In this guide we will show you how to setup OpenVPN on centos – the guide will give you a fully working OpenVPN installation, NOT TESTED ON OTHER DISTROS..
First step is to check if tun/tap is active:
cat /dev/net/tun
If tun is active then you should see this:
cat: /dev/net/tun: File descriptor in bad state
Make sure you have these packages installed:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
Download LZO RPM and Configure RPMForge Repo:
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
32bit Package:
CentOS 5:
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
CentOS 6:
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
64bit Package:
CentOS 5:
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
CentOS 6:
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
Build the rpm packages:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-*.rpm rpm -Uvh rpmforge-release*
Install OpenVPN:
yum install openvpn -y
Copy the easy-rsa folder to /etc/openvpn/:
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
**PLEASE NOTE** if the above command brings up an error such as below, then please follow the following steps to download and copy over easy-rsa as its not included in the new build OpenVPN 2.3.1:
cannot stat `/usr/share/doc/openvpn-2.2.2/easy-rsa/’: No such file or directory
Download easy-rsa from below:
wget https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-2.2.0_master.tar.gz
Extract the package:
tar -zxvf easy-rsa-2.2.0_master.tar.gz
Copy to OpenVPN directory:
cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/
Please note on CentOS 6 we need to make a small change before you run the commands below, open up /etc/openvpn/easy-rsa/2.0/vars and edit the below line:
Change:
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
To:
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
And save..
Now let’s create the certificate:
cd /etc/openvpn/easy-rsa/2.0 chmod 755 * source ./vars ./vars ./clean-all
Build CA:
./build-ca
Country Name: may be filled or press enter State or Province Name: may be filled or press enter City: may be filled or press enter Org Name: may be filled or press enter Org Unit Name: may be filled or press enter Common Name: your server hostname Email Address: may be filled or press enter
Build key server:
./build-key-server server
Almost the same with ./build.ca but check the changes and additional Common Name: server A challenge password: leave Optional company name: fill or enter sign the certificate: y 1 out of 1 certificate requests: y
Build Diffie Hellman (wait a moment until the process finish):
./build-dh
Now create your config file:
touch /etc/openvpn/server.conf
And enter the following:
port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS #plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
Save it.
Before we start OpenVPN, lets disable SELinux if enabled, this can cause issues with OpenVPN, especially when using OpenVPN with multiple configs:
echo 0 > /selinux/enforce
This is a temporary solution and will re-enable once you reboot your system, to disable on a permanent basis you need to edit the following /etc/selinux/config and edit this line:
SELINUX=enforcing
To:
SELINUX=disabled
When your system next reboots it will still be disabled.
Now lets start OpenVPN:
service openvpn restart
*Please note if you receive “FAIL” when OpenVPN trys to start and you have the following error in your /var/log/messages:
PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory
Then this is because the latest OpenVPN package doesn’t include this file (which is reported to be fixed soon) but you can download the pam auth file from here for now:
wget http://safesrv.net/public/openvpn-auth-pam.zip
Extract the file:
unzip openvpn-auth-pam.zip
Move to the OpenVPN directory:
mv openvpn-auth-pam.so /etc/openvpn/openvpn-auth-pam.so
Then replace the PAM plugin line in your server.conf to below:
plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login
Restart OpenVPN and all should now work:
killall -9 openvpn
service openvpn restart
Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1.
net.ipv4.ip_forward = 1
To make the changes to sysctl.conf take effect, use the following command.
sysctl -p
Route Iptables:
The rule below will work fine on xen and KVM based VPS’s but for OpenVZ use the OpenVZ iptable rule instead:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
OpenVZ iptable rules:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123
And
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123
Make sure you change 123.123.123.123 to your server IP.
IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF, also its a good idea to add them to /etc/csf/csfpre.sh.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123
If the above rules cause you any problems or don’t seem to work (Especially on cPanel servers) then remove the rules above and use below:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
Please make sure 123.123.123.123 is your main server IP.
Then run…
service iptables save
To setup OpenVPN with your FreeRADIUS installation please follow this link.
SetupPlease note if you are using our FreeRADIUS module for WHMCS then you don’t have to do the below step for adding users just follow the link above to setup OpenVPN to auth off FreeRADIUS – otherwise you can create a user as follows:
useradd username -s /bin/false passwd username
If you wanted to delete a user you would use:
userdel username
Now create a server.ovpn config file and enter the following:
client dev tun proto udp remote 123.123.123.123 1194 # - Your server IP and OpenVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo reneg-sec 0 verb 3
Make sure you change 123.123.123.123 to your server IP.
And make sure OpenVPN starts at boot:
chkconfig openvpn on
Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory and place it in the same directory as your server.ovpn.
Now download a VPN client and import your config file and enter your username and password created above or if you have already configured OpeVPN Source with the FreeRADIUS plugin, use a username and password created in the radius database.
[...] This time we are going to setup OpenVPN source to authenticate off FreeRADIUS on Centos 5, should work on other distros, we are not going to cover the OpenVPN installation itself in this tutorial, you can check out our guide for installing OpeVPN here. [...]
this was nice tutorial…
but it’s better if you highlight it as Centos 5 not Centos…
Thanks
We will do that
[...] follow this guide here. To setup OpenVPN with your FreeRADIUS installation please follow this guide here to install OpenVPN – then follow the guide to setup the OpenVPN FreeRADIUS plugin here. To [...]
Thanks for the tutorial, I’ve installed it and I can connect. However, I tried accessing the internet and it wouldn’t let me. I disabled iptables and that didn’t have any effect on it. I cannot access google etc. I can still ping the server I’m connected to. What could be the problem? I’ve tried searching the official openvpn website but they all had iptables issues (which isn’t the case for me).
Hi Jonathan
Are you using this on OpenVZ or Xen ?
Honestly, I don’t know. I’ve not done much with SSH in the past (I don’t know what Xen/OpenVZ are) *blush*
All I know is I’ve got CentOS 6 64bit and i’ve followed this tutorial.
