openVPN setup script November 15, 2010 08:31PM |
Registered: 14 years ago Posts: 261 |
MediaMind
Re: openVPN setup script December 26, 2010 11:23PM |
Re: openVPN setup script December 27, 2010 08:44AM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script December 31, 2010 12:47PM |
Registered: 14 years ago Posts: 11 |
Re: openVPN setup script December 31, 2010 05:27PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script December 31, 2010 07:19PM |
Registered: 14 years ago Posts: 11 |
Server: 192.168.42.129 Address: 192.168.42.129#53 Non-authoritative answer: Name: www.demon.net Address: 212.69.213.230
# Generated by NetworkManager nameserver 192.168.42.129
nameserver 192.168.1.1
#verb 3 #log-append /var/log/openvpn.log dev tun server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt cert server.crt key server.key dh dh1024.pem push "route 10.8.0.0 255.255.255.0" push "redirect-gateway def1" comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key
# The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static #set your static IP below address 192.168.1.169 #set your default gateway IP here gateway 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255
Re: openVPN setup script December 31, 2010 07:23PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script December 31, 2010 07:32PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script December 31, 2010 07:39PM |
Registered: 14 years ago Posts: 11 |
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 69.203.125.72 192.168.42.129 255.255.255.255 UGH 0 0 0 usb0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 192.168.42.0 0.0.0.0 255.255.255.0 U 1 0 0 usb0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 usb0 0.0.0.0 10.8.0.5 0.0.0.0 UG 0 0 0 tun0
~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Re: openVPN setup script December 31, 2010 08:03PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script December 31, 2010 11:52PM |
Registered: 14 years ago Posts: 11 |
Re: openVPN setup script January 01, 2011 07:40AM |
Registered: 14 years ago Posts: 11 |
cd /tmp wget http://vpsnoc.com/scripts/debian-openvpn.sh cd /tmp chmod +x dbian-openvpn.sh ./debian-openvpn.sh
scp keys.tgz username@IP_Address_of_Your_Client_Computer:~/Desktop
Gateway: Your home IP Address/Domain (the URL you created with DynDNS) Type: Certificate (TLS) User Certificate: client1.crt CA Certificate: ca.crt Private Key: client1.key Private Key Password: (leave blank) Advanced: (Click and check "Use LZO data compression")
Re: openVPN setup script January 01, 2011 07:59AM |
Registered: 14 years ago Posts: 261 |
Original: dhcp-option DNS 10.8.0.1 New: dhcp-option DNS $LAN_DHCP_SERVERI think this means the original assumes there should be a DNS proxy on the OpenVPN end-point when VPN is active. Most people (like me :-) will have a DNS proxy on their router so thats why I changed it. Either way the setting seemed to be ignored with your old config as /etc/resolv/.conf didnt change when VPN was active.
Original: push "redirect-gateway"
New: push "redirect-gateway local defl"
This should be "def1" rather than "defl" but this isnt actually used unless you use the openvpn.conf file to connect rather than the Ubuntu VPN manager. I have fixed this in the latest setup_vpn.sh
Original: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
New: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $LAN_IFACE -j MASQUERADE
I cant see how this would work on your dockstar? Do you have a venet0 interface?
Re: openVPN setup script January 02, 2011 06:29PM |
Registered: 14 years ago Posts: 132 |
Re: openVPN setup script January 02, 2011 09:38PM |
Registered: 14 years ago Posts: 11 |
Re: openVPN setup script January 02, 2011 09:49PM |
Registered: 14 years ago Posts: 11 |
nano /etc/ddclient.conf
# Configuration file for ddclient generated by debconf # # /etc/ddclient.conf protocol=dyndns2 use=web, web=checkip.dyndns.com, web-skip='IP Address' server=members.dyndns.org login=My_Username password='My_Password' My_Hostname.dyndns.org
Re: openVPN setup script January 05, 2011 09:48AM |
Registered: 14 years ago Posts: 132 |
Re: openVPN setup script January 05, 2011 07:11PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script January 05, 2011 07:46PM |
Registered: 14 years ago Posts: 132 |
Re: openVPN setup script January 05, 2011 10:53PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script January 06, 2011 08:49AM |
Registered: 14 years ago Posts: 132 |
