OpenVPN on OpenVZ VPS

[Rahul]

I have a vps from an offshore company, I have successfully installed OpenVPN using centOs 5.5 32 bit but when i connect my pc's client (windows 7) i don't get connected to the vpn. The VPS is based on OPENVZ. and the tutorial i followed is: http://www.webhostingtalk.com/showthread.php?t=1024872 please someone help me installing openvpn on a openvz, i am so frustrated

[Mimiko]

Please read careflly following topics:
topic2.html
http://forums.openvpn.net/topic7729.html

[Bebop]

please someone help me installing openvpn on a openvz, i am so frustrated

Rahul, OpenVPN + OpenVZ is a favorite topic of mine. Let me know specifically what is working / what is not working.

The two most tricky parts of OpenVZ installation are:

[1] Maybe sure the host provider has enabled TUN. This need to be done after any OS reload.
[2] IPTABLES has no masquerade, so you use SNAT instead.

topic7722.html

[Rahul]

I tried almost 50 times on various openvz vps's, but no luck with it, i want a guide where i could install openvpn successfully on my vps xen/openvz or QEMU. I need help on how to create clients config and different ports. a complete and a correct guide. right now i am trying what Bebop has posted in a thread.

[Rahul]

I got new QEMU VPS and i think no one seems to help here,

[Mimiko]

How to install and create config files are writed on docs page, please study them.
What you accomplished and is not working? Post some logs.

[Rahul]

I have QEMU VPS, it is full virtualization like xen or a dedicated server, I installed openvpn using: http://www.webhostingtalk.com/showthread.php?t=1024872 this tutorial, i used topic7722.html this iptable commands. i generate ca, keys but i am unable to get connected, no logs and nothing... i am trying to install openvpn since 15 days but still no luck, nor i got luck in openvz nor in qemu (has vnc)., I tried http://www.vps-tutorial.info/2011/01/10 ... n-centos5/ but i get 'command not found' at 'ca initializing step' i tried topic7722.html but i get 'bad interpreter' , may i get working guide for installing openvpn on a dedicated server? please, i can pay $5-10 if someone can install it for me would also assist me for generating client keys, thanks.

[Mimiko]

but i am unable to get connected, no logs and nothing

There is no such thing as no logging. Use "verb 4" and "log-append" to configure the file where logs will be written.

but i get 'bad interpreter'

When do you get such error? What step is this?

[Rahul]

Hello, thanx, I finally have done the setup of OpenVPN successfully on my server, it was working nicely until i 'Reboot' my server now i am getting log:

Sun Oct 23 12:47:38 2011 OpenVPN 2.2-beta5 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 30 2010
Sun Oct 23 12:47:45 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 23 12:47:45 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Oct 23 12:47:45 2011 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Oct 23 12:47:46 2011 LZO compression initialized
Sun Oct 23 12:47:46 2011 UDPv4 link local (bound): [undef]:53
Sun Oct 23 12:47:46 2011 UDPv4 link remote: MY-IP:443
Sun Oct 23 12:47:46 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Oct 23 12:47:47 2011 NOTE: --mute triggered...


as well I've done this already: 'net.ipv4.ip_forward = 1' in 'etc/sysctl.conf'

[Mimiko]

UDP port 443 on your virtual server is not opened, or is not forwarded from gateway/firewall.

[Rahul]

Okay I fixed it, I added 2 .conf files in /etc/openvpn directory, and i can successfully connect to OpenVPN with fine logs. The Problem is i am able to surf web using the first .ovpn conf but unable to do the same by 2nd .ovpn config. what should i do?

my first server .conf file is:


local VPS-IP
port 9200
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

and the second server .conf file:

local VPS-IP
port 443
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 1.2.3.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3


I ran iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE for first .conf file and iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -o eth0 -j MASQUERADE for second .conf file and saved both with /sbin/service iptables save (both times)

at server side both getting connected but client side only the 9200 port is working to surf. and the second 443 port getting connected but i am unable to browse anything. I've made sure both settings are correct. Literally I SWAPPED their sorting order, I re-installed the CentOS 5.5 64 bit and at first i added 443.conf to server side and 9200.conf at second and viola, only the 443 port were working, THE PROBLEM IS ONLY 1 PORT IS WORKING EITHER 9200 OR ANY OTHER. I've disabled the Firewall and I WILL BE HAPPY IF YOU PROBABLY HELP ME OVER IT THANKS.

[Mimiko]

Could you use insteed of 1.2.3.4 the 10.8.1.0 network?

[Rahul]

THANX... I FIGURED IT OUT JUST A WHILE AGO and it's working good with 6 ports, and also could you tell me how to setup 'icmp' protocols and ports?