arthbkins
Posts: 5
Joined: Wed Mar 23, 2016 5:32 pm

Re: Automated OpenVPN Server Setup Script

Thu Mar 24, 2016 5:29 am

raztafari wrote:This guide worked for me to the point where i was going to connect.
Have made everything in the order requested of me.

The weird thing is that it connects to the server and now it's just saying "authenticating".... (It connects to my external ip address).

BUT when i change the ip address in the .ovpn file to the internal ip address (192.168.1.XXX of the server it connects straight away.

Have opened the port 1194 with udp.
And followed both guides on how to change the ip to static!
Even called and checked so that my ISP is not blocking anything.

Does anyone know what i can do?

Although thank you for the script!
I am in the same boat you are in! If I change the .ovpn key to point at the PI's static IP address (instead of my public IP address), then I can connect while on my home network. Which to me smells like it may be our router settings as we cannot reach the OPENVPN server from the outside yet the server is clearly up and running. I have an Apple airport extreme with:

- 'Router Mode' set to 'DHCP and NAT'

- The router assigns the PI (detected by its MAC address) a static iP of 10.0.1.2 which I know is working

- And UDP IPv4 port forwarding of port 1194 to the pi's static IP address (10.0.1.2).

That should be all good but something is not working. I may tell the script to revert itself another time and try again tomorrow night. If that fails I may try another fresh install of Raspian. I used Jesse this time but the OP mentions Jesse lite so I may try that next time.

Brewmaster9
Posts: 11
Joined: Thu Mar 03, 2016 11:11 am

Re: Automated OpenVPN Server Setup Script

Thu Mar 24, 2016 10:03 am

I also set up port triggering on my router. In addition the static IP of the Pi is reserved on the router, so nothing can steal it if the Pi isn't running. Don't forget to reboot after making changes.

raztafari
Posts: 3
Joined: Wed Mar 23, 2016 8:31 pm

Re: Automated OpenVPN Server Setup Script

Thu Mar 24, 2016 9:20 pm

Never mind, tried connecting from another network and now it's working!
I also activated Port Trigger with UDP 1194.
Going to try and turn that off and se if that makes any difference.

Thank so much for this awesome script!

arthbkins
Posts: 5
Joined: Wed Mar 23, 2016 5:32 pm

Re: Automated OpenVPN Server Setup Script

Thu Mar 24, 2016 11:26 pm

raztafari wrote:Never mind, tried connecting from another network and now it's working!
I also activated Port Trigger with UDP 1194.
Going to try and turn that off and se if that makes any difference.

Thank so much for this awesome script!
Congrats! I'm still stuck. The airport extreme doesn't have a separate setting for port triggering it just has port forwarding. What router are you using? I may try a different router.

Brewmaster9
Posts: 11
Joined: Thu Mar 03, 2016 11:11 am

Re: Automated OpenVPN Server Setup Script

Fri Mar 25, 2016 10:26 am

I'm using a plusnet Sagem Router. This router doesn't allow port triggering from normal settings screen, but does if you use expert mode. I found out this on the plusnet forum.

My Pi Vpnserver works great, but I had to ensure all the following steps were done.

Port triggering 1194

Port forward 1194 udp to Pi MAC (some routers use host name, but I found if more than 1 pi's on network my router got confused and screwed up associated MACS).

Reserved static IP on router, so it can't give it to another device.

On pi

Set static IP
Run script

You can try DMZ on router to check firewall isn't an issue, but turn back off to make sure you protected. Port 1194 shouldn't be an issue anyway......

cjdawson
Posts: 10
Joined: Fri Mar 25, 2016 6:15 pm

Re: Automated OpenVPN Server Setup Script

Fri Mar 25, 2016 6:28 pm

I've not looked at the script, however, I do know that most of the VPN Setup guides on the web are out of date. I'm working on a server for my home based on a PI 3 running Raspbian Jessie. Some of the things have changed since Wheezy which may be enough to break automated scripts.

Here's the post that I've put together for setting up OpenVPN.
http://blog.cjdawson.com/?p=331

If you are running a PI or PI2, you'll probably want to overclock the processor, I've skipped it as with the PI 3 you can't overclock anymore. Also I personally never liked over clocking my PI 1 or 2, so I skipped that bit completely.