Also, when I turn iptables back on I can’t connect (just stuck on ‘Connecting…’) I’ve followed tutorials on fixing that but they’ve not worked. So I’ve got two issues I suppose.
Feel free to submit a ticket to us via our sales department and if you want i can take a quick look free of charge.
What do you get if you run this in SSH:
ifconfig
OpenVZ is usually venet0 and Xen usually eth0
Regards
SafeSrv.net
I get eth0, eth1, lo & tun0, so I’ve got Xen I assume.
Dedicated or Xen yeah – you definitely ran the iptable rule as mentioned and edited sysctl.conf ? try run these and let me know the output:
killall -9 openvpn
cd to the OpeVPN directory
openvpn server.conf
Then leave this ssh window open and try connect see if you are reaching the VPN server.
Regards
SafeSrv.net
I ran that with iptables and it didn’t change anything. I turned iptables off and the last few lines were;
testuser/86.23.xx.xxx:59025
Thu Jul 26 18:19:16 2012 testuser/86.23.xx.xxx:590xx MULTI: primary virtual IP for testuser/86.23.59.105:59025: 10.8.0.6
Thu Jul 26 18:19:18 2012 testuser/86.23.xx.xxx:590xx PUSH: Received control message: ‘PUSH_REQUEST’
Thu Jul 26 18:19:18 2012 testuser/86.23.xx.xxx:590xx SENT CONTROL [testuser]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5′ (status=1)
I still couldn’t access the internet though but I could ping my own server ip just fine.
“Dedicated or Xen yeah”, yep, it’s a dedicated server.
I reran “sysctl -p” and made sure my server.conf was right, it all was fine but I did get this error about IPv6 (my datacenter says I have IPv6 on the server);
error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key
error: “net.bridge.bridge-nf-call-iptables” is an unknown key
error: “net.bridge.bridge-nf-call-arptables” is an unknown key
I appreciate you helping me, you’re a life saver
Hey Jonathan
No real info in those logs, i would need to take a look myself, other than that, tail the last 50 lines of the /var/log/messages and post here.
Can you send me your email address?
Thanks,
admin(at)safesrv(dot)net
I want to thank you for the great support you’ve given me.
Everything’s working as it should be now.
No problem, glad it’s sorted now
[...] sudah ON tapi tidak conect Pagi semua, saya mencoba install VPN seperti yang diajarkan website ini Tetapi ketika [...]
#yum install nano
Had to enter this or else nano wouldn’t work
Hello Admin,
I have same problem with Jonathan. I can connect to server, can ping it after connect. But it cannot connect to any other website. When I ping (e.g. google.com) it got correct IP but show error: Destination host unreachable.
When ran ifconfig I got :
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:175 errors:0 dropped:0 overruns:0 frame:0
TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9416 (9.1 KiB) TX bytes:12412 (12.1 KiB)
wlan0 Link encap:Ethernet HWaddr 00:23:4E:86:3E:23
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::223:4eff:fe86:3e23/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21602 errors:0 dropped:0 overruns:0 frame:0
TX packets:18503 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15561670 (14.8 MiB) TX bytes:3209221 (3.0 MiB)
When ran openvpn server.conf i got:
Sun Sep 16 21:38:39 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Sun Sep 16 21:38:39 2012 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Sep 16 21:38:39 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Sun Sep 16 21:38:39 2012 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sun Sep 16 21:38:39 2012 Diffie-Hellman initialized with 1024 bit key
Sun Sep 16 21:38:39 2012 WARNING: file ‘/etc/openvpn/easy-rsa/2.0/keys/server.key’ is group or others accessible
Sun Sep 16 21:38:39 2012 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
Sun Sep 16 21:38:39 2012 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Sep 16 21:38:39 2012 Socket Buffers: R=[229376->131072] S=[229376->131072]
Sun Sep 16 21:38:39 2012 ROUTE default_gateway=192.168.0.1
Sun Sep 16 21:38:39 2012 TUN/TAP device tun0 opened
Sun Sep 16 21:38:39 2012 TUN/TAP TX queue length set to 100
Sun Sep 16 21:38:39 2012 /sbin/ip link set dev tun0 up mtu 1500
Sun Sep 16 21:38:39 2012 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sun Sep 16 21:38:39 2012 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sun Sep 16 21:38:39 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Sep 16 21:38:39 2012 UDPv4 link local (bound): 192.168.0.100:1194
Sun Sep 16 21:38:39 2012 UDPv4 link remote: [undef]
Sun Sep 16 21:38:39 2012 MULTI: multi_init called, r=256 v=256
Sun Sep 16 21:38:39 2012 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Sep 16 21:38:39 2012 Initialization Sequence Completed
Sun Sep 16 21:40:11 2012 MULTI: multi_create_instance called
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Re-using SSL/TLS context
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 LZO compression initialized
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Local Options hash (VER=V4): ’5b1533a2′
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Expected Remote Options hash (VER=V4): ‘d3a7571a’
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 TLS: Initial packet from 192.168.0.101:61607, sid=ba1360a0 580211d7
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 TLS: Username/Password authentication succeeded for username ‘duongtc’ [CN SET]
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1574′, remote=’link-mtu 1542′
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1532′, remote=’tun-mtu 1500′
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sun Sep 16 21:40:11 2012 192.168.0.101:61607 [duongtc] Peer Connection Initiated with 192.168.0.101:61607
Sun Sep 16 21:40:11 2012 duongtc/192.168.0.101:61607 MULTI: Learn: 10.8.0.6 -> duongtc/192.168.0.101:61607
Sun Sep 16 21:40:11 2012 duongtc/192.168.0.101:61607 MULTI: primary virtual IP for duongtc/192.168.0.101:61607: 10.8.0.6
Sun Sep 16 21:40:13 2012 duongtc/192.168.0.101:61607 PUSH: Received control message: ‘PUSH_REQUEST’
Sun Sep 16 21:40:13 2012 duongtc/192.168.0.101:61607 SENT CONTROL [duongtc]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5′ (status=1)
When ran sysctl -p I got:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key
error: “net.bridge.bridge-nf-call-iptables” is an unknown key
error: “net.bridge.bridge-nf-call-arptables” is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
How can I reslove this problem? I tried to install OpenVPN on my laptop computer, it run CentOS 64 bit.
