Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

OpenVPN Community Software Auto Installer for CentOS 5 & 6, Debian 6, and Ubuntu 10.10

OpenVPN Community Software Auto Installer for CentOS 5 & 6, Debian 6, and Ubuntu 10.10

regolithmediaregolithmedia Member, Provider
edited November 2012 in Tutorials

image Hi guys,

As the title says, i created OpenVPN Community Software Auto Installer for CentOS 5 & 6, Debian 6, and Ubuntu 10.10.

** Source** http://openvpn.net/index.php/open-source.html Download #wget http://repo.regolithmedia.co.id/ovpn_regolithmedia.zip Install #unzip ovpn_regolithmedia.zip #chmod +x ovpn.sh

image

After installation process on server is completed, please download and install OpenVPN for Windows http://openvpn.net/index.php/open-source/downloads.html or http://repo.regolithmedia.co.id/ovpn/openvpn-2.2.2-install.exe

and then download config.zip inside your server's "/root" directory, extract the files 1194-udp.ovpn dan ca.crt into the OpenVPN config folder Windows, and then run the OpenVPN with username / password you entered in the installation. For Windows 7 don't forget to "Run as Administrator"

Add config / port Copy config / port default 1194 udp at folder "/etc/openvpn" with the new name, for example we want to create new config with port 443 tcp. #cp /etc/openvpn/1194-udp.conf /etc/openvpn/443-tcp.conf Edit the new copied config, you can use nano, pico, vi, or any editor you like. #nano /etc/openvpn/443-tcp.conf Change the following lines port 1194 proto udp

to

port 443 proto tcp and then the following lines server 10.2.3.0 255.255.255.0 status 1194-udp.log

to (for example)

server 10.2.4.0 255.255.255.0 >> you have to differentiate the subnet for local ip assignment in each port and protocol configuration, and so on. status 443-tcp.log after that, run the openvpn with new config #openvpn /etc/openvpn/443-tcp.conf & #bg #iptables -t nat -A POSTROUTING -s 10.2.4.0/24 -j SNAT --to Your_Ip_address

image OpenVPN success status message with the new config is "Initialization Sequence Completed",other than that means error, check whether your choosen port is already used by another apps.

the last, create configuration for Windows, just like the existing 1194 configuration, just change the port and protocol in the following lines proto udp remote Your_ip_address 1194

to

proto tcp remote Your_ip_address 443

You may already know the difference between tcp and udp port, mainly i use tcp if my internet connection must through proxy / can be used with proxy, for details about tcp / udp you can do Googling. Last words, if there's any error or suggestion, please post here so we can discuss and learn it together, thank you. :D

Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

Thanked by 3roykem gladwinn Pwner
«1

Comments

  • Nice tutorial mas bro :)

  • Is there a reason you're compiling OpenVPN as opposed to using the packages in each distro's repositories? Why is the source code being downloaded from your server instead of OpenVPN's own servers? How can I verify that the source code you're distributing is the original source code?

  • regolithmediaregolithmedia Member, Provider

    @NickM said: Is there a reason you're compiling OpenVPN as opposed to using the packages in each distro's repositories? Why is the source code being downloaded from your server instead of OpenVPN's own servers? How can I verify that the source code you're distributing is the original source code?

    Hi, I prefer compiling OpenVPN from source so i can keep the package up to date and using the original source from OpenVPN.net.

    About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.

    If you need to verify the source code, you can check with MD5 checksum checker.

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • Does it support PAM Authentication already?

    I'm Good!

  • regolithmediaregolithmedia Member, Provider

    yes it is using PAM authentication

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • i have a question:

    what if i want to use the same subnet for udp and tcp?

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • Will test this on my server soon :) Script looks nice

  • regolithmediaregolithmedia Member, Provider
    edited November 2012

    @cosmicgate said: i have a question: what if i want to use the same subnet for udp and tcp?

    One of your OpenVPN config will not gonna work mate.

    @joodle said: Will test this on my server soon :) Script looks nice

    Thanks mate :D

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • Cool script but

    @regolithmedia said: About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.

    They are also a business Im not sure where you got that it is just some free software. But they are a legit business with many business clients doing business stuff.