If you also take a look around the blog, you'll see that I've been working on a bigger project that makes the VPN work much much nicer. My OpenVPN install is on a PI 3 that is also actiing as also performing DHCP, DNS and NTP. It's effectively offloaded most of the work from my router. I'm working on getting Active directory running on it as well, so that I can have a windows domain. I digress. For the OpenVPN if you look through the steps that I've laid out, hopefully you'll find the bit that was stopping your setup from working properly.

arthbkins
Posts: 5
Joined: Wed Mar 23, 2016 5:32 pm

Re: Automated OpenVPN Server Setup Script

Tue Mar 29, 2016 6:00 am

After more digging, I am still stumped. Here is what I am seeing:

- A UDP port scanner shows that port 1194 is successfully being forwarded to the PI. So looks like my router is successfully forwarding port 1194. This is the port scanner for others wanting to check: https://pentest-tools.com/network-vulne ... nline-nmap

- In my client config file, if I change the IP address to the local static IP of my Raspberry PI on my home network, then I can connect successfully on my home network. Which tells me that a lot is working (openvpn server, keys, etc).

- But, if I leave my IP set to my external IP address of my home, then I am unable to connect from any network and here is the debug log viscosity on my mac shows [I substituted my real IP with XX.XXX.XXX.XXX]:

Mar 28 21:37:23: Checking reachability status of connection...
Mar 28 21:37:23: Connection is reachable. Starting connection attempt.
Mar 28 21:37:23: OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 2 2016
Mar 28 21:37:23: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09
Mar 28 21:37:26: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 28 21:37:26: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.xYmHdA/ta.key' as a OpenVPN static key file
Mar 28 21:37:26: UDPv4 link local: [undef]
Mar 28 21:37:26: UDPv4 link remote: [AF_INET]XX.XXX.XXX.XXX:1194
Mar 28 21:38:26: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 28 21:38:26: TLS Error: TLS handshake failed
Mar 28 21:38:26: SIGUSR1[soft,tls-error] received, process restarting

I have followed all the tips in this thread on how to configure the PI and have started fresh a few times to be sure I didn’t miss anything. I have tried from multiple clients (iPhone, Mac) from multiple networks.

Here is my openvpn config file for reference:

local 10.0.1.201
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 10.0.1.201 255.255.255.0"
# Set your primary domain name server address to Google DNS 8.8.8.8
push "dhcp-option DNS 8.8.8.8"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
# This configuration file was originally written by Lauren Orsini at ReadWrite.

Any ideas would be much appreciated!

Brewmaster9
Posts: 11
Joined: Thu Mar 03, 2016 11:11 am

Re: Automated OpenVPN Server Setup Script

Wed Mar 30, 2016 8:41 am

arthbkins wrote:After more digging, I am still stumped. Here is what I am seeing:

- A UDP port scanner shows that port 1194 is successfully being forwarded to the PI. So looks like my router is successfully forwarding port 1194. This is the port scanner for others wanting to check: https://pentest-tools.com/network-vulne ... nline-nmap

- In my client config file, if I change the IP address to the local static IP of my Raspberry PI on my home network, then I can connect successfully on my home network. Which tells me that a lot is working (openvpn server, keys, etc).

- But, if I leave my IP set to my external IP address of my home, then I am unable to connect from any network and here is the debug log viscosity on my mac shows [I substituted my real IP with XX.XXX.XXX.XXX]:

Mar 28 21:37:23: Checking reachability status of connection...
Mar 28 21:37:23: Connection is reachable. Starting connection attempt.
Mar 28 21:37:23: OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 2 2016
Mar 28 21:37:23: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09
Mar 28 21:37:26: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 28 21:37:26: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.xYmHdA/ta.key' as a OpenVPN static key file
Mar 28 21:37:26: UDPv4 link local: [undef]
Mar 28 21:37:26: UDPv4 link remote: [AF_INET]XX.XXX.XXX.XXX:1194
Mar 28 21:38:26: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 28 21:38:26: TLS Error: TLS handshake failed
Mar 28 21:38:26: SIGUSR1[soft,tls-error] received, process restarting

I have followed all the tips in this thread on how to configure the PI and have started fresh a few times to be sure I didn’t miss anything. I have tried from multiple clients (iPhone, Mac) from multiple networks.