Many Thank You in Advance
Hi there
What do you have set in /etc/resolv.conf ? have you entered the google nameservers in here ?
Regards
SafeSrv.net
Thank you so much for the wonderfull support you’ve given me. You saved my life.
My VPN server is now working well.
Excellent – glad i could help.
[...] you’d want a the original how-to you can go to this one which really helped me in setting this one [...]
Thank you for the tutorial – unfortunately I got stuck at the very beginning, with
[NET /dev]# cat /dev/net/tun
cat: /dev/net/tun: No such file or directory
so, I guess tun/tap is not there. What do I have to do to change that?
Thanks,
Merlin
Hello
What sort of server/VPS are you trying to install OpenVPN on ? and yes you may need to ask your host to enable TUN/TAP.
I am getting another type of problem..
I have openvz and when i try to run this command :
iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source
i am getting error :
iptables v1.4.7: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
please guide me to fix it..
Hello you will need your host to enable to iptables NAT module.
thanks mailed admin and its enabled now and the problem is fixed
Excellent !
please look this
https://forums.openvpn.net/topic11431.html
i have problem in take ip
Hello can you email me admin(at)safesrv.net with “ifconfig” results without leaving out the IP and also let me know what IP you are using in your configs mentioned on the OpenVPN forums.
thank you for your help i will send mail now
please test vpn i seending username and password
i think the syria gov stoped vpn
Hello – will get to it later ok
i tried connecting vpn over ssh
but the connections reset
thank you
Hello i get user authentication error for the details you provided.
Hi,
I install openVPN as wrote here but when I try to make a connection I get the message:
No access server…
Tips or install help welcome!
Hello – can you post logs please ? Thanks
hi is there any way to easily manage vpn users .. like can i get any gui interface to manage my vpn users ?
i have centos6 32bit
Hello – i think there is a webmin module but im not 100% sure on that – we do a module if you don’t already know that lets you manage users via WHMCS.
ok and 1 more prob i got.. everything went fine but the openvpn is not connecting
Mon Oct 08 01:39:25 2012 NMDVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Apr 25 2011
Mon Oct 08 01:39:32 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 08 01:39:32 2012 NOTE: NMDVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Mon Oct 08 01:39:32 2012 LZO compression initialized
Mon Oct 08 01:39:32 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Oct 08 01:39:32 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Oct 08 01:39:32 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Oct 08 01:39:32 2012 Local Options hash (VER=V4): ‘d3a7571a’
Mon Oct 08 01:39:32 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
Mon Oct 08 01:39:32 2012 UDPv4 link local: [undef]
Mon Oct 08 01:39:32 2012 UDPv4 link remote: 142.54.177.215:9201
Mon Oct 08 01:40:32 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 08 01:40:32 2012 TLS Error: TLS handshake failed
Mon Oct 08 01:40:32 2012 TCP/UDP: Closing socket
Mon Oct 08 01:40:32 2012 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 08 01:40:32 2012 Restart pause, 2 second(s)
Mon Oct 08 01:40:34 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 08 01:40:34 2012 NOTE: NMDVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Mon Oct 08 01:40:34 2012 Re-using SSL/TLS context
Mon Oct 08 01:40:34 2012 LZO compression initialized
Mon Oct 08 01:40:34 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Oct 08 01:40:34 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Oct 08 01:40:34 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Oct 08 01:40:34 2012 Local Options hash (VER=V4): ‘d3a7571a’
Mon Oct 08 01:40:34 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
Mon Oct 08 01:40:34 2012 UDPv4 link local: [undef]
Mon Oct 08 01:40:34 2012 UDPv4 link remote: 142.54.177.215:9201
Mon Oct 08 01:41:34 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 08 01:41:34 2012 TLS Error: TLS handshake failed
Mon Oct 08 01:41:34 2012 TCP/UDP: Closing socket
Mon Oct 08 01:41:34 2012 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 08 01:41:34 2012 Restart pause, 2 second(s)
Mon Oct 08 01:41:36 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 08 01:41:36 2012 NOTE: NMDVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Mon Oct 08 01:41:36 2012 Re-using SSL/TLS context
Mon Oct 08 01:41:36 2012 LZO compression initialized
Mon Oct 08 01:41:36 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Oct 08 01:41:36 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Oct 08 01:41:36 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Oct 08 01:41:36 2012 Local Options hash (VER=V4): ‘d3a7571a’
Mon Oct 08 01:41:36 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
Mon Oct 08 01:41:36 2012 UDPv4 link local: [undef]
Mon Oct 08 01:41:36 2012 UDPv4 link remote: 142.54.177.215:9201
Are you using the correct ca.crt ?
yes ,my friend also tried but same result
now fixed.. thanks.. 1 more thing i want to know.. when i am trying to use torrent , the vpn is getting disconnected after 10/15 sec .. please help how to fix it ?
Hello – try add this >> reneg-sec 0 to server.conf and restart OpenVPN.
thanks working grate
don’t be angry that i am asking questions again and again…
is there any way by which i wont have any logs in vps , so that i don’t get any DCMA issues or host cant find what i am downloading and from where..
Hello – it’s not about logs, your using there IP for the VPN, so you cannot hide this.
ohh i see.. thanks a lot for helping me a lot …
I found a annoying problem just minutes before that the vpn is auto reconnecting after 1 hour ( exact 1 hour ) dunno how to stop this .. but it really feels annoying
also if logs cannot be blocked then how to stop torrent ..
I think if i can block all ports except 80/443 , then torrent download can be reduced..
btw :
i have to 2 config running with :
server 10.1.2.0 255.255.255.0
and
server 10.1.0.0 255.255.255.0
You need to use some iptable string values or some i7 filtering
Ok mate can you tell me how to block all ports except http , https , ftp , and 22 port ? using iptables
or maybe a tutorial on installing filtering for blocking torrents
Yes i may do that
thanks a lot… pls do tell us when it’s done
I will be eagerly waiting for it …
Linux dedicated : centOS 5 64bit.
server config:
local x.x.x.x
port 143
proto tcp
………..
