I was trying to connect to a .ovpn file using OpenVPN but when I try to connect it with this command:
sudo openvpn --config downloaded-client-config.ovpn
It failed with the following output:
Wed Jun 17 23:53:03 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Wed Jun 17 23:53:03 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Jun 17 23:53:03 2020 Cipher algorithm 'AES-256-GCM' not found (OpenSSL)
Wed Jun 17 23:53:03 2020 Exiting due to fatal error
My OpenSSL version: OpenSSL 1.1.0h 27 Mar 2018
OpenVPN version: OpenVPN 2.3.10
Ubuntu Version: 16.04
Also, I ran this command as well to see the list of ciphers I have:
openvpn --show-ciphers
and AES-256-GCM was not present in that in that list.
How can I add it manually if it's possible?
PS: I am kind of a layman with respect to OpenVPN
This is an issue with the OpenVPN version. The AES-256-GCM cipher was added in version 2.4.
You can follow these steps to install OpenVPN 2.4 on Ubuntu 16.04 at which point the cipher should properly work. The suggestion in the comments to upgrade your OS entirely would also work, but is certainly not necessary!
I had a similar issue trying to connect a 2.3.2 client to a 2.4.4 server. I referred to this cipher negotiation reference and updated both server and client config to use cipher AES-256-CBC
When the 2.4 server is set to AES-256-CBC, the clients (also set to AES-256-CBC) negotiate the following ciphers:
2.5 - AES-256-GCM
2.4 - AES-256-GCM
2.3 - AES-256-CBC
2.2 - AES-256-CBC
Related
I have a problem with connecting to VPN. When I start up the raspberry device and connect the VPN with nmcli connection up VPN it succeceds. But if I bring the interface down and trying to bring it up again it fails. If I restart the raspberry I can connect to VPN again. What is the next step? Do you guys have any idea what has gone wrong?
In the journalctl log I get this message when it fails:
Could not determine IPv4/IPv6 protocol
Oct 23 15:56:24 raspberrypi nm-openvpn[2282]: SIGUSR1[soft,init_instance] received, process restarting
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: RESOLVE: Cannot resolve host address: vpn.******.**:1194 (Name or service not known)
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: RESOLVE: Cannot resolve host address: vpn.*****.**:1194 (Name or service not known).
pi#raspberrypi:~ $ openvpn --version
OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
uname -a
Linux raspberrypi 5.4.51-v7+ #1333 SMP Mon Aug 10 16:45:19 BST 2020 armv7l GNU/Linux
NetworkManager --version
1.14.6
I'm trying to use Radicale via uWSGI and Apache.
After some struggle, I managed to use WSGI for radicale on Apache but I would like to offload the authentication to Apache.
So I created the apache conf as
<VirtualHost *:80>
ServerAdmin xxx#gmail.com
ServerName radicale.domain.com
ProxyPass / uwsgi://127.0.0.1:5232/
<Directory "/etc/radicale">
AllowOverride None
Require all granted
</Directory>
TransferLog /var/log/apache2/radicale_access.log
ErrorLog /var/log/apache2/radicale_error.log
</VirtualHost>
My uwsgi app is
[uwsgi]
http-socket = 127.0.0.1:5232
processes = 2
plugin = python3
#module = radicale
wsgi-file=/etc/radicale/radicale.wsgi
env = RADICALE_CONFIG=/etc/radicale/config
When I call http://radicale.domain.com, I get a generic 500 error but I can't see any errors in the apache error log or the uswgi log.
The uwsgi log shows (in verbose)
Thu May 7 17:40:39 2020 - *** Starting uWSGI 2.0.14-debian (64bit) on [Thu May 7 17:40:39 2020] ***
Thu May 7 17:40:39 2020 - compiled with version: 6.3.0 20170516 on 17 March 2018 15:41:47
Thu May 7 17:40:39 2020 - os: Linux-2.6.32-042stab128.2 #1 SMP Thu Mar 22 10:58:36 MSK 2018
Thu May 7 17:40:39 2020 - nodename: xxx
Thu May 7 17:40:39 2020 - machine: x86_64
Thu May 7 17:40:39 2020 - clock source: unix
Thu May 7 17:40:39 2020 - pcre jit disabled
Thu May 7 17:40:39 2020 - detected number of CPU cores: 8
Thu May 7 17:40:39 2020 - current working directory: /
Thu May 7 17:40:39 2020 - writing pidfile to /run/uwsgi/app/radicale/pid
Thu May 7 17:40:39 2020 - detected binary path: /usr/bin/uwsgi-core
Thu May 7 17:40:39 2020 - setgid() to 33
Thu May 7 17:40:39 2020 - set additional group 125 (redis)
Thu May 7 17:40:39 2020 - set additional group 5003 (ispapps)
Thu May 7 17:40:39 2020 - set additional group 5004 (ispconfig)
Thu May 7 17:40:39 2020 - setuid() to 33
Thu May 7 17:40:39 2020 - your processes number limit is 256137
Thu May 7 17:40:39 2020 - your memory page size is 4096 bytes
Thu May 7 17:40:39 2020 - detected max file descriptor number: 131072
Thu May 7 17:40:39 2020 - lock engine: pthread robust mutexes
Thu May 7 17:40:39 2020 - thunder lock: disabled (you can enable it with --thunder-lock)
