arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
#11
@Hidden Refuge i successfully done to make a openvpn server and at the end finally it's working. but one more thing is it has a rsa generated easy-rsa system but i need a password protected client file. whenever i start openvpn *.ovpn file. windows should ask for a password. how can i do that?
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#12
You followed my guide for OpenVPN? The guide is focused on a more secure way to login at the VPN server. So basically like SSH public key authentication you use a certificate/key to login to the server (which also encrypts the whole traffic). I haven't been using OpenVPN for years. So I actually have no idea at this point how to convert it to use username and password again.
[Image: zHHqO5Q.png]
#13
Hello all experts. After a long time i try to install again Openvpn server in my container. but again i got following errors. 
cat /etc/rc.local file is unreachable. even not open with ftp. 

sudo systemctl daemon-reload

xxx@kvm-xxx:~# sudo systemctl daemon-reload
xxx@kvm-xxx:~# sudo systemctl start [email protected]
Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xe" for details.


sudo systemctl status rc-local
xxx@kvm-xxx:~# sudo systemctl status rc-local
● rc-local.service - /etc/rc.local Compatibility
   Loaded: loaded (/lib/systemd/system/rc-local.service; static; vendor preset:
  Drop-In: /lib/systemd/system/rc-local.service.d
           └─debian.conf
   Active: inactive (dead)
Condition: start condition failed at Thu 2021-02-18 04:40:20 EST; 14min ago

[2]+  Stopped                 sudo systemctl status rc-local



journalctl -xe
xxxx@kvm-xxx:~# journalctl -xe
-- Support: https://www.debian.org/support
--
-- The system clock has been changed to REALTIME microseconds after January 1st,
Feb 18 04:55:54 kvm-xxx systemd[1]: Time has been changed
-- Subject: Time change
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The system clock has been changed to REALTIME microseconds after January 1st,
Feb 18 04:55:54 kvm-xxx systemd[1]: apt-daily-upgrade.timer: Ad
Feb 18 04:55:54 kvm-xxx systemd[1]: apt-daily.timer: Adding 5h
Feb 18 04:56:01 kvm-xxx sshd[4586]: Invalid user pst from 66.17
Feb 18 04:56:01 kvm-xxx sshd[4586]: input_userauth_request: inv
Feb 18 04:56:01 kvm-xxx sshd[4586]: pam_unix(sshd:auth): check
Feb 18 04:56:01 kvm-xxx sshd[4586]: pam_unix(sshd:auth): authen
Feb 18 04:56:03 kvm-xxx sshd[4586]: Failed password for invalid
Feb 18 04:56:03 kvm-xxx sshd[4586]: Received disconnect from 66
Feb 18 04:56:03 kvm-xxx sshd[4586]: Disconnected from 66.175.23
Feb 18 04:56:09 kvm-xxx sshd[4601]: pam_unix(sshd:auth): authen
Feb 18 04:56:10 kvm-xxx sshd[4609]: pam_unix(sshd:auth): authen
Feb 18 04:56:11 kvm-xxx sshd[4601]: Failed password for root fr
Feb 18 04:56:11 kvm-xxx sshd[4601]: Received disconnect from 15
Feb 18 04:56:11 kvm-xxx sshd[4601]: Disconnected from 157.245.2
lines 1346-1368/1368 (END)
-- Support: https://www.debian.org/support
--
-- The system clock has been changed to REALTIME microseconds after January 1st, 1970.
Feb 18 04:55:54 kvm-xxx systemd[1]: Time has been changed
-- Subject: Time change
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The system clock has been changed to REALTIME microseconds after January 1st, 1970.
Feb 18 04:55:54 kvm-xxx systemd[1]: apt-daily-upgrade.timer: Adding 38min 32.488969s random time.
Feb 18 04:55:54 kvm-xxx systemd[1]: apt-daily.timer: Adding 5h 8min 22.986970s random time.
Feb 18 04:56:01 kvm-xxx sshd[4586]: Invalid user pst from 66.175.233.84 port 59360
Feb 18 04:56:01 kvm-xxx sshd[4586]: input_userauth_request: invalid user pst [preauth]
Feb 18 04:56:01 kvm-xxx sshd[4586]: pam_unix(sshd:auth): check pass; user unknown
Feb 18 04:56:01 kvm-xxx sshd[4586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.175.233.84
Feb 18 04:56:03 kvm-xxx sshd[4586]: Failed password for invalid user pst from 66.175.233.84 port 59360 ssh2
Feb 18 04:56:03 kvm-xxx sshd[4586]: Received disconnect from 66.175.233.84 port 59360:11: Bye Bye [preauth]
Feb 18 04:56:03 kvm-xxx sshd[4586]: Disconnected from 66.175.233.84 port 59360 [preauth]
Feb 18 04:56:09 kvm-xxx sshd[4601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.246.117  user=xxx
Feb 18 04:56:10 kvm-xxxx sshd[4609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.56.87  user=xxx
Feb 18 04:56:11 kvm-xxxx sshd[4601]: Failed password for root from 157.245.246.117 port 51154 ssh2
Feb 18 04:56:11 kvm-xxxx sshd[4601]: Received disconnect from 157.245.246.117 port 51154:11: Bye Bye [preauth]
Feb 18 04:56:11 kvm-xxxxx sshd[4601]: Disconnected from 157.245.246.117 port 51154 [preauth]
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#14
Does your provider allow the use a VPN on their services, if so, you have to contact openvpn or your provider for it. If it's not allowed then you can try what you want but it wont ever work.
#15
(02-18-2021, 06:12 PM)Pacific Spirit Wrote: Does your provider allow the use a VPN on their services, if so, you have to contact openvpn or your provider for it. If it's not allowed then you can try what you want but it wont ever work.