#service openvpn start [FAILED]
Pls, Help
Hello
Need more logs do a >> tail -60 /var/log/messages
brother my vpn is connected but no internet
Have you made sure you edited your sysctl.conf in /etc/ ?
I wanted to block torrent access by importing some rules like access only port 80 n port 443. So, i make the following rules in exact order
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.1.0.0/24 -p tcp –dport 80 –j ACCEPT
iptables -A INPUT -p udp –dport 53 -j ACCEPT
iptables -A FORWARD -s 10.1.0.0/24 -p tcp –dport 443 –j ACCEPT
iptables -A FORWARD -s 10.1.0.0/24 -p icmp –j ACCEPT
iptables -A FORWARD -s 10.1.0.0/24 –j DROP
iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source 123.123.123.123
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 123.123.123.123
But problem is that, my vpn can only open ip adresses now… i.e, it cant resolve hostnames into ip. i think it is not acccepting dns server 53 as well. So, how can i fix it?
Hello – do you have any DNS set in the VPN config ?
What do u mean by dns set in vpn config ?? yes, i have used this default ones
push “dhcp-option DNS 8.8.8.8″
push “dhcp-option DNS 8.8.4.4″
HCan u please help me
Hello – did you figure it out ?
No i did not figure it out
How can i resolve it
Please email me at admin(at)safesrv.net with full details
Hi, Great article.. I followed exactly what you have given…But I get this error:
Service openvpn start
Starting openvpn : [FAILED]
Could help me sort it out..
I am getting No server certificate verification method has been enabled in the log of openvpn. i have followed your tutorial.
Hello – thats ok you can ignore this.
followed your tutorial several times but not able to connect here is the log
Thu Nov 22 23:06:49 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 22 23:06:49 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Thu Nov 22 23:06:49 2012 Re-using SSL/TLS context
Thu Nov 22 23:06:49 2012 LZO compression initialized
Thu Nov 22 23:06:49 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Nov 22 23:06:49 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 22 23:06:49 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 22 23:06:49 2012 Local Options hash (VER=V4): ‘d3a7571a’
Thu Nov 22 23:06:49 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
Thu Nov 22 23:06:49 2012 UDPv4 link local: [undef]
Thu Nov 22 23:06:49 2012 UDPv4 link remote: (ip removed)
I am not able to
Hi how are you trying to connect (What software) ? How are you starting OpenVPN ? try this..
killall -9 openvpn
cd /etc/openvpn
openvpn server.conf
Then try connect.
on this step I am getting error :
rpm -Uvh lzo-*.rpm
[root@host02 ~]# rpm -Uvh lzo-*.rpm
warning: lzo-1.08-4.rf.src.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
1:lzo warning: user dag does not exist – using root
warning: group dag does not exist – using root
warning: user dag does not exist – using root
warning: group dag does not exist – using root
########################################### [100%]
I am using CentOS 6 64bit : Linux host02.premiumvpn.org 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Ignore those messages, it won’t effect anything.
how to setup openvpn with IPv6 ..please help
This tutorial will be coming soon for IPv6
Hi all,
I’m have a problem with my Client. I used OpenVPn GUI for my Win 7 client. Run as Administrator , but it went wrong @@
Fri Dec 7 08:46:35 2012 192.168.1.202:57894 VERIFY OK: depth=1, /C=VN/ST=VN/L=HCMC/O=SPKT/OU=IT09/CN=NHAN/name=Nhan/emailAddress=nhan@gmail.com
Fri Dec 7 08:46:35 2012 192.168.1.202:57894 VERIFY OK: depth=0, /C=VN/ST=VN/L=HCMC/O=SPKT/OU=Nhan/CN=nhan/name=Nhan/emailAddress=nhan@gmail.com
Fri Dec 7 08:46:35 2012 192.168.1.202:57894 TLS Error: Auth Username/Password was not provided by peer
Fri Dec 7 08:46:35 2012 192.168.1.202:57894 TLS Error: TLS handshake failed
Fri Dec 7 08:46:35 2012 192.168.1.202:57894 SIGUSR1[soft,tls-error] received, client-instance restarting
Any help??
Hi please try a client called viscosity – import your config and see if it works then, did you enter any auth details when connecting ?
I just wanted to follow up for those of you who were able to get a tunnel established (so you can ping the OpenVPN server) but weren’t able to get internet (no web pages would load on the OpenVPN client side).
I resolved this by looking at the iptables rules. In the walkthrough he says you need to run these commands if you have CSF on the same server:
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
Once I added both of these it started working.
Thanks for the fantastic install instruction — this was really helpful!
No worries – glad it helped you get going.
Good day! I just would like to give you a big thumbs up for your excellent info you have here on this post.
I’ll be returning to your site for more soon.
Hi thanks for this very resourceful article. I manged to get a lot done by following your steps up to this: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE. When I run this command I get the following message
iptables: No chain/target/match by that name.
I’m using CENTOS 6.3 x86_64 virtuozzo – server
Can you tell me what I am doing wrong?
Thanks!
Hi David – you won’t be able to use MASQUERADE as its not virtualised in those containers – you need to use the “OpenVZ snat iptable rules” in the tutorial.
Hi nice guide, works perfectly.
But how do I change if I want my interface tun0 to have the ip 10.8.0.100 instead of 10.8.0.1 ???
and where do you control the dhcp for clients ?
Kind regards
Nicholas Rønshof
Hi Nicholas – i will place a guide for this on the site within a couple of days
Please see here >> http://safesrv.net/simple-guide-to-assign-openvpn-users-static-ips/ =)
Hello,
first at all, great tutor!
Simple and easy.
Only one thing left, client don`t take gateway..
