New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@mohsengham look at the "newclient" function on the script. You can add whatever you want there.
After line 40, for example:
echo "PUT WHATEVER YOU WANT HERE" >> ~/$1.ovpn
echo "ADD A SECOND LINE IF YOU WANT" >> ~/$1.ovpn
echo "AND A THIRD" >> ~/$1.ovpn
Anyway to get this script working with TCP too? (at same time)
@TarZZ92 this is not currently implemented and I have no plans to do it since TCP over TCP is not a good idea. I can only see it being useful to bypass some firewalls or with very rare setups.
That said, it's easy doable if you want to do it after running the script:
cd /etc/openvpn cp server.conf server-tcp.conf
Edit server-tcp.conf and change the ipp and log file locations + switch
proto udp
toproto tcp
. You can use the same certs. Use a different subnet for the TCP daemon, something like 10.8.1.0/24 for TCP if you are using 10.8.0.0/24 for UDP (the default).nano /etc/rc.local
Add a new line for your TCP subnet. Save and run the new iptables if you don't want to reboot.
etc/init.d/openvpn restart
This is all out of memory, let me know if I missed something.
Edit: and obviously, set
proto tcp
on the client too.Booooo!
How about changing the type of encryption or the amount of bits from 2048?
That's not the type of encryption, that's the key length. Let me know why would you want to use a shorter/longer key and if it's a valid concern I will consider adding that feature.
@Nyr script is super hyper good, it helped me get into OpenVPN almost a year ago (if not more haha)
go to /etc/openvpn/server.conf
uncomment tcp and comment udb by ';'
service openvpn restart
open the *.ovpn file
uncomment tcp and comment udb by ';'
That's it
It worked for me....
But then the server will not listen on UDP anymore. I already explained how to do it with two daemons (only way to do it).
yap...I know...I was just giving a TCP only solution.I thought like me there are people who are behind a Firewall and Proxy blocking all udp ports....:-(
Use softether.org and in the options enable Azure VPN , more details here http://www.vpnazure.net/en/
Shameless bump to announce that the script now has the most requested feature: CentOS support!
Great
Great script thanks nyr.
How to download .ovpn file from VPS?
Copy it via SCP or SFTP.
If that's difficult for you, here's an alternative: http://curl.io/
Or cat client.ovpn then copy and paste -> save *.ovpn
Still not. Which path to root location of .ovpn file?
The user home (/root).
Debian/Ubuntu version? I use only them, stuck with stupid CentOS
The script has always supported Debian and Ubuntu! It's only CentOS support which was added now
Thanks! Much clear But no certificates inside? I cannot connect, but if place ovpn file to folder with other script ovpn with certificates inside, all works fine
Certificates are inline.
Cannot connect from single ovpn, only from same folder with other ovpn with scm, that straight
@Nyr I've compared the server.conf for two servers setup under your script, one without additional port 53 and the other without, but can't see any difference in the config. Where is the additional 53 configured?
@nyr : I've used your script on 2 of my ubuntu servers.. all works perfectly. Very nice one
Anyway, can you maybe add a username password feature on the script? I mean to create certain user login to connect to the service.
Thanks..
This was being done via iptables forwarding which was stupid. Commit submitted with a much cleaner (and logical) approach.
Thanks for the kind words! Password authentication is not planned at the moment, certificate auth is very secure and pretty easy to deploy.
@Nyr script works great as usual just used it moments ago.
Id like to suggest changing default encryption to 256bit of your choice by default.
Thanks for the tutorial. -EDIT-
Why so? Or is it just personal preference? I ask since is not the first time that I get requests like that, or to increase key length or something like that.