|
Tue, 03 February 2009 08:30  |
|
Registered: November 2007
Messages: 415
|
OpenVPN is becoming increasingly popular so we have created an OpenVPN template to make things easier to setup. This template can be used to create a secure VPN connection between your PC and your server, or can be used to tunnel all traffic from your PC through your server. These instructions assume the PC is running WindowsXP, under Vista it should be very similar if not identical. Setup on other systems such as Macs will be very similar.
1. Log onto the VPSVille control panel. Select 'reinstall' and select the OpenVPN template.
2. After it's installed, select 'Devices' and create the TAP/TUN device.
3. With SSH, login to your VPS.
4. Execute the following commands:
cd /etc/openvpn
openvpn --genkey --secret static.key
reboot
5. Copy the contents of the static.key to the clipboard
6. Install the OpenVPN GUI application for Windows on your PC.
http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1 .0.3-install.exe
7. With notepad, create a file called static.key in C:\Program Files\OpenVPN\config and copy the clipboard contents into it.
8. With notepad, create a file called vpsville.ovpn and insert the following lines and change xx.xx.xx.xx to your servers IP address
dev tun
remote xx.xx.xx.xx
ifconfig 172.16.10.2 172.16.10.1
keepalive 10 60
proto tcp-client
port 12056
persist-tun
persist-key
comp-lzo
verb 3
# uncomment the following line if you want ALL traffic going through your VPSVille VPN
# redirect-gateway def1
secret C:\\Program\ Files\\OpenVPN\\config\\static.key
9. Start the OpenVPN GUI application for Windows. Right click on the OpenVPN icon on the taskbar and select 'Connect'.
Your server will have 172.16.10.1 and your PC will have 172.16.10.2. If you can ping 172.16.10.1 your VPN is working correctly.
**** OPTIONAL ****
If you want to tunnel all your PC's traffic through the VPN, you also need to do the following:
10. Uncomment the following lines:
Server: edit /etc/rc.local and uncomment the POSTROUTING line. Change xx.xx.xx.xx to your servers IP address.
Client: edit the vpsville.ovpn file, and uncomment redirect-gateway line
Reboot your server, restart the OpenVPN client connection.
Navigate to http://whatsmyip.org with your browser. You should see your server's IP address instead of your own.
[Updated on: Sun, 22 February 2009 17:26]
|
|
|
|
Sat, 11 July 2009 05:39  |
|
Registered: July 2009
Messages: 2
|
Hi, I'm a new customer, signed up specifically to use a US vps as a vpn service in order to get to google books/hulu/etc...
I'm having trouble connecting via OpenVPN. I did exactly what the post above says, but my OpenVPN client returns this error:
"CP: connect to 72.249.35.149:12056 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)"
Tail syslog on the vps returns:
"Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: LZO compression initialized
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Cannot allocate TUN/TAP dev dynamically
Jul 11 04:58:59 x ovpn-vpsville_vpn[3730]: Exiting"
and
"root@x:/var/log# /etc/init.d/openvpn restart
Stopping virtual private network daemon:.
Starting virtual private network daemon: vpsville_vpn(FAILED)."
I believe something is musconfigured on the server. Could you please look into this matter?
|
|
|
|
Sat, 11 July 2009 14:12 |
|
Registered: November 2007
Messages: 415
|
It looks like you forgot to create the tun device on the server. You need to do that from our control panel.
|
|
|
|
Sat, 11 July 2009 14:31 |
|
Registered: July 2009
Messages: 2
|
You're absolutely correct... 
|
|
|
|
Tue, 21 July 2009 04:29 |
|
Registered: July 2009
Messages: 1
|
Is it possible to set the VPN to use tcp on SSL port 443 for places where they block regular VPN ports?
|
|
|
|
Fri, 24 July 2009 22:46 |
|
Registered: November 2007
Messages: 415
|
Yes, OpenVPN can be used with an alternate port number.
|
|
|
|
Mon, 17 August 2009 04:59 |
|
Registered: July 2009
Messages: 1
|
I would like to know how I can set up SSL port number 443 on TCP. When I tried just changing the port number in both sides, the openvpn-gui client refused to connect to the server.
|
|
|
|
Wed, 19 August 2009 15:59 |
|
Registered: November 2007
Messages: 415
|
There may be a firewall or other issue preventing the connect. Any unused port number should work fine.
|
|
|
|
Sat, 05 September 2009 11:17 |
|
Registered: September 2009
Messages: 1
|
How do you route specific hostname:port through the vpn instead of all the traffic?
|
|
|
|
Sun, 13 September 2009 03:46 |
|
Registered: September 2009
Messages: 1
|
Hi
I have done all steps as you said, but when I want to connect via "OpenVPN GUI"it stop at following :
"TCPv4_CLIENT link remote: **.***.***.**:12056".