IP, DNS are fine, only gateway don`t work (i need), so what to do?
i was try to add in client conf “redirect-gateway” but without success :/
Hello, thanks – can you not browse the web ? Have you tried the NAT iptable rules ? have you enabled IP forwarding ?
Hello,
tnx. for answer.
Yes, i enable ip forwarding, i was try with iptables off and problem is that i don`t get gateway IP.
when is in server conf. file: “push “redirect-gateway def1″”
And when is set: push “redirect-gateway 10.8.0.1″
then i get wrong gateway IP from server.
It should be 10.8.0.1, but i get 10.8.0.5 (don`t know why he get that address).
Thank you.
Hello again,
i just success, this help me:
http://serverfault.com/a/443169/153253
One more time great tut.
Best regards.
Hello – excellent, glad you got it sorted, sorry for the delay, its been busy – but thanks for letting us know how you sorted it out, i will certainly take a look into it.
Hello there i get an Not an access server.
[root@totalsofttecVPN openvpn]# openvpn server.conf
Sun Jan 13 21:54:40 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Sun Jan 13 21:54:40 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Jan 13 21:54:40 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Sun Jan 13 21:54:40 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sun Jan 13 21:54:40 2013 Diffie-Hellman initialized with 1024 bit key
Sun Jan 13 21:54:40 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
Sun Jan 13 21:54:40 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 13 21:54:40 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
Sun Jan 13 21:54:40 2013 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.1/255.255.255.255]
Sun Jan 13 21:54:40 2013 ROUTE default_gateway=192.168.0.1
Sun Jan 13 21:54:40 2013 TUN/TAP device tun0 opened
Sun Jan 13 21:54:40 2013 TUN/TAP TX queue length set to 100
Sun Jan 13 21:54:40 2013 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 13 21:54:40 2013 /sbin/ip addr add dev tun0 local 192.168.0.1 peer 192.168.0.2
Sun Jan 13 21:54:40 2013 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
Sun Jan 13 21:54:40 2013 /sbin/ip route add 192.168.0.0/24 via 192.168.0.2
RTNETLINK answers: File exists
Sun Jan 13 21:54:40 2013 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Jan 13 21:54:40 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Jan 13 21:54:40 2013 UDPv4 link local (bound): [undef]:1194
Sun Jan 13 21:54:40 2013 UDPv4 link remote: [undef]
Sun Jan 13 21:54:40 2013 MULTI: multi_init called, r=256 v=256
Sun Jan 13 21:54:40 2013 IFCONFIG POOL: base=192.168.0.4 size=62
Sun Jan 13 21:54:40 2013 Initialization Sequence Completed
these are the post when running openvpn
, where can i see the logs ?
Hi Craig – whats the contents of your server.conf ?
[root@totalsofttecVPN openvpn]# openvpn server.conf
Sun Jan 13 22:30:54 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [P KCS11] [eurephia] built on Apr 5 2012
Sun Jan 13 22:30:54 2013 NOTE: your local LAN uses the extremely common subnet a ddress 192.168.0.x or 192.168.1.x. Be aware that this might create routing conf licts if you connect to the VPN server from public locations such as internet ca fes that use the same subnet.
Sun Jan 13 22:30:54 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or hig her to call user-defined scripts or executables
Sun Jan 13 22:30:54 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn -auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/lo gin]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sun Jan 13 22:30:54 2013 Diffie-Hellman initialized with 1024 bit key
Sun Jan 13 22:30:54 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not -required may accept clients which do not present a certificate
Sun Jan 13 22:30:54 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 13 22:30:54 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
Sun Jan 13 22:30:54 2013 ROUTE default_gateway=192.168.0.1
Sun Jan 13 22:30:54 2013 TUN/TAP device tun0 opened
Sun Jan 13 22:30:54 2013 TUN/TAP TX queue length set to 100
Sun Jan 13 22:30:54 2013 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 13 22:30:54 2013 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
Sun Jan 13 22:30:54 2013 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
Sun Jan 13 22:30:54 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET: 32 EL:0 AF:3/1 ]
Sun Jan 13 22:30:54 2013 UDPv4 link local (bound): [undef]:1194
Sun Jan 13 22:30:54 2013 UDPv4 link remote: [undef]
Sun Jan 13 22:30:54 2013 MULTI: multi_init called, r=256 v=256
Sun Jan 13 22:30:54 2013 IFCONFIG POOL: base=10.0.0.4 size=62
Sun Jan 13 22:30:54 2013 Initialization Sequence Completed
Sun Jan 13 22:31:03 2013 MULTI: multi_create_instance called
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Re-using SSL/TLS context
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 LZO compression initialized
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel MTU parms [ L:1574 D:1 450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Local Options hash (VER=V4): ’5b153 3a2′
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Expected Remote Options hash (VER=V 4): ‘d3a7571a’
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 TLS: Initial packet from 192.168.0. 122:52311, sid=c92827fe 4dc29bce
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 PLUGIN_CALL: POST /usr/share/openvp n/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 TLS: Username/Password authenticati on succeeded for username ‘kris’ [CN SET]
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Encrypt: Cipher ‘BF-CB C’ initialized with 128 bit key
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Decrypt: Cipher ‘BF-CB C’ initialized with 128 bit key
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Control Channel: TLSv1, cipher TLSv 1/SSLv3 DHE-RSA-AES256-SHA
Sun Jan 13 22:31:03 2013 192.168.0.122:52311 [kris] Peer Connection Initiated wi th 192.168.0.122:52311
Sun Jan 13 22:31:03 2013 kris/192.168.0.122:52311 MULTI: Learn: 10.0.0.6 -> kris /192.168.0.122:52311
Sun Jan 13 22:31:03 2013 kris/192.168.0.122:52311 MULTI: primary virtual IP for kris/192.168.0.122:52311: 10.0.0.6
Sun Jan 13 22:31:06 2013 kris/192.168.0.122:52311 PUSH: Received control message : ‘PUSH_REQUEST’
Sun Jan 13 22:31:06 2013 kris/192.168.0.122:52311 SENT CONTROL [kris]: ‘PUSH_REP LY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 1 0.0.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.0.0.6 10.0.0.5′ (statu s=1)
^CSun Jan 13 22:32:32 2013 event_wait : Interrupted system call (code=4)
Sun Jan 13 22:32:32 2013 TCP/UDP: Closing socket
Sun Jan 13 22:32:32 2013 /sbin/ip route del 10.0.0.0/24
Sun Jan 13 22:32:32 2013 Closing TUN/TAP interface
Sun Jan 13 22:32:32 2013 /sbin/ip addr del dev tun0 local 10.0.0.1 peer 10.0.0.2
Sun Jan 13 22:32:32 2013 PLUGIN_CLOSE: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so
Sun Jan 13 22:32:32 2013 SIGINT[hard,] received, process exiting
[root@totalsofttecVPN openvpn]# openvpn server.conf
Sun Jan 13 22:32:34 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Sun Jan 13 22:32:34 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Jan 13 22:32:34 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Sun Jan 13 22:32:34 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sun Jan 13 22:32:34 2013 Diffie-Hellman initialized with 1024 bit key
