New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@Nyr
COPYING README README.auth-pam README.polarssl
COPYRIGHT.GPL README.IPv6 README.down-root management-notes.txt
@user123 did you try to install OpenVPN on that system before, by other means? Maybe compiling from the sources?
You have some files present which aren't available on the Debían packages, so that's the only explanation I have for that.
@Nyr It's possible, but as far as I recall, I had reinstalled the OS template after my last OpenVPN installation attempt failed (as it always does). No OpenVPN daemons are running, if that makes any difference.
@user123 you definitely have trails of a failed installation. If you run the script on a clean container it will work.
@Nyr I will reinstall the OS now and then run your script after updating and upgrading the OS
@Nyr It installed properly after the OS reinstallation, but I notice that the client config is not set to push all traffic through the VPN (although, the connection log receives the server-side command "PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 129.250.35.250,dhcp-option DNS 74.82.42.42,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'") and that it is also not configured to use a good cipher (the connection log looks like BF-CBC is being used) for the connection (AES-256-CBC would be preferable). What is the best way to make the client use AES-256-CBC and also force routing all data through the VPN?
ETA: https://www.dnsleaktest.com/ shows some overlapping DNS servers from my local ISP in the mix, though my IP and the VPS IP are (obviously) with different ISPs and different parts of the country.
ETA2: I updated the client config (without changing the server config) to connect with the AES-256-CBC cipher and it does connect to the server, but I have no internet when connected to the VPN.
Try to run the OpenVPN client as an administrator if you are on Windows.
I don't think Blowfish CBC is a weak cipher.
Then there's your problem, read the OpenVPN man.
@Nyr thanks I already had the OpenVPN client set to run as Administrator by default. Whenever I've edited the server config before, I break something. But, it looks like it works now. I also added a couple more DNS to my server config. Btw, I love that your script also offers to set up a daemon on port 53 as a routine thing.
Now, to just figure out how to insert the certificates and key inline into the .ovpn file and have it actually work (already tried manually doing the <> thing like I read about, but get an error about loading inline certificate even though I follow the standard syntax).
I am not familair with this script/installer specifics but it seems like all you need to do is to is to enter proper file names into .ovpn file
...and all four files (including .ovpn config) move into "config" dir at your local machine. All 3 files above can be renamed whatever you want just make sure to keep proper extensions and enter proper filenames into .ovpn file
If I understand, what he wants is to have is a single .ovpn file with the config, certs and key included. That's possible, but I don't remember the sintaxis for that. Google can help for sure.
Yeah, that's what I'm trying to do. I am following the syntax, but keep getting that "inline" error.
@user123 not all OpenVPN clients are compatible with inline certs and keys. That could maybe be the case.
@user123 have you tried remove
cert user1.crt
key user1.key
in your .ovpn?
Great little script, thanks.
That's probably true, but the ovpn file from another VPS I have running OpenVPN AS uses the inline syntax and I can connect from the same computer just fine.
Yup, I removed those three lines before adding the inline stuff.
Hi @Nyr, off-topic :-) are you familiar with installing/configuring strongswan for IKEv2 type of VPN (server side)? this is for the blackberry e.g Z10
@yaochengyaocheng never did that.
@Nyr it's OK. thanks for reply!
@Nyr Thanks man it was very helpful
But Is it possible to give clients a static IP?
and How can I see online clients?
Well actually right now I was looking for a tutorial but I use centos xen vps I got from internet brothers south Korea the medium 1 Gig ram mentioned here centos
http://www.internetbrothers.co.kr/webpromotion/english/vps-in-korea.html
IT is not debian and they do not give debian OS
@Godlovesyou they don't provide Debian? That's strange.
For CentOS you will need to do a manual installation, use a search engine for directions.
Thanks for sharing!
i used your installer
traffic is still passing through my own ip and not the vpn
If using the client on Windows, run as administrator. If problem persists, paste client connection log.
Thanks alot..
Running as admin did it.
Sorry for the bump, but this bash installer is amazing..
Thank you @Nyr
almost a year
Haha, thanks. I kept updating it and I am very happy about it even when it's only a little project, specially when it seems to be useful to many people
Great script!!!
I changed and added some settings in server.conf but new ovpn files have the default options so I have to edit new generated files. How can I change the way script makes new files?
Used it on 20+ vps's (especially the lowendspirit function is great), aaaaaawesome script!!!