I repeated steps for several times but this error appears.
please help me to solve.
best regards
|
|
|
|
Sun, 04 October 2009 16:20 |
|
Registered: October 2009
Messages: 1
|
"How do you route specific hostname:port through the vpn instead of all the traffic?"
I had a detailed reply for you, but then I clicked "Spell-check Message" and the forum.vpsville.ca server promptly produced a bunch of php error messages and lost all of my text...someone should probably fix that or change the "Spell-check Message" button to "Wipe out my 20 minutes of research and typing".
So, all you get is:
Don't do the
"**** OPTIONAL ****
If you want to tunnel all your PC's traffic through the VPN, you also need to do the following:"
as posted by staff above, and create a static route on your VPN client.
Windows client: google "static route windows"
Linux client: route add target-site.com dev tap0
(assuming your VPN client is on tap0)
How to make it specific to a host:port on Windows: no clue
How to make it specific to a host:port on Linux: a trival line or two with iptables.
|
|
|
|
Tue, 03 November 2009 18:49 |
|
Registered: November 2009
Messages: 7
|
I take it that if I want to use two different openvpn clients running on a pc and phone I just edit vpsville_vpn.conf and add another ip in in the ifconfig and then make the changes in the respective .opvn files?
|
|
|
|
Wed, 11 November 2009 17:33 |
|
Registered: November 2009
Messages: 3
|
I've followed the instructions and I have managed to get the openvpn client to connect and I can ping the server.
I then tried the steps to route all my traffic via the server - however when I check my ip address it is is still the same as that of my ADSL firewall rather than that of the VPS server.
Any instructions on how to diagnose this issue?
SB
|
|
|
|
Thu, 12 November 2009 14:50 |
|
Registered: November 2009
Messages: 3
|
okay I've found it - the openvpn client side GUI needs to run as an administrator when on VISTA
|
|
|
|
Mon, 16 November 2009 01:00 |
|
Registered: November 2009
Messages: 1
|
Hi,
I'm on a Mac with 10.6.2 and i would like to connect through "Viscosity".
But i have troubles with the Configuration.
Please can someone help me with the settings.
Chris
|
|
|
|
Sat, 05 December 2009 14:24 |
|
Registered: December 2009
Messages: 1
|
Hi Chris,
Have just managed to get it working in Viscosity.
Click Add in the bottom left corner
In the General Tab:
Type a connection name
For address, put in your server address
Port: default is 12056
Method, Protocol is tcp
Device is tun
DNS enabled box is ticked.
In Certificates:
Type static key
Select the secret.key file from its location
Direction: default
Options:
I have persist tun and persist key ticked aswell as Use LZO Compression, all other settings are blank.
Networking:
Send all traffic over VPN connection ticked, might be different for you. All other settings are blank.
Proxy:
If your using the default port I doubt this is through a proxy even if you have one.
Advanced:
I have the following:
dhcp-option DNS 208.67.222.222 208.67.220.220
keepalive 10 60
ifconfig 172.16.10.2 172.16.10.1
top line specifies your DNS servers (openDNS), others are from normal config.
Hope that helps.
|
|
|
|
Mon, 04 January 2010 07:09 |
|
Registered: January 2010
Messages: 4
|
The original configuration above works fine for a single client, but I'd like to use vpn for more than one client on a single server; has anyone got a good howto or advice on how to set about this?
Thanks,
|
|
|
|
Thu, 07 January 2010 06:55 |
|
Registered: January 2010
Messages: 4
|
| bear wrote on Mon, 04 January 2010 12:09 |
The original configuration above works fine for a single client, but I'd like to use vpn for more than one client on a single server; has anyone got a good howto or advice on how to set about this?
Thanks,
|
ok - I'll answer my own question (in case anybody else is wondering the same thing)! The openvpn howto here is pretty useful as a starting point, and have now got this working after a certain amount of trial and error.
|
|
|
|
Mon, 11 January 2010 18:01 |
|
Registered: January 2010
Messages: 3
|
@referr
Any idea why I can't connect to any webpage after using your information?
[Updated on: Wed, 13 January 2010 05:01] by Moderator
|
|
|
|
Tue, 12 January 2010 15:09 |
|
Registered: January 2010
Messages: 2
|
helo,
All is working on Tunnelblick.app on mac os 10.6, with the all redirect traffic, but i have to restart the full server after i disconnect from the VPN and i want to reconnect ...
someone have an idea ?
EDIT :
/usr/sbin/openvpn --writepid /var/run/openvpn.vpsville_vpn.pid --daemon ovpn-vpsville_vpn
is not longer present in the ps -fe
so a
/etc/init.d/openvpn start
do the job
but it's annoying ...
[Updated on: Tue, 12 January 2010 17:15]
|
|
|
|
Wed, 13 January 2010 05:01 |
|
Registered: November 2007
Messages: 415
|
| fannar wrote on Mon, 11 January 2010 18:01 |
@referr
Any idea why I can't connect to any webpage after using your information?
|
Did you edit the /etc/rc.local file on the server?
|
|
|
|
Wed, 13 January 2010 07:08 |
|
Registered: January 2010
Messages: 2
|
i think see it :
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#
# VPSVille OpenVPN template.
#
#
# DNAT (services redir)
# Uncomment to forward port 80 to your VPN client machine
#
#iptables -t nat -A PREROUTING -p tcp --dport 80 -i venet0 -j DNAT --to 172.16.10.2:80
#
# NAT (masq for vpn)
# Uncomment and change xx.xx.xx.xx to your servers IP if you wish to tunnel all traffic
#
iptables -t nat -A POSTROUTING -s 172.16.10.2/32 -o venet0 -j SNAT --to 72.249.XX.XXX
i have tried by using viscosity (another client) (thank's rafferr) it's the same when i quit the vpn server quit
[Updated on: Wed, 13 January 2010 07:26]
|
|
|
|
Wed, 13 January 2010 20:38 |
|
Registered: January 2010
Messages: 1
|
Hello,
I'm trying to establish a VPN connection with my openvpn and my mac (10.6.2). i am using viscosity or tunnelblick. i set the settings like rafferr described here and i'm also getting a vpn connection but i cant access any webpage (but i can ping 172.16.10.1).
I want to route all trafic so I modyfied rc.local:
#
# NAT (masq for vpn)
# Uncomment and change xx.xx.xx.xx to your servers IP if you wish to tunnel all traffic
#
iptables -t nat -A POSTROUTING -s 172.16.10.2/32 -o venet0 -j SNAT --to x 67.227.xx.xx
where could be the problem, pls help me.
greeting marcel
|
|
|
|
Thu, 14 January 2010 04:46 |
|
Registered: January 2010
Messages: 3
|
@staff:
Well I hadn't but now I have and rebooted.
Still not working and my connection gets lost and reconnected a lot.
I can't even ping 172.16.10.1
Other ideas?
|
|
|
|
Thu, 14 January 2010 18:40 |
|
Registered: November 2007
Messages: 415
|
| fannar wrote on Thu, 14 January 2010 04:46 |
@staff:
Well I hadn't but now I have and rebooted.
Still not working and my connection gets lost and reconnected a lot.
I can't even ping 172.16.10.1
Other ideas?
|
I suggest you reinstall OpenVPN on your PC and go through the steps again, on the both the server and your PC. Its easy to skip a step unfortunately.
|
|
|
|
Mon, 18 January 2010 08:07 |
|
Registered: January 2010
Messages: 3
|
Well I'm using a MAC. So re-installing isn't a option in my opinion. I'm just wondering if I need to do anything more on the server?
|
|
|
|
Tue, 19 January 2010 17:25 |
|
Registered: November 2007
Messages: 415
|
| fannar wrote on Mon, 18 January 2010 08:07 |
Well I'm using a MAC. So re-installing isn't a option in my opinion. I'm just wondering if I need to do anything more on the server?
|
The server works for Macs and PCs, we used both for testing. Viscosity was used on the Mac to connect and surf.
|
|
|
|
Sat, 23 January 2010 10:03 |
|
Registered: January 2010
Messages: 1
|
Hi,
I have done all the steps but still could not use the vpn, could you please help me?
By WIN XP 32bit: I can connect, but can't visit any website. when I ping www.google.com, I can get the IP address, but later, all timed out.
By using mac OSX 10.6.2, 64bit with Viscosity, can't connect, it said:
Options error: Parameter priv_key_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.
I did all the options that rafferr posted at the forum.
