New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Unfortunately no, since easy-rsa 3 is not compatible with the older versions.
You can however uninstall (using the old version of
openvpn-install.sh
) and then install the new version with easy-rsa 3 and all the improvements.I know this isn't ideal, but easy-rsa 3 breaks compatibility with the older version and there isn't much I could do.
It took me a while without reading openvpn docs how to make this work from windows 7. I'm writing this from a NY DO ip I think.
Will try this one on android.
Is it necessary to regenerate the client profiles or can I leave them unchanged after the update?
(Sorry if that question is stupid.)
New CA so you need to regenerate.
easy-rsa 3 breaks basically everything that easy-rsa 2 did so compatibility between the two isn't really gonna happen. For example, certificates generated with v3 don't include the legacy Netscape extensions which in v2 were used to authenticate the server.
You could do some short term workarounds but it would be a mess. For users who can't upgrade right now and have existing installations, it's all fine and v2 can still be used and is still secure.
For those setting up new servers, just get the newest version, which I think is a very nice upgrade with lots of cool features and very future-proof
@Nyr is this error normal?
I ran the script on a Debian 8 64 bit box from Dacentec (the el cheapo VPS, great for testing).
Yes, I will take a look at what code is generating this and maybe open an issue with easy-rsa but it appeared during my testing too and is 100 % at their side. The CRL is still created successfully so I assume this could be intended.
Will take a look later and report back.
Very nice script man +1
Thanks, it works nicely from home, too! Now, is it possible to increase its speed?
Speedof.me got me 430kbps down and 490kbps up speed as a test. Not complaining, just interested in details. Thank you.
@Nyr this is awesome! Thank you for update !!!!!!!!!! \o/
Thats weird, i use a vpn in New Jersey and i can easily reach speeds of 3mb/s while using popcorntime
http://www.lowendtalk.com/discussion/40099/why-openvpn-is-so-slow-cool-story
This fixed it for me, putting
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
into /etc/openvpn/server.conf
and then doing service openvpn restart and reconnecting to my vpn.
Now I get my max line speed through OpenVPN.
@Nyr,
I have just installed your updated script on one of the $10/y Dacentec VPS and it works just as great as its predecessor. Wonderful, thank you very much! Your script has made my OpenVPN life sooo much easier, I am really grateful for this!
Is there any way to buy you a virtual drink?
A Paypal Donation possibly?
That would be really awesome!
Looking forward buying @Nyr a few beers!
Edit:
Found it! https://github.com/Nyr/openvpn-install a PayPal link right here: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L
Just donated:
Found it on your About page! :-)
<-- QUOTE -->
If you want to show your appreciation, you can donate via PayPal or Bitcoin. Thanks!
<-- /QUOTE -->
I encourage everyone to show your appreciation NOW with a donation.
@Nyr: Enjoy the drink(s)!
This is usually due to network conditions (bad connectivity between you and your server) or due to a CPU bootleneck (if you are on some overloaded VPS node for example). Not much you can do about it, unfortunately. The approach pointed by @JoeMerit can help in certain circumstances too.
@Amitz @joodle thank you very much guys! I'm really glad it's helpful to many people, way more than what I expected when I first published the initial version and that's when I've continued maintaining/improving it over the years
For anyone curious: the main branch is currently sitting at some thousands of installs each month, which at least for me and a project like this seems like a lot. Thank you guys for all the love.
Well, you don't get love from my part, but a big thanks only. Enjoy love from women, not some lowendguys.
I've got this openvpn running on my new kidechire. It's good value for money, storage and learning wise. Thanks.
Regarding speed problems, it might be that speedof.me tester isn't really up to the task. I don't use flash, so I'm not going to use ookla or what http://www.speedtest.net/. Anyway, the speed is very good, so far very usable even on android. It was a bit slow at first on O2 3G network, but it works.
Openvpn gui for windows works a bit strange sometimes. I've just noticed if I set it up properly, the whole pc uses my vpn, from outlook to rdp to firefox. Gmail doesn't like you logging in from a different geo ip .
Gmail doesn't give two fucks, I log in from lots of different places. It'll warn you the first couple of times, but then it's all cool.
Interesting. I always lose gmail accounts from being locked out. That's why I stopped using gmail plus I don't really love the idea of them scanning my emails for advertising.
Gmail has it's benefits, just so long as you're aware of the negatives it's nothing to avoid.
Yeah true in my case as well. Google has forced me to change my password several times due to this. -_-
Well, sometimes they're fine if you are logging in from home(say broadbrand provider 1) and use gmail from your phone(phonenet provider 2). They obviously won't block you for having a changing ip on your ip while travelling.
They are mostly fine from my observation if you live in the North of your country and use a different IP from a different city for example from down south of your country.
But hell yeah they love blocking people if you login from a different country for the first time. I'm in UK, they blocked my account for trying out openvpn on a online.net IP in France.
Do you guys use 2FA with Gmail? I do, maybe that's the difference?
No, most of my gmail accounts are throwaway ones.
I stopped using hotmail, gmail, facebook, paypal (mostly) and a few other things because they kept locking me out. It's like they have never travelled and used wifi at an airport.
@GM2015
Found the issue
Debian-based systems and generate certs/config automagically.
Any plan to add centos compatibility to this?
CenOS support was added some time ago and it's working great
I havn't use this script yet, I will. But beofre I want to knowfew question:
1. If I use port 53 instead of 1194 then will it use DNS Tunnel Mode? Or should I change something else to make it work with DNS mode?
2. How can I change manually port later?
3. Is there any way I can setup VPN server on my windows VPS's?
Most prolly. I don't use 2FA, my Gmail account isn't my main email anyway.
Just to keep things on topic: thanks @Nyr for the script, using it on 3 VPSs.
Awesome work @Nyr, i have been using this script for a while now on my dedis and VPS's
i would really want for this to work on openWRT as well, as im always having troubles setting up openvpn there... ill give you a case of beers if someone gets that working