peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 can you cd in to easyrsa3 folder an do ls -al Attached here; http://lime-technology.com/forum/index.php?action=dlattach;topic=35435.0;attach=31021 Need to look into the easyrsa3 folder Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 My bad - attached. easyrsa3.pdf Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 It's OK, your issue is with the lib error you have. And that I cant give you any help on. Pleas ask LT (Jonp or Tom) usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory try to only have OpenVPN installed and remove the other an see if that helps. //Peter Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 Thanks Peter, I'll try that Quote Link to comment
d.bech Posted February 1, 2016 Share Posted February 1, 2016 Are there any docs or how tos on using this? I haven't setup a VPN before. Quote Link to comment
randall526 Posted March 1, 2016 Share Posted March 1, 2016 So my VPN kept reasserting itself with a default route to send all traffic over the VPN when I have extended routing for specific IP's only selected. It would also clear my specific IP host routes from my routing table read from the Webbaddresses.txt file I had to adjust the metric of my normal default route to take priority over the VPN default route however when this happens the route entry for specific IP's would get cleared out too. I found the cause in the logs and when the default route I don't want gets inserted, Any ideas on how to make sure the extended routing of specific IP's only sticks when the VPN resets/connects? I might have to create a cron job that runs like every min to read the routing table and insert the routes manually if there is no other fix to this. Thanks Log Tue Mar 1 01:20:50 2016 [vpn] Inactivity timeout (--ping-restart), restarting Tue Mar 1 01:20:50 2016 SIGUSR1[soft,ping-restart] received, process restarting Tue Mar 1 01:20:50 2016 Restart pause, 2 second(s) Tue Mar 1 01:20:52 2016 Socket Buffers: R=[212992->425984] S=[212992->212992] Tue Mar 1 01:20:52 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]209.197.20.207:1194 Tue Mar 1 01:20:52 2016 UDPv4 link local: [undef] Tue Mar 1 01:20:52 2016 UDPv4 link remote: [AF_INET]209.197.20.207:1194 Tue Mar 1 01:21:07 2016 TLS: Initial packet from [AF_INET]209.197.20.207:1194, sid=883df6eb a9137f82 Tue Mar 1 01:21:07 2016 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN Tue Mar 1 01:21:07 2016 Validating certificate key usage Tue Mar 1 01:21:07 2016 ++ Certificate has key usage 00a0, expects 00a0 Tue Mar 1 01:21:07 2016 VERIFY KU OK Tue Mar 1 01:21:07 2016 Validating certificate extended key usage Tue Mar 1 01:21:07 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Mar 1 01:21:07 2016 VERIFY EKU OK Tue Mar 1 01:21:07 2016 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN Tue Mar 1 01:21:07 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Mar 1 01:21:07 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Mar 1 01:21:07 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Mar 1 01:21:07 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Mar 1 01:21:07 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Tue Mar 1 01:21:07 2016 [vpn] Peer Connection Initiated with [AF_INET]209.197.20.207:1194 Tue Mar 1 01:21:09 2016 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1) Tue Mar 1 01:21:09 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.80.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.80.5 255.255.254.0' Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: timers and/or timeouts modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: explicit notify parm(s) modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Tue Mar 1 01:21:09 2016 Socket Buffers: R=[425984->425984] S=[212992->212992] Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: --ifconfig/up options modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: route options modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: route-related options modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Mar 1 01:21:09 2016 Preserving previous TUN/TAP instance: tun5 Tue Mar 1 01:21:09 2016 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. Tue Mar 1 01:21:09 2016 /usr/sbin/ip route del 209.197.20.207/32 Tue Mar 1 01:21:09 2016 /usr/sbin/ip route del 0.0.0.0/1 RTNETLINK answers: No