#101 2014-03-23 19:14:19

ZEROF
Trusted Member
From: http://backbox.org
Registered: 2013-10-24
Posts: 124
Website

Re: OpenVPN automated installer

HI Tino,

Your error is your answer ""error out of memory". Disable some services on your VPS. Check what is using memory on your server with ps -aux, and to see memory usage information free -m command.

Last edited by ZEROF (2014-03-23 19:17:19)

Offline

#102 2014-03-23 21:26:43

Tino
Member
Registered: 2014-03-23
Posts: 3

Re: OpenVPN automated installer

ZEROF wrote:

HI Tino,

Your error is your answer ""error out of memory". Disable some services on your VPS. Check what is using memory on your server with ps -aux, and to see memory usage information free -m command.

That can't be the problem, i have hardly any services running.
http://gyazo.com/974ed5a3f6304b46540c99f7148a3513

Offline

#103 2014-03-23 22:38:34

ZEROF
Trusted Member
From: http://backbox.org
Registered: 2013-10-24
Posts: 124
Website

Re: OpenVPN automated installer

Then few things can bring this problem:

1. FTP/AV/Firewall software on you pc !
2. Server settings

If you can provide me ssh i can check server side. But i guess you will need to deal with you pc. Try 2nd FTP software and disable AV and firewall.

Do you use sftp to connect to your server?

sftp://ip
user
port

?

Last edited by ZEROF (2014-03-23 22:46:12)

Offline

#104 2014-03-24 18:35:27

Tino
Member
Registered: 2014-03-23
Posts: 3

Re: OpenVPN automated installer

ZEROF wrote:

Then few things can bring this problem:

1. FTP/AV/Firewall software on you pc !
2. Server settings

If you can provide me ssh i can check server side. But i guess you will need to deal with you pc. Try 2nd FTP software and disable AV and firewall.

Do you use sftp to connect to your server?

sftp://ip
user
port

?

Yes I do, my friend also cannot connect to sftp either

Offline

#105 2014-03-28 12:48:54

erm3nda
Trusted Member
From: Localhost
Registered: 2013-09-07
Posts: 9

Re: OpenVPN automated installer

Thank you for this script. Make our live easy.

First time i got a ugly error on the self-signed cert. Was solved creating a new one.

Maybe is a stupid question, but, do i need to manually redirect connections to get internet from the vpn to the client??
I successfull connect to VPN from Windows 7, but no internet access.

I'm sorry, it's my first time playing vpn's.
I'm doing that because is the unique way to open ports to my little android big_smile

Regards

Offline

#106 2014-03-28 14:12:54

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

erm3nda wrote:

I successfull connect to VPN from Windows 7, but no internet access.

Are you running the client as an administrator?

Offline

#107 2014-04-06 05:29:28

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

How many users can i create with openvpn?

Offline

#108 2014-04-06 09:50:29

dark
Trusted Member
Registered: 2013-04-27
Posts: 77

Re: OpenVPN automated installer

The answer is: "a lot" wink
It's probably limited by your CPU - see: http://serverfault.com/questions/439848 … e-possible

Offline

#109 2014-04-06 11:06:58

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

I am asking this because in my home network we are 3 people. can we use the same account or do i need to create 3 different vpn accounts?

Offline

#110 2014-04-06 13:42:12

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Whatever is more convenient to you. You can open multiple connections with one certificate.

Offline

#111 2014-04-12 01:51:48

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

I cant get this work. I have followed all the steps but openvpn client doesnt connect. Here is the openvpn client log

Sat Apr 12 04:46:20 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sat Apr 12 04:46:20 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 12 04:46:20 2014 Need hold release from management interface, waiting...
Sat Apr 12 04:46:21 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 12 04:46:21 2014 MANAGEMENT: CMD 'state on'
Sat Apr 12 04:46:21 2014 MANAGEMENT: CMD 'log all on'
Sat Apr 12 04:46:21 2014 MANAGEMENT: CMD 'hold off'
Sat Apr 12 04:46:21 2014 MANAGEMENT: CMD 'hold release'
Sat Apr 12 04:46:21 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 12 04:46:21 2014 UDPv4 link local: [undef]
Sat Apr 12 04:46:21 2014 UDPv4 link remote: [AF_INET]21X.XXX.XX.XX:1194
Sat Apr 12 04:46:21 2014 MANAGEMENT: >STATE:1397267181,WAIT,,,
Sat Apr 12 04:47:21 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 12 04:47:21 2014 TLS Error: TLS handshake failed
Sat Apr 12 04:47:21 2014 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 12 04:47:21 2014 MANAGEMENT: >STATE:1397267241,RECONNECTING,tls-error,,
Sat Apr 12 04:47:21 2014 Restart pause, 2 second(s)

here is the result of cat /etc/rc.local;

