tsch
Posts: 2
Joined: Mon Jul 25, 2016 6:14 am

Re: Automated OpenVPN Server Setup Script

Mon Jul 25, 2016 6:16 am

Hello,

will your script work with wheezy too?


Kind regards

tsch

tsch
Posts: 2
Joined: Mon Jul 25, 2016 6:14 am

Re: Automated OpenVPN Server Setup Script

Tue Jul 26, 2016 8:06 pm

What ist "the public IP address of your network" in the script?

I can't use DDNS because of my ISP giving me only DSL lite.

cbud
Posts: 1
Joined: Sun Jul 31, 2016 8:24 pm

Re: Automated OpenVPN Server Setup Script

Sun Jul 31, 2016 8:29 pm

by arthbkins » Thu Mar 31, 2016 11:43 pm
The cable modem has no user configuration options - it 'auto-configures' itself. The cable company has some control supposedly but there are no user settings. I've ordered a new cable modem (surfboard SB6183) which should arrive tomorrow so I will give that a try.
How did the new modem work for you? I think I am in the same dilemma - running OpenVPN behind an Airport Extreme, behind a Motorola SurfBoard SB6121.

cbud

m3tatr0n
Posts: 1
Joined: Tue Aug 02, 2016 1:40 pm

Login without password / certificate only

Tue Aug 02, 2016 1:51 pm

Hello all and StarshipEngineer in particular :-)

First of all, thank You very much for Your script, works flawlessly for me.
Before knowing Your script, I installed OpenVPN by hand - possible, but laborious.

Now my question: Is it possible (i tried hard, but didn´t succeed) to generate an .ovpn-File which doesn´t request a password (or is ist on the server side)?
My manual installation works without this question to the user and in my usecase, certificate-only-login would be sufficient and more convenient to the user.

Thanks in advance,

m3tatr0n

crashboogie
Posts: 34
Joined: Thu Aug 04, 2016 4:03 am

Re: Automated OpenVPN Server Setup Script

Fri Aug 05, 2016 2:45 am

Having a little trouble with the script. Mainly with the TLS option. Keep getting the error when I attempt to log in. I just need to know how to either properly config the TLS section that seems to be absent when I create the client .ovpn file or what I need to remove in order to disable the TLS. I posted my question here not knowing there was a place specifically for the Starship script. Thank you in advance.
viewtopic.php?f=63&t=156141&p=0&e=0&sid ... 06665ca0d2

BananaGuard
Posts: 4
Joined: Wed Oct 05, 2016 8:12 pm

Re: Automated OpenVPN Server Setup Script

Wed Oct 05, 2016 8:35 pm

Hi All

I have successfully setup OpenVPN on my Pi and have connected, from my Android OpenVPN client thru the Pi, to the internet (did a whatsmyip from my phone and got my home WAN address).

Phone Data connection -> Duckdns.org -> My home IP -> Router -> Pi -> Router -> Internet. Yay! :¬D

However, back on my Pi, I can no longer reach the internet, kinda.

To be specific, I can log in via SSH (pubkey, no passwords):

traceroute 8.8.8.8 (reached in a few hops)

but whereas before setting up the VPN I could 'apt update' or 'apt install' whatever, now I cannot*:

sudo apt install anything

; it just stalls, forever, or until I give up waiting (which is fairly quick as it's quite evident that it ain't happening).

I had initially thought that I would just hose the whole thing and start from scratch and install fail2ban 'before' setting up the VPN but I really don't fancy waiting for the dh 2048bit key to be created all over again! Also, I'll still have to problem*.

I've Googled a bunch and read through the whole of this thread. If I was to take a guess, I'd say it was something to do with iptables but I have zero experience with manipulating iptables and wouldn't know where to start.

Please can somebody shed some light on this, and how I go about fixing it?

Thank you

Adrian

malicious
Posts: 96
Joined: Thu Jul 24, 2014 10:07 pm
Location: USA

Re: Automated OpenVPN Server Setup Script

Thu Oct 06, 2016 2:24 am

BananaGuard wrote:I had initially thought that I would just hose the whole thing and start from scratch and install fail2ban 'before' setting up the VPN but I really don't fancy waiting for the dh 2048bit key to be created all over again! Also, I'll still have to problem*.
Should it come to that, you can save and reuse your current keys and certificates.
I've Googled a bunch and read through the whole of this thread. If I was to take a guess, I'd say it was something to do with iptables but I have zero experience with manipulating iptables and wouldn't know where to start.
What are the outputs of:

$ sudo iptables -nL

and

$ sudo iptables -t nat -nL

The VPN server's configuration file may have hints also.

