Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN Community Software Auto Installer for CentOS 5 & 6, Debian 6, and Ubuntu 10.10
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN Community Software Auto Installer for CentOS 5 & 6, Debian 6, and Ubuntu 10.10

regolithmediaregolithmedia Member
edited November 2012 in Tutorials

image
Hi guys,

As the title says, i created OpenVPN Community Software Auto Installer for CentOS 5 & 6, Debian 6, and Ubuntu 10.10.

**
Source**
http://openvpn.net/index.php/open-source.html
Download
#wget http://repo.regolithmedia.co.id/ovpn_regolithmedia.zip
Install
#unzip ovpn_regolithmedia.zip
#chmod +x ovpn.sh

image

After installation process on server is completed, please download and install OpenVPN for Windows
http://openvpn.net/index.php/open-source/downloads.html
or
http://repo.regolithmedia.co.id/ovpn/openvpn-2.2.2-install.exe

and then download config.zip inside your server's "/root" directory, extract the files 1194-udp.ovpn dan ca.crt into the OpenVPN config folder Windows, and then run the OpenVPN with username / password you entered in the installation. For Windows 7 don't forget to "Run as Administrator"

Add config / port
Copy config / port default 1194 udp at folder "/etc/openvpn" with the new name, for example we want to create new config with port 443 tcp.
#cp /etc/openvpn/1194-udp.conf /etc/openvpn/443-tcp.conf
Edit the new copied config, you can use nano, pico, vi, or any editor you like.
#nano /etc/openvpn/443-tcp.conf
Change the following lines
port 1194
proto udp

to

port 443
proto tcp
and then the following lines
server 10.2.3.0 255.255.255.0
status 1194-udp.log

to (for example)

server 10.2.4.0 255.255.255.0 >> you have to differentiate the subnet for local ip assignment in each port and protocol configuration, and so on.
status 443-tcp.log
after that, run the openvpn with new config
#openvpn /etc/openvpn/443-tcp.conf &
#bg
#iptables -t nat -A POSTROUTING -s 10.2.4.0/24 -j SNAT --to Your_Ip_address

image
OpenVPN success status message with the new config is "Initialization Sequence Completed",other than that means error, check whether your choosen port is already used by another apps.

the last, create configuration for Windows, just like the existing 1194 configuration, just change the port and protocol in the following lines
proto udp
remote Your_ip_address 1194

to

proto tcp
remote Your_ip_address 443

You may already know the difference between tcp and udp port, mainly i use tcp if my internet connection must through proxy / can be used with proxy, for details about tcp / udp you can do Googling. Last words, if there's any error or suggestion, please post here so we can discuss and learn it together, thank you. :D

Thanked by 3roykem gladwinn Pwner
«13

Comments

  • Nice tutorial mas bro :)

  • Is there a reason you're compiling OpenVPN as opposed to using the packages in each distro's repositories? Why is the source code being downloaded from your server instead of OpenVPN's own servers? How can I verify that the source code you're distributing is the original source code?

  • @NickM said: Is there a reason you're compiling OpenVPN as opposed to using the packages in each distro's repositories? Why is the source code being downloaded from your server instead of OpenVPN's own servers? How can I verify that the source code you're distributing is the original source code?

    Hi,
    I prefer compiling OpenVPN from source so i can keep the package up to date and using the original source from OpenVPN.net.

    About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.

    If you need to verify the source code, you can check with MD5 checksum checker.

  • Does it support PAM Authentication already?

  • yes it is using PAM authentication

  • i have a question:

    what if i want to use the same subnet for udp and tcp?

  • Will test this on my server soon :)
    Script looks nice

  • regolithmediaregolithmedia Member
    edited November 2012

    @cosmicgate said: i have a question:

    what if i want to use the same subnet for udp and tcp?

    One of your OpenVPN config will not gonna work mate.

    @joodle said: Will test this on my server soon :)

    Script looks nice

    Thanks mate :D

  • Cool script but

    @regolithmedia said: About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.

    They are also a business
    Im not sure where you got that it is just some free software. But they are a legit business with many business clients doing business stuff.

  • @Spencer said: Cool script but

    @regolithmedia said: About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.
    

    They are also a business
    Im not sure where you got that it is just some free software. But they are a legit >business with many business clients doing business stuff.

    Yes they're also a business, but (imho) this OpenVPN is community software, and i just thought like that.

    Anyway can we get back to the topic? Other than discussing about why using my server for source code?

  • @regolithmedia said: Anyway can we get back to the topic? Other than discussing about why using my server for source code?

    It became the topic for a good reason....the feedback is that some people don't feel comfortable trusting arbitrary websites for software downloads (especially security software that runs as root)! I appreciate you want feedback on your script, but I suspect you would get more feedback if the openvpn software was pulled from the regular openvpn site...(as then peeps would use the script...)

  • Yeah, Immediately after finding out that it pulled data from your servers than the OpenVPN Servers I just didn't like it.

  • I did a checksum on his source code and openvpn source code and they are the same. So nice script very helpful. +1

  • IshaqIshaq Member
    edited November 2012

    Good idea. Nice job.

  • Is the script configurable to use binaries already installed?

  • @craigb said: I suspect you would get more feedback if the openvpn software was pulled from the regular openvpn site

    Exactly this. Sorry if I turned the topic into something it shouldn't have been, but I was merely trying bring up legitimate concerns that I had. The script would be great if it pulled the source directly from OpenVPN's servers. I would actually really prefer for it to use the distro's repos, but I realize that that may not be an option for CentOS. Also, it can make supporting the script on multiple platforms difficult, since you're likely to end up with different versions of things installed, leading to potential conflicts.

    Overall, it's great for someone like me - I could set up OpenVPN myself, certainly, but I would likely get annoyed with the whole thing and just stop in the middle of configuring it.

    Oh, one last nit-pick. .zip? Really? For something meant to run on Linux?

  • Why did you paste your link here? No one asked for an IPSEC/L2TP VPN in this thread, and it's not even a script.... Just sick of others advertising off other peoples work.. (no offense)..

  • @NickM said: Oh, one last nit-pick. .zip? Really? For something meant to run on Linux?

    http://ompldr.org/vZ2VndA/ovpn_regolithmedia.rar

    Just to annoy you :)

  • What does it mean with this:
    TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Restart pause, 2 second(s)

    Anyone got the script works?

  • NickkNickk Member
    edited November 2012

    @David_P said: Why did you paste your link here?

    He's spammed it in a few threads. Mods don't seem to care at all.

  • regolithmediaregolithmedia Member
    edited November 2012

    @RoboCot said: Is the script configurable to use binaries already installed?

    yes it is, but maybe you should reconfigure the path.

    @NickM said: Oh, one last nit-pick. .zip? Really? For something meant to run on Linux?

    i just like the zip

    @Fritz said: What does it mean with this:

    TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Restart pause, 2 second(s)
    Anyone got the script works?

    i did, with dozens of vps :D

  • @regolithmedia Great contribution to the community. Thanks for that.

    As a suggestion: To help ease those who are ill at ease about your script pulling data from your server, maybe have the script pull the md5 sum from openvpn's site and have it do a compare as the first part of the process showing that it is indeed their package that you are using. Make sure its something that is pointed out to the end user, maybe ask them to hit enter to acknowledge and continue the install?

    Cheers!

  • @TheLinuxBug said: @regolithmedia Great contribution to the community. Thanks for that.

    As a suggestion: To help ease those who are ill at ease about your script pulling data from your server, maybe have the script pull the md5 sum from openvpn's site and have it do a compare as the first part of the process showing that it is indeed their package that you are using. Make sure its something that is pointed out to the end user, maybe ask them to hit enter to acknowledge and continue the install?

    Cheers!

    Hello, thanks for your kind of word and support, that's a good idea, will do :D

  • @regolithmedia said: i did, with dozens of vps :D

    My box need to be tweaked then.
    Sent you a PM back.

  • bookmarked, gonna try tomorrow

  • @regolithmedia About the source mirror, you know OpenVPN community software is public service, right? And public service can be down or getting error sometimes, we cannot expect their server to be up 24/7, that's why i'm putting it in mine, and i'm in business so 24/7 up is my concern.

    Our servers are not some shoddy public service, they are operated by the company and do not randomly go down or get errors sometimes...... How can people expect your server to be up for 24/7 but ours not to?

  • Hi Andrew, its been a while since the last time you come here :)
    Welcome back

  • @andrewopenvpn said: Our servers are not some shoddy public service, they are operated by the company and do not randomly go down or get errors sometimes...... How can people expect your server to be up for 24/7 but ours not to?

    i don't think openvpn server are some shoddy public service. but i think the best server can get error, down, and slow sometimes if there is too many concurrent connection, i just thought, i can place the file in my server with less user access and it can lighten the public server work too :D

    i think it's just matter of preference, there are some people that feel most comfortable download from original source. but in my case, my developer is feel most comfortable if using file in my server. so, in this script I'm using same mirror as my developer.

    I'm sorry if there are my word that offend you or the other member, i don't intend offending any member or organization

  • Possibly give the user the choice of the download location as part of the installation process?

Sign In or Register to comment.