User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Fri Jun 06, 2014 8:25 pm

Hi there,

What distribution are you running?

Code: Select all

sudo uname -a
I see the latest Debian does not include the examples anymore!
https://packages.debian.org/sid/armel/openvpn/filelist

Cheers, Thijs

loadbang wrote:I'm a little lost when copying the config:

cp: cannot stat ‘/usr/share/doc/openvpn/examples/easy-rsa’: No such file or directory

This is what I get when running locate

# locate easy-rsa
/etc/openvpn/easy-rsa
/usr/share/doc/easy-rsa
/usr/share/doc/easy-rsa/changelog.Debian.gz
/usr/share/doc/easy-rsa/copyright
/usr/share/doc/easy-rsa/README-2.0.gz
/usr/share/doc/easy-rsa/README.Debian
/usr/share/easy-rsa
/usr/share/easy-rsa/build-ca
/usr/share/easy-rsa/build-dh
/usr/share/easy-rsa/build-inter
/usr/share/easy-rsa/build-key
/usr/share/easy-rsa/build-key-pass
/usr/share/easy-rsa/build-key-pkcs12
/usr/share/easy-rsa/build-key-server
/usr/share/easy-rsa/build-req
/usr/share/easy-rsa/build-req-pass
/usr/share/easy-rsa/clean-all
/usr/share/easy-rsa/inherit-inter
/usr/share/easy-rsa/list-crl
/usr/share/easy-rsa/openssl-0.9.6.cnf
/usr/share/easy-rsa/openssl-0.9.8.cnf
/usr/share/easy-rsa/openssl-1.0.0.cnf
/usr/share/easy-rsa/pkitool
/usr/share/easy-rsa/revoke-full
/usr/share/easy-rsa/sign-req
/usr/share/easy-rsa/vars
/usr/share/easy-rsa/whichopensslcnf
/var/cache/apt/archives/easy-rsa_2.2.2-1_all.deb
/var/lib/dpkg/info/easy-rsa.list
/var/lib/dpkg/info/easy-rsa.md5sums
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

ucabnaz
Posts: 10
Joined: Sun Jun 08, 2014 12:33 pm

Re: OpenVPN tutorial

Mon Jun 16, 2014 4:38 pm

If I am using eth0 interface of Raspberry PI for internet connection which is dynamic, and wlan1 interface for the Access Point which is static, in newvpn.ovpn and in iptable configuration which interface address do I need to enter?

zirum
Posts: 3
Joined: Wed Oct 08, 2014 12:43 pm

Re: OpenVPN tutorial

Wed Oct 08, 2014 12:52 pm

Hi!

Really not sure where would be the right place to post this, so trying here.

I seem to have some connectivity issues with my RPI, and I think it might be related to subnets somehow. Never gotten the full drift of that...

Setup is a cable modem -> router with wifi -> wired to switch -> RPI
I have another AP connected to the switch. While connected to the AP wireless, my mobile communicates flawless to my RPI. But connecting to router, the messages seem to stumble. I say stumble, because the app I use seems to connect sometimes.

So would the switch in some way generate a subnet, or any other limitations? I have noticed also that using Chromecast works for all devices when connected to the AP. On Router, I only get the Chromecast connected to the router.

Come to think of it, maybe I should investigate if the Routers wifi has some kind of limitation/firewall? Non the less, any other suggestions would be very much appretiated!

Thanks!

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Fri Oct 31, 2014 1:18 am

Maybe it helps if you draw out a map of your network, I often use the free app Fing to get a quick overview. Maybe your AP has a DHCP server and your router also runs one, so it's an IP battle ;)
Anyhow, this is off-topic so better get into a Networking group :)
zirum wrote:Hi!

Really not sure where would be the right place to post this, so trying here.

I seem to have some connectivity issues with my RPI, and I think it might be related to subnets somehow. Never gotten the full drift of that...

Setup is a cable modem -> router with wifi -> wired to switch -> RPI
I have another AP connected to the switch. While connected to the AP wireless, my mobile communicates flawless to my RPI. But connecting to router, the messages seem to stumble. I say stumble, because the app I use seems to connect sometimes.

So would the switch in some way generate a subnet, or any other limitations? I have noticed also that using Chromecast works for all devices when connected to the AP. On Router, I only get the Chromecast connected to the router.

Come to think of it, maybe I should investigate if the Routers wifi has some kind of limitation/firewall? Non the less, any other suggestions would be very much appretiated!

