VPN on XEN

Voss

I'm at my wits' end trying to set up a VPN on my XEN VPS. What is the easiest, straightforward tutorial that can help me out? Is there a simple script that can be used to set it up?

Jack

Hi,

I use a bash script for openvpn on vz however it will be different for xen probably the network side of it needs editing.

yomero

I use the frantech one

http://wiki.frantech.ca/index.php/VPN

There are some things to modigy because there is some extra stuff related to their geoIP... But for me is easy peasy

Voss

I tried following a number of guides out there which I'm fairly sure I followed to the letter. Getting increasingly frustrated at not being able to get it to work...

AnthonySmith

Maybe tell us at what point it is failing or what errors your getting would help?

Voss

Tried setting it up in my Mac using Tunnelblick. I got the following error:

2012-03-11 18:27:45 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.3 (build 2891.2932) Unsigned 2012-03-11 18:27:45 *Tunnelblick: Attempting connection with Empty Tunnelblick VPN Configuration; Set nameserver = 1; monitoring connection 2012-03-11 18:27:45 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start Empty\ Tunnelblick\ VPN\ Configuration.tblk 1338 1 0 0 0 49 -atDASNGWrdasngw 2012-03-11 18:27:46 *Tunnelblick: openvpnstart message: Loading tun.kext 2012-03-11 18:27:46 *Tunnelblick: Established communication with OpenVPN 2012-03-11 18:27:46 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Jan 8 2012 2012-03-11 18:27:46 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338 2012-03-11 18:27:46 Need hold release from management interface, waiting... 2012-03-11 18:27:46 MANAGEMENT: Client connected from 127.0.0.1:1338 2012-03-11 18:27:46 MANAGEMENT: CMD 'pid' 2012-03-11 18:27:46 MANAGEMENT: CMD 'state on' 2012-03-11 18:27:46 MANAGEMENT: CMD 'state' 2012-03-11 18:27:46 MANAGEMENT: CMD 'hold release' 2012-03-11 18:27:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2012-03-11 18:27:46 WARNING: file 'client1.key' is group or others accessible 2012-03-11 18:27:46 LZO compression initialized 2012-03-11 18:27:46 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] 2012-03-11 18:27:46 Socket Buffers: R=[42080->65536] S=[9216->65536] 2012-03-11 18:27:46 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] 2012-03-11 18:27:46 Local Options hash (VER=V4): '41690919' 2012-03-11 18:27:46 Expected Remote Options hash (VER=V4): '530fdded' 2012-03-11 18:27:46 UDPv4 link local: [undef] 2012-03-11 18:27:46 UDPv4 link remote: 173.192.13x.xx:1194 2012-03-11 18:27:46 MANAGEMENT: >STATE:1331515666,WAIT,,, 2012-03-11 18:27:46 MANAGEMENT: >STATE:1331515666,AUTH,,, 2012-03-11 18:27:46 TLS: Initial packet from 173.192.13x.xx:1194, sid=27139a2f 0f57dac4 2012-03-11 18:27:46 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain 2012-03-11 18:27:46 VERIFY OK: nsCertType=SERVER 2012-03-11 18:27:46 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain 2012-03-11 18:27:46 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key 2012-03-11 18:27:46 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2012-03-11 18:27:46 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key 2012-03-11 18:27:46 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2012-03-11 18:27:46 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 2012-03-11 18:27:46 [server] Peer Connection Initiated with 173.192.13x.xx:1194 2012-03-11 18:27:46 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/MyUsername/Library/Application Support/Tunnelblick/Configurations/Empty Tunnelblick VPN Configuration.tblk/Contents/Resources --daemon --management 127.0.0.1 1338 --config /Users/MyUsername/Library/Application Support/Tunnelblick/Configurations/Empty Tunnelblick VPN Configuration.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-SMyUsername-SLibrary-SApplication Support-STunnelblick-SConfigurations-SEmpty Tunnelblick VPN Configuration.tblk-SContents-SResources-Sconfig.ovpn.1_0_0_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart 2012-03-11 18:27:48 MANAGEMENT: >STATE:1331515668,GET_CONFIG,,, 2012-03-11 18:27:49 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 2012-03-11 18:27:49 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' 2012-03-11 18:27:49 OPTIONS IMPORT: timers and/or timeouts modified 2012-03-11 18:27:49 OPTIONS IMPORT: --ifconfig/up options modified 2012-03-11 18:27:49 OPTIONS IMPORT: route options modified 2012-03-11 18:27:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2012-03-11 18:27:49 ROUTE default_gateway=192.168.1.1 2012-03-11 18:27:49 TUN/TAP device /dev/tun0 opened 2012-03-11 18:27:49 MANAGEMENT: >STATE:1331515669,ASSIGN_IP,,10.8.0.6, 2012-03-11 18:27:49 /sbin/ifconfig tun0 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address 2012-03-11 18:27:49 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure 2012-03-11 18:27:49 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up 2012-03-11 18:27:49 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1542 10.8.0.6 10.8.0.5 init No such key 2012-03-11 18:27:51 *Tunnelblick: Flushed the DNS cache 2012-03-11 18:27:51 /sbin/route add -net 173.192.13x.xx 192.168.1.1 255.255.255.255 add net 173.192.13x.xx: gateway 192.168.1.1 2012-03-11 18:27:51 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0 add net 0.0.0.0: gateway 10.8.0.5 2012-03-11 18:27:51 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0 add net 128.0.0.0: gateway 10.8.0.5 2012-03-11 18:27:51 MANAGEMENT: >STATE:1331515671,ADD_ROUTES,,, 2012-03-11 18:27:51 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255 add net 10.8.0.1: gateway 10.8.0.5 2012-03-11 18:27:51 Initialization Sequence Completed 2012-03-11 18:27:51 MANAGEMENT: >STATE:1331515671,CONNECTED,SUCCESS,10.8.0.6,173.192.13x.xx 2012-03-11 18:27:51 *Tunnelblick client.up.tunnelblick.sh: Retrieved name server(s) [ 10.8.0.1 ] and WINS server(s) [ ] and using default domain name [ openvpn ] 2012-03-11 18:27:51 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored 2012-03-11 18:27:51 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use 2012-03-11 18:27:51 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with process-network-changes 2012-03-11 18:28:26 *Tunnelblick process-network-changes: A system configuration change was ignored because it was not relevant 2012-03-11 18:28:50 event_wait : Interrupted system call (code=4) 2012-03-11 18:28:50 TCP/UDP: Closing socket 2012-03-11 18:28:50 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255 delete net 10.8.0.1: gateway 10.8.0.5 2012-03-11 18:28:50 /sbin/route delete -net 173.192.13x.xx 192.168.1.1 255.255.255.255 delete net 173.192.13x.xx: gateway 192.168.1.1 2012-03-11 18:28:50 /sbin/route delete -net 0.0.0.0 10.8.0.5 128.0.0.0 delete net 0.0.0.0: gateway 10.8.0.5 2012-03-11 18:28:50 /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0 delete net 128.0.0.0: gateway 10.8.0.5 2012-03-11 18:28:50 Closing TUN/TAP interface 2012-03-11 18:28:50 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1542 10.8.0.6 10.8.0.5 init 2012-03-11 18:28:50 SIGTERM[hard,] received, process exiting 2012-03-11 18:28:50 MANAGEMENT: >STATE:1331515730,EXITING,SIGTERM,, 2012-03-11 18:28:50 *Tunnelblick client.down.tunnelblick.sh: Cancelled monitoring of system configuration changes 2012-03-11 18:28:50 *Tunnelblick client.down.tunnelblick.sh: Restored the DNS and WINS configurations 2012-03-11 18:28:51 *Tunnelblick: Flushed the DNS cache

