All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help setting up on centos 6 server
lowendguy7
Member
I installed openvpn but I don't know how to get it to run. I'm confused that the tutorials speak of setting up the server.conf file yet I am using a vpn service so does this mean I skip this step?
I am trying with privatetunnel's free account just while I try things out with vpn. They provide and openvpn profile for use with linux. I downloaded one and ran sudo openvpn --config [privatetunnelfilename]. When I run it with csf firewall I get an error of write UDPv4: Operation not permitted (code=1). I need to set that up at some point to allow the vpn traffic through so need advice on that too. But I disable it to test finctionality and I still get a fatal error when running openvpn.
$ sudo openvpn --config Chicago.ovpn Sat May 28 08:28:18 2016 OpenVPN 2.3.10 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 4 2016 Sat May 28 08:28:18 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03 Sat May 28 08:28:18 2016 Control Channel Authentication: tls-auth using INLINE static key file Sat May 28 08:28:18 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 28 08:28:18 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 28 08:28:18 2016 Socket Buffers: R=[133120->133120] S=[133120->133120] Sat May 28 08:28:18 2016 NOTE: setsockopt TCP_NODELAY=1 failed Sat May 28 08:28:18 2016 UDPv4 link local: [undef] Sat May 28 08:28:18 2016 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1194 Sat May 28 08:28:18 2016 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=ddbdba0b 67d495bc Sat May 28 08:28:18 2016 VERIFY OK: depth=2, CN=OpenVPN CA Sat May 28 08:28:18 2016 VERIFY OK: depth=1, CN=PT Transitional 20150615 Sat May 28 08:28:18 2016 Validating certificate key usage Sat May 28 08:28:18 2016 ++ Certificate has key usage 00a0, expects 00a0 Sat May 28 08:28:18 2016 VERIFY KU OK Sat May 28 08:28:18 2016 Validating certificate extended key usage Sat May 28 08:28:18 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat May 28 08:28:18 2016 VERIFY EKU OK Sat May 28 08:28:18 2016 VERIFY OK: depth=0, CN=il3.privatetunnel.com Sat May 28 08:28:18 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat May 28 08:28:18 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 28 08:28:18 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat May 28 08:28:18 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 28 08:28:18 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat May 28 08:28:18 2016 [il3.privatetunnel.com] Peer Connection Initiated with [AF_INET]69.65.45.52:1194 Sat May 28 08:28:20 2016 SENT CONTROL [il3.privatetunnel.com]: 'PUSH_REQUEST' (status=1) Sat May 28 08:28:20 2016 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.9.0.1,ifconfig 10.9.3.63 255.255.0.0,client-ip 199.16.31.120,ping 8,ping-restart 40,comp-lzo no,topology subnet,explicit-exit-notify,redirect-gateway def1,dhcp-option DNS 10.9.0.1,sndbuf 0,rcvbuf 0,socket-flags TCP_NODELAY,block-ipv6' Sat May 28 08:28:20 2016 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: client-ip (2.3.10) Sat May 28 08:28:20 2016 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:8 is ignored by previous <connection> blocks Sat May 28 08:28:20 2016 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:14: block-ipv6 (2.3.10) Sat May 28 08:28:20 2016 OPTIONS IMPORT: timers and/or timeouts modified Sat May 28 08:28:20 2016 OPTIONS IMPORT: explicit notify parm(s) modified Sat May 28 08:28:20 2016 OPTIONS IMPORT: LZO parms modified Sat May 28 08:28:20 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Sat May 28 08:28:20 2016 Socket Buffers: R=[133120->133120] S=[133120->133120] Sat May 28 08:28:20 2016 OPTIONS IMPORT: --socket-flags option modified Sat May 28 08:28:20 2016 NOTE: setsockopt TCP_NODELAY=1 failed Sat May 28 08:28:20 2016 OPTIONS IMPORT: --ifconfig/up options modified Sat May 28 08:28:20 2016 OPTIONS IMPORT: route options modified Sat May 28 08:28:20 2016 OPTIONS IMPORT: route-related options modified Sat May 28 08:28:20 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat May 28 08:28:20 2016 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00 Sat May 28 08:28:20 2016 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1) Sat May 28 08:28:20 2016 Exiting due to fatal error
Hopefully there isn't any revealing IP info on that code dump. If so let me know.
So I am not sure what to do now? This vpn stuff is the most jargon heavy stuff I've ever come across 
. I'm used to dealing with proxies in the past so it is alot to take in.
Comments
ninja edit:
tun/tap enabled?
No idea. Please explain
. As I said all this network related jargon is new to me.
Try running this: cat /dev/net/tun
Operation not permitted even when running as root.
# cat /dev/net/tun cat: /dev/net/tun: Operation not permittedGoogle says it's because it isn't enabled. Reading on it now.
Do you have access to solusvm/virtualizor whatever cp? You can enable it there. If not, ask your host to enable it.
cant I just do it from the terminal? I am reading but the the suggestions tried so far didn't do it. Oh I just read the service provider has to do it
will have to wait til monday now if thats the case.
I cant see anything related to tun in the control panel. I don't have a full cpanel like fantastico or whatever its called just like power on and reboot options.
and why did you delete the link you gave me for the openvpn script? I already saved it before you took it away but didn't run it yet. I see that script mentions tun.
My vps is with dacentec and I just read they don't support tun/tap...
Does this mean I'm screwed as far as that provider goes?
Ok I sent them a ticket and they have enabled tun. Progress!
I now get
cat /dev/net/tun cat: /dev/net/tun: File descriptor in bad staterather than the permission denied message I was getting before.However
lsmod | grep tunstill returns nothing.That's good news. Your openvpn connection should be okay now.
Ye thanks for leading me on the right path
. I started and it booted me out of ssh. So that must mean its working 
. Now I need to set it to allow ssh.
Also my csf firewall was disabled when I did that. What settings do I need to allow openvpn in the firewall.
So how do I set > @budi1413 said:
So how do I setup csf and ssh?
I just happened to find https://www.lowendtalk.com/discussion/18476/openvpn-csf which you replied on the same subject for the firewall. Is that what I want? I wasnt sure what to put for server since I am using privatetunnel and not a homemade vpn so it doesnt give an ip address that I know?
EDIT: ok think Im almost there. Setup csf with this article. https://ops.kickassd.com/openvpn-centos-7-csf-easy-setup/
Now just to sort out ssh not getting booted.
I just wondering, why do you need your server to connect to vpn?
Because he dont know what he do.
Thats exactly it thanks for clearing it up.
Python scripts.
Im still getting booted even after putting that code in. It isn't csf that is booting me it is openvpn. I already had csf running fine with ssh. It is openvpn which is the issue as it boots my ssh session as soon as I run openvpn.