dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2638
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

OpenVPN on CentOS5 no-go....

Greetings; Can anyone interpret these long-winded error messages? I made sure iptables was enabled for runlevel-3, and the machine rebooted so it starts with the boot-up.

OS: CentOS 5.10 64-bit

Package: openvpn-as-2.0.7-CentOS5.i386.rpm

When I try to do, "service openvpnas start", I always get the following errors below. The vendor didn't have a 64-bit version for CentOS (well they did, but the link is broken...)

2014-04-20 18:39:19-0400 [-] Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,:1,sagent/sagen
t_entry:17,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/b
ase:1175,internet/base:752,internet/process:45,internet/process:306,internet/_baseprocess:48,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sage
nt/ipts:122,sagent/ipts:49,util/error:61,util/error:44

2014-04-20 18:39:19-0400 [-] WEB OUT: '2014-04-20 18:39:19-0400 [UDSProxyQueryProtocol,client] [Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'user\'])"]), Tag(\'div\', children=["service
failed to start due to unresolved dependencies: set([\'iptables_openvpn\'])"]), Tag(\'div\', children=["Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: [\'iptables-restore: line 46 failed\
']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,:1,sagent/sagent_entry:17,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_u
nix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1175,internet/base:752,internet/process:45,internet/process:306,internet/_baseprocess:48,internet/process:775,internet/_baseprocess:60,svc/pp:117,s
vc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44"]), Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'user\
', \'iptables_live\', \'iptables_openvpn\'])"]), Tag(\'div\', children=["service failed to start due to unresolved dependencies: set([\'iptables_live\', \'iptables_openvpn\'])"])]'

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

1 recommendation

graysonf

MVM

Is there some reason you aren't running Extras Packages for Enterprise Linux 5 for x86_64 openvpn-2.3.2-2.el5.x86_64.rpm?

»ftp://rpmfind.net/linux/epel/5 ··· 6_64.rpm

rexbinary
MOD King
Premium Member
join:2005-01-26
Plano, TX

rexbinary to batsona

Premium Member

to batsona
I highly recommend using packages from EPEL if you must use any packages outside of the official repos for CentOS.

»fedoraproject.org/wiki/EPEL
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona to graysonf

Member

to graysonf
OP here: I need to keep with the version 2.0.7 from OpenVPN.net, because [at work], we're using an older version of that product. --and it's running on RHEL5 64-bit.

There was a 64-bit OVA template to run on ESXi, but under the hood, it was Ubuntu -- we only do RHEL. The only other thing I could do, was install the RPM on a copy of RHEL5 I had.

Salty_Peaks
@as54203.net

Salty_Peaks

Anon

It's not starting because it fails to call iptables-restore; does this command/alias exist on the box? If not, perhaps you could write your own shell script/wrapper to handle it. Based on the error it seems it's trying to insert or apply OpenVPN specific rulesets via iptables-restore which is returning exit code 1.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

Salty -- Thanks for looking this over -- I know iptables4 and iptables6 are available on the box, but I'm not sure about 'iptables-restore'. --Perhaps I'm missing a development RPM file related to iptables? -Or an RPM containing extra tools, or special tools? Also, remember that I'm installing a 32-bit OpenVPN on a 64-bit machine. I didn't see any ELF errors, so I thought I was OK here, for the most part. Does anyone know what kind of functionality my CentOS machine might have, that would cause this error?

Salty_Peaks
@as54203.net

Salty_Peaks

Anon

I just jumped on a CentOS 6 box, /sbin/iptables-restore is a symlink to /etc/alternatives/sbin-iptables-restore.x86_64.

On my Scientific Linux 5-rolling box (pretty much RHEL/CentOS), /sbin/iptables-restore (love they stripped it):

# file /sbin/iptables-restore
/sbin/iptables-restore: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), stripped
 

I have iptables-1.3.5-9.2.el5_8 and installed the sha256 sum for /sbin/iptables-restore is caad19e39c61b09a04fd3a1e15c55823752886a3951852ebc553d8efc0586626

Maybe you can 'strace -ff -s4096 "service openvpnas start" 2>&1 | tee /tmp/openvpn.strace.log' and see how iptables-restore is being called.

