Where to Download VARS Files?

[idshadow]

Edit: Got the apt-get problem fixed.

Just not sure where to get the vars from since the sudo apt-get install openvpn and installing the openvpn-as package didn't create an easy-rsa folder anywhere with the scripts that need to be edited.

[FeileX]

Not sure which distro you are using.... Ubuntu?
Try looking in here... /usr/share/doc/openvpn/examples/easy-rsa/

Here is a good tut... https://help.ubuntu.com/community/OpenV ... rtificates

[idshadow]

Yes, I'm using Ubuntu Server 11.10 64-bit.

Kind of made some progress since my post and got the DNS's working correctly which got the sudo apt-get install openvpn command working along with the needed scripts.

Now I'm having trouble getting the /etc/serv.conf set up correctly.

Everything seems to be working fine but when I tell OpenVPN to restart it fails and the openvpn.log has this line:

TCP:UDP: Socket bind failed on local address [AF_INET]192.168.1.201:1194: Cannot assign requested address.

mode server
tls-server

local 192.168.1.201
port 1194
proto udp

dev tap0
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"

persist-key
persist-tun

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

cipher BF-CBC
comp-lzo

ifconfig-pool-persist ipp.txt
server-bridge 192.168.10 255.255.255.0 192.168.1.100 192.168.1.110
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DOMAIN poof.org"
max-clients 10

user nobody
group nogroup
keepalive 10 120
status openvpn-status.log
log-append openvpn.log
verb 3

[FeileX]

Sounds like some other program has already gotten a hold of that port...
Are you sure you want your VPN server binding to your internal IP?
If this is true, you'll only be able to accept clients from your internal network, unless you are doing some port forwardign from your router.
Try running:

Code: Select all

netstat -anp | grep 1194

That command will show you which program already has the binding to port 1194

[idshadow]

Figured OpenVPN would default to a port that is fairly uncommon so that there'd be no conflicts.

Here's the results of the netstat command:

udp 0 0 192.168.1.15:1194 0.0.0.0:*
1800/openvpn

So should I just figure out what IP my ISP is assigning me and put that in the server.conf? Then pick a different random unused port and configure the port forwarding in my router GUI?

[FeileX]

No, that means that OpenVPN is already running on your system, with PID 1800.
you should be able to run ps aux | grep -i openvpn and see it there too.

If you havent killed it yet, you can kill it with kill -9 1800 (assuming it still 1800...)

[idshadow]

The ps aux command came back with a heck of a lot of strings of information.

Used the kill command then tried to restart the openvpn daemon after and it failed again.

Now the log says:

/etc/openvpn/up.sh br0 tap0 1500 1574 init /etc/openvpn/up.sh: 7: /sur/sbin/brctl: not found
WARNING: Failed running command (--up/--down): could not execute external program

[maikcat]

it seems you dont have bridge utils install..

also

server-bridge directive means that you use the SAME ip range as your lan..

your config:

local 192.168.1.201
server-bridge 192.168.10 255.255.255.0 192.168.1.100 192.168.1.110

possible typo error..?
must be

server-bridge 192.168.1.201 255.255.255.0 192.168.1.100 192.168.1.110

for bridging to work you must also check:

that eth0 and tap0 are in promisc mode
ip forwarding is enabled


why are you using bridging?

Michael.