PIA on proxmox7

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
riddleuk
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 18, 2021 9:12 am

PIA on proxmox7

Post by riddleuk » Sun Jul 18, 2021 9:18 am

Hi

i hqave googled and googled again but i just cannot get PIA to connect in an LXC container ubuntu 20.04 on proxmox.

OpenVPN gets a ip from PIA but it appears its having issues establishing the last part.

Code: Select all

Sat Jul 17 08:35:10 2021 WARNING: file ‘/etc/openvpn/login.txt’ is group or others accessible
Sat Jul 17 08:35:10 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Sat Jul 17 08:35:10 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sat Jul 17 08:35:10 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]154.21.22.171:1198
Sat Jul 17 08:35:10 2021 UDP link local: (not bound)
Sat Jul 17 08:35:10 2021 UDP link remote: [AF_INET]154.21.22.171:1198
Sat Jul 17 08:35:10 2021 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Sat Jul 17 08:35:10 2021 [atlanta416] Peer Connection Initiated with [AF_INET]154.21.22.171:1198
> Sat Jul 17 08:35:11 2021 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
> Sat Jul 17 08:35:11 2021 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
> Sat Jul 17 08:35:11 2021 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
> Sat Jul 17 08:35:11 2021 Exiting due to fatal error
i have tried everything i can think of it just wont fully connect. I have asked on proxmox forums LXC forums but no one replies

i have basically used the following process

Code: Select all

VPN Gateway w/ Kill Switch
Instructions for Ubuntu 20.04 Server

IN the shell of the proxmox host got to 

cd /etc/pve/lxc

EDIT THE XXX.conf files and add line the following line at the end

lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file


~~~~~~~~~~~~~~~~~~~~


Install Programs

apt install curl net-tools openvpn openssh-server unzip -y

~~~~~~~~~~~~~~~~~~~~

Download OVPN Config files (Private Internet Access)

cd /etc/openvpn

wget --no-check-certificate https://www.privateinternetaccess.com/openvpn/openvpn.zip

unzip openvpn.zip



~~~~~~~~~~~~~~~~~~~~

nano /etc/openvpn/connect.sh

openvpn --config /etc/openvpn/us_atlanta.ovpn --auth-user-pass /etc/openvpn/login.txt

~~~~~~~~~~~~~~~~~~~~

nano /etc/openvpn/login.txt

username
password

~~~~~~~~~~~~~~~~~~~~~~

nano /etc/openvpn/iptables.sh

#!/bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

# Block All
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP

# allow Localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Make sure you can communicate with any DHCP server
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT

# Make sure that you can communicate within your own network
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT

# Allow established sessions to receive traffic:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow TUN
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT

# allow VPN connection
iptables -I OUTPUT 1 -p udp --destination-port 1198 -m comment --comment "Allow VPN connection" -j ACCEPT

# Block All
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

# Log all dropped packages, debug only.

iptables -N logging
iptables -A INPUT -j logging
iptables -A OUTPUT -j logging
iptables -A logging -m limit --limit 2/min -j LOG --log-prefix "IPTables general: " --log-level 7
iptables -A logging -j DROP

echo "saving"
iptables-save > /etc/iptables.rules
echo "done"
#echo 'openVPN - Rules successfully applied, we start "watch" to verify IPtables in realtime (you can cancel it as usual CTRL + c)'
#sleep 3
#watch -n 0 "sudo iptables -nvL"


~~~~~~~~~~~~~~~~~~~~~~~

Creste the start up script

nano /usr/local/sbin/startup.sh

#!/bin/sh

bash /etc/openvpn/iptables.sh &
sleep 5
sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
bash /etc/openvpn/connect.sh

Make script executable

chmod +x /usr/local/sbin/startup.sh

~~~~~~~~~~~~~~~~~~~~~~

Create systemd unit file

nano /etc/systemd/system/startup.service

[Unit]
Description=Startup

[Service]
ExecStart=/usr/local/sbin/startup.sh

[Install]
WantedBy=default.target

~~~~~~~~~~~~~~~~~~~~~~~~

Enable service

systemctl enable startup.service


check that it has been enabled

systemctl status startup.service



systemctl disable startup.service


i have been able to create a VPN back to the server so i can access files when out and about but i just cannot make a container where OPENvpn connects to PIA.

Please help as i have spent 4 days now trying to get this to work.

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: PIA on proxmox7

Post by 300000 » Sun Jul 18, 2021 10:10 am

ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)

you need to install with root user permittion. something it is not run without root .

riddleuk
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 18, 2021 9:12 am

Re: PIA on proxmox7

Post by riddleuk » Sun Jul 18, 2021 10:55 am

its a container its all done as root

its why no sudo in the commands

Code: Select all

Ubuntu 20.04 LTS PIA tty1

PIA login: root
Password: 
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.11.22-1-pve x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@PIA:~# su
root@PIA:~# 

riddleuk
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 18, 2021 9:12 am

Re: PIA on proxmox7

Post by riddleuk » Sun Jul 18, 2021 6:31 pm

Solved.

just installed OPEN VPN on the PVE host and it works in unprivilaged container on features enable device on the ct options.

VPN basic gateway in 35mb

Thanks for the help

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PIA on proxmox7

Post by TinCanTech » Sun Jul 18, 2021 8:10 pm

Thanks for letting us know 8-)

Moved to Installation help -- Hope it helps

Post Reply