Sun Jan 13 22:32:34 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
Sun Jan 13 22:32:34 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 13 22:32:34 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
Sun Jan 13 22:32:34 2013 ROUTE default_gateway=192.168.0.1
Sun Jan 13 22:32:34 2013 TUN/TAP device tun0 opened
Sun Jan 13 22:32:34 2013 TUN/TAP TX queue length set to 100
Sun Jan 13 22:32:34 2013 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 13 22:32:34 2013 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
Sun Jan 13 22:32:34 2013 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
Sun Jan 13 22:32:34 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Jan 13 22:32:34 2013 UDPv4 link local (bound): [undef]:1194
Sun Jan 13 22:32:34 2013 UDPv4 link remote: [undef]
Sun Jan 13 22:32:34 2013 MULTI: multi_init called, r=256 v=256
Sun Jan 13 22:32:34 2013 IFCONFIG POOL: base=10.0.0.4 size=62
Sun Jan 13 22:32:34 2013 Initialization Sequence Completed
Sun Jan 13 22:32:41 2013 MULTI: multi_create_instance called
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Re-using SSL/TLS context
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 LZO compression initialized
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Local Options hash (VER=V4): ’5b1533a2′
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Expected Remote Options hash (VER=V4): ‘d3a7571a’
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 TLS: Initial packet from 192.168.0.122:55492, sid=d8747c77 2d4d6cdf
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 TLS: Username/Password authentication succeeded for username ‘kris’ [CN SET]
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sun Jan 13 22:32:41 2013 192.168.0.122:55492 [kris] Peer Connection Initiated with 192.168.0.122:55492
Sun Jan 13 22:32:41 2013 kris/192.168.0.122:55492 MULTI: Learn: 10.0.0.6 -> kris/192.168.0.122:55492
Sun Jan 13 22:32:41 2013 kris/192.168.0.122:55492 MULTI: primary virtual IP for kris/192.168.0.122:55492: 10.0.0.6
Sun Jan 13 22:32:44 2013 kris/192.168.0.122:55492 PUSH: Received control message: ‘PUSH_REQUEST’
Sun Jan 13 22:32:44 2013 kris/192.168.0.122:55492 SENT CONTROL [kris]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.0.0.6 10.0.0.5′ (status=1)
This is what I get but I cannot connect to the internet
openvpn server
Options error: In [CMD-LINE]:1: Error opening configuration file: server
Use –help for more information.
[root@totalsofttecVPN openvpn]# ls
1194.log easy-rsa server.conf
[root@totalsofttecVPN openvpn]# openvpn server.conf
Mon Jan 14 01:27:22 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Mon Jan 14 01:27:22 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Jan 14 01:27:22 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Mon Jan 14 01:27:22 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Jan 14 01:27:22 2013 Diffie-Hellman initialized with 1024 bit key
Mon Jan 14 01:27:22 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
Mon Jan 14 01:27:22 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jan 14 01:27:22 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
Mon Jan 14 01:27:22 2013 TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
Mon Jan 14 01:27:22 2013 Exiting
[root@totalsofttecVPN openvpn]# openvpn server.conf
Mon Jan 14 01:27:44 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Mon Jan 14 01:27:44 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Jan 14 01:27:44 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Mon Jan 14 01:27:44 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Jan 14 01:27:44 2013 Diffie-Hellman initialized with 1024 bit key
Mon Jan 14 01:27:44 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
Mon Jan 14 01:27:44 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jan 14 01:27:44 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
Mon Jan 14 01:27:44 2013 ROUTE default_gateway=192.168.0.1
Mon Jan 14 01:27:44 2013 TUN/TAP device tun0 opened
Mon Jan 14 01:27:44 2013 TUN/TAP TX queue length set to 100
Mon Jan 14 01:27:44 2013 /sbin/ip link set dev tun0 up mtu 1500
Mon Jan 14 01:27:44 2013 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
Mon Jan 14 01:27:44 2013 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
Mon Jan 14 01:27:44 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Jan 14 01:27:44 2013 UDPv4 link local (bound): [undef]:1194
Mon Jan 14 01:27:44 2013 UDPv4 link remote: [undef]
Mon Jan 14 01:27:44 2013 MULTI: multi_init called, r=256 v=256
Mon Jan 14 01:27:44 2013 IFCONFIG POOL: base=10.0.0.4 size=62
Mon Jan 14 01:27:44 2013 Initialization Sequence Completed
Mon Jan 14 01:29:15 2013 MULTI: multi_create_instance called
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Re-using SSL/TLS context
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 LZO compression initialized
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Local Options hash (VER=V4): ’5b1533a2′
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Expected Remote Options hash (VER=V4): ‘d3a7571a’
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 TLS: Initial packet from 192.168.0.122:64526, sid=66360a71 7c56d5d8
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 TLS: Username/Password authentication succeeded for username ‘kris’ [CN SET]
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Mon Jan 14 01:29:15 2013 192.168.0.122:64526 [kris] Peer Connection Initiated with 192.168.0.122:64526
Mon Jan 14 01:29:15 2013 kris/192.168.0.122:64526 MULTI: Learn: 10.0.0.6 -> kris/192.168.0.122:64526
Mon Jan 14 01:29:15 2013 kris/192.168.0.122:64526 MULTI: primary virtual IP for kris/192.168.0.122:64526: 10.0.0.6
Mon Jan 14 01:29:17 2013 kris/192.168.0.122:64526 PUSH: Received control message: ‘PUSH_REQUEST’
Mon Jan 14 01:29:17 2013 kris/192.168.0.122:64526 SENT CONTROL [kris]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.0.0.6 10.0.0.5′ (status=1)
Mon Jan 14 01:29:21 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:25 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:30 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:33 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:39 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:44 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:49 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:29:54 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Jan 14 01:30:00 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
This are the results now. I already turned off iptables
these are results for tail -f /var/log/messages
Jan 13 22:18:39 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 13 22:24:11 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 13 22:27:00 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 13 22:28:36 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 13 22:30:54 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 13 22:32:34 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 13 22:59:59 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Still cant connect i got this on my tail
tail -f /var/log/messages
Jan 15 00:58:20 totalsofttecVPN dhclient[1027]: DHCPACK from 192.168.0.1 (xid=0x5d 690dc4)
Jan 15 00:58:22 totalsofttecVPN dhclient[1027]: bound to 192.168.0.146 — renewal in 33835 seconds.
