Search similar:
|
|
uniqs 2638 |
|
|
|
batsonaMaryland join:2004-04-17 Ellicott City, MD |
OpenVPN on CentOS5 no-go....Greetings; Can anyone interpret these long-winded error messages? I made sure iptables was enabled for runlevel-3, and the machine rebooted so it starts with the boot-up.
OS: CentOS 5.10 64-bit
Package: openvpn-as-2.0.7-CentOS5.i386.rpm
When I try to do, "service openvpnas start", I always get the following errors below. The vendor didn't have a 64-bit version for CentOS (well they did, but the link is broken...)
2014-04-20 18:39:19-0400 [-] Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,:1,sagent/sagen t_entry:17,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/b ase:1175,internet/base:752,internet/process:45,internet/process:306,internet/_baseprocess:48,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sage nt/ipts:122,sagent/ipts:49,util/error:61,util/error:44
2014-04-20 18:39:19-0400 [-] WEB OUT: '2014-04-20 18:39:19-0400 [UDSProxyQueryProtocol,client] [Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'user\'])"]), Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'iptables_openvpn\'])"]), Tag(\'div\', children=["Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: [\'iptables-restore: line 46 failed\ ']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,:1,sagent/sagent_entry:17,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_u nix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1175,internet/base:752,internet/process:45,internet/process:306,internet/_baseprocess:48,internet/process:775,internet/_baseprocess:60,svc/pp:117,s vc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44"]), Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'user\ ', \'iptables_live\', \'iptables_openvpn\'])"]), Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'iptables_live\', \'iptables_openvpn\'])"])]' | | graysonf MVM join:1999-07-16 Fort Lauderdale, FL
1 recommendation |
Is there some reason you aren't running Extras Packages for Enterprise Linux 5 for x86_64 openvpn-2.3.2-2.el5.x86_64.rpm? » ftp:// rpmfind.net/linux/epel/5 ··· 6_64.rpm | | rexbinaryMOD King Premium Member join:2005-01-26 Plano, TX |
to batsona
I highly recommend using packages from EPEL if you must use any packages outside of the official repos for CentOS. » fedoraproject.org/wiki/EPEL | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
to graysonf
OP here: I need to keep with the version 2.0.7 from OpenVPN.net, because [at work], we're using an older version of that product. --and it's running on RHEL5 64-bit.
There was a 64-bit OVA template to run on ESXi, but under the hood, it was Ubuntu -- we only do RHEL. The only other thing I could do, was install the RPM on a copy of RHEL5 I had. | | |
Salty_Peaks
Anon
2014-Apr-21 1:03 pm
It's not starting because it fails to call iptables-restore; does this command/alias exist on the box? If not, perhaps you could write your own shell script/wrapper to handle it. Based on the error it seems it's trying to insert or apply OpenVPN specific rulesets via iptables-restore which is returning exit code 1. | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
Salty -- Thanks for looking this over -- I know iptables4 and iptables6 are available on the box, but I'm not sure about 'iptables-restore'. --Perhaps I'm missing a development RPM file related to iptables? -Or an RPM containing extra tools, or special tools? Also, remember that I'm installing a 32-bit OpenVPN on a 64-bit machine. I didn't see any ELF errors, so I thought I was OK here, for the most part. Does anyone know what kind of functionality my CentOS machine might have, that would cause this error? | | |
Salty_Peaks
Anon
2014-Apr-21 1:57 pm
I just jumped on a CentOS 6 box, /sbin/iptables-restore is a symlink to /etc/alternatives/sbin-iptables-restore.x86_64. On my Scientific Linux 5-rolling box (pretty much RHEL/CentOS), /sbin/iptables-restore (love they stripped it): # file /sbin/iptables-restore
/sbin/iptables-restore: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), stripped
I have iptables-1.3.5-9.2.el5_8 and installed the sha256 sum for /sbin/iptables-restore is caad19e39c61b09a04fd3a1e15c55823752886a3951852ebc553d8efc0586626 Maybe you can 'strace -ff -s4096 "service openvpnas start" 2>&1 | tee /tmp/openvpn.strace.log' and see how iptables-restore is being called. I might would try /sbin/iptables-save -- maybe you can't restore and exit 1 because you never saved them? Just a thought. | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
Looked at some things.. the 'file' command you ran against your iptables-restore, is the same as on my system with the exception of 32-bit is 64-bit and "Intel 80386" is "AMD x86_64". As for the 'strace' command, it was unknown, and I searched the entire disk from / on out, and it's not there.