Yes. i use VPS-9, and i ran it for a long. but shut off since 1 year ago. and now i need it so i wish to install it again because all older configuration dismiss due to OS upgradation.
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#16
rc.local is a relic from the times of init times. It was available for a time when the transition from init to systemd has been performed but nowadays rc.local is no longer really a thing.

It looks like systemd has a rc.local compatible interface. So that means that you can most likely simply create a empty rc.local file in /etc and fill it with your code which should be run by systemd.

Have you tried that already? Just creating the rc.local file yourself? Even in the times of init or the transition time of systemd the rc.local file was usually empty or only contained comments. So nothing you can really break.

Apart from that why do you think that rc.local is the issue? You post that openvpn service returns an error but you didn't provide the journald entry with that error. Did you forget the include that information and there you found the rc.local issue?
[Image: zHHqO5Q.png]
#17
(02-19-2021, 05:16 AM)sagher Wrote: Yes. i use VPS-9, and i ran it for a long. but shut off since 1 year ago. and now i need it so i wish to install it again because all older configuration dismiss due to OS upgradation.

Did you enable TUN/TAB on your vps 9? This may cause the issue.
#18
(02-19-2021, 02:56 PM)Mashiro Wrote: rc.local is a relic from the times of init times. It was available for a time when the transition from init to systemd has been performed but nowadays rc.local is no longer really a thing.

It looks like systemd has a rc.local compatible interface. So that means that you can most likely simply create a empty rc.local file in /etc and fill it with your code which should be run by systemd.

Have you tried that already? Just creating the rc.local file yourself? Even in the times of init or the transition time of systemd the rc.local file was usually empty or only contained comments. So nothing you can really break.

Apart from that why do you think that rc.local is the issue? You post that openvpn service returns an error but you didn't provide the journald entry with that error. Did you forget the include that information and there you found the rc.local issue?

Yes i try it. but the problem is that file is already located in /etc but unable to open or remove. and ftp not allows me to create new one when already same file exist.
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#19
(02-19-2021, 08:47 PM)Pacific Spirit Wrote: Did you enable TUN/TAB on your vps 9? This may cause the issue.

Yes . that is a solid reason. i do open a ticket for it. i ll be back when i got confirmation. i also request you to kindly share with me full automated script for openvpn installer with easy-rsa key encryption.
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#20
(02-20-2021, 05:25 AM)sagher Wrote: Yes . that is a solid reason. i do open a ticket for it. i ll be back when i got confirmation. i also request you to kindly share with me full automated script for openvpn installer with easy-rsa key encryption.

OpenVPN is an open source virtual private network (VPN) software. Follow the steps below to configure OpenVPN on CentOS:

1. Install dependencies:

# yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel



2. Get OpenVPN:

# wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

# wget http://dag.wieers.com/rpm/packages/rpmfo...x86_64.rpm

3. Prepare to install:

# rpmbuild --rebuild lzo-1.08-4.rf.src.rpm

# rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm

# rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

4. Install OpenVPN:

# yum install openvpn

5. Copy the OpenVPN directory:

# cp -r /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/

6. Build SSL keys. When prompted for key information, you can simply press enter to bypass:

#cd /etc/openvpn/easy-rsa/2.0

#chmod 755 *

#source ./vars

#./vars

#./clean-all

#./build-ca

#./build-key-server server

#./build-dh

7. Create the OpenVPN config:

# cd /etc/openvpn

# vi server.conf

Copy the following sample config into the document, edit the IP address and port to your main IP address and desired port, then press ESC, then :wq and enter to save and exit the document.

local 123.123.123.123 #- change it with your server ip address

port 1234 #- change the port you want

proto udp #- protocol can be tcp or udp

dev tun

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt

cert /etc/openvpn/easy-rsa/2.0/keys/server.crt

key /etc/openvpn/easy-rsa/2.0/keys/server.key

dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login

client-cert-not-required

username-as-common-name

server 10.8.0.0 255.255.255.0

push "redirect-gateway def1"

push "dhcp-option DNS 208.67.222.222"

push "dhcp-option DNS 4.2.2.1"

keepalive 5 30

comp-lzo

persist-key

persist-tun

status server-tcp.log

verb 3



8. Start OpenVPN:

# openvpn /etc/openvpn/server.conf

Check that it returns "Initialization Sequence Completed." If so, press ctrl-c to quit.

9. Setup NAT rules:

# echo 1 > /proc/sys/net/ipv4/ip_forward

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 0.0.0.0

(Modify "0.0.0.0" to your server's IP)

Create a user to login to the VPN with:

#useradd username -s /bin/false

#passwd username



10. Create an OpenVPN config file on your local machine with name vpn1.ovpn, copy the sample below with your IP and port, and place it in your OpenVPN configurations folder:

client

dev tun

proto udp

remote 123.123.123.123 4567 #- your OPENVPN server ip and port

resolv-retry infinite

nobind

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

persist-key

persist-tun

ca ca.crt

auth-user-pass

comp-lzo

verb 3

11. Download ca.crt from /etc/openvpn/easy-rsa/2.0/keys to the same OpenVPN configs folder.

12. Start the VPN on the VPS:

# openvpn /etc/openvpn/server.conf

Log in to the VPN from your local machine (using OpenVPN or another desktop client) with the username/password you created.
lockThread Closed 


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
3,013
11-27-2020, 02:53 AM
Last Post: Rehan
13,589
06-17-2020, 04:32 PM
Last Post: Mashiro
3,306
06-11-2020, 06:31 PM
Last Post: rudra
5,208
02-13-2020, 09:50 AM
Last Post: deanhills

person_pin_circle Users browsing this thread: 3 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting