Werte Mitglieder,
vorab die Information, dass ich ein absoluter Neuling in der Welt des RaspberryPi und dessen Programmierung bin. Ich habe vor 2 Monaten nach einer Lösung für einen VPN-Server gesucht und bin auf Tutorials mit einem RapsberryPi i.V.m PiVPN und OpenVPN gestoßen. Nach der problemlosen Einrichtung, lief das ganze System auch stabil und zuverlässig.
Nun hatten wir letzte Woche mehrere Stromausfälle und der VPN Server ist nicht mehr erreichbar. Habe dann versucht mit meinen rudimentären Kenntnissen und google die relevanten Dienste neu zu starten, darüberhinaus habe ich probiert ein neues Zertifikat zu erstellen. Leider alles ohne Erfolg. Eventuell sieht jemand in dem Logfile, welches ich über den Befehl "pivpn ovpn -d" generiert habe einen sachdienlichen Hinweis.
::: Generating Debug Output
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
commit 32bd1c628af9e1926f3f4471c0bf49c74deff7c7
Author: Orazio <orazioedoardo@users.noreply.github.com>
Date: Fri Jul 24 18:52:57 2020 +0200
Update LatestUpdate.md
=============================================
:::: Installation settings ::::
PLAT=Raspbian
OSCN=buster
USING_UFW=0
IPv4dev=eth0
IPv4addr=192.168.2.199/24
IPv4gw=192.168.2.1
install_user=pi
install_home=/home/pi
VPN=openvpn
pivpnPROTO=udp
pivpnPORT=4364
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnSEARCHDOMAIN=
pivpnHOST=REDACTED
TWO_POINT_FOUR=1
pivpnENCRYPT=256
USE_PREDEFINED_DH_PARAM=
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnDEV=tun0
pivpnNET=10.8.0.0
subnetClass=24
UNATTUPG=1
INSTALLED_PACKAGES=()
HELP_SHOWN=1
=============================================
:::: Server configuration shown below ::::
dev tun
proto udp
port 4364
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_cddbdc46-94e6-4200-9a79-b57b52c5e8a9.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_cddbdc46-94e6-4200-9a79-b57b52c5e8a9.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
=============================================
:::: Client template file shown below ::::
client
dev tun
proto udp
remote REDACTED 4364
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_cddbdc46-94e6-4200-9a79-b57b52c5e8a9 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
=============================================
:::: Recursive list of files in ::::
::: /etc/openvpn/easy-rsa/pki shows below :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
Default.txt
ecparams
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
openssl-easyrsa.cnf
PiVPN_mobile.ovpn
PiVPN.ovpn
private
renewed
revoked
safessl-easyrsa.cnf
serial
serial.old
ta.key
/etc/openvpn/easy-rsa/pki/ecparams:
prime256v1.pem
/etc/openvpn/easy-rsa/pki/issued:
PiVPN.crt
PiVPN_mobile.crt
raspberrypi_cddbdc46-94e6-4200-9a79-b57b52c5e8a9.crt
/etc/openvpn/easy-rsa/pki/private:
ca.key
PiVPN.key
PiVPN_mobile.key
raspberrypi_cddbdc46-94e6-4200-9a79-b57b52c5e8a9.key
/etc/openvpn/easy-rsa/pki/renewed:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/renewed/private_by_serial:
/etc/openvpn/easy-rsa/pki/renewed/reqs_by_serial:
/etc/openvpn/easy-rsa/pki/revoked:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/revoked/private_by_serial:
37435878A00A79BCBED195B421856DD9.key
/etc/openvpn/easy-rsa/pki/revoked/reqs_by_serial:
37435878A00A79BCBED195B421856DD9.req
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] OpenVPN is running
:: [OK] OpenVPN is enabled (it will automatically start on reboot)
:: [OK] OpenVPN is listening on port 4364/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://github.com/pivpn/pivpn/wiki/FAQ
=============================================
:::: Snippet of the server log ::::
Nov 16 07:50:56 raspberrypi ovpn-server[5178]: Exiting due to fatal error
Nov 16 07:50:56 raspberrypi ovpn-server[5178]: Closing TUN/TAP interface
Nov 16 07:50:56 raspberrypi ovpn-server[5178]: /sbin/ip addr del dev tun0 10.8.0.1/24
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: ECDH curve prime256v1 added
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: TUN/TAP device tun0 opened
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: TUN/TAP TX queue length set to 100
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: /sbin/ip link set dev tun0 up mtu 1500
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:4364: Address already in use (errno=98)
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Exiting due to fatal error
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: Closing TUN/TAP interface
Nov 16 07:51:01 raspberrypi ovpn-server[5218]: /sbin/ip addr del dev tun0 10.8.0.1/24
=============================================
:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.txt
:::
Alles anzeigen