Thu Jan 06 06:42:44 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Thu Jan 06 06:42:44 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Thu Jan 06 06:42:44 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Jan 06 06:42:44 2011 LZO compression initialized Thu Jan 06 06:42:44 2011 UDPv4 link local (bound): [undef]:1194 Thu Jan 06 06:42:44 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:1194 Thu Jan 06 06:42:44 2011 [dockstar] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194 Thu Jan 06 06:42:46 2011 Options error: unknown --redirect-gateway flag: defl Thu Jan 06 06:42:46 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.9) Thu Jan 06 06:42:46 2011 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{A....}.tap Thu Jan 06 06:42:46 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {A....} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Thu Jan 06 06:42:46 2011 Successful ARP Flush on interface [50] {A.....} OK! OK! OK! OK! Thu Jan 06 06:42:48 2011 Initialization Sequence Completed Thu Jan 06 06:42:50 2011 TCP/UDP: Incoming packet rejected from 192.168.1.xx:1194[2], expected peer address: xxx.xxx.xxx.xxx:1194 (allow this incoming source address/port by removing --remote or adding --float) Thu Jan 06 06:43:46 2011 [dockstar] Inactivity timeout (--ping-restart), restarting OK! OK! OK! OK! Thu Jan 06 06:43:46 2011 SIGUSR1[soft,ping-restart] received, process restarting Thu Jan 06 06:43:48 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Thu Jan 06 06:43:48 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Jan 06 06:43:48 2011 LZO compression initialized Thu Jan 06 06:43:48 2011 UDPv4 link local (bound): [undef]:1194 Thu Jan 06 06:43:48 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:1194 Thu Jan 06 06:43:48 2011 [dockstar] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194 Thu Jan 06 06:43:49 2011 Options error: unknown --redirect-gateway flag: defl Thu Jan 06 06:43:49 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.9) Thu Jan 06 06:43:49 2011 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{A......}.tap Thu Jan 06 06:43:49 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {A....} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Thu Jan 06 06:43:49 2011 Successful ARP Flush on interface [50] {A....} OK! OK! OK! OK! Thu Jan 06 06:44:05 2011 Initialization Sequence CompletedThe log is from a Winodws laptop. When VPN is connected locally, my browsers (IE and Firefox) can't display any websites. Will try it remotely later today.
Re: openVPN setup script January 06, 2011 05:43PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script May 15, 2013 10:10AM |
Registered: 14 years ago Posts: 261 |
apt-get install openvpn network-manager-openvpn-gnome
VPN Connections > Configure VPN... > Add or Edit... > IPv4 Settings ...
Method: Automatic (VPN) Addresses Only DNS Servers: 8.8.8.8
Re: openVPN setup script July 10, 2013 06:03AM |
Registered: 14 years ago Posts: 16 |
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:22962 (22.9 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:662 errors:0 dropped:0 overruns:0 frame:0 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:85872 (83.8 KiB) TX bytes:924 (924.0 B)
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. ^C --- 192.168.1.1 ping statistics --- 19 packets transmitted, 0 received, 100% packet loss, time 18144ms
PING 212.58.244.57 (212.58.244.57) 56(84) bytes of data. ^C --- 212.58.244.57 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 9070ms
nameserver 192.168.1.1
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.1.1
#verb 3 #log-append /var/log/openvpn.log dev tun server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt cert server.crt key server.key dh dh1024.pem push "route 10.8.0.0 255.255.255.0" push "redirect-gateway local def1" comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key group daemon daemon
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.8.0.5 0.0.0.0 UG 0 0 0 tun0 10.2.0.0 0.0.0.0 255.255.0.0 U 9 0 0 wlan0 10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 tun0 178.*.*.* 10.2.0.1 255.255.255.255 UGH 0 0 0 wlan0
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
Re: openVPN setup script August 25, 2013 09:29PM |
Registered: 14 years ago Posts: 261 |
verb 3 log-append /var/log/openvpn.log dev tun server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt cert server.crt key server.key dh dh1024.pem push "route 10.8.0.0 255.255.255.0" push "redirect-gateway local def1" push "dhcp-option DNS 8.8.8.8" link-mtu 512 comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key group daemon daemonNote: link-mtu was required to tunnel over 3G/4G. I also added an option to push a DNS server which wasnt in the original script. Not sure if thats necessary.
Device Profile: Generic Setup Method: WEXT(ad-hoc) Enable Wifi-Encryption: checked Encryption Setup method: wpa_supplicant Routing Fix: checkedNote: depending on your Rom you may need to replace /system/bin/wpa_supplicant with the version from this thread. I downloaded from here and used Root Browser to rename the old version and copy the new version to /system/bin/ (remember to gunzip it and chmod 755).
Re: openVPN setup script September 04, 2013 06:50PM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script January 05, 2014 10:17PM |
Registered: 14 years ago Posts: 408 |
Re: openVPN setup script January 06, 2014 06:20AM |
Registered: 14 years ago Posts: 261 |
Re: openVPN setup script January 10, 2014 12:03AM |
Registered: 14 years ago Posts: 408 |
sh -c ‘echo 1 > /proc/sys/net/ipv4/ip_forward’ iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -o eth0 -j MASQUERADEAfter that everything work as expected.