Can't get OpenVPN to work.
I'm trying to install OpenVPN on my Xen based VPS, but I can't get it to work.
I was thinking of doing it the easy way and used this script:
When trying to connect to OpenVPN I get this error:
Options error: Unrecognized option or missing parameter(s) in server.ovpn:5: 2a00:7b80:3002:4::cece:236d (2.2.2) Use --help for more information.
I'm quite new to this so I have no idea what this could be. Google shows some hits but no results really...
I used this script before on my OpenVZ VPS and it worked, but since Xen is a bit different from OpenVZ, I think that's what causing the troubles.
The guy in the first comment says that on Xen, you need to manually install openvpn (apt-get install openvpn).
I did so and also rebooted my VPS and re-ran the script, but the same issue persists.
Any help is well appreciated!
I assume you get that error from the client. If yes, did the openvpn daemon run correctly w/o errors? Can you post both of your config files?
It tells you that you have an error in server.ovpn, most probably around line number 5.
From that what I see it is because there is IPv6 specified there, because of the way how the IP gets detected
On a vps with both IPv4 and IPv6 it will return more than 1 line.
open the server.ovpn file and remove the the 5th line containing IPv6
Thanks for the replies!
@dnom To be honest, I'm not quite sure how I can check if the daemon is running correctly. I tried some commands with 'openvpn' in it, but the openvpn command is not found.
does not display openvpn and it doesn't look like a logfile is being generated either. See below for configs files.
@dannix Indeed, it seems like it has something todo with IPv6. I removed line 5 in my client config, consisting of a IPv6 IP address and it went a bit further with connecting, but still unsuccessful:
Here's my old/original client.ovpn:
Here's what I changed it into:
Here's the original server.conf:
I noticed that the first line was commented out, so I uncommented and commented out the second line (the IPv6 address) and tried to reupload it to my VPS, but I can't. It says permission denied. Assumingly the daemon is running, I cannot replace a file which is in use? I think this is causing the problem.
Any tips on how I can replace this file? I use Filezilla to upload files over sftp.
you can use
ps x | grep openvpnto see if it's running, then just kill the process.
You should be able to use the
openvpncommand after installing it via apt-get. If the command
openvpnis not working for you, it means that it's not installed correctly so
service openvpn stopmight not work too.
Thanks for the reply @dnom.
Openvpn is running and I was able to use the openvpn command after logging in as root.. how stupid of me.
I've stopped the service and replaced the file, but not via sftp it kept refusing. So I uploaded it to another folder and copied it using putty.
I'm now able to connect successfully but I do not have internet access e.g. I cannot ping/visit websites.
I had this problem before on my OpenVZ VPS but I don't recall how I solved it.
I guess it's about the Iptables using the ipv6. try to change the iptables entry to your
I also experienced that problem once when setting up openvpn on port 53 so I just used the default 9201 on the server and used
lport 53on the client to achieve similar result. Although I had openvpn running fine on port 53 on my other vps.
Well I still don't get why are using such script (which doesn't really work) instead of making few steps required manually (a good starting point would be http://library.linode.com/networking/openvpn/debian-6-squeeze). But it is upto you. This script is trying to setup iptables for you, so the traffic from the vpn clients gets routed through you vpn server. As I've alreay pointed previously, since your vps has IPv6 address you've got something like
this will not work properly in the script also in the line
and in any other which uses ip variable:
If you want use this script on the vps with IPv6 (but actually run openvpn on IPv4) you need to fix the line
it should return only the IPv4 address of your server. A quick hack would be something like that:
Try it on your server. If it gives you only the IPv4 address of your vps, then
and run the script once again.
You could also just modify the line ip=78.41.XXX.XX in the script before running it.
Please note however I see few other problems with this script, if it has been started few times, so not sure if it will work for you.
It's really not hard to just install it manually.
Thanks for the replies guys.
I went ahead and reinstalled my VPS with a clean install of Debian 6 and followed the Linode tutorial but ran into some problems.
At the very last of the tutorial, you need to execute the following two commands to restart the OpenVPN server and dnsmasq:
That didn't go well... here's what my output was:
So instead, I restarted my whole VPS.
The problem is, I can't connect because I think I'm missing a crucial file.
Currently I have 4 files sitting in my C:\Program Files (x86)\OpenVPN\config\VPN directory (the client machine):
But as far as I'm aware, OpenVPN also needs a file with a .ovpn extension but I cannot find that in the tutorial. Am I missing something or overlooking something?
Thanks in advance!
Just make your own client1.ovpn.
That's more or less how it looks like, there can be more parameters depending on your setup. You may want to post your client1.conf so I can try to help you more if that didn't work out. or you may want to use your old .conf(server) and your old .ovpn(client) from the auto install script since you managed to connect using them. Just match the name of the .crt files and the .key file on the appropriate lines.
@dnom Thanks! It's working now!
I don't quite get why they don't include this into their tutorial, as it's pretty crucial. Another thing I don't get why I wasn't able to restart openvpn or dnsmasq over putty but it does work accordingly after a full VPS reboot?
Once again thanks for all the help @dnom and @dannix
have you tried
service openvpn restart?
@dnom that does seem to work yes, thanks for the tip!
I've just checked /etc/dnsmasq.conf and it's as in the Linode tutorial...