such process Tue Mar 1 01:21:09 2016 ERROR: Linux route delete command failed: external program exited with error status: 2 Tue Mar 1 01:21:09 2016 /usr/sbin/ip route del 128.0.0.0/1 RTNETLINK answers: No such process Tue Mar 1 01:21:09 2016 ERROR: Linux route delete command failed: external program exited with error status: 2 Tue Mar 1 01:21:09 2016 Closing TUN/TAP interface Tue Mar 1 01:21:09 2016 /usr/sbin/ip addr del dev tun5 172.20.20.18/22 Tue Mar 1 01:21:10 2016 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:70:79:ac Tue Mar 1 01:21:10 2016 TUN/TAP device tun5 opened Tue Mar 1 01:21:10 2016 TUN/TAP TX queue length set to 100 Tue Mar 1 01:21:10 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Mar 1 01:21:10 2016 /usr/sbin/ip link set dev tun5 up mtu 1500 Tue Mar 1 01:21:10 2016 /usr/sbin/ip addr add dev tun5 172.21.80.5/23 broadcast 172.21.81.255 Tue Mar 1 01:21:10 2016 /usr/sbin/ip route add 209.197.20.207/32 via 192.168.2.1 Tue Mar 1 01:21:10 2016 /usr/sbin/ip route add 0.0.0.0/1 via 172.21.80.1 Tue Mar 1 01:21:10 2016 /usr/sbin/ip route add 128.0.0.0/1 via 172.21.80.1 Quote Link to comment
randall526 Posted March 1, 2016 Share Posted March 1, 2016 d.bech, What's not as clear as it could be in other docs is essentially this. Create a openvpn folder on your flash. Drop your .ovpn config file in this directory. The plugin does not create this folder or a sample file to work with even though it probably should. In the GUI, select the .ovpn file you created that has the majority of your vpn settings in it. These settings are not in the web interface but edited in this config file. Download a sample file to get you started on what the file looks like and what it does. Once the file is in the right folder and named correctly, the web GUI can select it as your "VPN" profile per say. If you are using CA certs or client authentication certificates you must create on your own, they also should be dropped in this folder and referenced in your config file. Also if you want to use extended routing, you have to create a webaddress.txt file in the openvpn folder. it will read this file and create routing table entries for when the VPN starts. No where in the GUI will it create this file for you or edit it. Must be done manually. Quote Link to comment
rix Posted March 3, 2016 Share Posted March 3, 2016 I love this Plugin, especially since it keeps running when I stop my array! Docker frustrated me in my remoting efforts. I have gladly set the server up to run on port 80, which it shares with my nginx server (that uses 480 internally). It does so through the config line "port-share 127.0.0.1 480" This way I can access the server even on locked down hotspots that only allow http(s), so long as they dont inspect packets Also a port scanner wont identify my server as running openvpn as easily. Would be lovely if you enabled this in the Plugin settings page, so it would not reset when saving .. Otherwise a really great and secure way to access my server on the go! Quote Link to comment
peter_sm Posted March 3, 2016 Author Share Posted March 3, 2016 Can you explain what is resetting? And what shall I enable ? Quote Link to comment
rix Posted March 3, 2016 Share Posted March 3, 2016 Just a small request, really. If you set "port-share IP PORT" in the openvpnserver.ovpn file your openvpn server passes through http requests on its port. You can therefore let it run on port 443 (or 80) and pass through http requests to your webserver (running on PORT). This way you can server http content on the same port as the vpn, which is helpful if you want to circumvent firewall restrictions typically found on hotspots, but also want to keep your webserver running. If you add the option to set port-share in the web menu the setting would not be lost on saving. Else any time a setting is changed on the Plugin config site, I have to re-add the port share line to my config. Quote Link to comment
randall526 Posted March 4, 2016 Share Posted March 4, 2016 well if you are referring to my post peter it appears the VPN resets when the VPN times out and resablishes. It starts backup with settings that do not match what is in the plugin GUI, namely the extended routing for exclusive IP's only. Quote Link to comment
