SliTaz Forum

Running Openvpn server on SliTaz

(13 posts) (2 voices)

• Started 10 years ago by Malk
• Latest reply from Malk
• This topic is resolved

Tags:

No tags yet.

1. 

   Malk
   

   offline

   Member

   Openvpn installed in SliTaz.
   root@vps:~# tazpkg get-install openvpn

   Once installed, the script to run Openvpn server in /etc/init.d/ does not appear.
   How to run Openvpn in SliTaz?

   Posted 10 years ago #
2. 

   Malk
   

   offline

   Member

   Nobody has yet launched Openvpn in SliTaz?

   Posted 9 years ago #
3. 

   erjo
   

   offline

   Key Master

   Yes i use it in client mode in /etc/init.d/local.sh
   I guess it can also function as a server

   Posted 9 years ago #
4. 

   Malk
   

   offline

   Member

   I have in /etc/init.d/local.sh only here it

   
#!/bin/sh
# /etc/init.d/local.sh - Local startup commands.
#
# All commands here will be executed at boot time.
#
. /etc/init.d/rc.functions

   echo "Starting local startup commands... "

   As you start the daemon Openvpn from /etc/init.d/local.sh?

   Posted 9 years ago #
5. 

   erjo
   

   offline

   Key Master

   My /etc/init.d/local.sh file:

   #!/bin/sh
   # /etc/init.d/local.sh - Local startup commands.
   #
   # All commands here will be executed at boot time.
   #
   . /etc/init.d/rc.functions
   
   echo "Starting local startup commands... "
   
   [ -x /usr/bin/ntpclient ] && /usr/bin/ntpclient -s -h fr.pool.ntp.org
   
   /usr/libexec/webmin/webmin-init start
   
   /usr/sbin/openvpn --cd /etc/openvpn/ --config /etc/openvpn/server-udp-1194.ovpn
   

   My config file for Openvpn:

   dev tun
   persist-tun
   persist-key
   cipher AES-128-CBC
   auth SHA1
   tls-client
   client
   resolv-retry infinite
   remote Your.server.IP.here 1194 udp
   lport 0
   pkcs12 my_pkcs.p12
   tls-auth my_tls.key 1
   ns-cert-type server
   comp-lzo
   daemon
   

   I used the keyword daemon in the config file to run Openvpn in background.

   Posted 9 years ago #
6. 

   Malk
   

   offline

   Member

   Thank you for your help.

   Installed Openvpn
   tazpkg get-install openvpn

   Has created certificates and keys.

   Has created server.conf
   local SERVER.IP.here
port 3200
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth ta.key 0
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20

   Added to /etc/init.d/local.sh this line
   /usr/sbin/openvpn --cd /etc/openvpn/ --config /etc/openvpn/server.conf

   Tried to run script
   /etc/init.d/local.sh start
   but nothing happened.

   Rebooted SliTaz. After rebooting the system will not boot with this error
   FATAL: No bootable medium found! System halted.

   Posted 9 years ago #
7. 

   erjo
   

   offline

   Key Master

   I'm not your boot problem is related to Openvpn.
   /etc/init.d/local.sh is a regular shell script with no options.

   I follow some parts of this guide : http://www.nedproductions.biz/wiki/configuring-a-proxmox-ve-2.x-cluster-running-over-an-openvpn-intranet/configuring-a-proxmox-ve-2.x-cluster-running-over-an-openvpn-intranet-part-1#2

   My server.conf

   mode server
   tls-server
   
   local 192.168.1.104
   port 1194
   proto tcp
   
   script-security 2
   dev tap0
   up "/etc/openvpn/up.sh"
   down "/etc/openvpn/down.sh"
   
   persist-key
   persist-tun
   duplicate-cn
   client-to-client
   
   ca ca.crt
   cert riton.crt
   key riton.key  # This file should be kept secret
   dh dh1024.pem
   tls-auth openema.key 0 # This file is secret
   
   ifconfig-pool-persist ipp.txt
   server-bridge 10.0.0.1 255.255.255.0 10.0.0.100 10.0.0.110
   max-clients 10
   
   user nobody
   group nogroup
   keepalive 10 120
   status openvpn-status.log
   verb 3
   
   daemon
   

   Pay attention to the daemon keyword.

   My local.sh

   #!/bin/sh
   # /etc/init.d/local.sh - Local startup commands.
   #
   # All commands here will be executed at boot time.
   #
   . /etc/init.d/rc.functions
   
   echo "Starting local startup commands... "
   
   echo "Create Network Bridge..."
   /usr/sbin/brctl addbr vpn0
   /usr/sbin/brctl addif  vpn0 dummy0
   /sbin/ifconfig vpn0 10.0.0.1 netmask 255.255.255.0
   
   echo "Starting OpenVPN..."
   /usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/server.conf
   

   After boot:

   tap0      Link encap:Ethernet  HWaddr BA:F5:DF:23:0D:31
             inet6 addr: fe80::b8f5:dfff:fe23:d31/64 Scope:Link
             UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
             RX packets:0 errors:0 dropped:0 overruns:0 frame:0
             TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:100
             RX bytes:0 (0.0 B)  TX bytes:1296 (1.2 KiB)
   
   vpn0      Link encap:Ethernet  HWaddr 82:A5:80:CC:C7:A0
             inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
             inet6 addr: fe80::80a5:80ff:fecc:c7a0/64 Scope:Link
             UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
             RX packets:0 errors:0 dropped:0 overruns:0 frame:0
             TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:0
             RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)
   

   Posted 9 years ago #
8. 