Thanks!
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

macho
Posts: 13
Joined: Mon Dec 14, 2015 7:28 pm

Re: OpenVPN tutorial

Tue Dec 22, 2015 10:31 pm

I've gotten openvpn set up so that it works if I run it from the command line, e.g.

# openvpn server.conf

But running it as a service fails, although it reports no errors. The /etc/init.d/openvpn script seems to die silently at the first line, ". /lib/lsb/init-functions".

Any thoughts as to why this might be happening? Thanks.

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Wed Dec 23, 2015 6:28 am

macho wrote:I've gotten openvpn set up so that it works if I run it from the command line, e.g.

# openvpn server.conf

But running it as a service fails, although it reports no errors. The /etc/init.d/openvpn script seems to die silently at the first line, ". /lib/lsb/init-functions".

Any thoughts as to why this might be happening? Thanks.
Could you please share the init script? And also

Code: Select all

dpkg -s openvpn
which returns information about the version you installed.
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

macho
Posts: 13
Joined: Mon Dec 14, 2015 7:28 pm

Re: OpenVPN tutorial

Wed Dec 23, 2015 6:57 am

Thanks for the response. I'm using openvpn v2.3.4-5. I'm attaching the init script below, but I'm more and more convinced there must be some moronic thing I've omitted, because I'm getting the exact same problem on the client side with openvpn on ubuntu, i.e. it works when run as a command, but not as a service.

When I run the init.d script it seems to work:
$ sudo /etc/init.d/openvpn start
[ ok ] Starting openvpn (via systemctl): openvpn.service.

The logs seem to indicate as much:
$ sudo tail /var/log/syslog -n 1
Dec 23 01:51:53 raspberrypi systemd[1]: Started OpenVPN service.

But nothing is running:
$ ifconfig tun0
tun0: error fetching interface information: Device not found

$ ps aux | grep vpn
<gives nothing but the grep command itself>

Here is my /etc/init.d/openvpn:
#!/bin/sh -e

### BEGIN INIT INFO
# Provides: openvpn
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: network-manager
# Should-Stop: network-manager
# X-Start-Before: $x-display-manager gdm kdm xdm wdm ldm sdm nodm
# X-Interactive: true
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Openvpn VPN service
# Description: This script will start OpenVPN tunnels as specified
# in /etc/default/openvpn and /etc/openvpn/*.conf
### END INIT INFO

# Original version by Robert Leslie
# <rob@mars.org>, edited by iwj and cs
# Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org>
# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net>

. /lib/lsb/init-functions

test $DEBIAN_SCRIPT_DEBUG && set -v -x

DAEMON=/usr/sbin/openvpn
DESC="virtual private network daemon"
CONFIG_DIR=/etc/openvpn
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0

# Source defaults file; edit that file to configure this script.
AUTOSTART="all"
STATUSREFRESH=10
OMIT_SENDSIGS=0
if test -e /etc/default/openvpn ; then
. /etc/default/openvpn
fi

start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
DAEMONARG=
else
# need to daemonize
DAEMONARG="--daemon ovpn-$NAME"
fi

if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
# status file already given in config file
STATUSARG=""
elif test $STATUSREFRESH -eq 0 ; then
# default status file disabled in /etc/default/openvpn
STATUSARG=""
else
# prepare default status file
STATUSARG="--status /run/openvpn/$NAME.status $STATUSREFRESH"
fi

# tun using the "subnet" topology confuses the routing code that wrongly
# emits ICMP redirects for client to client communications
SAVED_DEFAULT_SEND_REDIRECTS=0
if grep -q '^[[:space:]]*dev[[:space:]]*tun' $CONFIG_DIR/$NAME.conf && \
grep -q '^[[:space:]]*topology[[:space:]]*subnet' $CONFIG_DIR/$NAME.conf ; then
# When using "client-to-client", OpenVPN routes the traffic itself without
# involving the TUN/TAP interface so no ICMP redirects are sent
if ! grep -q '^[[:space:]]*client-to-client' $CONFIG_DIR/$NAME.conf ; then
sysctl -w net.ipv4.conf.all.send_redirects=0 > /dev/null

# Save the default value for send_redirects before disabling it
# to make sure the tun device is created with send_redirects disabled
SAVED_DEFAULT_SEND_REDIRECTS=$(sysctl -n net.ipv4.conf.default.send_redirects)

if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then
sysctl -w net.ipv4.conf.default.send_redirects=0 > /dev/null
fi
fi
fi

log_progress_msg "$NAME"
STATUS=0

start-stop-daemon --start --quiet --oknodo \
--pidfile /run/openvpn/$NAME.pid \
--exec $DAEMON -- $OPTARGS --writepid /run/openvpn/$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf || STATUS=1

[ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /run/openvpn/$NAME.pid /run/sendsigs.omit.d/openvpn.$NAME.pid

# Set the back the original default value of send_redirects if it was changed
if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then
sysctl -w net.ipv4.conf.default.send_redirects=$SAVED_DEFAULT_SEND_REDIRECTS > /dev/null
fi
}
stop_vpn () {
start-stop-daemon --stop --quiet --oknodo \
--pidfile $PIDFILE --exec $DAEMON --retry 5
if [ "$?" -eq 0 ]; then
rm -f $PIDFILE
[ "$OMIT_SENDSIGS" -ne 1 ] || rm -f /run/sendsigs.omit.d/openvpn.$NAME.pid
rm -f /run/openvpn/$NAME.status 2> /dev/null
fi
}


case "$1" in
start)
log_daemon_msg "Starting $DESC"

# first create /run directory so it's present even
# when no VPN are autostarted by this script, but later
# by systemd openvpn@.service
mkdir -p /run/openvpn

# autostart VPNs
if test -z "$2" ; then
# check if automatic startup is disabled by AUTOSTART=none
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
log_warning_msg " Autostart disabled."
exit 0
fi
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# all VPNs shall be started automatically
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
start_vpn
done
else
# start only specified VPNs
for NAME in $AUTOSTART ; do
if test -e $CONFIG_DIR/$NAME.conf ; then
start_vpn
else
log_failure_msg "No such VPN: $NAME"
STATUS=1
fi
done
fi
#start VPNs from command line
else
while shift ; do
[ -z "$1" ] && break
if test -e $CONFIG_DIR/$1.conf ; then
NAME=$1
start_vpn
else
log_failure_msg " No such VPN: $1"
STATUS=1
fi
done
fi
log_end_msg ${STATUS:-0}

;;
stop)
log_daemon_msg "Stopping $DESC"

if test -z "$2" ; then
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
stop_vpn
log_progress_msg "$NAME"
done
else
while shift ; do
[ -z "$1" ] && break
if test -e /run/openvpn/$1.pid ; then
PIDFILE=`ls /run/openvpn/$1.pid 2> /dev/null`
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
stop_vpn
log_progress_msg "$NAME"
else
log_failure_msg " (failure: No such VPN is running: $1)"
fi
done
fi
log_end_msg 0
;;
# Only 'reload' running VPNs. New ones will only start with 'start' or 'restart'.
reload|force-reload)
log_daemon_msg "Reloading $DESC"
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
# If openvpn if running under a different user than root we'll need to restart
if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
stop_vpn
start_vpn
log_progress_msg "(restarted)"
else
kill -HUP `cat $PIDFILE` || true
log_progress_msg "$NAME"
fi
done
log_end_msg 0
;;

# Only 'soft-restart' running VPNs. New ones will only start with 'start' or 'restart'.
soft-restart)
log_daemon_msg "$DESC sending SIGUSR1"
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
kill -USR1 `cat $PIDFILE` || true
log_progress_msg "$NAME"
done
log_end_msg 0
;;

restart)
shift
$0 stop ${@}
$0 start ${@}
;;
cond-restart)
log_daemon_msg "Restarting $DESC."
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
stop_vpn
start_vpn
done
log_end_msg 0
;;
status)
GLOBAL_STATUS=0
if test -z "$2" ; then
# We want status for all defined VPNs.
# Returns success if all autostarted VPNs are defined and running
if test "x$AUTOSTART" = "xnone" ; then
# Consider it a failure if AUTOSTART=none
log_warning_msg "No VPN autostarted"
GLOBAL_STATUS=1
else
if ! test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# Consider it a failure if one of the autostarted VPN is not defined
for VPN in $AUTOSTART ; do
if ! test -f $CONFIG_DIR/$VPN.conf ; then
log_warning_msg "VPN '$VPN' is in AUTOSTART but is not defined"
GLOBAL_STATUS=1
fi
done
fi
fi
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
# Is it an autostarted VPN ?
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
AUTOVPN=1
else
if test "x$AUTOSTART" = "xnone" ; then
AUTOVPN=0
else
AUTOVPN=0
for VPN in $AUTOSTART; do
if test "x$VPN" = "x$NAME" ; then
AUTOVPN=1
fi
done
fi
fi
if test "x$AUTOVPN" = "x1" ; then
# If it is autostarted, then it contributes to global status
status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1
else
status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true
fi
done
else
# We just want status for specified VPNs.
# Returns success if all specified VPNs are defined and running
while shift ; do
[ -z "$1" ] && break
NAME=$1
if test -e $CONFIG_DIR/$NAME.conf ; then
# Config exists
status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1
else
# Config does not exist
log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !"
GLOBAL_STATUS=1
fi
done
fi
exit $GLOBAL_STATUS
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart|soft-restart|status}" >&2
exit 1
;;
esac