Voss

I blacked out the last 3 digits of my VPS' IP address and replaced my real name with "MyUsername" to maintain some form of anonymity :)

efball

This guide worked for me (Debian 6 / Xen-PV) http://library.linode.com/networking/openvpn

Voss

This guide worked for me (Debian 6 / Xen-PV) http://library.linode.com/networking/openvpn

Looks great, I'll check it out!

netomx

what type of VPN are you looking at? there's a super easy guide here: http://freenuts.com/how-to-set-up-a-vpn-in-a-vps/

Spirit

You can't go wrong with this one: https://forum.ramhost.us/bbs/viewtopic.php?id=4 (OpenVPN)

It's simple, short and it work (tested).

DanielM

Install openvpn access server. Can be working within 2-5 Minutes.

DL: http://openvpn.net/index.php/access-server/download-openvpn-as-sw.html Install: http://openvpn.net/index.php/access-server/docs/admin-guides/123-how-to-install-openvpn-as-software.html

Voss

Installing it isn't a problem now. It's being able to get Tunnelblick (Mac client) to let me connect to my VPN. I'm clueless as to how I can do that.

AnthonySmith

@Dionysus, I think after doing some digging after (I assume it was yourself that opened the recent ticket) TunnelBlick is not compatible with OpenVPN-Access Server which is what you have installed Access Server only really seems to work with the OpenVPN Connect Client which I believe is available for MAC as well as some wrt routers.

If I have the wrong end of the stick here sorry, but just to reiterate the community edition of OpenVPN being referred to here is quite different to the commercial Access Server template Inception Hosting provide.

Jump on #openvpn-as on freenode and have a word with Raidz or Novaflash I am sure they will help you get your MAC connected.

Voss

Sweet, I'll be sure to get into the irc and hopefully I'll get this sorted out because I feel like a failure right now in not being able to get something that looks so simple in the tutorials to work.

andrewopenvpn

@Dionysus Sorry I missed you on irc.

If you are new to setting up a VPN I would recommend trying our Access Server package. It includes two free connections so if this is for personal use you should be able to use it free of charge (although we always enjoy getting paid too ;-)

Tunneblick actually does work with Access Server, you just need to make sure you are either using the default profile or the autologin profile as the server locked profile will not work. You can grab the packages from this link:

http://openvpn.net/index.php/access-server/download-openvpn-as-sw.html

@AnythonySmith

Haven't seen you on irc for awhile, hope all is well!

AnthonySmith

Afternoon Raidz,

All is indeed well, switched laptops about 5 times and never got my reular channels set back up again, will get back on IRC soon enough when I have a few hours to my self :)

Ant.

Voss

@Andrewopenvpn: No worries, dropped by the IRC and I got it to work in less than 10 minutes! The staff there seem pretty helpful and setting up the VPN was so much easier than all the tutorials I came across on the interwebs.

jeff_lfcvps

I have to recommend the OpenVPN Access Server also -- I'm using it for a client and it was extremely easy to set up.

Voss

@jeff_lfcvps: Found it incredibly easy to set up. Also helps that the guys in the IRC are really helpful. FYI they work from 9 AM to 5 PM PST if anyone wants to know.

jeff_lfcvps

@Dionysus: That's great to hear. I didn't even realize they had an IRC channel, I'll have to check that out.

Voss

@jeff_lfcvps: Not a problem, I know how frustrating it is seeking help over the internet.

cosmicgate

dude, post your server and client config. It says that your gateway is 192.168.1.1 which is definitely wrong.