Included below is a more complete picture of what's happening. some stuff is showing up when looking at "ps -ef", but there's a 'traceback' that comes up in the openvpnas.log file that might be of use...
___________________________________________________________________________________ [[[[[[[ "service start openvpnas" issued ]]]]]]]]]]]]]]
Then this info is seen under "ps -ef"
[root@vysh207 log]# [root@vysh207 log]# ps -ef | grep python root 3222 1 0 15:00 ? 00:00:00 python -c from pyovpn.sagent.sagent_entry import openvpnas ; openvpnas() --logfile=/var/log/openvpnas.log --pidfile=/var/run/openvpnas.pid root 3223 3222 0 15:00 ? 00:00:00 python -c from pyovpn.log.logworker import start ; start() 502 3224 3222 0 15:00 ? 00:00:00 python -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile /usr/local/openvpn_as/etc/tmp/wserv.pid -r epoll root 3233 3222 0 15:00 ? 00:00:00 python -c from pyovpn.sagent.iptworker import start6 ; start6()
However, in the /var/log/openvpnas.log file, the following appears just after issuing the service start command....
2014-04-21 15:00:56-0400 [-] Log opened. 2014-04-21 15:00:56-0400 [-] twistd 9.0.0 (/usr/local/openvpn_as/bin/python 2.7.6) starting up. 2014-04-21 15:00:56-0400 [-] reactor class: twisted.internet.epollreactor.EPollReactor. 2014-04-21 15:00:56-0400 [-] rmdir /usr/local/openvpn_as/etc/db_push 2014-04-21 15:00:56-0400 [-] ACCESS SERVER starting, version=2.0.7 2014-04-21 15:00:56-0400 [-] Max open files set to (4096L, 4096L) 2014-04-21 15:00:56-0400 [-] /etc/resolv.conf changed, reparsing 2014-04-21 15:00:56-0400 [-] Resolver added ('199.45.32.38', 53) to server list 2014-04-21 15:00:56-0400 [-] Resolver added ('199.45.32.40', 53) to server list 2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on "u'/usr/local/openvpn_as/etc/sock/sagent'" 2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on "u'/usr/local/openvpn_as/etc/sock/sagent.localroot'" 2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on "u'/usr/local/openvpn_as/etc/sock/sagent.api'" 2014-04-21 15:00:57-0400 [-] OpenVPNDataDir: using shared dir: '/dev/shm/openvpn_as/pso' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin+client+xmlrpc 198.186.45.66 943' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin+client 127.0.0.1 904' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin 127.0.0.1 905' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV client 127.0.0.1 906' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV xmlrpc 127.0.0.1 907' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin+client+xmlrpc 127.0.0.1 908' 2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV client+xmlrpc 127.0.0.1 909' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] Log opened.' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] twistd 9.0.0 (/usr/local/openvpn_as/bin/python 2.7.6) starting up.' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] reactor class: twisted.internet.epollreactor.EPollReactor.' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 943' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 904' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 905' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 906' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on 907' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 908' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 909' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] set uid/gid 502/502' 2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] Web server running as UID 502' 2014-04-21 15:00:57-0400 [-] iptables-restore-PP ERR: 'iptables-restore: line 46 failed' 2014-04-21 15:00:57-0400 [-] ***** START command data 2014-04-21 15:00:57-0400 [-] *filter 2014-04-21 15:00:57-0400 [-] :AS0_ACCEPT - 2014-04-21 15:00:57-0400 [-] :AS0_IN - 2014-04-21 15:00:57-0400 [-] :AS0_IN_NAT - 2014-04-21 15:00:57-0400 [-] :AS0_IN_POST - 2014-04-21 15:00:57-0400 [-] :AS0_IN_PRE - 2014-04-21 15:00:57-0400 [-] :AS0_IN_ROUTE - 2014-04-21 15:00:57-0400 [-] :AS0_OUT - 2014-04-21 15:00:57-0400 [-] :AS0_OUT_LOCAL - 2014-04-21 15:00:57-0400 [-] :AS0_OUT_POST - 2014-04-21 15:00:57-0400 [-] :AS0_OUT_S2C - 2014-04-21 15:00:57-0400 [-] :AS0_WEBACCEPT - 2014-04-21 15:00:57-0400 [-] :FORWARD ACCEPT 2014-04-21 15:00:57-0400 [-] :INPUT ACCEPT 2014-04-21 15:00:57-0400 [-] :OUTPUT ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_ACCEPT -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_IN -d 172.29.4.1 -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_IN -j AS0_IN_POST 2014-04-21 15:00:57-0400 [-] -A AS0_IN_POST -d 172.29.0.0/255.255.0.0 -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_IN_NAT -j MARK --or-mark 0x8000000 2014-04-21 15:00:57-0400 [-] -A AS0_IN_NAT -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_IN_POST -o as0t+ -j AS0_OUT 2014-04-21 15:00:57-0400 [-] -A AS0_IN_POST -j DROP 2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -d 192.168.0.0/255.255.0.0 -j AS0_IN 2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -d 172.16.0.0/255.240.0.0 -j AS0_IN 2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -d 10.0.0.0/255.0.0.0 -j AS0_IN 2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_IN_ROUTE -j MARK --or-mark 0x4000000 2014-04-21 15:00:57-0400 [-] -A AS0_IN_ROUTE -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_OUT -j AS0_OUT_POST 2014-04-21 15:00:57-0400 [-] -A AS0_OUT_LOCAL -p icmp --icmp-type 5 -j DROP 2014-04-21 15:00:57-0400 [-] -A AS0_OUT_LOCAL -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_OUT_POST -j DROP 2014-04-21 15:00:57-0400 [-] -A AS0_OUT_S2C -j AS0_OUT 2014-04-21 15:00:57-0400 [-] -A AS0_WEBACCEPT -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A FORWARD -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT 2014-04-21 15:00:57-0400 [-] -A FORWARD -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE 2014-04-21 15:00:57-0400 [-] -A FORWARD -o as0t+ -j AS0_OUT_S2C 2014-04-21 15:00:57-0400 [-] -A INPUT -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT 2014-04-21 15:00:57-0400 [-] -A INPUT -i lo -j AS0_ACCEPT 2014-04-21 15:00:57-0400 [-] -A INPUT -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE 2014-04-21 15:00:57-0400 [-] -A INPUT -d 198.186.45.66 -p tcp -m state --state NEW -m tcp --dport 443 -j AS0_ACCEPT 2014-04-21 15:00:57-0400 [-] -A INPUT -m state --state RELATED,ESTABLISHED -j AS0_WEBACCEPT 2014-04-21 15:00:57-0400 [-] -A INPUT -d 198.186.45.66 -p tcp -m state --state NEW -m tcp --dport 943 -j AS0_WEBACCEPT 2014-04-21 15:00:57-0400 [-] -A OUTPUT -o as0t+ -j AS0_OUT_LOCAL 2014-04-21 15:00:57-0400 [-] COMMIT 2014-04-21 15:00:57-0400 [-] *mangle 2014-04-21 15:00:57-0400 [-] :AS0_MANGLE_PRE_REL_EST - 2014-04-21 15:00:57-0400 [-] :AS0_MANGLE_TUN - 2014-04-21 15:00:57-0400 [-] :PREROUTING - 2014-04-21 15:00:57-0400 [-] -A AS0_MANGLE_PRE_REL_EST -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_MANGLE_TUN -j MARK --set-mark 0x2000000 2014-04-21 15:00:57-0400 [-] -A AS0_MANGLE_TUN -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A PREROUTING -m state --state RELATED,ESTABLISHED -j AS0_MANGLE_PRE_REL_EST 2014-04-21 15:00:57-0400 [-] -A PREROUTING -i as0t+ -j AS0_MANGLE_TUN 2014-04-21 15:00:57-0400 [-] COMMIT 2014-04-21 15:00:57-0400 [-] *nat 2014-04-21 15:00:57-0400 [-] :AS0_NAT - 2014-04-21 15:00:57-0400 [-] :AS0_NAT_POST_REL_EST - 2014-04-21 15:00:57-0400 [-] :AS0_NAT_PRE - 2014-04-21 15:00:57-0400 [-] :AS0_NAT_PRE_REL_EST - 2014-04-21 15:00:57-0400 [-] :AS0_NAT_TEST - 2014-04-21 15:00:57-0400 [-] :POSTROUTING - 2014-04-21 15:00:57-0400 [-] :PREROUTING - 2014-04-21 15:00:57-0400 [-] -A AS0_NAT -o eth0 -j SNAT --to-source 198.186.45.66 2014-04-21 15:00:57-0400 [-] -A AS0_NAT -o eth1 -j SNAT --to-source 172.29.5.55 2014-04-21 15:00:57-0400 [-] -A AS0_NAT -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_POST_REL_EST -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -m mark --mark 0x8000000/0x8000000 -j AS0_NAT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -d 192.168.0.0/255.255.0.0 -j AS0_NAT_TEST 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -d 172.16.0.0/255.240.0.0 -j AS0_NAT_TEST 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -d 10.0.0.0/255.0.0.0 -j AS0_NAT_TEST 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -j AS0_NAT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE_REL_EST -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -o as0t+ -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -m mark --mark 0x4000000/0x4000000 -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -d 172.29.4.0/255.255.255.0 -j ACCEPT 2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -j AS0_NAT 2014-04-21 15:00:57-0400 [-] -A POSTROUTING -m state --state RELATED,ESTABLISHED -j AS0_NAT_POST_REL_EST 2014-04-21 15:00:57-0400 [-] -A POSTROUTING -m mark --mark 0x2000000/0x2000000 -j AS0_NAT_PRE 2014-04-21 15:00:57-0400 [-] -A PREROUTING -m state --state RELATED,ESTABLISHED -j AS0_NAT_PRE_REL_EST 2014-04-21 15:00:57-0400 [-] COMMIT 2014-04-21 15:00:57-0400 [-] 2014-04-21 15:00:57-0400 [-] ***** END command data 2014-04-21 15:00:57-0400 [-] *** MyError.report *** 2014-04-21 15:00:57-0400 [-] Stack Traceback 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 323, '_runCallbacks', 'self.result = callback(self.result, *args, **kw)') 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 122, 'cb3', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 49, 'process_cmd_result', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/mycprof.py', 11, 'run_cprofile', None) 2014-04-21 15:00:57-0400 [-] ('', 1, '', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/sagent_entry.py', 14, 'openvpnas_go', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/sagent_entry.py', 11, 'run_server_agent', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/daemon.py', 28, 'twistd_with_reactor', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/daemon.py', 69, 'twistd', None) 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/application/app.py', 423, 'run', 'self.postApplication()') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/scripts/_twistd_unix.py', 202, 'postApplication', 'self.startReactor(None, self.oldstdout, self.oldstderr)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/application/app.py', 445, 'startReactor', 'self.config, oldstdout, oldstderr, self.profiler, reactor)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/application/app.py', 348, 'runReactorWithLogging', 'reactor.run()') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/base.py', 1166, 'run', 'self.mainLoop()') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/base.py', 1178, 'mainLoop', 'self.doIteration(t)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/epollreactor.py', 194, 'doPoll', 'log.callWithLogger(selectable, _drdw, selectable, fd, event)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/log.py', 85, 'callWithLogger', 'return callWithContext({"system": lp}, func, *args, **kw)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/log.py', 70, 'callWithContext', 'return context.call({ILogContext: newCtx}, func, *args, **kw)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/context.py', 59, 'callWithContext', 'return self.currentContext().callWithContext(ctx, func, *args, **kw)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/context.py', 37, 'callWithContext', 'return func(*args,**kw)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/epollreactor.py', 223, '_doReadOrWrite', 'self._disconnectSelectable(selectable, why, inRead)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/posixbase.py', 191, '_disconnectSelectable', 'selectable.connectionLost(f)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/process.py', 260, 'connectionLost', 'self.proc.childConnectionLost(self.name, reason)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/process.py', 762, 'childConnectionLost', 'self.maybeCallProcessEnded()') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/process.py', 775, 'maybeCallProcessEnded', '_BaseProcess.maybeCallProcessEnded(self)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/_baseprocess.py', 60, 'maybeCallProcessEnded', 'proto.processEnded(Failure(reason))') 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/svc/pp.py', 117, 'processEnded', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/svc/svcnotify.py', 32, 'notify_change_state', None) 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 238, 'callback', 'self._startRunCallbacks(result)') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 307, '_startRunCallbacks', 'self._runCallbacks()') 2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 323, '_runCallbacks', 'self.result = callback(self.result, *args, **kw)') 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 122, 'cb3', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 49, 'process_cmd_result', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/error.py', 