exit 0

# vim:set ai sts=2 sw=2 tw=0:

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Wed Dec 23, 2015 8:49 am

Okay, that's good to hear. OpenVPN works but does not find the .conf file in /etc/openvpn probably. You can point OpenVPN manualy to the file using

Code: Select all

sudo openvpn --config /etc/openvpn/yourconfigfile.conf
and let's see how that responds..

Next time, when you past CODE, please use a CODE block :)
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

TalkNerdyToMe
Posts: 10
Joined: Mon Dec 21, 2015 9:08 am

Re: OpenVPN tutorial

Wed Dec 23, 2015 9:02 am

This has probably already been answered, but what is the benefit of this type of OpenVPN over the VPN that I already have? Which is Hola by the way.

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Wed Dec 23, 2015 9:07 am

TalkNerdyToMe wrote:This has probably already been answered, but what is the benefit of this type of OpenVPN over the VPN that I already have? Which is Hola by the way.
OpenVPN is a software program. Hola is a network of clients sharing connections. Apples and pears really.
Few pointers: Hola is not private, not open source, other users use your bandwidth and may exploit it and you cannot run 'your own Hola'.

Better read this: https://en.wikipedia.org/wiki/Hola_(VPN)
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

macho
Posts: 13
Joined: Mon Dec 14, 2015 7:28 pm

Re: OpenVPN tutorial

Wed Dec 23, 2015 2:44 pm

Thanks again, Thijxx. The command works when the current working directory is /etc/openvpn:

Code: Select all

pi /etc/openvpn $ sudo openvpn --config /etc/openvpn/OpenVPN-HomePi.conf
Wed Dec 23 09:40:48 2015 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  5 2014
Wed Dec 23 09:40:49 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Wed Dec 23 09:40:49 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Dec 23 09:40:49 2015 Diffie-Hellman initialized with 2048 bit key
Wed Dec 23 09:40:49 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed Dec 23 09:40:49 2015 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:73:af:df
Wed Dec 23 09:40:49 2015 TUN/TAP device tun0 opened
Wed Dec 23 09:40:49 2015 TUN/TAP TX queue length set to 100
Wed Dec 23 09:40:49 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Dec 23 09:40:49 2015 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 23 09:40:49 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Dec 23 09:40:49 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Dec 23 09:40:50 2015 GID set to nogroup
Wed Dec 23 09:40:50 2015 UID set to nobody
Wed Dec 23 09:40:50 2015 UDPv4 link local (bound): [undef]
Wed Dec 23 09:40:50 2015 UDPv4 link remote: [undef]
Wed Dec 23 09:40:50 2015 MULTI: multi_init called, r=256 v=256
Wed Dec 23 09:40:50 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Dec 23 09:40:50 2015 ifconfig_pool_read(), in='hoarder-vpn,10.8.0.4', TODO: IPv6
Wed Dec 23 09:40:50 2015 succeeded -> ifconfig_pool_set()
Wed Dec 23 09:40:50 2015 IFCONFIG POOL LIST
Wed Dec 23 09:40:50 2015 hoarder-vpn,10.8.0.4
Wed Dec 23 09:40:50 2015 Initialization Sequence Completed
But not if I start it from elsewhere:

Code: Select all

pi ~ $ sudo openvpn --config /etc/openvpn/OpenVPN-HomePi.conf
 Options error: --dh fails with 'keys/dh2048.pem': No such file or directory
Options error: --ca fails with 'keys/ca.crt': No such file or directory
Options error: --cert fails with 'keys/server.crt': No such file or directory
Options error: --key fails with 'keys/server.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Wed Dec 23, 2015 3:29 pm

macho wrote:Thanks again, Thijxx. The command works when the current working directory is /etc/openvpn:

