i hqave googled and googled again but i just cannot get PIA to connect in an LXC container ubuntu 20.04 on proxmox.
OpenVPN gets a ip from PIA but it appears its having issues establishing the last part.
Code: Select all
Sat Jul 17 08:35:10 2021 WARNING: file ‘/etc/openvpn/login.txt’ is group or others accessible
Sat Jul 17 08:35:10 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Sat Jul 17 08:35:10 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sat Jul 17 08:35:10 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]154.21.22.171:1198
Sat Jul 17 08:35:10 2021 UDP link local: (not bound)
Sat Jul 17 08:35:10 2021 UDP link remote: [AF_INET]154.21.22.171:1198
Sat Jul 17 08:35:10 2021 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Sat Jul 17 08:35:10 2021 [atlanta416] Peer Connection Initiated with [AF_INET]154.21.22.171:1198
> Sat Jul 17 08:35:11 2021 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
> Sat Jul 17 08:35:11 2021 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
> Sat Jul 17 08:35:11 2021 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
> Sat Jul 17 08:35:11 2021 Exiting due to fatal error
i have basically used the following process
Code: Select all
VPN Gateway w/ Kill Switch
Instructions for Ubuntu 20.04 Server
IN the shell of the proxmox host got to
cd /etc/pve/lxc
EDIT THE XXX.conf files and add line the following line at the end
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
~~~~~~~~~~~~~~~~~~~~
Install Programs
apt install curl net-tools openvpn openssh-server unzip -y
~~~~~~~~~~~~~~~~~~~~
Download OVPN Config files (Private Internet Access)
cd /etc/openvpn
wget --no-check-certificate https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip
~~~~~~~~~~~~~~~~~~~~
nano /etc/openvpn/connect.sh
openvpn --config /etc/openvpn/us_atlanta.ovpn --auth-user-pass /etc/openvpn/login.txt
~~~~~~~~~~~~~~~~~~~~
nano /etc/openvpn/login.txt
username
password
~~~~~~~~~~~~~~~~~~~~~~
nano /etc/openvpn/iptables.sh
#!/bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Block All
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# allow Localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Make sure you can communicate with any DHCP server
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT
# Make sure that you can communicate within your own network
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# Allow established sessions to receive traffic:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow TUN
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
# allow VPN connection
iptables -I OUTPUT 1 -p udp --destination-port 1198 -m comment --comment "Allow VPN connection" -j ACCEPT
# Block All
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
# Log all dropped packages, debug only.
iptables -N logging
iptables -A INPUT -j logging
iptables -A OUTPUT -j logging
iptables -A logging -m limit --limit 2/min -j LOG --log-prefix "IPTables general: " --log-level 7
iptables -A logging -j DROP
echo "saving"
iptables-save > /etc/iptables.rules
echo "done"
#echo 'openVPN - Rules successfully applied, we start "watch" to verify IPtables in realtime (you can cancel it as usual CTRL + c)'
#sleep 3
#watch -n 0 "sudo iptables -nvL"
~~~~~~~~~~~~~~~~~~~~~~~
Creste the start up script
nano /usr/local/sbin/startup.sh
#!/bin/sh
bash /etc/openvpn/iptables.sh &
sleep 5
sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
bash /etc/openvpn/connect.sh
Make script executable
chmod +x /usr/local/sbin/startup.sh
~~~~~~~~~~~~~~~~~~~~~~
Create systemd unit file
nano /etc/systemd/system/startup.service
[Unit]
Description=Startup
[Service]
ExecStart=/usr/local/sbin/startup.sh
[Install]
WantedBy=default.target
~~~~~~~~~~~~~~~~~~~~~~~~
Enable service
systemctl enable startup.service
check that it has been enabled
systemctl status startup.service
systemctl disable startup.service
Please help as i have spent 4 days now trying to get this to work.