  • regolithmediaregolithmedia Member, Provider

    @Spencer said: Cool script but

    @regolithmedia said: About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.
    

    They are also a business Im not sure where you got that it is just some free software. But they are a legit >business with many business clients doing business stuff.

    Yes they're also a business, but (imho) this OpenVPN is community software, and i just thought like that.

    Anyway can we get back to the topic? Other than discussing about why using my server for source code?

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • @regolithmedia said: Anyway can we get back to the topic? Other than discussing about why using my server for source code?

    It became the topic for a good reason....the feedback is that some people don't feel comfortable trusting arbitrary websites for software downloads (especially security software that runs as root)! I appreciate you want feedback on your script, but I suspect you would get more feedback if the openvpn software was pulled from the regular openvpn site...(as then peeps would use the script...)

    "Go cheap on rarely used things"

  • Yeah, Immediately after finding out that it pulled data from your servers than the OpenVPN Servers I just didn't like it.

    Catalyst Host - Pie Approved!
  • I did a checksum on his source code and openvpn source code and they are the same. So nice script very helpful. +1

  • IshaqIshaq Member, Provider
    edited November 2012

    Good idea. Nice job.

    [BudgetNode] DDoS Protected. 7 Locations (US/EU). Check out our latest offer!
  • Is the script configurable to use binaries already installed?

  • @craigb said: I suspect you would get more feedback if the openvpn software was pulled from the regular openvpn site

    Exactly this. Sorry if I turned the topic into something it shouldn't have been, but I was merely trying bring up legitimate concerns that I had. The script would be great if it pulled the source directly from OpenVPN's servers. I would actually really prefer for it to use the distro's repos, but I realize that that may not be an option for CentOS. Also, it can make supporting the script on multiple platforms difficult, since you're likely to end up with different versions of things installed, leading to potential conflicts.

    Overall, it's great for someone like me - I could set up OpenVPN myself, certainly, but I would likely get annoyed with the whole thing and just stop in the middle of configuring it.

    Oh, one last nit-pick. .zip? Really? For something meant to run on Linux?

  • @Raymii said: https://raymii.org/cms/p_IPSEC_L2TP_VPN_on_ubuntu_12.04

    Why did you paste your link here? No one asked for an IPSEC/L2TP VPN in this thread, and it's not even a script.... Just sick of others advertising off other peoples work.. (no offense)..

  • @NickM said: Oh, one last nit-pick. .zip? Really? For something meant to run on Linux?

    http://ompldr.org/vZ2VndA/ovpn_regolithmedia.rar

    Just to annoy you :)

  • What does it mean with this: TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Restart pause, 2 second(s)

    Anyone got the script works?

    I'm Good!

  • NickkNickk Member
    edited November 2012

    @David_P said: Why did you paste your link here?

    He's spammed it in a few threads. Mods don't seem to care at all.

  • regolithmediaregolithmedia Member, Provider
    edited November 2012

    @RoboCot said: Is the script configurable to use binaries already installed?

    yes it is, but maybe you should reconfigure the path.

    @NickM said: Oh, one last nit-pick. .zip? Really? For something meant to run on Linux?

    i just like the zip

    @Fritz said: What does it mean with this: TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Restart pause, 2 second(s) Anyone got the script works?

    i did, with dozens of vps :D

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • @regolithmedia Great contribution to the community. Thanks for that.

    As a suggestion: To help ease those who are ill at ease about your script pulling data from your server, maybe have the script pull the md5 sum from openvpn's site and have it do a compare as the first part of the process showing that it is indeed their package that you are using. Make sure its something that is pointed out to the end user, maybe ask them to hit enter to acknowledge and continue the install?

    Cheers!

    Have an Allwinner H3 device? Want Android? Check out H3Droid! | Lichee Pi Zero - The 6$ SBC
    18+ Years IT Experience in Linux/Windows Hosting and Administration

  • regolithmediaregolithmedia Member, Provider

    @TheLinuxBug said: @regolithmedia Great contribution to the community. Thanks for that.