Code: Select all

pi /etc/openvpn $ sudo openvpn --config /etc/openvpn/OpenVPN-HomePi.conf
Wed Dec 23 09:40:48 2015 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  5 2014
Wed Dec 23 09:40:49 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Wed Dec 23 09:40:49 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Dec 23 09:40:49 2015 Diffie-Hellman initialized with 2048 bit key
Wed Dec 23 09:40:49 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed Dec 23 09:40:49 2015 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:73:af:df
Wed Dec 23 09:40:49 2015 TUN/TAP device tun0 opened
Wed Dec 23 09:40:49 2015 TUN/TAP TX queue length set to 100
Wed Dec 23 09:40:49 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Dec 23 09:40:49 2015 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 23 09:40:49 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Dec 23 09:40:49 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Dec 23 09:40:50 2015 GID set to nogroup
Wed Dec 23 09:40:50 2015 UID set to nobody
Wed Dec 23 09:40:50 2015 UDPv4 link local (bound): [undef]
Wed Dec 23 09:40:50 2015 UDPv4 link remote: [undef]
Wed Dec 23 09:40:50 2015 MULTI: multi_init called, r=256 v=256
Wed Dec 23 09:40:50 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Dec 23 09:40:50 2015 ifconfig_pool_read(), in='hoarder-vpn,10.8.0.4', TODO: IPv6
Wed Dec 23 09:40:50 2015 succeeded -> ifconfig_pool_set()
Wed Dec 23 09:40:50 2015 IFCONFIG POOL LIST
Wed Dec 23 09:40:50 2015 hoarder-vpn,10.8.0.4
Wed Dec 23 09:40:50 2015 Initialization Sequence Completed
But not if I start it from elsewhere:

Code: Select all

pi ~ $ sudo openvpn --config /etc/openvpn/OpenVPN-HomePi.conf
 Options error: --dh fails with 'keys/dh2048.pem': No such file or directory
Options error: --ca fails with 'keys/ca.crt': No such file or directory
Options error: --cert fails with 'keys/server.crt': No such file or directory
Options error: --key fails with 'keys/server.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
That's ok, the paths to the key files are relative and not absolute so that's normal behavior.

It looks like it works fine with the config file you created, so good job on the configuration!
Now the question why it does not get found by the init script.. are there any clues in here

Code: Select all

/var/log/syslog
after you:

Code: Select all

sudo service openvpn restart
If not, please add an empty test.conf to the /etc/openvpn directory to check if it gets hit by the init script, it should complain about it being empty..
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

macho
Posts: 13
Joined: Mon Dec 14, 2015 7:28 pm

Re: OpenVPN tutorial

Wed Dec 23, 2015 4:07 pm

Now I'm getting somewhere, thanks! Syslog had some nasty looking stuff:

Code: Select all

ERROR: Linux route delete command failed: external program exited with error status: 2
Closing TUN/TAP interface
/sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
Linux ip addr del failed: external program exited with error status: 2
This got me thinking about what could be different between running openvpn through sudo vs. as a service: permissions! In both the server (Raspberry Pi) + client (Ubuntu) conf files, I had uncommented the lines reducing openvpn's permissions, which another tutorial had suggested I should do to heighten security:

Code: Select all

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
If I re-comment those two lines, the daemon works! Thanks so much for all your help. One last question: Is there some way I can re-comment these and still have it work?

As an aside, when I touch /etc/openvpn/test.conf, as you suggested, I get no additional warnings, which strikes me as odd.

User avatar
Thijxx
Posts: 86
Joined: Mon Oct 22, 2012 1:25 pm
Location: The Netherlands

Re: OpenVPN tutorial

Fri Dec 25, 2015 8:17 am

macho wrote:Now I'm getting somewhere, thanks! Syslog had some nasty looking stuff:

Code: Select all

ERROR: Linux route delete command failed: external program exited with error status: 2
Closing TUN/TAP interface
/sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
Linux ip addr del failed: external program exited with error status: 2
This got me thinking about what could be different between running openvpn through sudo vs. as a service: permissions! In both the server (Raspberry Pi) + client (Ubuntu) conf files, I had uncommented the lines reducing openvpn's permissions, which another tutorial had suggested I should do to heighten security:

Code: Select all

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
If I re-comment those two lines, the daemon works! Thanks so much for all your help. One last question: Is there some way I can re-comment these and still have it work?

As an aside, when I touch /etc/openvpn/test.conf, as you suggested, I get no additional warnings, which strikes me as odd.
Good stuff!
I'm not sure about the nobody/nogroup, have to read into that and test it out a bit. You may want to check if you have the group 'nogroup' and the user 'nobody' present in your system.

Code: Select all

getent passwd
and..