Jan 15 10:22:17 totalsofttecVPN dhclient[1027]: DHCPREQUEST on eth0 to 192.168.0.1 port 67 (xid=0x5d690dc4)
Jan 15 10:22:17 totalsofttecVPN dhclient[1027]: DHCPACK from 192.168.0.1 (xid=0x5d 690dc4)
Jan 15 10:22:19 totalsofttecVPN dhclient[1027]: bound to 192.168.0.146 — renewal in 40055 seconds.
Jan 15 21:18:41 totalsofttecVPN kernel: ip_tables: (C) 2000-2006 Netfilter Core Te am
Jan 15 21:20:36 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 15 21:22:25 totalsofttecVPN kernel: ip_tables: (C) 2000-2006 Netfilter Core Te am
Jan 15 21:22:56 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
Jan 15 21:25:56 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
got this config
openvpn server.conf
Tue Jan 15 21:25:56 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Tue Jan 15 21:25:56 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jan 15 21:25:56 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
Tue Jan 15 21:25:56 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
Tue Jan 15 21:25:56 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 15 21:25:56 2013 TUN/TAP device tun0 opened
Tue Jan 15 21:25:56 2013 /sbin/ip link set dev tun0 up mtu 1500
Tue Jan 15 21:25:56 2013 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Tue Jan 15 21:25:56 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 15 21:25:56 2013 UDPv4 link local (bound): [undef]:1194
Tue Jan 15 21:25:56 2013 UDPv4 link remote: [undef]
Tue Jan 15 21:25:56 2013 Initialization Sequence Completed
how to setup openvpn proto icmp?
Don’t forget to disabled SELINUX. I found that I can’t logging in if selinux is enabled.
Yes your right, i will include this
Hello, nice guide! Working everything. Just can’t find SELINUX config file. This: “export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`” need to change only in Centos 6, or need change it in centos 5 too? Btw, add guide how to make a port forwarding.. Would be cool.
Hi Jurek – we only need to do the vars edit on CentOS 6 – you can’t see the selinux config here ? /etc/selinux/config
I have one urgent question. I want to open all the udp ports 1-65535 in my openvpn server (obviously except those ports which are already bound) …. I am thinking of opening only one port(say 10000) and just forward all port request to this port 10000 … so, we just hav to make only 1 config and 1 iptable routing command. is it feasible ? if yes, how ? What would be the iptables commands to succesfully route all port requests to one port and browse internet ?
Hello – its possible, i haven’t tested but it could be something along these lines:
iptables -t nat -I PREROUTING -i eth0 –dport 1:65535 -j REDIRECT –to-port 10000
Hi
I believe the above command is for KVM.
Can you please provide the command for OpenVZ iptables?
Thanks
Hi Jarit – did you have issues running the above command ? if so what error did you get ?
Wow, great tutorial. The only thing I would change is all the nonsense tutorials that I went through before trying this one. Excellent instructions.
Thanks Eddie
Yes, I get this error when I execute that command ” Bad argument `1:65535′ ”
and I realized that in the command it is not mentioned whether to forward udp ports or tcp ports.
I just want to forward the udp ports.
Thanks again for your reply
Does anyone know how to setup the VPN so that the server appears on the clients computer as another LAN device and NOT tunnel all ip protocols through the VPN?
Instance: Samba Share with file monitoring script, server would be something like route 192.168.1.177 on subnet 255.255.255.0 – how would I set it up so clients can connect to the VPN only for the samba share and not pipe everything else over the VPN? (everything else like standard protocols bittorrent, http, https, etc)
The csf part of these instructions dod not work for me.
/sbin/iptables -A INPUT -j ACCEPT -s 10.8.0.0/24 -i tun0
/sbin/iptables -A OUTPUT -j ACCEPT -s 10.8.0.0/24 -o tun0
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i tun0
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o tun0
/sbin/iptables -t nat –flush
/sbin/iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 -j SNAT –to 1.1.1.1
in csfpre.sh did, however. Thought I’d post it here since this is pretty high up on google for openvpn and csf. Thanks to RACKSET on webhostingtalk.
Hi thanks for letting us know although the rules i posted did infact work for me – i will test those rules out
In step: Build the rpm packages:
When i typing: # rpm -Uvh lzo-*.rpm
i have a problem:
———————————————————————————
[root@goffmanmark ~]# rpm -Uvh lzo-*.rpm
1:lzo warning: user dag does not exist – using root
warning: group dag does not exist – using root
warning: user dag does not exist – using root
warning: group dag does not exist – using root
########################################### [100%]
Hello – dont worry about it, it wont affect anything.
