mjhjmtu

I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)

My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:

https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)

Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits, and it works fine.
However, when I go on my OrangePi, it does not work.

After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...

I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..

My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l).

Can you guide me to the right path? :(

Here is the return of this script on my OrangePi:

root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package netfilter-persistent
Firewall stopped and disabled on system startup
awk: line 0: regular expression compile failed (missing operand)
[ ]+|
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
2) External IP - 90.51.33.97

2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)

2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)

2
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No

1
Check your selection
Server will listen on 90.51.33.97
Server will listen on udp 1194
Server will use AES-256-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................+++
...+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
............+++
....+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 01.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
IPv6 forwarding is already enabled
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 362: systemctl: command not found
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config

So:

root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
Script to generate unified config for Windows App
sage: newclient.sh <common-name>
Generating a 2048 bit RSA private key
.......................................+++
...............................................................................................................................+++
writing new private key to 'try.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'try'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn

You're getting error messages as the script is not finding the systemctl command:

openvpnsetup.sh: line 360: systemctl: command not found

The missing command is used to control systemd, the cutting-edge (sometimes bleeding-edge) init subsystem.

According to this old Ubuntu wiki page, the earliest possible version systemd was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd, I think Ubuntu used to use upstart as its init subsystem.

A transition from one type of init subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd, the systemctl command is the universal tool for most service management tasks.

You should now read lines #360, #361 and #362 in the openvpnsetup.sh script, find out what the systemctl commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system, and replace them with upstart-style service definitions.

From your github link, those lines are:

systemctl enable netfilter-persistent & systemctl start netfilter-persistent
systemctl enable openvpn@server & systemctl start openvpn@server
systemctl restart netfilter-persistent

i.e. enable netfilter-persistent and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.