OPENVPN: Problem for setup a VPN supporting IPv6 on linux
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)
My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:
https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)
Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits
, and it works fine.
However, when I go on my OrangePi, it does not work.
After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...
I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..
My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l)
.
Can you guide me to the right path? :(
Here is the return of this script on my OrangePi:
root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package netfilter-persistent
Firewall stopped and disabled on system startup
awk: line 0: regular expression compile failed (missing operand)
[ ]+|
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
2) External IP - 90.51.33.97
2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)
2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)
2
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No
1
Check your selection
Server will listen on 90.51.33.97
Server will listen on udp 1194
Server will use AES-256-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................+++
...+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
............+++
....+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 01.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
IPv6 forwarding is already enabled
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 362: systemctl: command not found
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config
So:
root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
Script to generate unified config for Windows App
sage: newclient.sh <common-name>
Generating a 2048 bit RSA private key
.......................................+++
...............................................................................................................................+++
writing new private key to 'try.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'try'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn
linux ubuntu raspberry-pi openvpn vpn
add a comment |Â
up vote
0
down vote
favorite
I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)
My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:
https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)
Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits
, and it works fine.
However, when I go on my OrangePi, it does not work.
After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...
I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..
My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l)
.
Can you guide me to the right path? :(
Here is the return of this script on my OrangePi:
root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package netfilter-persistent
Firewall stopped and disabled on system startup
awk: line 0: regular expression compile failed (missing operand)
[ ]+|
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
2) External IP - 90.51.33.97
2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)
2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)
2
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No
1
Check your selection
Server will listen on 90.51.33.97
Server will listen on udp 1194
Server will use AES-256-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................+++
...+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
............+++
....+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 01.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
IPv6 forwarding is already enabled
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 362: systemctl: command not found
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config
So:
root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
Script to generate unified config for Windows App
sage: newclient.sh <common-name>
Generating a 2048 bit RSA private key
.......................................+++
...............................................................................................................................+++
writing new private key to 'try.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'try'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn
linux ubuntu raspberry-pi openvpn vpn
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)
My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:
https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)
Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits
, and it works fine.
However, when I go on my OrangePi, it does not work.
After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...
I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..
My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l)
.
Can you guide me to the right path? :(
Here is the return of this script on my OrangePi:
root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package netfilter-persistent
Firewall stopped and disabled on system startup
awk: line 0: regular expression compile failed (missing operand)
[ ]+|
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
2) External IP - 90.51.33.97
2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)
2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)
2
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No
1
Check your selection
Server will listen on 90.51.33.97
Server will listen on udp 1194
Server will use AES-256-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................+++
...+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
............+++
....+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 01.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
IPv6 forwarding is already enabled
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 362: systemctl: command not found
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config
So:
root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
Script to generate unified config for Windows App
sage: newclient.sh <common-name>
Generating a 2048 bit RSA private key
.......................................+++
...............................................................................................................................+++
writing new private key to 'try.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'try'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn
linux ubuntu raspberry-pi openvpn vpn
I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)
My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:
https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)
Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits
, and it works fine.
However, when I go on my OrangePi, it does not work.
After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...
I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..
My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l)
.
Can you guide me to the right path? :(
Here is the return of this script on my OrangePi:
root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package netfilter-persistent
Firewall stopped and disabled on system startup
awk: line 0: regular expression compile failed (missing operand)
[ ]+|
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
2) External IP - 90.51.33.97
2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)
2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)
2
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No
1
Check your selection
Server will listen on 90.51.33.97
Server will listen on udp 1194
Server will use AES-256-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................+++
...+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
............+++
....+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 01.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
IPv6 forwarding is already enabled
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 362: systemctl: command not found
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config
So:
root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
Script to generate unified config for Windows App
sage: newclient.sh <common-name>
Generating a 2048 bit RSA private key
.......................................+++
...............................................................................................................................+++
writing new private key to 'try.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'try'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn
linux ubuntu raspberry-pi openvpn vpn
linux ubuntu raspberry-pi openvpn vpn
asked Sep 22 at 20:59
Marshall Cocop
31
31
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
You're getting error messages as the script is not finding the systemctl
command:
openvpnsetup.sh: line 360: systemctl: command not found
The missing command is used to control systemd
, the cutting-edge (sometimes bleeding-edge) init
subsystem.
According to this old Ubuntu wiki page, the earliest possible version systemd
was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd
, I think Ubuntu used to use upstart
as its init
subsystem.
A transition from one type of init
subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd
, the systemctl
command is the universal tool for most service management tasks.
You should now read lines #360, #361 and #362 in the openvpnsetup.sh
script, find out what the systemctl
commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart
init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system
, and replace them with upstart
-style service definitions.
From your github link, those lines are:
systemctl enable netfilter-persistent & systemctl start netfilter-persistent
systemctl enable openvpn@server & systemctl start openvpn@server
systemctl restart netfilter-persistent
i.e. enable netfilter-persistent
and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent
service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.