Hello Admin,
I think my VPS is OpenVZ (cos i see venet in my ifconfig)
tun/tap too is enabled. can you guide me on how to set the vpn to work for IPSec? I dunno where to start.
will be much appreciated.
Hello we have some tutorials for IPSec – i think if i’m not mistaken that the latest kernel for OpenVZ supports IPSec now so you should be able to follow one of our IPSec tutorials.
Thank You! Your instructions made OpenVPN installation very easy on CentOS6/OpenVZ
[...] safesrv.net (Algunos datos fueron ampliados para una explicación más [...]
Need tutorial to setup openvpn for ipv6 ip’s
This will come
Bro When ? I am waiting for this since 2/3 months
When i get a good amount of time.
I got his.. when I’m connected..
Wed Mar 27 00:52:11 2013 Replay-window backtrack occurred [1]
Wed Mar 27 00:52:11 2013 Replay-window backtrack occurred [2]
so on … how to get rid of it?
And how would I able to connect on my vpn using proxy? how to set it up.?
For example, my isp is 10.102.61.46 port 8080 or 80 I guess.. then i want to connect to my vpn
what should i do?
To use a nasty windows box in network adapters alt to file > edit ect choose advanced settings and make sure tap device is above local to use internet over vpn
Great tutorial. Wish they’d let static keys run servers and not just tuns
Hi, I have this problem with OpenVPN GUI :
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
I googled this error and openvpn site explain that :
http://openvpn.net/index.php/open-source/faq/79-client/253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity.html
wha’t ur idea ?
[...] a openvpn on centos 6 but have run into a problem. Here is the link to the tutorial…. http://safesrv.net/install-openvpn-on-centos/ ………………………………………………………………………………….. The [...]
[...] thanks guys. I've followed instructions from the site below… http://safesrv.net/install-openvpn-on-centos/ but I've run into a problem at the bottom of this copy/paste from the terminal, any ideas?….. [...]
Perfect tutorial. Working fine!
Danke!
Hi, i have a problem whit the connection internet next this tutorial.. i’m using VMware Workstation, are the iptables rules valid for this?
Hello – they should do yes, what OS are you using within a VM ?
Hi “Admin”,
Well done for an excellent walk through.
Works almost out of the box on CentOS 6.4, I set this up on a machine with two interfaces (DMZ and green) and had to play with iptables a while to get what I wanted (input on dmz –> vpn –> green). All I can say is remember to flush the iptables once in a while when you’re messing around… tee hee hee.
My machine was a stock minimal install CentOS 6.4 with a yum update applied.
I had to insert a rule into the iptables to accept udp on 1194 – not sure if you want to add this into your guide.
iptables -I INPUT 3 -p udp –dport 1194 -j ACCEPT
(Rule inserted high in the chain (3) to be sure).
Great work and thank you.
Rgds
~C
Hello Christopher – thanks
on your default install of CentOS 6.4, just had to ask, did you have to enter this iptable rule to connect on the default port 1194 ? as normally we wouldn’t have to.
I did. Drop me a mail – happy to try out your walk through on 5, 6, 6.3 and 6.4 and feed you the results. So long as it’s only connecting to udp1194.
Hi Christopher – yeah we have tested on all those versions, works great on CentOS 6 and very stable on high loads too.
I did – took me a while to figure out. I was getting silly no route to host errors from my client, So as part of the small investigation I stopped iptables on the 6.4 box. From then on the client connected. Obviously this is pretty useless with no routing, but it was a step forward…
Happy to try again from scratch if you like – I have an “ESXi playground”. Kinda’ busy until Sunday afternoon though.
Rgds
~C
Hi Admin!
My client (10.8.0.6) can connect server openvpn (10.8.0.1) but I don’t ping from 10.8.0.6 to 10.8.0.1).
Beside I can’t access my LAN. I try email admin@salesrv.net, but email error
From: Mail Delivery Subsystem
Date: Fri, May 10, 2013 at 9:38 AM
To: driveint@gmail.com
Delivery to the following recipient failed permanently:
admin@salesrv.net
Technical details of permanent failure:
DNS Error: Domain name not found
Please help me.
Hello – you got my email wrong
its admin@safesrv.net – you have “admin@salesrv.net” replace l with f. If i understand you correct you want to add client-to-client to your config file.
[...] Really?? Putting "how to install openvpn on centos 6" pulls up LOTS of very detailed, easy-to-follow information: http://safesrv.net/install-openvpn-on-centos/ [...]
Hi Admin,
I am having the same problem as everyone else…. seems that I am able to connect to the server but I can’t connect anywhere else. No website browsing or etc.
Can you help tell me what’s the solution to that problem?
I’m on a Dedicated Server and the funny part is that they everything connects fine, just not able to browse.
Hope you could help me out.
Hello – did you use the appropriate NAT rule ? can you copy here iptables-save and cat /etc/sysctl.conf
I must thank the admin here at this website, because he helped me figure out a problem. Thank you so much man.
I want to thank the admin at this website for your help to resolve my problem.
Thank you very much.
[...] one of your servers need to be come vpn server and the other be come client . you can use pptp openvpn as vpn server. pptp is not recommended these days . what about ssh tunnel ? http://safesrv.net/install-openvpn-on-centos/ [...]
Hello, i’ve a problem, when i want to launch i’ve this error
May 31 19:46:39 gta openvpn[1484]: PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory
May 31 19:46:39 gta openvpn[1484]: Exiting due to fatal error
Hello please post me your server.conf contents – what OS and arch you running ?
Please re-check the tutorial, i have included a fix.
I am getting the same error as Vamos: PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory
Looks like the openvpn-auth-pam.so is missing? Also found the following link – but no info on how to resolve this:
https://forums.openvpn.net/topic12965.html
Hello please post me your server.conf contents – what OS and arch you running ?
Please re-check the tutorial, i have included a fix.
Excellent! The fix worked! Thanks a lot!