thebwt> ^ true
[13:44] <thebwt> (and if that doesn't work, if you're just trying to do web traffic, have you looked into ssh+socks5 ? it's way easier
[13:54] <smoser> med_, i'm looking at week old scrollbacks and see your question about 2 boot volumes.
[13:55] <smoser> i would suspect that vda woudl get booted most or all of the time.
[13:55] <smoser> the bios probably reliably loads the grub from the "first" drive.
[13:56] <smoser> but then the grub there (in a ubuntu cloud image scenario) will find a kernel and initramfs and a kernel command line like 'root=LABEL=cloudimg-rootfs'
[13:56] <smoser> and if 2 devices have LABEL=cloudimg-rootfs, then you are not guaranteed reliable behavior.
[13:57] <smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/665235
[13:57] <smoser> this could potentially be fixed by using LABEL=uuid
[13:57] <smoser> err.. UUID=uuid
[13:58] <smoser> but that doesn't guarantee anything in the face of duplicate uuid, which you would have in a snaphost case.
[18:44] <bittin> http://open-zfs.org/wiki/Main_Page ZFS Devsummit :)
[19:40] <atralheaven_> thebwt: hello...?
[19:40] <thebwt> howdy
[19:41] <atralheaven_> thebwt: sorry my internet was disconnected
[19:41] <atralheaven_> do you remember me? I had problem with openvpn
[19:45] <thebwt> I do, are you just trying to pass web traffic through?
[19:46] <atralheaven_> thebwt: yes, to pass the censorship
[19:47] <thebwt> you know you could just use an ssh tunnel with a socks proxy to do that right?
[19:47] <thebwt> and you wouldn't have to manage this whole openvpn service
[19:47] <atralheaven_> the block it
[19:47] <atralheaven_> and on my phone I can't use it
[19:47] <atralheaven_> they can't block openvpn easily
[19:47] <thebwt> because you reached the extent of my openvpn knowledge
[19:47] <thebwt> ah hotcha
[19:47] <thebwt> gotcha*
[19:48] <thebwt> hence the https/443
[19:48] <atralheaven_> unless they use DPI
[19:48] <atralheaven_> yes
[19:48] <atralheaven_> openvpn was not on netstat list, what does that mean exactly?
[19:49] <atralheaven_> if they use DPI, I will use obfsproxy or something like this, and they can do nothing about it!
[19:49] <jwitk0> Hey All,  I'm having some issues with LACP on ubuntu server, problem described here http://serverfault.com/questions/541917/lacp-with-2-nics-working-when-either-one-is-down-not-when-both-are-up
[19:49] <jwitk0> has anyone ever seen this before?
[19:50] <thebwt> atralheaven_: it means that the program isn't bound to that port, possibly because it's failing to start
[19:50] <jwitko> I'm actually trying on ubuntu 14.04 at this point
[19:51] <atralheaven_> thebwt: how can I start it manually, to check if the problem is because of that? I tried restarting the service, rebooting, it didn't help
[19:52] <atralheaven_> thebwt: can it be because no one is connected to it?
[19:52] <thebwt> I'm not positive, look at the init script for it in /etc/inti.d/openvpnsomethinsomethingstometing
[19:52] <thebwt> I doubt it
[19:53] <atralheaven_> I have /etc/inti.d/openvpn file
[19:54] <thebwt> yup dig through that ,that has the commands the system uses to start it)
[19:54] <thebwt> .*
[19:58] <atralheaven_> its a long file with alot of options, I think it write configs to server.conf file, maybe
[19:59] <atralheaven_> is "/etc/init.d/openvpn start" different from "service openvpn start"?
[20:00] <atralheaven_> thebwt: status says that: * VPN 'server' is running
[20:01] <atralheaven_> if no one is connected to openvpn, should it be listed on output of netstat -ntpl?
[20:08] <thebwt> yes, it's the thing that waits for people to connect
[20:33] <lordievader> atralheaven_: /usr/bin/openvpn --config $CONFIG_DIR/$NAME.conf
[20:37] <atralheaven_> lordievader: may you explain more?
[20:37] <lordievader> atralheaven_: That is what I got from the init file.
[20:37] <lordievader> I.e. that is what upstary/sysv-init runs.
[20:39] <atralheaven_> lordievader: how can I make sure its running?
[20:39] <atralheaven_> lordievader: "service openvpn status" says its running
[20:39] <atralheaven_> but its not listed on netstat
[20:41] <lordievader> atralheaven_: Does ps list it?
[20:42] <atralheaven_> no :|
[20:42] <atralheaven_> lordievader: what is ps?
[20:43] <lordievader> atralheaven_: ps - report a snapshot of the current processes. See 'man ps'.
[20:45] <atralheaven_> lordievader: what should I do?
[20:46] <atralheaven_> lordievader: why shouldn't it be running now?
[20:47] <lordievader> atralheaven_: 'ps aux|grep openvpn' does that return anything?
[20:48] <atralheaven_> yes
[20:49] <atralheaven_> when I stop openvpn service, its the output:
[20:49] <atralheaven_> root     13514  0.0  0.0  11740   924 pts/2    S+   20:49   0:00 grep --color=auto openvpn
[20:50] <atralheaven_> when its running, its more
[20:51] <lordievader> Okay, so it does run. Check it's log why it ain't claiming the ports.