Thank you very much, I understand better why it happened to me. So I just added these lines:/etc/init.d/openvpn restart
,service openvpn restart
' Indeed,netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this message
â Marshall Cocop
Sep 22 at 22:46
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
You're getting error messages as the script is not finding the systemctl
command:
openvpnsetup.sh: line 360: systemctl: command not found
The missing command is used to control systemd
, the cutting-edge (sometimes bleeding-edge) init
subsystem.
According to this old Ubuntu wiki page, the earliest possible version systemd
was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd
, I think Ubuntu used to use upstart
as its init
subsystem.
A transition from one type of init
subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd
, the systemctl
command is the universal tool for most service management tasks.
You should now read lines #360, #361 and #362 in the openvpnsetup.sh
script, find out what the systemctl
commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart
init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system
, and replace them with upstart
-style service definitions.
From your github link, those lines are:
systemctl enable netfilter-persistent & systemctl start netfilter-persistent
systemctl enable openvpn@server & systemctl start openvpn@server
systemctl restart netfilter-persistent
i.e. enable netfilter-persistent
and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent
service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.
Thank you very much, I understand better why it happened to me. So I just added these lines:/etc/init.d/openvpn restart
,service openvpn restart
' Indeed,netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this message
â Marshall Cocop
Sep 22 at 22:46
add a comment |Â
up vote
0
down vote
accepted
You're getting error messages as the script is not finding the systemctl
command:
openvpnsetup.sh: line 360: systemctl: command not found
The missing command is used to control systemd
, the cutting-edge (sometimes bleeding-edge) init
subsystem.
According to this old Ubuntu wiki page, the earliest possible version systemd
was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd
, I think Ubuntu used to use upstart
as its init
subsystem.
A transition from one type of init
subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd
, the systemctl
command is the universal tool for most service management tasks.
You should now read lines #360, #361 and #362 in the openvpnsetup.sh
script, find out what the systemctl
commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart
init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system
, and replace them with upstart
-style service definitions.
From your github link, those lines are:
systemctl enable netfilter-persistent & systemctl start netfilter-persistent
systemctl enable openvpn@server & systemctl start openvpn@server
systemctl restart netfilter-persistent
i.e. enable netfilter-persistent
and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent
service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.
Thank you very much, I understand better why it happened to me. So I just added these lines:/etc/init.d/openvpn restart
,service openvpn restart
' Indeed,netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this message
â Marshall Cocop
Sep 22 at 22:46
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
You're getting error messages as the script is not finding the systemctl
command:
openvpnsetup.sh: line 360: systemctl: command not found
The missing command is used to control systemd
, the cutting-edge (sometimes bleeding-edge) init
subsystem.
According to this old Ubuntu wiki page, the earliest possible version systemd
was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd
, I think Ubuntu used to use upstart
as its init
subsystem.
A transition from one type of init
subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd
, the systemctl
command is the universal tool for most service management tasks.
You should now read lines #360, #361 and #362 in the openvpnsetup.sh
script, find out what the systemctl
commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart
init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system
, and replace them with upstart
-style service definitions.
From your github link, those lines are:
systemctl enable netfilter-persistent & systemctl start netfilter-persistent
systemctl enable openvpn@server & systemctl start openvpn@server
systemctl restart netfilter-persistent
i.e. enable netfilter-persistent
and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent
service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.
You're getting error messages as the script is not finding the systemctl
command:
openvpnsetup.sh: line 360: systemctl: command not found
The missing command is used to control systemd
, the cutting-edge (sometimes bleeding-edge) init
subsystem.
According to this old Ubuntu wiki page, the earliest possible version systemd
was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd
, I think Ubuntu used to use upstart
as its init
subsystem.
A transition from one type of init
subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd
, the systemctl
command is the universal tool for most service management tasks.
You should now read lines #360, #361 and #362 in the openvpnsetup.sh
script, find out what the systemctl
commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart
init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system
, and replace them with upstart
-style service definitions.
From your github link, those lines are:
systemctl enable netfilter-persistent & systemctl start netfilter-persistent
systemctl enable openvpn@server & systemctl start openvpn@server
systemctl restart netfilter-persistent
i.e. enable netfilter-persistent
and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent
service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.
answered Sep 22 at 21:30
telcoM
12.2k11435
12.2k11435
Thank you very much, I understand better why it happened to me. So I just added these lines:/etc/init.d/openvpn restart
,service openvpn restart
' Indeed,netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this message
â Marshall Cocop
Sep 22 at 22:46
add a comment |Â
Thank you very much, I understand better why it happened to me. So I just added these lines:/etc/init.d/openvpn restart
,service openvpn restart
' Indeed,netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this message
â Marshall Cocop
Sep 22 at 22:46
Thank you very much, I understand better why it happened to me. So I just added these lines:
/etc/init.d/openvpn restart
, service openvpn restart
' Indeed, netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this messageâ Marshall Cocop
Sep 22 at 22:46
Thank you very much, I understand better why it happened to me. So I just added these lines:
/etc/init.d/openvpn restart
, service openvpn restart
' Indeed, netfilter-persistent
seems poorly implemented ... I will try to better understand this :) Thanks again for this messageâ Marshall Cocop
Sep 22 at 22:46
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470766%2fopenvpn-problem-for-setup-a-vpn-supporting-ipv6-on-linux%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password