BananaGuard
Posts: 4
Joined: Wed Oct 05, 2016 8:12 pm

Re: Automated OpenVPN Server Setup Script

Thu Oct 06, 2016 7:11 am

okay, we have:

Code: Select all

$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  
and:

Code: Select all

$ sudo iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.8.0.0/24          0.0.0.0/0

BananaGuard
Posts: 4
Joined: Wed Oct 05, 2016 8:12 pm

Re: Automated OpenVPN Server Setup Script

Thu Oct 06, 2016 7:17 am

and as for the serv.conf:

Code: Select all

$ cat server.conf 
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.0.70 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
So, thoughts?

malicious
Posts: 96
Joined: Thu Jul 24, 2014 10:07 pm
Location: USA

Re: Automated OpenVPN Server Setup Script

Thu Oct 06, 2016 10:52 pm

Nothing stands out that would explain why ssh and traceroute work but apt doesn't. Is there a web proxy? Does DNS work?

$ host -a google.com

The last line from 'host -a' indicates the DNS server in use. Is it what you expect?

BananaGuard
Posts: 4
Joined: Wed Oct 05, 2016 8:12 pm

Re: Automated OpenVPN Server Setup Script

Fri Oct 07, 2016 2:22 pm

Code: Select all

$ host -a google.com
Trying "google.com"
;; connection timed out; no servers could be reached
The output wasn't what I'd hope for but, at this point, it is certainly what I expected.

I did go for option B also. Re-imaged the SDcard and started again. This time, after the DiffieHelman key was created, I opted for 'No reboot'. I successfully installed fail2ban.

Sudo reboot. The system comes back up and I SSH, followed by:

ping my main computer - worked
traceroute - gives me google in 8 hops
sudo apt update/install - times out

At this point I'm thinking it's a Hardening Option that kicks in after reboot. I wonder what commands I'll be able to successfully perform if I opt for 'No' to unassisted-upgrades; it's the only question that I have answered the same way on each go.

Okay, well, I'll have to wait until next week before I do any more digging.

The setup script though... great! Works a treat for creating a working VPN :)

wildcheese
Posts: 1
Joined: Sat Oct 15, 2016 9:34 am

Re: Automated OpenVPN Server Setup Script

Sat Oct 15, 2016 9:41 am

Thanks for the script! I have tried several times but never managed to get it to work, and now it works like a charm 8-)

For the users who have a dynamic IP number: follow the guide as provided and submit your current external IP number. Once you have generated the ovpn file, you simply open it with an text editor and edit the IP number, change it into the dyndns name and you are done!

btwnc
Posts: 1
Joined: Thu Apr 13, 2017 11:26 pm

Re: Automated OpenVPN Server Setup Script

Thu Apr 13, 2017 11:29 pm

How do I keep OpenVPN updated? Just by doing apt-get update, apt-get upgrade?

User avatar
DougieLawson
Posts: 36312
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Automated OpenVPN Server Setup Script

Fri Apr 14, 2017 12:16 pm

btwnc wrote:How do I keep OpenVPN updated? Just by doing apt-get update, apt-get upgrade?
That works.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

rwp30
Posts: 4
Joined: Wed Jul 29, 2015 9:37 am

Re: Automated OpenVPN Server Setup Script

Tue May 02, 2017 2:17 pm

How can I use this with a dynamic DNS service i.e. noip.com?

Thanks

Rob

CqC
Posts: 6
Joined: Sat Jun 17, 2017 3:08 pm

Re: Automated OpenVPN Server Setup Script

Wed Apr 25, 2018 2:07 am

What type of CA certificates are generated by the script? Does it generate the Letsencript certificates? If not, is there any guide for changing the scripts to generate Letsencript certs?

I am currently using Letsencrypt certs for SSL. I wish to make sure that there is no interaction between this script and my current use of SSL certs.

Thank you very much!

CqC
Posts: 6
Joined: Sat Jun 17, 2017 3:08 pm

Re: Automated OpenVPN Server Setup Script

Wed Apr 25, 2018 6:55 pm

A minor correction? The instructions say,

cd OpenVPN-Setup
sudo chmod +x openvpnsetup.sh
sudo ./openvpnsetup.sh

I think the script file provided by the git is setup.sh, not openvpnsetup.sh

CqC
Posts: 6
Joined: Sat Jun 17, 2017 3:08 pm

Re: Automated OpenVPN Server Setup Script

Wed Apr 25, 2018 6:57 pm

Does this scheme work, if the Rpi3 Raspbian Lite is connected to the net over wifi?

What changes, if any, need to be made?

Thank you!

Siamak83
Posts: 6
Joined: Sat Dec 01, 2018 5:49 pm

Re: Automated OpenVPN Server Setup Script

Tue Dec 25, 2018 3:57 pm

Hi Everybody,

First and foremost Merry Christmas to all and a Happy New Year in a week's time.

My question is; Would this script work on UBUNTU Server 16.01 I think or any other for that matter?

I have used the PiVPN on my Pi's and worked for a while then stopped working, but I installed the very first version of PiVPN on a laptop running UBUNTU and still working like a charm.

PiVPN changed the approach and it is a bit difficult to follow what is really happening the first script was very simple to follow and very efficient so why change things that work fine, any way what do I know.

I would appreciate an answer please.

Cheers
Siamak

Return to “Networking and servers”