I might would try /sbin/iptables-save -- maybe you can't restore and exit 1 because you never saved them? Just a thought.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

Looked at some things.. the 'file' command you ran against your iptables-restore, is the same as on my system with the exception of 32-bit is 64-bit and "Intel 80386" is "AMD x86_64". As for the 'strace' command, it was unknown, and I searched the entire disk from / on out, and it's not there.

Included below is a more complete picture of what's happening. some stuff is showing up when looking at "ps -ef", but there's a 'traceback' that comes up in the openvpnas.log file that might be of use...

___________________________________________________________________________________
[[[[[[[ "service start openvpnas" issued ]]]]]]]]]]]]]]

Then this info is seen under "ps -ef"

[root@vysh207 log]#
[root@vysh207 log]# ps -ef | grep python
root 3222 1 0 15:00 ? 00:00:00 python -c from pyovpn.sagent.sagent_entry import openvpnas ; openvpnas() --logfile=/var/log/openvpnas.log --pidfile=/var/run/openvpnas.pid
root 3223 3222 0 15:00 ? 00:00:00 python -c from pyovpn.log.logworker import start ; start()
502 3224 3222 0 15:00 ? 00:00:00 python -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile /usr/local/openvpn_as/etc/tmp/wserv.pid -r epoll
root 3233 3222 0 15:00 ? 00:00:00 python -c from pyovpn.sagent.iptworker import start6 ; start6()

However, in the /var/log/openvpnas.log file, the following appears just after issuing the service start command....

