Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN automated installer - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN automated installer

2456710

Comments

  • @Nyr

    root@server:~# dpkg --get-selections | grep openvpn
    root@server:~#
    root@server:~#
    root@server:/usr/share/doc/openvpn# ls

    COPYING README README.auth-pam README.polarssl
    COPYRIGHT.GPL README.IPv6 README.down-root management-notes.txt

  • NyrNyr Community Contributor, Veteran

    @user123 did you try to install OpenVPN on that system before, by other means? Maybe compiling from the sources?

    You have some files present which aren't available on the Debían packages, so that's the only explanation I have for that.

  • user123user123 Member
    edited August 2013

    @Nyr It's possible, but as far as I recall, I had reinstalled the OS template after my last OpenVPN installation attempt failed (as it always does). No OpenVPN daemons are running, if that makes any difference.

  • NyrNyr Community Contributor, Veteran

    @user123 you definitely have trails of a failed installation. If you run the script on a clean container it will work.

  • @Nyr I will reinstall the OS now and then run your script after updating and upgrading the OS

  • user123user123 Member
    edited August 2013

    @Nyr It installed properly after the OS reinstallation, but I notice that the client config is not set to push all traffic through the VPN (although, the connection log receives the server-side command "PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 129.250.35.250,dhcp-option DNS 74.82.42.42,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'") and that it is also not configured to use a good cipher (the connection log looks like BF-CBC is being used) for the connection (AES-256-CBC would be preferable). What is the best way to make the client use AES-256-CBC and also force routing all data through the VPN?

    ETA: https://www.dnsleaktest.com/ shows some overlapping DNS servers from my local ISP in the mix, though my IP and the VPS IP are (obviously) with different ISPs and different parts of the country.

    ETA2: I updated the client config (without changing the server config) to connect with the AES-256-CBC cipher and it does connect to the server, but I have no internet when connected to the VPN.

  • NyrNyr Community Contributor, Veteran

    @user123 said:
    Nyr It installed properly after the OS reinstallation, but I notice that the client config is not set to push all traffic through the VPN (although, the connection log receives the server-side command "PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 129.250.35.250,dhcp-option DNS 74.82.42.42,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'") and that it is also not configured to use a good cipher (the connection log looks like BF-CBC is being used) for the connection (AES-256-CBC would be preferable). What is the best way to make the client use AES-256-CBC and also force routing all data through the VPN?

    ETA: https://www.dnsleaktest.com/ shows some overlapping DNS servers from my local ISP in the mix, though my IP and the VPS IP are (obviously) with different ISPs and different parts of the country.

    ETA2: I updated the client config (without changing the server config) to connect with the AES-256-CBC cipher and it does connect to the server, but I have no internet when connected to the VPN.

    Try to run the OpenVPN client as an administrator if you are on Windows.
    I don't think Blowfish CBC is a weak cipher.

    without changing the server config

    Then there's your problem, read the OpenVPN man.

  • @Nyr thanks :) I already had the OpenVPN client set to run as Administrator by default. Whenever I've edited the server config before, I break something. But, it looks like it works now. I also added a couple more DNS to my server config. Btw, I love that your script also offers to set up a daemon on port 53 as a routine thing.

    Now, to just figure out how to insert the certificates and key inline into the .ovpn file and have it actually work (already tried manually doing the <> thing like I read about, but get an error about loading inline certificate even though I follow the standard syntax).

  • @user123 said:
    Now, to just figure out how to insert the certificates and key inline into the .ovpn file and have it actually work (already tried manually doing the <> thing like I read about, but get an error about loading inline certificate even though I follow the standard syntax).

    I am not familair with this script/installer specifics but it seems like all you need to do is to is to enter proper file names into .ovpn file

    ca ca.crt
    cert user1.crt
    key user1.key

    ...and all four files (including .ovpn config) move into "config" dir at your local machine. All 3 files above can be renamed whatever you want just make sure to keep proper extensions and enter proper filenames into .ovpn file

  • NyrNyr Community Contributor, Veteran

    @Spirit said:
    I am not familair with this script/installer specifics but it seems like all you need to do is to is to enter proper file names into .ovpn file

    If I understand, what he wants is to have is a single .ovpn file with the config, certs and key included. That's possible, but I don't remember the sintaxis for that. Google can help for sure.

  • @Nyr said:
    If I understand, what he wants is to have is a single .ovpn file with the config, certs and key included. That's possible, but I don't remember the sintaxis for that. Google can help for sure.

    Yeah, that's what I'm trying to do. I am following the syntax, but keep getting that "inline" error.

  • NyrNyr Community Contributor, Veteran

    @user123 not all OpenVPN clients are compatible with inline certs and keys. That could maybe be the case.

  • @user123 have you tried remove
    cert user1.crt
    key user1.key
    in your .ovpn?

  • Great little script, thanks.

  • @Nyr said:
    user123 not all OpenVPN clients are compatible with inline certs and keys. That could maybe be the case.

    That's probably true, but the ovpn file from another VPS I have running OpenVPN AS uses the inline syntax and I can connect from the same computer just fine.

    @madfish said:
    user123 have you tried remove
    cert user1.crt
    key user1.key
    in your .ovpn?

    Yup, I removed those three lines before adding the inline stuff.

  • Hi @Nyr, off-topic :-) are you familiar with installing/configuring strongswan for IKEv2 type of VPN (server side)? this is for the blackberry e.g Z10

  • NyrNyr Community Contributor, Veteran

    @yaochengyaocheng never did that.

  • @Nyr it's OK. thanks for reply!

  • @Nyr Thanks man it was very helpful

    But Is it possible to give clients a static IP?
    and How can I see online clients?

  • Well actually right now I was looking for a tutorial but I use centos xen vps I got from internet brothers south Korea the medium 1 Gig ram mentioned here centos

    http://www.internetbrothers.co.kr/webpromotion/english/vps-in-korea.html

    IT is not debian and they do not give debian OS

  • NyrNyr Community Contributor, Veteran

    @Godlovesyou they don't provide Debian? That's strange.

    For CentOS you will need to do a manual installation, use a search engine for directions.

  • Thanks for sharing!

  • i used your installer

    traffic is still passing through my own ip and not the vpn

  • NyrNyr Community Contributor, Veteran

    @enitan092 said:
    i used your installer

    traffic is still passing through my own ip and not the vpn

    If using the client on Windows, run as administrator. If problem persists, paste client connection log.

  • @Nyr said:
    If using the client on Windows, run as administrator. If problem persists, paste client connection log.

    Thanks alot..

    Running as admin did it.

  • Sorry for the bump, but this bash installer is amazing..
    Thank you @Nyr

    Thanked by 1Nyr
  • almost a year

  • NyrNyr Community Contributor, Veteran

    Haha, thanks. I kept updating it and I am very happy about it even when it's only a little project, specially when it seems to be useful to many people :)

    Thanked by 2mohsengham Amitz
  • Great script!!!
    I changed and added some settings in server.conf but new ovpn files have the default options so I have to edit new generated files. How can I change the way script makes new files?

  • Used it on 20+ vps's (especially the lowendspirit function is great), aaaaaawesome script!!!

    Thanked by 1Nyr
Sign In or Register to comment.