tap0 not being created, whats wrong?

[Xander]

Alright so I got my interceptor hooked up to one of the computers on my network (running ubuntu). Now, I also have an ubuntu virtual machine running on my mac which will be picking up the traffic. I followed all the steps at hak5.org/interceptor and am able to successfully ping 10.255.255.254 and also am able to ssh into it as root. However, once I execute startup.sh on the VM it doesn't create the tap0 interface! I have OpenVPN installed and everything. Here's the output of the startup.sh execution:

alexander@ubuntu:~/interceptor$ sudo ./startup.sh 
[sudo] password for alexander: 
Starting vpn server
Sat Dec  5 23:53:46 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar  9 2009
Sat Dec  5 23:53:46 2009 Cannot open ~/interceptor/dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file
Sat Dec  5 23:53:46 2009 Exiting
Giving server chance to start
Starting remote services
The authenticity of host '10.255.255.254 (10.255.255.254)' can't be established.
RSA key fingerprint is d4:22:c4:cb:d5:52:83:d4:7b:18:c1:8c:ae:05:73:22.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.255.255.254' (RSA) to the list of known hosts.
root@10.255.255.254's password: 
Sat Dec  5 23:53:00 UTC 2009
Sat Dec  5 23:53:02 2009 OpenVPN 2.0.9 mips-linux [SSL] [LZO] built on Feb  2 2009
Sat Dec  5 23:53:02 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Dec  5 23:53:02 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Dec  5 23:53:02 2009 WARNING: file '/interceptor/openvpn/client/client1.key' is group or others accessible
Sat Dec  5 23:53:02 2009 LZO compression initialized
Sat Dec  5 23:53:02 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Dec  5 23:53:02 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Dec  5 23:53:02 2009 Local Options hash (VER=V4): 'd79ca330'
Sat Dec  5 23:53:02 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Dec  5 23:53:02 2009 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Dec  5 23:53:02 2009 UDPv4 link local: [undef]
Sat Dec  5 23:53:02 2009 UDPv4 link remote: 10.255.255.253:1194
Sat Dec  5 23:53:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec  5 23:53:05 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec  5 23:53:06 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec  5 23:53:09 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
[-] Daemon mode set
[-] Interface set to br-lan
[-] Log filename set to "daemonlogger.pcap"
[-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"
[-] Pidpath configured to "/var/run"
[-] Rollover size set to 2147483648 bytes
[-] Rollover time configured for 0 seconds
[-] Pruning behavior set to oldest IN DIRECTORY

-*> DaemonLogger <*-
Version 1.2.1
By Martin Roesch
(C) Copyright 2006-2007 Sourcefire Inc., All rights reserved

Any idea why this is? Thanks in advance!!

[digininja]

The answer is in your post:

Sat Dec  5 23:53:46 2009 Cannot open ~/interceptor/dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file

you need to make sure this file is in the correct place.

[Xander]

The answer is in your post:

Sat Dec  5 23:53:46 2009 Cannot open ~/interceptor/dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file

you need to make sure this file is in the correct place.

Thanks, got it working. For some reason when the file locations in server.conf started with ~/ it didnt see them. So i manually put in their full address and it worked great!