Thu May 7 17:40:39 2020 - uwsgi socket 0 bound to UNIX address /run/uwsgi/app/radicale/socket fd 3
Thu May 7 17:40:39 2020 - uwsgi socket 1 bound to TCP address 127.0.0.1:5232 fd 5
Thu May 7 17:40:39 2020 - Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
Thu May 7 17:40:39 2020 - *** Python threads support is disabled. You can enable it with --enable-threads ***
Thu May 7 17:40:39 2020 - Python main interpreter initialized at 0x7fc12c963dd0
Thu May 7 17:40:39 2020 - your server socket listen backlog is limited to 100 connections
Thu May 7 17:40:39 2020 - your mercy for graceful operations on workers is 60 seconds
Thu May 7 17:40:39 2020 - mapped 218304 bytes (213 KB) for 2 cores
Thu May 7 17:40:39 2020 - *** Operational MODE: preforking ***
Thu May 7 17:40:39 2020 - WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x7fc12c963dd0 pid: 23261 (defau
lt app)
Thu May 7 17:40:39 2020 - *** uWSGI is running in multiple interpreter mode ***
Thu May 7 17:40:39 2020 - spawned uWSGI master process (pid: 23261)
Thu May 7 17:40:39 2020 - spawned uWSGI worker 1 (pid: 23267, cores: 1)
Thu May 7 17:40:39 2020 - spawned uWSGI worker 2 (pid: 23268, cores: 1)
How can I debug uwsgi? How can I see why Apache returns the 500 error? Have I done anything wrong with the conf - I find the docs not very useful when it comes to error debugging or understanding how to define modules
Okay, after a week of contemplating, debugging and some swearing, I saw my quite stupid mistake :(
I configured a HTTP socket in UWSGI
http-socket = 127.0.0.1:5232
but specified the uwsgi protocol in Apache ...
ProxyPass / uwsgi://127.0.0.1:5232/
On Unix systems, is there a way to fake the perceived date and time of a child process?
I.e., imagine:
$ date
Fri Jun 28 10:50:35 CEST 2019
$ with_date 10/05/2019 date
Fri May 10 10:50:36 CEST 2019
How to implement the with_date command?
The typical use case would be the testing of date/time-related software, simulating various conditions.
There is the library libfaketime. It uses a library preload mechanism to intercept system calls of the to-be-run programs. A use-case (from the manual) is:
user#host> date
Tue Nov 23 12:01:05 CEST 2016
user#host> LD_PRELOAD=/usr/local/lib/libfaketime.so.1 FAKETIME="-15d" date
Mon Nov 8 12:01:12 CEST 2016
user#host> LD_PRELOAD=/usr/local/lib/libfaketime.so.1 FAKETIME="-15d"
FAKETIME_DONT_FAKE_MONOTONIC=1
java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14) Java HotSpot(TM)
64-Bit Server VM (build 25.111-b14, mixed mode)
I have both php7.0 and php7.1 installed on Ubuntu.
Both CLI and Apache are switched to use 7.1
php -v
PHP 7.1.14-1+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Feb 9 2018
09:33:27) ( NTS )
but the built-in http server of Symfony still uses 7.0
PHP Version 7.0.27-1+ubuntu16.04.1+deb.sury.org+1
System Linux spring.home.lan 4.4.0-112-generic #135-Ubuntu SMP Fri
Jan 19 11:48:36 UTC 2018 x86_64
Build Date Jan 5 2018 14:12:46
Server API Built-in HTTP server
Any suggestions what is wrong?
I installed JFrog standalone version on Ubuntu. I dont know my JFrog username and password. I also checked /usr/lib/apache-tomcat-8.5.16/conf/server.xml file but it is does not have any username and password. I also clicked on set me up, but the commandline interface to push an artifact is also prompting for username and password.
ravi#ravi-Inspiron-5537:~$ systemctl status artifactory.service
● artifactory.service - Setup Systemd script for Artifactory in Tomcat Servlet E
Loaded: loaded (/lib/systemd/system/artifactory.service; enabled; vendor pres
Active: active (running) since Fri 2017-08-11 10:11:41 EDT; 37min ago
Process: 16482 ExecStart=/opt/jfrog/artifactory/bin/artifactoryManage.sh start
Main PID: 16532 (java)
CGroup: /system.slice/artifactory.service
‣ 16532 /usr/bin/java -Djava.util.logging.config.file=/opt/jfrog/arti
Aug 11 10:11:17 ravi-Inspiron-5537 su[16508]: Successful su for artifactory by r
Aug 11 10:11:17 ravi-Inspiron-5537 su[16508]: + ??? root:artifactory
Aug 11 10:11:17 ravi-Inspiron-5537 su[16508]: pam_unix(su:session): session open
Aug 11 10:11:18 ravi-Inspiron-5537 artifactoryManage.sh[16482]: Max number of op
Aug 11 10:11:18 ravi-Inspiron-5537 artifactoryManage.sh[16482]: Using ARTIFACTOR
Aug 11 10:11:18 ravi-Inspiron-5537 artifactoryManage.sh[16482]: Using ARTIFACTOR
Aug 11 10:11:18 ravi-Inspiron-5537 artifactoryManage.sh[16482]: Creating directo
Aug 11 10:11:18 ravi-Inspiron-5537 artifactoryManage.sh[16482]: Tomcat started.
Aug 11 10:11:41 ravi-Inspiron-5537 artifactoryManage.sh[16482]: Artifactory Tomc
Aug 11 10:11:41 ravi-Inspiron-5537 systemd[1]: Started Setup Systemd script for
lines 1-18/18 (END)
The default username and password of Artifactory are:
User: admin
Pass: password