Here is my openvpn config file for reference:

local 10.0.1.201
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 10.0.1.201 255.255.255.0"
# Set your primary domain name server address to Google DNS 8.8.8.8
push "dhcp-option DNS 8.8.8.8"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
# This configuration file was originally written by Lauren Orsini at ReadWrite.

Any ideas would be much appreciated!
Have you checked out firewall settings? I know you've set up port forwarding, but try turning off firewall temporarily to rule it out.

arthbkins
Posts: 5
Joined: Wed Mar 23, 2016 5:32 pm

Re: Automated OpenVPN Server Setup Script

Thu Mar 31, 2016 3:26 am

I think I know what my problem is: I have double NAT. Because my cable modem, a Motorola surfboard sb6120, is running it's own DHCP server which you can't explicitly disable. It apparently turns itself on when it thinks it's a good idea (some theorize cable company unreachable). So I'll be looking for a better cable modem that I can explicitly control to be in 'bridge mode' (no DHCP server) so that my router (Apple Airport Extreme) can do DHCP and port forwarding. Any recommendations for a good cable modem that allows more control - I have Comcast as a provider.

Brewmaster9
Posts: 11
Joined: Thu Mar 03, 2016 11:11 am

Re: Automated OpenVPN Server Setup Script

Thu Mar 31, 2016 8:56 am

Will the cable modem let you assign a DMZ?

arthbkins
Posts: 5
Joined: Wed Mar 23, 2016 5:32 pm

Re: Automated OpenVPN Server Setup Script

Thu Mar 31, 2016 11:43 pm

The cable modem has no user configuration options - it 'auto-configures' itself. The cable company has some control supposedly but there are no user settings. I've ordered a new cable modem (surfboard SB6183) which should arrive tomorrow so I will give that a try.

WispaGold
Posts: 1
Joined: Mon Apr 04, 2016 11:23 pm

Re: Automated OpenVPN Server Setup Script

Tue Apr 05, 2016 12:04 am

I've got a Apple Extreme router (2nd Gen) and had trouble getting it to work with my pi VPN.

I did a hard factory reset today and set it up again with port 1194 forwarded. Tested it on a online port scanner site and saw it open for a tiny bit before it got filtered by the routers firewall. I think the reset helped.

I looked into my OpenVPN and managed to see that my iptables were not set up.

Code: Select all

sudo netstat -uapn | grep openvpn
This showed I had no ip and port open for openvpn.

Code: Select all

sudo iptables --list
Showed me I had nothing set up.

Code: Select all

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
This helped to forward the LAN to the tunnel and visa versa.

Code: Select all

sudo iptables -A INPUT -p udp --dport 1194 -m state --state New,Established -j ACCEPT
This helped to open the port of 1194.

Code: Select all

sudo iptables -A OUTPUT -p udp -m state --state Established -j ACCEPT
This helped to send traffic out.

Then I used iptables-persistent to make them stick at boot up.

Code: Select all

sudo apt-get install iptables-persistent

Code: Select all

sudo systemctl enable netfilter-persistent
I'm not totally sure if what I've done is right or I've opened up too much in the firewall but my pi OpenVPN is working now and I don't have any problems with it anymore.

Hope this helps.

mrCrumbSnatcher
Posts: 1
Joined: Fri Apr 08, 2016 5:30 pm

Re: Automated OpenVPN Server Setup Script

Fri Apr 08, 2016 5:36 pm

Donation sent. Thank you so much for your contribution. I struggled with all the other tutorials floating around, but this helped me out. As some others pointed out, I had to leverage the startup script on reboot and all works well (I did have to set my sleep value to 15, though).

StarshipEngineer wrote:I've put together a script that configures OpenVPN on the Raspberry Pi to turn it into a personal VPN server. It is located here:

https://github.com/StarshipEngineer/OpenVPN-Setup

I'm hoping that users can discuss, collaborate, and resolve issues and feature ideas here! I'd love to share the project with the community, give users an easier place to discuss things than GitHub comments, and provide another forum for feedback.

rjotto
Posts: 7
Joined: Wed Jul 15, 2015 11:52 am

Re: Automated OpenVPN Server Setup Script

Mon Apr 11, 2016 6:59 am

Hello to you all!
First I want to thank StarshipEngineer for all of the work that he has done.
I successfully used the scripts on Raspbian Jessie and RPi 2. It worked great.
Now I want to try OSMC. My question is: Can I use the same scripts to install and configure OPENVPN server on OSMC based RPi?

