New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Not sure what do you mean by "DNS Tunnel Mode". If you select port 53, it will use port 53, end of the story. The traffic will not look like DNS if that's what you are wondering, but UDP on 53 will still bypass some firewalls/cautive portals.
Edit both server.conf and client.ovpn.
Yes - not with this script.
Take a look at this: http://pastebin.com/BUsVTmKT
Fork of an old version submitted by someone called "Cypriot". Not supported by me, never tested/looked at either, but better than nothing I suppose.
Thank you @Nyr Such a nice script, It was easy to setup. Is there any way I can make it password protected? And do you know if storage is important for VPN? I used to download large files over VPN. One more question, what minimum spec (ram/cpu/core/storage) do you recommended for using VPN and is there any benefit with SSD for VPN?
Not with this script.
No, only network and CPU.
RAM and storage doesn't matter.
Not at all.
In a future release maybe? Or rather never?
I would say never. Certificate authorization is way more secure than passwords, easier to implement and to develop to clients (since you need the .ovpn anyway).
Edit: I did this very quick implementation using PAM. Not production ready, just did it to fill a request: https://gist.github.com/Nyr/01717d9cf5db045e9520
I thought there was a way to use OVPN with certificate+password authorization. This is what I was referring to. However, I like the "pure" certificate authorization method. It would just have been a nice add-on feature, given that this way of authorization even exists with OVPN. I am indeed confused now and not sure whether I mix things. Will have to do some reading now.
I am not sure about that. Most likely you can't use both, never checked. But for sure you can set a password for your certificate, if that's enough.
This is exactly what I meant. Sorry for being so fuzzy.
Then it's easy!
Just look at lines 84 and 217. If you remove
nopass, it will simply ask for one during creationCool ill take a look, so far it got stuck at tun/tap, but thats not really a thing that should be needed as a "module" in openwrt.. ill see where this gets stuck
@GM2015 believes that Google does not associate those "throwaway accounts" with his true identity. :-p
I've got no idea what you're talking about. Plus, I'm not one for them to worry about either.
+1 for CentOS
Already mentioned it: I can't edit the first post, but CentOS has been supported for some time already and it's working good
Thank you for all previous answer. One more thing, can you please look at this openvpn config from vpnbook http://paste.ubuntu.com/12421557/ and do you know how to setup like this?
What exactly you want like that? It's a pretty standard config...
did you mean udp 53? something like "vpn over dns" ???
Select the option "do you want to run openvpn on port 53" while installing and then just change the port in the .ovpn to 53 and you have the same config like vpnbook.
Option removed now, he can just simply use port 53 when asked in the first step
@shell Yes/maybe, I need what vpnbook.com do use to make their vpn!
@ankittulsian I didn't get this option in current version of this script.
@Nyr Can I get the old script that prompted for udp 53?
According to the config file, they don't do anything special.
You can from the commit history but it's not needed since you can use port 53 anyway.
Nice Nyr.Your script has made my life easy. I can test different configs and even if I mess up anything I can simply uninstall the script and reuse it.
Thank you once again.
This is a silly question, but how can I install a linux gui on debian jessie desktop at home? Or what do I need to use these certificates? Windows was easier, debian docs aren't exactly forthcoming on linux.
You can just install OpenVPN and run
openvpn client.ovpn. No idea about desktop GUIs on Linux, sorry.Thanks! That can be easily scripted.
Can OpenVPN be used to tunnel a /64 (or larger) IPv6 subnet, not just one IP?
Thanks for making things easier for the rest of us. I hope one day you can make ipv6 version of it
Yes, in fact that's the proper way to do it. Just not with this script at this time.
I will add IPv6 support as soon as ISP deployments become more mature (so not really soon, to be honest). OpenVZ/SolusVM support for routed subnets (or lack of) plays an important factor too.
It seems asuswrt-merlin / asuswrt does not support comp-lzo
I also had to remove it from openvpn server.conf file to make it work.
Can we make it run faster somehow? Router cpu maxes out at 8-10 mbit/sec speeds with default cipher