    As a suggestion: To help ease those who are ill at ease about your script pulling data from your server, maybe have the script pull the md5 sum from openvpn's site and have it do a compare as the first part of the process showing that it is indeed their package that you are using. Make sure its something that is pointed out to the end user, maybe ask them to hit enter to acknowledge and continue the install?

    Cheers!

    Hello, thanks for your kind of word and support, that's a good idea, will do :D

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • @regolithmedia said: i did, with dozens of vps :D

    My box need to be tweaked then. Sent you a PM back.

    I'm Good!

  • bookmarked, gonna try tomorrow

    lurker

  • @regolithmedia About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.

    Our servers are not some shoddy public service, they are operated by the company and do not randomly go down or get errors sometimes...... How can people expect your server to be up for 24/7 but ours not to?

  • Hi Andrew, its been a while since the last time you come here :) Welcome back

  • regolithmediaregolithmedia Member, Provider

    @andrewopenvpn said: Our servers are not some shoddy public service, they are operated by the company and do not randomly go down or get errors sometimes...... How can people expect your server to be up for 24/7 but ours not to?

    i don't think openvpn server are some shoddy public service. but i think the best server can get error, down, and slow sometimes if there is too many concurrent connection, i just thought, i can place the file in my server with less user access and it can lighten the public server work too :D

    i think it's just matter of preference, there are some people that feel most comfortable download from original source. but in my case, my developer is feel most comfortable if using file in my server. so, in this script I'm using same mirror as my developer.

    I'm sorry if there are my word that offend you or the other member, i don't intend offending any member or organization

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • Possibly give the user the choice of the download location as part of the installation process?

  • FritzFritz Member
    edited November 2012

    If you are not sure with the source (for lzo and openvpn), you can install openvpn and its dependencies using either aptitude / apt-get.

    I'm Good!

  • bamnbamn Disabled

    @regolithmedia said: Anyway can we get back to the topic? Other than discussing about why using my server for source code?

    Thread successfully hijacked. Welcome to Low End Box.

  • bamnbamn Disabled
    edited November 2012

    @regolithmedia said: i think it's just matter of preference, there are some people that feel most comfortable download from original source. but in my case, my developer is feel most comfortable if using file in my server. so, in this script I'm using same mirror as my developer.

    Offer the option of downloading from official OpenVPN mirrors or from you, if the mirror is down.

    Problem solved. Everybody remove and recycle your tin foil hats.

  • THREAD UN-DERAIL: go go go go !!

    Nice script. Any reason to use it on one distro versus another?

  • regolithmediaregolithmedia Member, Provider

    @Damian said: THREAD UN-DERAIL: go go go go !!

    Nice script. Any reason to use it on one distro versus another?

    Thank you. I just thought that more distros, more options.

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • Generating RSA private key, 1024 bit long modulus .........................++++++ ...............................++++++ e is 65537 (0x10001) Signature ok subject=/C=us/ST=tx/L=dallas/CN=server Getting CA Private Key bg: 342: job (null) not created under job control Mon Nov 26 08:36:41 2012 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [e urephia] built on Nov 26 2012 Mon Nov 26 08:36:41 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig her to call user-defined scripts or executables Mon Nov 26 08:36:41 2012 PLUGIN_INIT: POST /usr/lib/openvpn-auth-pam.so '[/usr/l ib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VE RIFY Mon Nov 26 08:36:41 2012 Cannot open /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem f or DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file Mon Nov 26 08:36:41 2012 Exiting cp: cannot stat `/etc/openvpn/easy-rsa/2.0/keys/ca.crt': No such file or directo ry zip warning: name not matched: ca.crt

    How can I reslove the promble,thanks.

  • regolithmediaregolithmedia Member, Provider
    edited November 2012

    @challengeke said: Generating RSA private key, 1024 bit long modulus .........................++++++ ...............................++++++ e is 65537 (0x10001) Signature ok subject=/C=us/ST=tx/L=dallas/CN=server Getting CA Private Key bg: 342: job (null) not created under job control Mon Nov 26 08:36:41 2012 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [e urephia] built on Nov 26 2012 Mon Nov 26 08:36:41 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig her to call user-defined scripts or executables Mon Nov 26 08:36:41 2012 PLUGIN_INIT: POST /usr/lib/openvpn-auth-pam.so '[/usr/l ib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VE RIFY Mon Nov 26 08:36:41 2012 Cannot open /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem f or DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file Mon Nov 26 08:36:41 2012 Exiting cp: cannot stat `/etc/openvpn/easy-rsa/2.0/keys/ca.crt': No such file or directo ry zip warning: name not matched: ca.crt

    How can I reslove the promble,thanks.