2014-04-21 15:00:56-0400 [-] Log opened.
2014-04-21 15:00:56-0400 [-] twistd 9.0.0 (/usr/local/openvpn_as/bin/python 2.7.6) starting up.
2014-04-21 15:00:56-0400 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2014-04-21 15:00:56-0400 [-] rmdir /usr/local/openvpn_as/etc/db_push
2014-04-21 15:00:56-0400 [-] ACCESS SERVER starting, version=2.0.7
2014-04-21 15:00:56-0400 [-] Max open files set to (4096L, 4096L)
2014-04-21 15:00:56-0400 [-] /etc/resolv.conf changed, reparsing
2014-04-21 15:00:56-0400 [-] Resolver added ('199.45.32.38', 53) to server list
2014-04-21 15:00:56-0400 [-] Resolver added ('199.45.32.40', 53) to server list
2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on "u'/usr/local/openvpn_as/etc/sock/sagent'"
2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on "u'/usr/local/openvpn_as/etc/sock/sagent.localroot'"
2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on "u'/usr/local/openvpn_as/etc/sock/sagent.api'"
2014-04-21 15:00:57-0400 [-] OpenVPNDataDir: using shared dir: '/dev/shm/openvpn_as/pso'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin+client+xmlrpc 198.186.45.66 943'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin+client 127.0.0.1 904'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin 127.0.0.1 905'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV client 127.0.0.1 906'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV xmlrpc 127.0.0.1 907'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV admin+client+xmlrpc 127.0.0.1 908'
2014-04-21 15:00:57-0400 [-] WEB OUT: 'WSERV client+xmlrpc 127.0.0.1 909'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] Log opened.'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] twistd 9.0.0 (/usr/local/openvpn_as/bin/python 2.7.6) starting up.'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] reactor class: twisted.internet.epollreactor.EPollReactor.'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 943'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 904'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 905'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 906'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] twisted.web.server.Site starting on 907'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 908'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] pyovpn.web.webbase.MySiteBase starting on 909'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] set uid/gid 502/502'
2014-04-21 15:00:57-0400 [-] WEB OUT: '2014-04-21 15:00:57-0400 [-] Web server running as UID 502'
2014-04-21 15:00:57-0400 [-] iptables-restore-PP ERR: 'iptables-restore: line 46 failed'
2014-04-21 15:00:57-0400 [-] ***** START command data
2014-04-21 15:00:57-0400 [-] *filter
2014-04-21 15:00:57-0400 [-] :AS0_ACCEPT -
2014-04-21 15:00:57-0400 [-] :AS0_IN -
2014-04-21 15:00:57-0400 [-] :AS0_IN_NAT -
2014-04-21 15:00:57-0400 [-] :AS0_IN_POST -
2014-04-21 15:00:57-0400 [-] :AS0_IN_PRE -
2014-04-21 15:00:57-0400 [-] :AS0_IN_ROUTE -
2014-04-21 15:00:57-0400 [-] :AS0_OUT -
2014-04-21 15:00:57-0400 [-] :AS0_OUT_LOCAL -
2014-04-21 15:00:57-0400 [-] :AS0_OUT_POST -
2014-04-21 15:00:57-0400 [-] :AS0_OUT_S2C -
2014-04-21 15:00:57-0400 [-] :AS0_WEBACCEPT -
2014-04-21 15:00:57-0400 [-] :FORWARD ACCEPT
2014-04-21 15:00:57-0400 [-] :INPUT ACCEPT
2014-04-21 15:00:57-0400 [-] :OUTPUT ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_ACCEPT -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_IN -d 172.29.4.1 -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_IN -j AS0_IN_POST
2014-04-21 15:00:57-0400 [-] -A AS0_IN_POST -d 172.29.0.0/255.255.0.0 -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_IN_NAT -j MARK --or-mark 0x8000000
2014-04-21 15:00:57-0400 [-] -A AS0_IN_NAT -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_IN_POST -o as0t+ -j AS0_OUT
2014-04-21 15:00:57-0400 [-] -A AS0_IN_POST -j DROP
2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -d 192.168.0.0/255.255.0.0 -j AS0_IN
2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -d 172.16.0.0/255.240.0.0 -j AS0_IN
2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -d 10.0.0.0/255.0.0.0 -j AS0_IN
2014-04-21 15:00:57-0400 [-] -A AS0_IN_PRE -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_IN_ROUTE -j MARK --or-mark 0x4000000
2014-04-21 15:00:57-0400 [-] -A AS0_IN_ROUTE -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_OUT -j AS0_OUT_POST
2014-04-21 15:00:57-0400 [-] -A AS0_OUT_LOCAL -p icmp --icmp-type 5 -j DROP
2014-04-21 15:00:57-0400 [-] -A AS0_OUT_LOCAL -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_OUT_POST -j DROP
2014-04-21 15:00:57-0400 [-] -A AS0_OUT_S2C -j AS0_OUT
2014-04-21 15:00:57-0400 [-] -A AS0_WEBACCEPT -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A FORWARD -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT
2014-04-21 15:00:57-0400 [-] -A FORWARD -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE
2014-04-21 15:00:57-0400 [-] -A FORWARD -o as0t+ -j AS0_OUT_S2C
2014-04-21 15:00:57-0400 [-] -A INPUT -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT
2014-04-21 15:00:57-0400 [-] -A INPUT -i lo -j AS0_ACCEPT
2014-04-21 15:00:57-0400 [-] -A INPUT -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE
2014-04-21 15:00:57-0400 [-] -A INPUT -d 198.186.45.66 -p tcp -m state --state NEW -m tcp --dport 443 -j AS0_ACCEPT
2014-04-21 15:00:57-0400 [-] -A INPUT -m state --state RELATED,ESTABLISHED -j AS0_WEBACCEPT
2014-04-21 15:00:57-0400 [-] -A INPUT -d 198.186.45.66 -p tcp -m state --state NEW -m tcp --dport 943 -j AS0_WEBACCEPT
2014-04-21 15:00:57-0400 [-] -A OUTPUT -o as0t+ -j AS0_OUT_LOCAL
2014-04-21 15:00:57-0400 [-] COMMIT
2014-04-21 15:00:57-0400 [-] *mangle
2014-04-21 15:00:57-0400 [-] :AS0_MANGLE_PRE_REL_EST -
2014-04-21 15:00:57-0400 [-] :AS0_MANGLE_TUN -
2014-04-21 15:00:57-0400 [-] :PREROUTING -
2014-04-21 15:00:57-0400 [-] -A AS0_MANGLE_PRE_REL_EST -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_MANGLE_TUN -j MARK --set-mark 0x2000000
2014-04-21 15:00:57-0400 [-] -A AS0_MANGLE_TUN -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A PREROUTING -m state --state RELATED,ESTABLISHED -j AS0_MANGLE_PRE_REL_EST
2014-04-21 15:00:57-0400 [-] -A PREROUTING -i as0t+ -j AS0_MANGLE_TUN
2014-04-21 15:00:57-0400 [-] COMMIT
2014-04-21 15:00:57-0400 [-] *nat
2014-04-21 15:00:57-0400 [-] :AS0_NAT -
2014-04-21 15:00:57-0400 [-] :AS0_NAT_POST_REL_EST -
2014-04-21 15:00:57-0400 [-] :AS0_NAT_PRE -
2014-04-21 15:00:57-0400 [-] :AS0_NAT_PRE_REL_EST -
2014-04-21 15:00:57-0400 [-] :AS0_NAT_TEST -
2014-04-21 15:00:57-0400 [-] :POSTROUTING -
2014-04-21 15:00:57-0400 [-] :PREROUTING -
2014-04-21 15:00:57-0400 [-] -A AS0_NAT -o eth0 -j SNAT --to-source 198.186.45.66
2014-04-21 15:00:57-0400 [-] -A AS0_NAT -o eth1 -j SNAT --to-source 172.29.5.55