Thanks in advance.

Sanddancer75
Posts: 12
Joined: Tue Jan 03, 2012 1:04 pm

Re: Automated OpenVPN Server Setup Script

Tue Apr 19, 2016 8:30 am

Thank you very much, I'd tried setting up OpenVPN a couple of times with guides that I found on the internet, but failed & didn't know enough to troubleshoot things. This has taken all the pain out of things & just works. Great work.

0.kaladin
Posts: 2
Joined: Fri Apr 22, 2016 7:42 pm

Re: Automated OpenVPN Server Setup Script

Fri Apr 22, 2016 7:48 pm

Just wanted to let everyone know here that I made a new version of this you can check out @ http://pivpn.io
I fixed a few open issues, added functionality based on feedback, etc.
So if anyone here can use it and provide feedback via the github or here please do so, I'd like to make it as simple as possible.

rjotto
Posts: 7
Joined: Wed Jul 15, 2015 11:52 am

Re: Automated OpenVPN Server Setup Script

Mon Apr 25, 2016 6:58 am

0.kaladin wrote:Just wanted to let everyone know here that I made a new version of this you can check out @ http://pivpn.io
I fixed a few open issues, added functionality based on feedback, etc.
So if anyone here can use it and provide feedback via the github or here please do so, I'd like to make it as simple as possible.
Hello!
Nice of you to improve the scripts. I know that the recommended OS is Raspbian Jessie but I want to try it on OSMC (I read somewhere that it is based on Debian Jessie). What do you think, will it work on OSMC? Do I need to change something (users, directories, paths...) to adapt the scripts to make them work on OSMC?

0.kaladin
Posts: 2
Joined: Fri Apr 22, 2016 7:42 pm

Re: Automated OpenVPN Server Setup Script

Mon Apr 25, 2016 4:59 pm

I think it'll work but if not just post any output you get here, it'd probably be pretty easy to fix.

rjotto
Posts: 7
Joined: Wed Jul 15, 2015 11:52 am

Re: Automated OpenVPN Server Setup Script

Tue Apr 26, 2016 9:26 am

0.kaladin wrote:I think it'll work but if not just post any output you get here, it'd probably be pretty easy to fix.
Will do. Thanks for the reply.

thelatinist
Posts: 1
Joined: Thu Apr 28, 2016 12:36 am

Re: Automated OpenVPN Server Setup Script

Thu Apr 28, 2016 12:39 am

Any reason this wouldn't work on Ubuntu-MATE (16.04 LTS)?
Last edited by thelatinist on Mon May 02, 2016 11:31 pm, edited 1 time in total.

User avatar
alexus
Posts: 15
Joined: Fri Jun 15, 2012 2:46 pm
Location: NYC

Re: Automated OpenVPN Server Setup Script

Fri Apr 29, 2016 3:21 am

I'm using Raspberry Pi 3 with Raspbian (jessie):

Code: Select all

root@igla:~# cat /etc/debian_version
8.0
root@igla:~# uname -a
Linux X 4.1.19-v7+ #858 SMP Tue Mar 15 15:56:00 GMT 2016 armv7l GNU/Linux
root@igla:~#
I'm trying to use OpenVPN-Setup: Shell script to set up Raspberry Pi (TM) as an OpenVPN server, per StarshipEngineer/OpenVPN-Setup: Shell script to set up Raspberry Pi (TM) as an OpenVPN server, I did `git clone`, `chmod +x openvpnsetup.sh` and then `sudo ./openvpnsetup.sh`, and then shortly after I connect using Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X, I got following message:
Warning
After connecting to test, the Internet does not appear to be reachable.
This may mean that your VPN is not configured correctly.
something tells me this is could be why:

Code: Select all

root@igla:/home/pi/OpenVPN-Setup# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 10.0.0.13
root@igla:/home/pi/OpenVPN-Setup# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.8.0.0/24          anywhere             to:0.0.0.0
root@igla:/home/pi/OpenVPN-Setup# 
Raspberry Pi (1|2|3) - Raspbian
http://alexus.org/