    What OS do you use? Is it fresh? Check your box repository /etc/yum.repos.d or /etc/apt, mostly error because of that.

    Regolithmedia.com Since 2010 | Shared Hosting | Premium Cloud VPS | Premium SSD VPS | SSL Certificate | Domain | R1Soft, SNI, Litespeed, Cloudlinux, Http/2 and many more features

  • Another great tutorial highlights of the Indonesian :D

  • Thanks works great, was just what I was looking for!

  • @challengeke said: cp: cannot stat `/etc/openvpn/easy-rsa/2.0/keys/ca.crt': No such file or directo ry

    Try to go to that directory. Do you see any files like .crt / .key ? If it's hard to use ssh, try use Btivise Tunnelier, we can see / browse the directory

  • Newbie here...I have installed the OpenVPN on a Debian OS and enabled TUN as well. I followed above directions including making the tcp config file. The IPTABLES command runs fine with no errors. I can also connect with OpenVPN on Windows 8 desktop using the udp or tcp config connection.

    However I cannot browse any internet sites when OpenVPN is active on any of my Win 8 browsers.

    Should I be using UDP or TCP connection for browsing the web using my VPS server IP?

    Any config/suggestions how to get browse the web using OpenVPN from Win 8?

    Appreciate any assistance.

  • @gillybert said: However I cannot browse any internet sites when OpenVPN is active on any of my Win 8 browsers.

    That's probably an issue in the config on the server side (I think). It should have a setting in server.conf (or whichever) that allows for the network to pass through it. I'm sure @regolithmedia probably can talk more into it (because I'm too lazy to look up the exact line right now) but yeah.

    Catalyst Host - Pie Approved!
  • Any ideas on my question above on why I cannot browse on my desktop once I have VPN up? Still stuck.

  • @gillybert: you probably forgot the masquerade/snat to in iptables. The vpn traffic have no idea where to go when you request a website.

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • Have you try this?

     #iptables -t nat -A POSTROUTING -s 10.2.4.0/24 -j SNAT --to Your_Ip_address
    

    and this :

    # echo 1 > /proc/sys/net/ipv4/ip_forward

    or this? :)

    http://www.erawanarifnugroho.com/2012/10/21/watching-movies-in-hulu-com-by-using-openvpn.html

  • Thanks for the help...let me try the iptables nat again...I tried before but still didn't work but let me try fresh again.

  • budingyunbudingyun Member
    edited December 2012

    @gillybert said: Any ideas on my question above on why I cannot browse on my desktop once I have VPN up? Still stuck.

    If using csf try do this:

    vi /etc/csf/csfpre.sh
    
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to SERVER_IP
    
    :wq
    
    service csf restart
    
  • Thanks for the recent help on my issue where I could not browse any internet sites when OpenVPN is active on any of my Win 8 browsers.

    For learning purpose here was the issue. I tried OpenVPN on my Vista desktop with same OpenVPN 2.2.2, same config files and cert I was using on my Win 8 desktop and everything worked! I also tried same config / cert on my Android Samsung S2 and VPN worked perfectly.

    So looks like the issue is between Windows 8 TAP adapter and Open VPN 2.2.2. Since Windows 8 is new there may be a bug/issue in Win8 TAP adapter implementation. I will update thread if I find the resolution.

  • OK Update on my above problem running OpenVPN client on Windows 8. I changed the properties of the OpenVPN exe to run in Windows 7 compatible mode (also need Run as Administrator checked) and now I can access the Internet via a Win8 desktop.

  • I used these instructions and it worked a treat, but i have two questions:

    1. Will this install so that openvpn runs at startup ?
    2. How can i create a user that doesn't need a password to login ?

    Thanks

    Nik

Sign In or Register to comment.