By using Tunnelblick in MAC OSX 10.6.2, 64bit, it said:
2010-01-22 13:46:07 *Tunnelblick: OS X 10.6.2; Tunnelblick 3 (3.0b24 build 1301); OpenVPN 2 (2.1_rc20)
2010-01-22 14:23:56 *Tunnelblick: Attempting connection with openvpn.conf using shadow copy; Set nameserver = 1; monitoring connection
2010-01-22 14:23:56 *Tunnelblick: openvpnstart status #247: Error: Unable to load tun and tap kexts. Status = 71
client config (Tunnelblick) is
dev tun
remote 67.227.83.26
ifconfig 172.16.10.2 172.16.10.1
keepalive 10 60
proto tcp-client
port 12056
persist-tun
persist-key
comp-lzo
verb 3
# uncomment the following line if you want ALL traffic going through your VPSVille vpn
redirect-gateway def1
Configurations/static.key
Server config file: vpsville_vpn.conf
dev tun
ifconfig 172.16.10.1 172.16.10.2
keepalive 10 60
proto tcp-server
port 12056
user nobody
group nogroup
persist-tun
persist-key
comp-lzo
verb 3
secret /etc/openvpn/static.key
Well, I just want a VPN for my personal use, static key is ok.
My VPS is x.vps73b5d455.com ip is 67.227.83.26 Could you please help me? I really don't know what to do now. tired 3 days to config the VPN.
|
|
|
|
Sun, 21 March 2010 23:49 |
|
Registered: March 2010
Messages: 1
|
If anyone is interested, I got it working with my WRT54GL router running Tomato Firmware v1.25vpn3.3.4.
Here are the settings I used;
-BASIC-
Interface Type: TUN
Protocol: TCP
Server Address/Port: <Server IP>/12056
Firewall: Automatic
Auth Mode: Static Key
Creat NAT on Tunnel: Yes
Local/Remote Endpoint Addresses: 172.16.10.2 172.16.10.1
-ADVANCED-
Redirect Internet Traffic: Yes
Encryption cipher: Use Default
Compression: Enabled
Contection Retry: 30s
-KEYS-
<Static Key Generated by Server>
Runs great!
|
|
|
|
Tue, 13 April 2010 02:18 |
|
Registered: April 2010
Messages: 1
|
Hi,
I am trying to follow the instructions but am having trouble at the very beginning. It seems nothing happens when I try to create the static.key. I enter openvpn --genkey --secret static.key but only another prompt comes up and no key:
root@x:~# cd /etc/openvpn
root@x:/etc/openvpn# openvpn --genkey --secret static.key
root@x:/etc/openvpn#
I am new at this. what am I missing?
thank you
|
|
|
|
Thu, 15 April 2010 21:05 |
|
Registered: November 2007
Messages: 415
|
| dresden wrote on Tue, 13 April 2010 02:18 |
Hi,
I am trying to follow the instructions but am having trouble at the very beginning. It seems nothing happens when I try to create the static.key. I enter openvpn --genkey --secret static.key but only another prompt comes up and no key:
root@x:~# cd /etc/openvpn
root@x:/etc/openvpn# openvpn --genkey --secret static.key
root@x:/etc/openvpn#
I am new at this. what am I missing?
thank you
|
Thats normal, the key has been created. You can see the key when you do a directory listing with 'ls'.
|
|
|
|
Wed, 16 June 2010 03:37 |
|
Registered: June 2010
Messages: 1
|
| bear wrote on Thu, 07 January 2010 06:55 |
| bear wrote on Mon, 04 January 2010 12:09 |
The original configuration above works fine for a single client, but I'd like to use vpn for more than one client on a single server; has anyone got a good howto or advice on how to set about this?
Thanks,
|
ok - I'll answer my own question (in case anybody else is wondering the same thing)! The openvpn howto here is pretty useful as a starting point, and have now got this working after a certain amount of trial and error.
|
I would like to ask if you have a mini how-to? I can connect to my OpenVPN server but cannot ping to/from client/server. Works okay if I use the default template. Would like to setup multiple clients.
TIA.
|
|
|
|
Thu, 01 July 2010 19:26 |
|
Registered: July 2010
Messages: 2
|
Hi,
I followed the conversation and I had problems setting this all up.
I solved the problem while using the openvpn-2.1.1-install.exe instead of the openvpn-2.0.9-gui-1 .0.3-install.exe.
I'm using windows 7 (64) and the old version didn't enable me to install the network device driver. The new version fixed this problem and it's now working as intended. It also solves some problems with admin rights.
Changelog 2.1.1
The setting up was identical, beside of the new openvpn gui version!
http://www.openvpn.net/index.php/open-source/downloads.html
Kind regards
[Updated on: Thu, 01 July 2010 19:46]
|
|
|
|
Fri, 09 July 2010 23:46 |
|
Registered: June 2010
Messages: 2
|
i set up the open vpn, and i want to use my android phone to connect to my vpn. i followed the thread, but my phone cannot connect to the vpn.
can you provide a guide on how to set up the open vpn on android work with this vpn?
thanks,
david
|
|
|
Members
Search
Help
Register
Login
Home