61, '__init__', None) 2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/error.py', 44, '__init__', None) 2014-04-21 15:00:57-0400 [-] Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/epollreactor:194,python/log:85,python/log:70,python/context:59,python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44 2014-04-21 15:00:57-0400 [-] Server Agent initialization status: {'errors': {'iptables_live': [('error', "service failed to start due to unresolved dependencies: set(['iptables_openvpn'])")], 'iptables_openvpn': [('error', "Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/epollreactor:194,python/log:85,python/log:70,python/context:59,python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44")], u'openvpn_0': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'user': [('error', "service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])")], 'crl': [('error', "service failed to start due to unresolved dependencies: set(['user'])")]}, 'service_status': {'bridge': 'started', 'log': 'started', 'license': 'started', 'iptables_web': 'started', 'iptables_openvpn': 'off', 'ip6tables_openvpn': 'started', 'auth': 'started', 'ip6tables_live': 'started', 'client_query': 'started', 'api': 'started', u'openvpn_0': 'off', 'web': 'started', 'db_push': 'started', 'iptables_live': 'off', 'crl': 'off', 'user': 'off'}} 2014-04-21 15:00:57-0400 [-] Server Agent started [root@vysh207 log]# [root@vysh207 log]# [root@vysh207 log]# [root@vysh207 log]# | | |
Salty_Peaks
Anon
2014-Apr-21 3:23 pm
Can you paste out "lsmod|grep ipt". I wonder if it's related to ipt_mangle being not loaded, this isn't trying to run iptables-restore with uid/gid 502/502 is it? | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
Here we go:
[root@vysh207 /]# [root@vysh207 /]# lsmod | grep ipt iptable_filter 36161 1 ip_tables 55457 1 iptable_filter [root@vysh207 /]# [root@vysh207 /]# [root@vysh207 /]#
and here are the two users that the OpenVPN RPM put in place for me...
openvpn:x:501:501::/home/openvpn:/sbin/nologin openvpn_as:x:502:502::/home/openvpn_as:/sbin/nologin | | batsona |
to Salty_Peaks
OK, will anyone smack me, if I've just run across this dependancy list, from the vendor's website? It was burried in the release-notes from 4-5 revisions ago.... I didn't see it down there...
bison-2.4.tar.bz2
boost_1_53_0.tar.gz
bridge-utils-jy-1.5.tar.gz
cyrus-sasl-2.1.26.tar.gz
flex-2.5.35.tar.bz2
libpcap-1.3.0.tar.gz
linet-1.0.tar.gz
lzo-2.06.tar.gz
m4-1.4.13.tar.bz2
MySQL-python-1.2.4b4.tar.gz
Nevow-0.10.0.tar.gz
openldap-2.4.35.tgz
openssl-1.0.1e.tar.gz
openvpn-2.3_as1.tar.gz
openvpn3.tar.gz
pcre-8.32.tar.gz
pycrypto-2.6.tar.gz
pyOpenSSL-0.10.tar.gz
pyovpnc-1.2.tar.gz
pyovpn.tgz
pyrad-1.1.tar.gz
Python-2.7.4.tgz
python-ldap-2.4.10.tar.gz
readline-6.2.tar.gz
setuptools-0.6c11.tar.gz
snappy-1.1.0.tar.gz
SQLAlchemy-0.7.10.tar.gz
sqlite-autoconf-3071602.tar.gz
swig-2.0.9.tar.gz
tcl8.5.5-src.tar.gz
termcap-1.3.1.tar.gz
tidy-20090316.tar.gz
Twisted-9.0.0.tar.bz2
ucarp-1.5.2.tar.gz
uTidylib-0.2.tar.gz
zope.interface-3.3.0.tar.gz | | graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
Yes, I will smack you! If you had used the rpm from your distribution it would have told you about missing dependencies. If you used yum to install, it would have pulled these in automatically. But even an ordinary rpm install would have told you about missing dependencies unless you forced installed it. | | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
OP here: Yes, my fault. And partly the fault of the vendor for burying the dependencies list away from customer eyes. I didn't force-install, I just did "rpm -i" then the RPM name. When I installed it, it looked like it was hung for ~20sec, but then a message popped up, "Congratulations, OpenVPN successfully installed!" No other messages about dependances etc etc... just BOOM, and it was installed with no feedback on the screen. EVeryone else who installs this same product is in the same boat. Lastly, I can't use the RHEL distribution of this product, since this is a version-upgrade, I need to stay with the distro from OpenVPN, because that's the distro we're using right now. I'll install the dependances & post later. | | graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