   Malk
   

   offline

   Member

   Tried to configure Openvpn in Bridge

   In server.conf, only altered the port and the file names of keys and certificates.

   server.conf

   mode server
tls-server

   local 10.0.2.15
   port 3200
   proto tcp

   script-security 2
   dev tap0
   up "/etc/openvpn/up.sh"
   down "/etc/openvpn/down.sh"

   persist-key
   persist-tun
   duplicate-cn
   client-to-client

   ca ca.crt
   cert server.crt
   key server.key # This file should be kept secret
   dh dh1024.pem
   tls-auth ta.key 0 # This file is secret

   ifconfig-pool-persist ipp.txt
   server-bridge 10.0.0.1 255.255.255.0 10.0.0.100 10.0.0.110
   max-clients 10

   user nobody
   group nogroup
   keepalive 10 120
   status openvpn-status.log

   verb 3

   daemon

   In local.sh altered only the name created interface br0

   local.sh

   #!/bin/sh
# /etc/init.d/local.sh - Local startup commands.
#
# All commands here will be executed at boot time.
#
. /etc/init.d/rc.functions

   echo "Starting local startup commands... "

   echo "Create Network Bridge..."
   /usr/sbin/brctl addbr br0
   /usr/sbin/brctl addif br0 dummy0
   /sbin/ifconfig br0 10.0.0.1 netmask 255.255.255.0

   echo "Starting OpenVPN..."
/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/server.conf

   As written in this manual http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html installed bridge-utils

   tazpkg get-install bridge-utils

   After restarting script local.sh, interfaces not created.

   root@slitaz:~# /etc/init.d/local.sh restart
Starting local startup commands...
Create Network Bridge...
add bridge failed: Package not installed
bridge br0 does not exist!
ifconfig: SIOCSIFADDR: No such device
Starting OpenVPN...

   Which package you need to install to successfully create interfaces?

   Posted 9 years ago #
9. 

   erjo
   

   offline

   Key Master

   Add linux-bridge package.

   Plus content of /etc/openvpn/up.sh and /etc/openvpn/down.sh

   /etc/openvpn/up.sh

   #!/bin/sh
   /sbin/ifconfig br0 promisc
   /sbin/ifconfig tap0 up promisc
   /sbin/brctl addif br0 tap0
   

   /etc/openvpn/down.sh

   #!/bin/sh
   /sbin/brctl delif br0 tap0
   /sbin/ifconfig tap0 down -promisc
   /sbin/ifconfig br0 -promisc
   

   Posted 9 years ago #
10. 

    erjo
    

    offline

    Key Master

    Add linux-bridge package.

    Plus content of /etc/openvpn/up.sh and /etc/openvpn/down.sh

    /etc/openvpn/up.sh

    #!/bin/sh
    /sbin/ifconfig br0 promisc
    /sbin/ifconfig tap0 up promisc
    /sbin/brctl addif br0 tap0
    

    /etc/openvpn/down.sh

    #!/bin/sh
    /sbin/brctl delif br0 tap0
    /sbin/ifconfig tap0 down -promisc
    /sbin/ifconfig br0 -promisc
    

    Posted 9 years ago #
11. 

    Malk
    

    offline

    Member

    Thank you for your help. I found only the information that need to install the bridge-utils.
    Package linux-bridge installed. Scripts added.

    After restarting script local.sh

    root@slitaz:~# /etc/init.d/local.sh restart
Starting local startup commands...
Create Network Bridge...
Starting OpenVPN...

    Interface br0 created. But Openvpn not started and tap0 interface is not created.

    root@slitaz:~# ifconfig
    br0       Link encap:Ethernet  HWaddr 6A:D4:3F:AD:5B:83
              inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    eth0      Link encap:Ethernet  HWaddr 08:00:27:D4:54:B8
              inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:11961 errors:0 dropped:0 overruns:0 frame:0
              TX packets:6548 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:5224380 (4.9 MiB)  TX bytes:1215614 (1.1 MiB)
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    I added logging in server.conf having added
    log /var/log/openvpn.log

    Here is the log start Openvpn

    root@slitaz:~# cat /var/log/openvpn.log
Tue Apr 22 00:52:52 2014 OpenVPN 2.2.1 i486-slitaz-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Feb 27 2012
Tue Apr 22 00:52:52 2014 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Apr 22 00:52:52 2014 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Tue Apr 22 00:52:52 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Apr 22 00:52:52 2014 Diffie-Hellman initialized with 1024 bit key
Tue Apr 22 00:52:52 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Apr 22 00:52:52 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 22 00:52:52 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 22 00:52:52 2014 TLS-Auth MTU parms [ L:1575 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Apr 22 00:52:52 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Apr 22 00:52:52 2014 TUN/TAP device tap0 opened
Tue Apr 22 00:52:52 2014 TUN/TAP TX queue length set to 100
Tue Apr 22 00:52:52 2014 /etc/openvpn/up.sh tap0 1500 1575 init
/etc/openvpn/up.sh: line 4: /sbin/brctl: not found
Tue Apr 22 00:52:52 2014 WARNING: Failed running command (--up/--down): could not execute external program
Tue Apr 22 00:52:52 2014 Exiting

    Posted 9 years ago #
12. 

    erjo
    

    offline

    Key Master

    Tue Apr 22 00:52:52 2014 /etc/openvpn/up.sh tap0 1500 1575 init
    /etc/openvpn/up.sh: line 4: /sbin/brctl: not found
    Tue Apr 22 00:52:52 2014 WARNING: Failed running command (--up/--down): could not execute external program
    Tue Apr 22 00:52:52 2014 Exiting

    My bad. The path for brctl is /usr/sbin/brctl
    Fix it in /etc/openvpn/up.sh and /etc/openvpn/down.sh

    Posted 9 years ago #
13. 

    Malk
    

    offline

    Member

    Now everything is fine. Interface tap0 created. Openvpn started.
    Thank you.

    Posted 9 years ago #

RSS feed for this topic

Reply

You must log in to post.