New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You could, disabling ciphers entirely. You probably don't want to
Cheap home routers aren't going to work great with OpenVPN, sorry.
I use asus rt-n66u, not so cheap
l2tp works great but it stopped working today for no reason, so I decided to use openvpn as backup.
The CPU is still very slow unafortunately. Switching cyphers could help, but not a lot.
Is there a way to make openvpn accept more ciphers?
when I make it default, it uses bf-cbc and it works.
if I change it to aes 128 bit, it connects but it doesn't work.
OpenVPN will support all the cyphers available via your OpenSSL. You need to set the cypher on both the server.conf and client.ovpn.
@Nyr - does this work on NAT VPS's like LowEndSpirit?
Thanks!
Yes, it does specifically have support for NATed servers
Cool - i'll give it a go as I could never get SoftEther to play nicely with OSX..
For LES VPS's you need to be sure to run openvpn with the generated server config file... I was wondering why it didn't work for 10 minutes...
I am not having any luck whatsoever with this script
Everytime I do a fresh install, it fails to start:
http://pastebin.com/5HG8EGgM
My openvpn.conf:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 127.0.0.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
May I ask what distro you are using?
I ended up installing the OpenVPN AS and it appears to be working somehow, but the service is still failing to start? Weird- I can connect and everything lol. Centos 6.x
u do well
Use debian 7.8 and did you use UFW ?
I'm happy to troubleshoot any problem which could be related to the script, but it works for me on a clean CentOS 6.7 image from DigitalOcean so I would need further details about your distribution to reproduce the issue.
Or even better: let me know what the log says when failing to start.
Two questions:
1) I have a /48 from HE assigned to a dedi. What do I assign to my VM (where OpenVPN will be running) so that it can give /64 to the clients?
2) I want to setup a Docker IPv6 Cluster behind an OpenVPN client (https://docs.docker.com/articles/networking/#docker-ipv6-cluster). It looks like I need two /64 subnets (2001:db8::/64, 2001:db8:1::/64). How do I make OpenVPN assign them?
Any idea why on ovz servers echoing the following stuff makes ovenvpn fail to restart?
Any idea why on ovz servers echoing the following stuff makes ovenvpn fail to restart?
LES miami and dacentec 512 mini failed to restart. Both are running debian.
I think les miami was debian 7.6 while dacentec's debian was 7.0 only.
Fuck you cloudflare
What an idiot I am, lol.
Add a p and it works to "ush"
The easiest way I have found to install OpenVPN. Thanks for the work
You can assign the full /48 and then dedicate a /64 of the /48 for OpenVPN.
You can't use two /64s within the same OpenVPN instance. Either use two /65s or route them between two instances (didn't see the docker documentation).
You can't change that in OpenVZ.
I want to keep the /48 on the dedi. Can I assign a /56 from it to my VM and from that /56 assign a /64 for OpenVPN?
Can I assign a /56 to the OpenVPN client so that it can assign /64 to Docker instances?
Sorry if this sounds confusing, there are two unrelated projects I am describing here.
Yes, sorry, I was just reading fast and missed it.
No, clients get assigned single addresses, server from a /64 to a /112 (TUN). You could get this done with TAP, but that's a completely different task.
@Nyr my openvpn failed to start, can you help?
I'm using NATed VPS (Lowendspirit)
CentOS release 6.5 (Final)
/var/log/message:
Options error: --crl-verify fails with '/etc/openvpn/easy-rsa/pki/crl.pem': Permission denied
Can you please let me know the output of: http://pastebin.com/raw.php?i=2KegPvc9
Thanks.
@Nyr Nevermind, I have disabled selinux and it's working now. Thanks!
please someone can help. First i am on debian 7.8
i Live in China and i use your automatic installer. Thanks a lot.
I am connected to the VPN but no internet connection or if connected to internet only for a few seconde but then nothing. VPN still connected and nothing happend
I use a wireless connection with my router. I don't know if this has something to do with anything..
I have no error message. I don't understand
My vps is in San Francisco
Find below my server conf
server side
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 209.208.127.65"
push "dhcp-option DNS 209.208.25.18"
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
client side
client
dev tun
proto udp
remote MY-SERVER-IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
I have checked the rc.local i have this iptable
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to MY_SERVER-IP
Do i have to add this line as well?
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to MY_SERVER-IP
please someone can help. First i am on debian 7.8
i Live in China and i use your automatic installer. Thanks a lot.
I am connected to the VPN but no internet connection or if connected to internet only for a few seconde but then nothing. VPN still connected and nothing happend
I have no error message. I don't understand
My vps is in San Francisco
Find below my server conf
server side
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 209.208.127.65"
push "dhcp-option DNS 209.208.25.18"
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
client side
client
dev tun
proto udp
remote MY-SERVER-IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
I have checked the rc.local i have this iptable
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to MY_SERVER-IP
Do i have to add this line as well?
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 104.245.36.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
104.245.36.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Check the output of ifconfig eth0 and tun0 without VPN (1) and with vpn (2)
1)
root@vip:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:68:f5:24:ae
inet addr:104.245.36.174 Bcast:104.245.36.255 Mask:255.255.255.0
inet6 addr: fe80::200:68ff:fef5:24ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4736 errors:0 dropped:0 overruns:0 frame:0
TX packets:4389 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1264746 (1.2 MiB) TX bytes:1264298 (1.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 TX bytes:0 (0.0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1609 errors:0 dropped:0 overruns:0 frame:0
TX packets:2018 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:531146 (518.6 KiB) TX bytes:472659 (461.5 KiB)
2)
root@vip:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:68:f5:24:ae
inet addr:104.245.36.174 Bcast:104.245.36.255 Mask:255.255.255.0
inet6 addr: fe80::200:68ff:fef5:24ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5190 errors:0 dropped:0 overruns:0 frame:0
TX packets:4772 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1333784 (1.2 MiB) TX bytes:1336331 (1.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 TX bytes:0 (0.0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1684 errors:0 dropped:0 overruns:0 frame:0
TX packets:2124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:543811 (531.0 KiB) TX bytes:489895 (478.4 KiB)
Use Shadowsocks. You aren't going to have luck with OpenVPN.
Shadowsocks is a good option. But I think he can use 'scrambled OpenVPN' in china.
That's another option, yeah. But a bit hackish and not supported by this script.
@Nyr What client do you use on OS X? I'm using Viscosity and having issues with my latest install on a fresh Debian VM. I can connect perfectly, no errors in logs, but I don't get any internet access.
Not sure if it's the client, the client config, or something server side. Kinda leaning toward routes not being pushed on client, but I've been tweaking all the settings and can't figure it out.