2014-04-21 15:00:57-0400 [-] -A AS0_NAT -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_POST_REL_EST -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -m mark --mark 0x8000000/0x8000000 -j AS0_NAT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -d 192.168.0.0/255.255.0.0 -j AS0_NAT_TEST
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -d 172.16.0.0/255.240.0.0 -j AS0_NAT_TEST
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -d 10.0.0.0/255.0.0.0 -j AS0_NAT_TEST
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE -j AS0_NAT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_PRE_REL_EST -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -o as0t+ -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -m mark --mark 0x4000000/0x4000000 -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -d 172.29.4.0/255.255.255.0 -j ACCEPT
2014-04-21 15:00:57-0400 [-] -A AS0_NAT_TEST -j AS0_NAT
2014-04-21 15:00:57-0400 [-] -A POSTROUTING -m state --state RELATED,ESTABLISHED -j AS0_NAT_POST_REL_EST
2014-04-21 15:00:57-0400 [-] -A POSTROUTING -m mark --mark 0x2000000/0x2000000 -j AS0_NAT_PRE
2014-04-21 15:00:57-0400 [-] -A PREROUTING -m state --state RELATED,ESTABLISHED -j AS0_NAT_PRE_REL_EST
2014-04-21 15:00:57-0400 [-] COMMIT
2014-04-21 15:00:57-0400 [-]
2014-04-21 15:00:57-0400 [-] ***** END command data
2014-04-21 15:00:57-0400 [-] *** MyError.report ***
2014-04-21 15:00:57-0400 [-] Stack Traceback
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 323, '_runCallbacks', 'self.result = callback(self.result, *args, **kw)')
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 122, 'cb3', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 49, 'process_cmd_result', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/mycprof.py', 11, 'run_cprofile', None)
2014-04-21 15:00:57-0400 [-] ('', 1, '', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/sagent_entry.py', 14, 'openvpnas_go', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/sagent_entry.py', 11, 'run_server_agent', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/daemon.py', 28, 'twistd_with_reactor', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/daemon.py', 69, 'twistd', None)
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/application/app.py', 423, 'run', 'self.postApplication()')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/scripts/_twistd_unix.py', 202, 'postApplication', 'self.startReactor(None, self.oldstdout, self.oldstderr)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/application/app.py', 445, 'startReactor', 'self.config, oldstdout, oldstderr, self.profiler, reactor)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/application/app.py', 348, 'runReactorWithLogging', 'reactor.run()')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/base.py', 1166, 'run', 'self.mainLoop()')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/base.py', 1178, 'mainLoop', 'self.doIteration(t)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/epollreactor.py', 194, 'doPoll', 'log.callWithLogger(selectable, _drdw, selectable, fd, event)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/log.py', 85, 'callWithLogger', 'return callWithContext({"system": lp}, func, *args, **kw)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/log.py', 70, 'callWithContext', 'return context.call({ILogContext: newCtx}, func, *args, **kw)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/context.py', 59, 'callWithContext', 'return self.currentContext().callWithContext(ctx, func, *args, **kw)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/python/context.py', 37, 'callWithContext', 'return func(*args,**kw)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/epollreactor.py', 223, '_doReadOrWrite', 'self._disconnectSelectable(selectable, why, inRead)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/posixbase.py', 191, '_disconnectSelectable', 'selectable.connectionLost(f)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/process.py', 260, 'connectionLost', 'self.proc.childConnectionLost(self.name, reason)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/process.py', 762, 'childConnectionLost', 'self.maybeCallProcessEnded()')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/process.py', 775, 'maybeCallProcessEnded', '_BaseProcess.maybeCallProcessEnded(self)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/_baseprocess.py', 60, 'maybeCallProcessEnded', 'proto.processEnded(Failure(reason))')
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/svc/pp.py', 117, 'processEnded', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/svc/svcnotify.py', 32, 'notify_change_state', None)
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 238, 'callback', 'self._startRunCallbacks(result)')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 307, '_startRunCallbacks', 'self._runCallbacks()')
2014-04-21 15:00:57-0400 [-] ('/usr/local/openvpn_as/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-i686.egg/twisted/internet/defer.py', 323, '_runCallbacks', 'self.result = callback(self.result, *args, **kw)')
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 122, 'cb3', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/sagent/ipts.py', 49, 'process_cmd_result', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/error.py', 61, '__init__', None)
2014-04-21 15:00:57-0400 [-] ('build/bdist.linux-i686/egg/pyovpn/util/error.py', 44, '__init__', None)
2014-04-21 15:00:57-0400 [-] Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/epollreactor:194,python/log:85,python/log:70,python/context:59,python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44
2014-04-21 15:00:57-0400 [-] Server Agent initialization status: {'errors': {'iptables_live': [('error', "service failed to start due to unresolved dependencies: set(['iptables_openvpn'])")], 'iptables_openvpn': [('error', "Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/mycprof:11,:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/epollreactor:194,python/log:85,python/log:70,python/context:59,python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44")], u'openvpn_0': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'user': [('error', "service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])")], 'crl': [('error', "service failed to start due to unresolved dependencies: set(['user'])")]}, 'service_status': {'bridge': 'started', 'log': 'started', 'license': 'started', 'iptables_web': 'started', 'iptables_openvpn': 'off', 'ip6tables_openvpn': 'started', 'auth': 'started', 'ip6tables_live': 'started', 'client_query': 'started', 'api': 'started', u'openvpn_0': 'off', 'web': 'started', 'db_push': 'started', 'iptables_live': 'off', 'crl': 'off', 'user': 'off'}}
2014-04-21 15:00:57-0400 [-] Server Agent started
[root@vysh207 log]#
[root@vysh207 log]#
[root@vysh207 log]#
[root@vysh207 log]#