[20:51] <atralheaven_> where is the log file? I couldn't find it
[20:51] <lordievader> http://askubuntu.com/questions/276664/where-are-the-openvpn-connection-logs-and-configuration-files
[20:52] <atralheaven_> what should I be looking for in the logs?
[20:53] <lordievader> atralheaven_: Why it ain't claiming the ports. Read them and see what it is and is not doing.
[20:58] <atralheaven_> I don't have "/var/log/openvpn.log" file, and "grep VPN /var/log/syslog" just says that openvpn ... built on .....
[21:04] <lordievader> http://ubuntuforums.org/showthread.php?t=2198079
[21:10] <atralheaven_> lordievader: I've set verb to 6, im going to check again...
[21:20] <atralheaven_> lordievader: I found this: TLS key negotiation failed to occur within 60 seconds (check your network connectivi$
[21:20] <atralheaven_> lordievader: TLS Error: TLS handshake failed
[21:25] <lordievader> That is rather unlikely the reason for him not listening to the ports.
[21:25] <lordievader> Are you sure you have a server configuration?
[21:27] <atralheaven_> what do you mean?
[21:27] <atralheaven_> server.conf file?
[21:28] <lordievader> atralheaven_: I don't think a server should try and setup an ssl connection. That'll come when a client tries to connect.
[21:28] <lordievader> Hence the TLS handshake stikes me as odd for a server.
[21:29] <atralheaven_> I use port 443 for openvpn
[21:29] <lordievader> That is not what I am saying... Could you pastebin your server config?
[21:29] <atralheaven_> and openvpn uses easy-rsa for making  keys
[21:29] <atralheaven_> sure
[21:32] <atralheaven_> lordievader: http://pastebin.com/qDAiHxgY
[21:34] <atralheaven_> what is strange for me is why it was working fine, and stopped working when I didn't do anything
[21:36] <lordievader> Updates?
[21:36] <lordievader> Something must have changed.
[21:37] <lordievader> The config you gave works fine.
[21:38] <lordievader> You should have seen a connection in the logs.
[21:39] <lordievader> Wasn't there some country firewall there?
[21:39] <lordievader> If so you might want to make it connect over tcp:80 instead of udp:1194/
[21:43] <atralheaven_> it may be because of country firewalling
[21:43] <atralheaven_> I used port 443 for it
[21:43] <atralheaven_> but there can be DPI
[21:44] <atralheaven_> that's why I wanted you to check if it connects
[21:44] <atralheaven_> and sent you the .ovpn file
[21:44] <lordievader> DPI doesn't really come in to play, they read garbage.
[21:44] <lordievader> Anyhow openvpn really communicates over udp:1194.
[21:45] <atralheaven_> what do you mean?
[21:46] <atralheaven_> they can block 119
[21:46] <atralheaven_> 4 easily
[21:46] <lordievader> atralheaven_: Precisely the point ;)
[21:46] <lordievader> Hence the advice to use a common port like tcp:80 ;)
[21:47] <atralheaven_> ok so I changed it to 443
[21:47] <lordievader> How?
[21:47] <atralheaven_> on the config file
[21:47] <atralheaven_> and user file too
[21:47] <atralheaven_> but if they use DPI, it wont work anymore
[21:48] <lordievader> DPI has nothing to do with this.
[21:48] <atralheaven_> so I wanted someone from another country to check if he can connect to it
[21:48] <lordievader> The packet contents is encrypted.
[21:49] <atralheaven_> thats why tor team made obfsproxy
[21:49] <atralheaven_> because of DPI
[21:52] <atralheaven_> lordievader: I have to go soon, what do you suggest to do?
[21:52] <lordievader> Are vpn's illegal there?
[21:52] <atralheaven_> yes
[21:52] <atralheaven_> where I live
[21:53] <lordievader> Then I cannot give any advice. Read the guidelines.
[21:53] <atralheaven_> vpn is illegal where I live, not where you live!
[21:53] <atralheaven_> I use vpn to bypass censorship
[21:54] <lordievader> True, but if I help you in doing something illegal I am still an acomplice.
[21:54] <atralheaven_> but where you live, in your law, its not illegal
[21:54] <lordievader> Search the web, figure this one out on your own. There are plenty of resources on this.
[21:55] <atralheaven_> for us its illegal but only on paper.... every person use something to change her/his ip, internet is useless without it!
[21:55] <lordievader> Anyhow you have ssh, use that as a proxy.
[21:55] <atralheaven_> I don't understand why you are worry about it? I should be worry not you
[21:56] <atralheaven_> yes I can, but only on my laptop
[21:56] <atralheaven_> and they have blocked it before, I don't know it works now or not
[21:56] <lordievader> I have agreed to the CoC, hence I cannot help you in doing something illegal. That it ain't illegal here doesn't matter, that it is illegal there does.
[21:57] <atralheaven_> you can't help me doing something illegal in which law?
[21:57] <atralheaven_> law of where?
[21:57] <lordievader> The Code of Conduct ain't a law.
[22:00] <atralheaven_> I don't understand :| where I live, we have countless stupid laws that are only on paper, many people don't even know they exist, internet without a vpn/proxy is useless here, you can do nothing with it...
[22:00] <atralheaven_> it shouldn't be illegal on this channel too
[22:00] <atralheaven_> but its ok...
[22:01] <atralheaven_> I will do something myself :|
[22:02] <atralheaven_> thanks