User avatar
alexus
Posts: 15
Joined: Fri Jun 15, 2012 2:46 pm
Location: NYC

Re: Automated OpenVPN Server Setup Script

Sat Apr 30, 2016 7:59 pm

my issue was, iptables for whatever reason had 0.0.0.0 instead of my LOCALIP, as soon as I changed that, everything start to work!)
Raspberry Pi (1|2|3) - Raspbian
http://alexus.org/

jonathan68
Posts: 10
Joined: Mon Jun 08, 2015 2:36 am

Re: Automated OpenVPN Server Setup Script

Mon May 02, 2016 3:28 am

i setup a pivpn box and managed to connect to it correctly using openvpn for mac (which i installed using homebrew)

when i try to connect from another raspberry pi (under exactly the same conditions as the mac) using openvpn (installed via apt-get install openvpn on the second pi) i get errors as shown below (note, i have changed the public facing address and port numbers in this log, for privacy reasons).
Mon May 2 00:25:51 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Mon May 2 00:25:51 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Mon May 2 00:25:51 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon May 2 00:25:51 2016 Control Channel Authentication: tls-auth using INLINE static key file
Mon May 2 00:25:51 2016 UDPv4 link local: [undef]
Mon May 2 00:25:51 2016 UDPv4 link remote: [AF_INET]12.34.56.78:9012
Mon May 2 01:48:37 2016 [UNDEF] Inactivity timeout (--ping-restart), restarting
Mon May 2 01:48:37 2016 SIGUSR1[soft,ping-restart] received, process restarting
Mon May 2 01:48:39 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon May 2 01:48:39 2016 UDPv4 link local: [undef]
Mon May 2 01:48:39 2016 UDPv4 link remote: [AF_INET]12.34.56.78:9012
Mon May 2 01:49:39 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon May 2 01:49:39 2016 TLS Error: TLS handshake failed
Mon May 2 01:49:39 2016 SIGUSR1[soft,tls-error] received, process restarting
Mon May 2 01:49:41 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon May 2 01:49:41 2016 UDPv4 link local: [undef]
Mon May 2 01:49:41 2016 UDPv4 link remote: [AF_INET]12.34.56.78:9012
Mon May 2 01:50:41 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon May 2 01:50:41 2016 TLS Error: TLS handshake failed
Mon May 2 01:50:41 2016 SIGUSR1[soft,tls-error] received, process restarting
Mon May 2 01:50:43 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon May 2 01:50:43 2016 UDPv4 link l12.34.56.78ocal: [undef]
Mon May 2 01:50:43 2016 UDPv4 link remote: [AF_INET]12.34.56.78:9012
^CMon May 2 01:50:47 2016 event_wait : Interrupted system call (code=4)
Mon May 2 01:50:47 2016 SIGINT[hard,] received, process exiting
i'm using the same .ovpn file as on the mac, which was generate with the nopass option

the same result occurs when i use a .ovpn file made without nopass (eg needs a password), and it's worth noting the the mac CAN connect using an .ovpn file generated without nopass - i made 2 files, they both work on mac, neither work on the pi

both devices are connecting to the internet the same way (on the wifi router) and both devices have normal behaviour when you don't start up a tunnel.

torbeta
Posts: 2
Joined: Tue Sep 25, 2012 8:07 am

Re: Automated OpenVPN Server Setup Script

Sun May 29, 2016 3:37 pm

Thank you for this outstanding contribution. I followed the clear instructions and got immediate success.
I have tried many instruction sets for vpn on Pi. I have achieved PPTP with moderate success but this is in a different league.
To look at current connections with detail go to: /var/log/openvpn-status.log
Thanks again.

Torbeta

Bofvar
Posts: 1
Joined: Sat Jul 09, 2016 8:31 pm

Re: Automated OpenVPN Server Setup Script

Sat Jul 09, 2016 8:42 pm

Hello from me as well,

i have tried to (finally) run a script from StarshipEngineer and the setup seems to run smoothly. I do run on the following error though when i try to create the client certificate:

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Enter pass phrase for Client_Desktop_Bofvar.key:
unable to load Private Key
1996060768:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:516:
1996060768:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108:
1996060768:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
1996060768:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:138:
Client�s cert found: Client_Desktop_Bofvar
[ERROR]: Client 3des Private Key not found: Client_Desktop_Bofvar.3des.key

needless to say i've never (tried to) setup a vpn in raspberry pi.

Any input would be appreciated.
Tak!

Return to “Networking and servers”