Salty_Peaks
@as54203.net

Salty_Peaks

Anon

Can you paste out "lsmod|grep ipt". I wonder if it's related to ipt_mangle being not loaded, this isn't trying to run iptables-restore with uid/gid 502/502 is it?
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

Here we go:

[root@vysh207 /]#
[root@vysh207 /]# lsmod | grep ipt
iptable_filter 36161 1
ip_tables 55457 1 iptable_filter
[root@vysh207 /]#
[root@vysh207 /]#
[root@vysh207 /]#

and here are the two users that the OpenVPN RPM put in place for me...

openvpn:x:501:501::/home/openvpn:/sbin/nologin
openvpn_as:x:502:502::/home/openvpn_as:/sbin/nologin
batsona

batsona to Salty_Peaks

Member

to Salty_Peaks
OK, will anyone smack me, if I've just run across this dependancy list, from the vendor's website? It was burried in the release-notes from 4-5 revisions ago.... I didn't see it down there...

bison-2.4.tar.bz2

boost_1_53_0.tar.gz

bridge-utils-jy-1.5.tar.gz

cyrus-sasl-2.1.26.tar.gz

flex-2.5.35.tar.bz2

libpcap-1.3.0.tar.gz

linet-1.0.tar.gz

lzo-2.06.tar.gz

m4-1.4.13.tar.bz2

MySQL-python-1.2.4b4.tar.gz

Nevow-0.10.0.tar.gz

openldap-2.4.35.tgz

openssl-1.0.1e.tar.gz

openvpn-2.3_as1.tar.gz

openvpn3.tar.gz

pcre-8.32.tar.gz

pycrypto-2.6.tar.gz

pyOpenSSL-0.10.tar.gz

pyovpnc-1.2.tar.gz

pyovpn.tgz

pyrad-1.1.tar.gz

Python-2.7.4.tgz

python-ldap-2.4.10.tar.gz

readline-6.2.tar.gz

setuptools-0.6c11.tar.gz

snappy-1.1.0.tar.gz

SQLAlchemy-0.7.10.tar.gz

sqlite-autoconf-3071602.tar.gz

swig-2.0.9.tar.gz

tcl8.5.5-src.tar.gz

termcap-1.3.1.tar.gz

tidy-20090316.tar.gz

Twisted-9.0.0.tar.bz2

ucarp-1.5.2.tar.gz

uTidylib-0.2.tar.gz

zope.interface-3.3.0.tar.gz

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Yes, I will smack you! If you had used the rpm from your distribution it would have told you about missing dependencies. If you used yum to install, it would have pulled these in automatically. But even an ordinary rpm install would have told you about missing dependencies unless you forced installed it.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