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 192.168.0.179
iptables -t nat -A PREROUTING -p udp -d 192.168.0.179 --dport 53 -j REDIRECT --to-port 1194

exit 0

and here is my iptable rules (if necessary)

*filter
#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 17901 -j ACCEPT
#  Allow ping
-A INPUT -p icmp -j ACCEPT
#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT

Thank you!

Last edited by Boran (2014-04-12 01:53:40)

Offline

#112 2014-04-12 01:58:00

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

You need to specify one of your assigned ports, 1194 isn't going to work.

Offline

#113 2014-04-12 02:11:28

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

How? Can you guide me little? Do i need to rerun your script? Or is there an easy way to just edit the port part?

Last edited by Boran (2014-04-12 02:38:17)

Offline

#114 2014-04-12 02:49:26

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Yes, rerun, select uninstall and then run again selecting the appropriate port when asked.

Offline

#115 2014-04-12 04:55:20

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

I changed the port but i still cannot connect

Sat Apr 12 07:53:24 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sat Apr 12 07:53:24 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 12 07:53:24 2014 Need hold release from management interface, waiting...
Sat Apr 12 07:53:25 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 12 07:53:25 2014 MANAGEMENT: CMD 'state on'
Sat Apr 12 07:53:25 2014 MANAGEMENT: CMD 'log all on'
Sat Apr 12 07:53:25 2014 MANAGEMENT: CMD 'hold off'
Sat Apr 12 07:53:25 2014 MANAGEMENT: CMD 'hold release'
Sat Apr 12 07:53:25 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 12 07:53:25 2014 UDPv4 link local: [undef]
Sat Apr 12 07:53:25 2014 UDPv4 link remote: [AF_INET]21X.XXX.XX.XX:17919
Sat Apr 12 07:53:25 2014 MANAGEMENT: >STATE:1397278405,WAIT,,,
Sat Apr 12 07:54:25 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 12 07:54:25 2014 TLS Error: TLS handshake failed
Sat Apr 12 07:54:25 2014 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 12 07:54:25 2014 MANAGEMENT: >STATE:1397278465,RECONNECTING,tls-error,,
Sat Apr 12 07:54:25 2014 Restart pause, 2 second(s)

Offline

#116 2014-04-12 08:37:42

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

i can connect now but i cannot open any website.

Offline

#117 2014-04-12 10:05:35

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,313
Website

Re: OpenVPN automated installer

Boran wrote:

i can connect now but i cannot open any website.

if you traceroute an IP, does it go over the vpn and does it reach the destination?
if it's a DNS issue

Offline

#118 2014-04-12 13:07:59

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Please, paste:

- Client connection log
- Output of ipconfig /all
- Output of route print

Offline

#119 2014-04-13 00:28:46

Boran
Trusted Member
Registered: 2014-04-04
Posts: 15

Re: OpenVPN automated installer

Okay here are they;

Client Connection Log;

Sun Apr 13 03:18:17 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Sun Apr 13 03:18:17 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Sun Apr 13 03:18:17 2014 Need hold release from management interface, waiting...
Sun Apr 13 03:18:18 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Sun Apr 13 03:18:18 2014 MANAGEMENT: CMD 'state on'
Sun Apr 13 03:18:18 2014 MANAGEMENT: CMD 'log all on'
Sun Apr 13 03:18:18 2014 MANAGEMENT: CMD 'hold off'
Sun Apr 13 03:18:18 2014 MANAGEMENT: CMD 'hold release'
Sun Apr 13 03:18:18 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 13 03:18:18 2014 UDPv4 link local: [undef]
Sun Apr 13 03:18:18 2014 UDPv4 link remote: [AF_INET]2XX.XXX.XX.XX:17919
Sun Apr 13 03:18:18 2014 MANAGEMENT: >STATE:1397348298,WAIT,,,
Sun Apr 13 03:18:18 2014 MANAGEMENT: >STATE:1397348298,AUTH,,,
Sun Apr 13 03:18:18 2014 TLS: Initial packet from [AF_INET]2XX.XXX.XX.XX:17919, sid=a2a95677 ed247e81
Sun Apr 13 03:18:19 2014 VERIFY OK: depth=1, C=NL, ST=NH, L=Amsterdam, O=Private, CN=Private CA, [email protected]
Sun Apr 13 03:18:19 2014 VERIFY OK: nsCertType=SERVER
Sun Apr 13 03:18:19 2014 VERIFY OK: depth=0, C=NL, ST=NH, L=Amsterdam, O=Private, CN=server, [email protected]
Sun Apr 13 03:18:19 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 13 03:18:19 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 13 03:18:19 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 13 03:18:19 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 13 03:18:19 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Apr 13 03:18:19 2014 [server] Peer Connection Initiated with [AF_INET]2XX.XXX.XX.XX:17919
Sun Apr 13 03:18:20 2014 MANAGEMENT: >STATE:1397348300,GET_CONFIG,,,
Sun Apr 13 03:18:21 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Apr 13 03:18:22 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Apr 13 03:18:22 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun Apr 13 03:18:22 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 13 03:18:22 2014 OPTIONS IMPORT: route options modified
Sun Apr 13 03:18:22 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Apr 13 03:18:22 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Apr 13 03:18:22 2014 MANAGEMENT: >STATE:1397348302,ASSIGN_IP,,10.8.0.6,
Sun Apr 13 03:18:22 2014 open_tun, tt->ipv6=0
Sun Apr 13 03:18:22 2014 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{175B5108-FFB4-41BF-9EBF-4B836682C905}.tap
Sun Apr 13 03:18:22 2014 TAP-Windows Driver Version 9.9 
Sun Apr 13 03:18:22 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {175B5108-FFB4-41BF-9EBF-4B836682C905} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Apr 13 03:18:22 2014 Successful ARP Flush on interface [10] {175B5108-FFB4-41BF-9EBF-4B836682C905}
Sun Apr 13 03:18:27 2014 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Apr 13 03:18:27 2014 C:\Windows\system32\route.exe ADD 2XX.XXX.XX.XX MASK 255.255.255.255 192.168.1.1
Sun Apr 13 03:18:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Sun Apr 13 03:18:27 2014 Route addition via IPAPI succeeded [adaptive]
Sun Apr 13 03:18:27 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Apr 13 03:18:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Apr 13 03:18:27 2014 Route addition via IPAPI succeeded [adaptive]
Sun Apr 13 03:18:27 2014 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Apr 13 03:18:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Apr 13 03:18:27 2014 Route addition via IPAPI succeeded [adaptive]
Sun Apr 13 03:18:27 2014 MANAGEMENT: >STATE:1397348307,ADD_ROUTES,,,
Sun Apr 13 03:18:27 2014 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Apr 13 03:18:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Apr 13 03:18:27 2014 Route addition via IPAPI succeeded [adaptive]
Sun Apr 13 03:18:27 2014 Initialization Sequence Completed
Sun Apr 13 03:18:27 2014 MANAGEMENT: >STATE:1397348307,CONNECTED,SUCCESS,10.8.0.6,2XX.XXX.XX.XX

route print;

C:\Windows\system32>route print
===========================================================================
Interface List
 10...00 ff 17 5b 51 08 ......TAP-Windows Adapter V9
  7...00 26 83 33 29 0d ......Bluetooth Device (Personal Area Network)
  4...48 f8 b3 65 2f fa ......Linksys AE3000
  3...60 a4 4c 54 8f 97 ......Intel(R) 82579V Gigabit Network Connection
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     25
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     30
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    286
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    286
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    281
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    281
    2XX.XXX.XX.XX  255.255.255.255      192.168.1.1      192.168.1.7     25
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    286
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    286
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6ab8:cd6:1885:f5f7:fff9/128
                                    On-link
 10    286 fe80::/64                On-link
  4    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::cd6:1885:f5f7:fff9/128
                                    On-link
 10    286 fe80::2148:ca2d:f75c:e69/128
                                    On-link
  4    281 fe80::a973:619e:b45e:ba20/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    286 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : xxxx
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-17-5B-51-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2148:ca2d:f75c:e69%10(Preferred
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : 13 Nisan 2014 Pazar 03:26:07
   Lease Expires . . . . . . . . . . : 13 Nisan 2015 Pazartesi 03:26:06
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.5
   DHCPv6 IAID . . . . . . . . . . . : 302055191
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-BE-7E-62-60-A4-4C-54-8

   DNS Servers . . . . . . . . . . . : 10.8.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Netwo
   Physical Address. . . . . . . . . : 00-26-83-33-29-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Linksys AE3000
   Physical Address. . . . . . . . . : 48-F8-B3-65-2F-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a973:619e:b45e:ba20%4(Preferred
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 12 Nisan 2014 Cumartesi 18:21:52
   Lease Expires . . . . . . . . . . : 13 Nisan 2014 Pazar 18:21:56
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 122222771
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-BE-7E-62-60-A4-4C-54-8

   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579V Gigabit Network Conne
n
   Physical Address. . . . . . . . . : 60-A4-4C-54-8F-97
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A2B27A43-0DE9-40D2-A538-5E7AE86CE430}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1c:3815:f5f7:fff9(Prefer
red)
   Link-local IPv6 Address . . . . . : fe80::1c:3815:f5f7:fff9%6(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 234881024
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-BE-7E-62-60-A4-4C-54-8F-97

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{175B5108-FFB4-41BF-9EBF-4B836682C905}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Offline

#120 2014-04-13 11:50:56

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

It looks fine to me, don't know where the problem can be... can you ping 8.8.8.8 while connected?

Offline

#121 2014-05-10 13:36:09

mkkyah
Member
Registered: 2014-05-10
Posts: 2

Re: OpenVPN automated installer

Hi,
I have installed OpenVpn with this script and it's really simple to install, working perfect without iptables. Thanks for making this installation so simple for us. (I didn't install it on a LowEndSpirit server, sorry if I'm asking it in wrong place)

With my iptables rules I can connect and establish successful authorization to server from windows and android clients, but I have no further connection to web, I can't browse.

My VPS is openvz, Tun/Tap is "on". Fallowing are my iptables rules:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to myvpsip
iptables -A INPUT -s myhomeip/32 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -s myhomeip/32 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

edit-- I'm using venet0, not eth0, on the openvz.

Last edited by mkkyah (2014-05-10 13:38:56)

Offline

#122 2014-05-12 13:51:11

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

@mkkyah writing to my personal email and adding Disposition-Notification-To headers isn't going to help you to get my attention.

Anyway, I don't support custom setups. If it works on a clean install without additional firewall rules, the script isn't the problem. I only support the script, not custom setups. If you want to further firewall your server, you need to troubleshoot yourself.

Offline

#123 2014-05-12 21:30:03

mkkyah
Member
Registered: 2014-05-10
Posts: 2

Re: OpenVPN automated installer

@Nyr
Ok, I can accept that and apologize for double checking(like I did in the email), because I wasn't sure which forum I should ask.

I don't  have any special setup, consider port 80 and 443 rules not set, only port 22 ssh rule like most of us need and openvpn, what iptables rules than?

Anyways thanks again for the script!

Offline

#124 2014-05-15 14:17:07

Tripleflix
Trusted Member
Registered: 2014-05-12
Posts: 80

Re: OpenVPN automated installer

Hey im trying to get this work on my vps, running squeze, updated a fresh install, enabled tun/tap en used your script, filled in the correct port and external Ip. my client (iphone) can connect to VPN perfectly, but i do not have internet on it.. i have tried various settigns and changed some things but keep getting the same result sad

what am i doing wrong? could it be a DNS server issue..?

edit, ok it seems the DNS servers provided in the openvpn package arent working for me (opendns servers)  i changed them to a known working opendns server and the google dns and now im up and running smile

Last edited by Tripleflix (2014-05-15 14:30:44)

Offline

#125 2014-05-15 16:21:24

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Tripleflix wrote:

Hey im trying to get this work on my vps, running squeze, updated a fresh install, enabled tun/tap en used your script, filled in the correct port and external Ip. my client (iphone) can connect to VPN perfectly, but i do not have internet on it.. i have tried various settigns and changed some things but keep getting the same result sad

what am i doing wrong? could it be a DNS server issue..?

edit: ok its a DNS issue, i can surf using only IP addresses. what is the best way to change this?

Is this happening on a LES? I remember Anthony said something about ACLing outbound DNS only to whitelisted servers only. I just checked on the UK node and this seems to be the case. Well, this sucks. Is not a problem with the script but with the network, since you can't connect to some parts of the Internet (aka the selected public resolvers).

Anyway, I have just pushed a revision of the script which should workaround this, even when there was nothing wrong with the script itself.

Use the removal feature, install again and let me know if all is working as it should smile

Offline

Board footer