Really, really sloppy RPM packager that builds a package without a 'requires' Tag in the spec. There is no excuse for that. | | graysonf |
to batsona
said by batsona:Lastly, I can't use the RHEL distribution of this product, since this is a version-upgrade, I need to stay with the distro from OpenVPN, because that's the distro we're using right now. Are you saying there is no forward/backward compatibility among the various versions of OpenVPN? I find it difficult to imagine how anyone can inter-operate with others if this was true. | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
batsona
Member
2014-Apr-21 10:02 pm
I think the OpenVPN client behaves like the Juniper NetworkConnect client. When you log in, the version of your client is verified. If the server-side has been upgraded, then you're deemed 'behind' and an upgrade of the client is forced. Anyway, luckily, we only have 10 licensed seats, so it's easy to upgrade them all. --I worked at a place where we had 200 remote users, with 10% of them in Japan. --The version of the client stays in-sync with the version that the server requires. | | batsona |
to graysonf
Dependancy Chart |
Wow.... I must not be using the best of mirrors.. Time to grab a Guinness, and give up... all the versions that are 'close', tell me that this RPM probably is designed for CentOS6, even though the website says it works on CentOS5. Yikes. Oh yea, I just sat down and did "yum install xxxxxxx" on every single one of these.... | | graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
Give an example of the exact yum command you have tried. | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
OP here: For example, when updating 'snappy-1.1.0.tar.gz' I would issue, "yum install snappy". For 'setuptools-0.6c11.tar.gz', I would issue, "yum install setuptools".
Ive been thru this before, where an RPM I want to install needs some addn'l RPMs as dependancies, and then THOSE rpm's need other dependant RPMs installed.. etc etc.... | | graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
Yum is able to resolve dependencies and pull those in automatically. You will be notified of additional packages needed to be installed and you have to approve that choice unless you have waived interaction.
But if you are installing a RPM using thr rpm command, then you need either all the required dependency rpm packages already installed or already downloaded and located in the same directory as the rpm you are trying to install.
You can also install multiple packages at once:
yum install snappy setuptools another-package yet-another-package
Or rpm -Uvh some.rpm some-other.rpm yet-another.rpm
One problem you have is you are trying to gather dependencies for a non-CentOS package using CentOS or CentOS related repositories. Expecting this to "just work" is not reasonable.
You could attempt to compile and install the package yourself from source code, but you will still have to resolve dependencies yourself.
As I said in a previous post, if someone builds a RPM package and didn't include a full and complete Requirements Tag, it's sloppy and will lead to the types of problems you are experiencing. | | batsonaMaryland join:2004-04-17 Ellicott City, MD |
batsona
Member
2014-Apr-23 11:23 am
OP here: I ran the RPM command which is supposed to spit out all the dependancies, but the list didn't look anything like what I pulled from the vendor's website. I'm guessing looking at the dependancies this way, requires them to be already written into the RPM files' Requirements tag, and this info will be incomplete & faulty. I might send a polite email to the vendor and ask them to have the developers take their heads out of their a$$es.... | | graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
I have already mentioned the significance of a missing or improper Requirements Tag. | | |
Salty_Peaks to batsona
Anon
2014-Apr-23 12:44 pm
to batsona
said by batsona:I might send a polite email to the vendor and ask them to have the developers take their heads out of their a$$es.... +1, either this is an enterprise quality application designed for the enterprise or it's not even an application worthy of a SOHO environment cobbled together by developers who have little to no understanding of proper dependency chains and RPM creation. Based on your information, I wouldn't want this in the enterprise. | |
|