OP here: Yes, my fault. And partly the fault of the vendor for burying the dependencies list away from customer eyes. I didn't force-install, I just did "rpm -i" then the RPM name. When I installed it, it looked like it was hung for ~20sec, but then a message popped up, "Congratulations, OpenVPN successfully installed!" No other messages about dependances etc etc... just BOOM, and it was installed with no feedback on the screen. EVeryone else who installs this same product is in the same boat. Lastly, I can't use the RHEL distribution of this product, since this is a version-upgrade, I need to stay with the distro from OpenVPN, because that's the distro we're using right now. I'll install the dependances & post later.

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Really, really sloppy RPM packager that builds a package without a 'requires' Tag in the spec. There is no excuse for that.
graysonf

graysonf to batsona

MVM

to batsona
said by batsona:

Lastly, I can't use the RHEL distribution of this product, since this is a version-upgrade, I need to stay with the distro from OpenVPN, because that's the distro we're using right now.

Are you saying there is no forward/backward compatibility among the various versions of OpenVPN? I find it difficult to imagine how anyone can inter-operate with others if this was true.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

I think the OpenVPN client behaves like the Juniper NetworkConnect client. When you log in, the version of your client is verified. If the server-side has been upgraded, then you're deemed 'behind' and an upgrade of the client is forced. Anyway, luckily, we only have 10 licensed seats, so it's easy to upgrade them all. --I worked at a place where we had 200 remote users, with 10% of them in Japan. --The version of the client stays in-sync with the version that the server requires.
batsona

batsona to graysonf

Member

to graysonf

Dependancy Chart
Wow.... I must not be using the best of mirrors.. Time to grab a Guinness, and give up... all the versions that are 'close', tell me that this RPM probably is designed for CentOS6, even though the website says it works on CentOS5. Yikes.

Oh yea, I just sat down and did "yum install xxxxxxx" on every single one of these....

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Give an example of the exact yum command you have tried.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

OP here: For example, when updating 'snappy-1.1.0.tar.gz' I would issue, "yum install snappy". For 'setuptools-0.6c11.tar.gz', I would issue, "yum install setuptools".

Ive been thru this before, where an RPM I want to install needs some addn'l RPMs as dependancies, and then THOSE rpm's need other dependant RPMs installed.. etc etc....

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Yum is able to resolve dependencies and pull those in automatically. You will be notified of additional packages needed to be installed and you have to approve that choice unless you have waived interaction.

But if you are installing a RPM using thr rpm command, then you need either all the required dependency rpm packages already installed or already downloaded and located in the same directory as the rpm you are trying to install.

You can also install multiple packages at once:

yum install snappy setuptools another-package yet-another-package

Or rpm -Uvh some.rpm some-other.rpm yet-another.rpm

One problem you have is you are trying to gather dependencies for a non-CentOS package using CentOS or CentOS related repositories. Expecting this to "just work" is not reasonable.

You could attempt to compile and install the package yourself from source code, but you will still have to resolve dependencies yourself.

As I said in a previous post, if someone builds a RPM package and didn't include a full and complete Requirements Tag, it's sloppy and will lead to the types of problems you are experiencing.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

OP here: I ran the RPM command which is supposed to spit out all the dependancies, but the list didn't look anything like what I pulled from the vendor's website. I'm guessing looking at the dependancies this way, requires them to be already written into the RPM files' Requirements tag, and this info will be incomplete & faulty. I might send a polite email to the vendor and ask them to have the developers take their heads out of their a$$es....

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

I have already mentioned the significance of a missing or improper Requirements Tag.

Salty_Peaks
@as54203.net

Salty_Peaks to batsona

Anon

to batsona
said by batsona:

I might send a polite email to the vendor and ask them to have the developers take their heads out of their a$$es....

+1, either this is an enterprise quality application designed for the enterprise or it's not even an application worthy of a SOHO environment cobbled together by developers who have little to no understanding of proper dependency chains and RPM creation. Based on your information, I wouldn't want this in the enterprise.