dpackham Posted March 4, 2016 Share Posted March 4, 2016 tried to install the plugin. the mirror url is incorrect and fails for the openvpn server module plugin: installing: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg plugin: downloading https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg plugin: downloading: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg ... done plugin: downloading: http://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.4-x86_64-2.txz ... failed (Invalid URL / Server error response) plugin: wget: http://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.4-x86_64-2.txz download failure (Invalid URL / Server error response) Quote Link to comment
peter_sm Posted March 4, 2016 Author Share Posted March 4, 2016 There will be an update this weekend of the plugin. Current Slackware made a big update, stay tuned :-) Quote Link to comment
peter_sm Posted March 5, 2016 Author Share Posted March 5, 2016 Server plugin updated -Add symlink to /etc/rc.d/ -Update of expect packages to 5.45 -Update of tcl packages to 8.6.5 -Added OpenVPN's port-share -Set client inline certificate file as default Quote Link to comment
rix Posted March 5, 2016 Share Posted March 5, 2016 Thank you very much! That was quick Quote Link to comment
peter_sm Posted March 5, 2016 Author Share Posted March 5, 2016 is the new feature working ? Quote Link to comment
dpackham Posted March 5, 2016 Share Posted March 5, 2016 install worked clean but nothing under settings. reading some more now about post install Quote Link to comment
peter_sm Posted March 5, 2016 Author Share Posted March 5, 2016 Do this 1: Change and save settings in Cert and Misc Settings first. 2: Install Easy-rsa. 3:Generate server certificate ... This take several minutes ..... 4: Set and save Server config even if you use default settings you need to save. 5:Generate clients. 6: start server . //Peter Quote Link to comment
dpackham Posted March 5, 2016 Share Posted March 5, 2016 i see it now. must take a bit to show. Easy-rsa button does not install. any logs? Quote Link to comment
peter_sm Posted March 5, 2016 Author Share Posted March 5, 2016 i see it now. must take a bit to show. Easy-rsa button does not install. any logs? Open a terminal window and type in this /etc/rc.d/rc.openvpnserver download_easy-rsa And post result //P Quote Link to comment
dpackham Posted March 5, 2016 Share Posted March 5, 2016 unzip missing??? root@Server:/boot/rclone/scripts# /etc/rc.d/rc.openvpnserver download_easy-rsa --2016-03-05 12:41:06-- https://github.com/OpenVPN/easy-rsa/archive/master.zip Resolving github.com (github.com)... 192.30.252.131 Connecting to github.com (github.com)|192.30.252.131|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://codeload.github.com/OpenVPN/easy-rsa/zip/master [following] --2016-03-05 12:41:06-- https://codeload.github.com/OpenVPN/easy-rsa/zip/master Resolving codeload.github.com (codeload.github.com)... 192.30.252.161 Connecting to codeload.github.com (codeload.github.com)|192.30.252.161|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 55508 (54K) [application/zip] Saving to: ‘master.zip’ master.zip 100%[=======================================================================================>] 54.21K --.-KB/s in 0.1s 2016-03-05 12:41:06 (384 KB/s) - ‘master.zip’ saved [55508/55508] /etc/rc.d/rc.openvpnserver: line 286: /usr/bin/unzip: cannot execute binary file sending incremental file list rsync: change_dir "/mnt/cache/myVPNserver//easy-rsa-master" failed: No such file or directory (2) sent 20 bytes received 12 bytes 64.00 bytes/sec total size is 0 speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.0] Quote Link to comment
peter_sm Posted March 5, 2016 Author Share Posted March 5, 2016 its double slash in this path after myVPNserver rsync: change_dir "/mnt/cache/myVPNserver//easy-rsa-master" failed: No such file or directory (2) check if you saved the path in the settings with a ending slash Quote Link to comment
dpackham Posted March 5, 2016 Share Posted March 5, 2016 I think I got it. another plugin installed the x86 version of zip. this is fixed now. installing RSA now Quote Link to comment
dpackham Posted March 5, 2016 Share Posted March 5, 2016 That worked. package installed. time to finish config and test Quote Link to comment
rix Posted March 6, 2016 Share Posted March 6, 2016 is the new feature working ? yep, port-sharing is working flawlessly Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.