Code: Select all

getent group
For the sake of completeness: maybe an empty file is not enough to err, you could insert some random characters.
Mimi: Where'd you come from?
Doyle: My mom and the authorities are still trying to figure that out.

TalkNerdyToMe
Posts: 10
Joined: Mon Dec 21, 2015 9:08 am

Re: OpenVPN tutorial

Thu Jan 07, 2016 10:30 am

Thijxx wrote:
TalkNerdyToMe wrote:This has probably already been answered, but what is the benefit of this type of OpenVPN over the VPN that I already have? Which is Hola by the way.
OpenVPN is a software program. Hola is a network of clients sharing connections. Apples and pears really.
Few pointers: Hola is not private, not open source, other users use your bandwidth and may exploit it and you cannot run 'your own Hola'.

Better read this: https://en.wikipedia.org/wiki/Hola_(VPN)

Very helpful. Thanks! I will indeed look into it. To be honest, I really only use my VPN to access Netflix through different country codes. I'm not overly concerned with it being open source, but bandwidth and security would definitely be a concern. Thanks for breaking it down for me.

Chevers
Posts: 5
Joined: Fri Feb 12, 2016 9:33 pm

Re: OpenVPN tutorial

Fri Feb 12, 2016 9:37 pm

Setting up my raspberry pi openvpn, but still get the same messgae as many users: cp: cannot stat â/usr/share/doc/openvpn/examples/easy-rsa/2.0â: No such file or directory

Can anyone help a newbie. (Its day 2 and have re-installed my pi twice.....)

DarrenHill
Posts: 272
Joined: Fri Oct 03, 2014 3:03 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 8:42 am

The software set-up on Jessie seems to be a bit different to Wheezy (which the older tutorials were set up on).

Have a look at the link below, it's a tutorial to set OpenVPN up on Jessie:

https://www.digitalocean.com/community/ ... n-debian-8

Chevers
Posts: 5
Joined: Fri Feb 12, 2016 9:33 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 10:30 am

Thanks David, but I still have the same problem.. I have done all the updates, installs, downloads. I follow the instructions to absolute detail - spaces etc. Still the same response.

When I try reinstall the openvpn, I get the message saying "0 updated, 0 installed" because Im using the latest edition.

DarrenHill
Posts: 272
Joined: Fri Oct 03, 2014 3:03 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 10:32 am

Who's David? ;)

The OpenVPN is the same, but the layout of the files and folders it uses is different in the new version that is available with Jessie.

Initially I had the same issue you are having, but following the tutorial I linked to rather than the one you have should work, as it refers to the files in their new locations.

Chevers
Posts: 5
Joined: Fri Feb 12, 2016 9:33 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 11:17 am

Thanks Darren..!

Im going to reinstall raspbian Jessie rather than go through noobs. perhaps this will help. Will update.

Chevers
Posts: 5
Joined: Fri Feb 12, 2016 9:33 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 7:28 pm

Hi Darren.

I'm getting stuck on step 3 - enabling packet forwarding. When you type # nano /etc/stsct1.conf. It takes you to a page where but it's just blank. So can't uncomment net.ipv4.ip_forward=1. Any ideas. ?

Thanks for help

DarrenHill
Posts: 272
Joined: Fri Oct 03, 2014 3:03 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 7:36 pm

It's sysctl (system control), not stsct1.

The simplest way is to copy-paste the text from the tutorial into putty directly, then you shouldn't have any typo risk. Or just go to the directory (/etc) and for files like this you should already find it there, just look for it with ls-a to show what's there and find it. Also don't forget, don't type the # ;)

Chevers
Posts: 5
Joined: Fri Feb 12, 2016 9:33 pm

Re: OpenVPN tutorial

Sat Feb 13, 2016 7:45 pm

Brilliant. Thanks. iPad on one knee, keyboard in between staring at the TVs monitor!

kensingtonpi
Posts: 1
Joined: Sat Feb 13, 2016 2:35 am

Re: OpenVPN tutorial

Sat Feb 13, 2016 7:54 pm

hi there trying to set up my own vpn and having some trouble been following the steps but when I put cd /usr/share/doc/openvpn/examples/easy-rsa it keep saying no such file or directory, tried to locate them but no joy any help would be grateful

DarrenHill
Posts: 272
Joined: Fri Oct 03, 2014 3:03 pm

Re: OpenVPN tutorial

Sun Feb 14, 2016 7:20 am

Did you even read the posts above?

It's the same problem, plus the reason why and the solution...

Return to “Networking and servers”