OPENVPN: Problem for setup a VPN supporting IPv6 on linux

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)



My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:




https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)




Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits, and it works fine.
However, when I go on my OrangePi, it does not work.



After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...



I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..



My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l).



Can you guide me to the right path? :(



Here is the return of this script on my OrangePi:



root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package netfilter-persistent
Firewall stopped and disabled on system startup
awk: line 0: regular expression compile failed (missing operand)
[ ]+|
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
2) External IP - 90.51.33.97

2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)

2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)

2
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No

1
Check your selection
Server will listen on 90.51.33.97
Server will listen on udp 1194
Server will use AES-256-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................+++
...+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
............+++
....+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 01.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
IPv6 forwarding is already enabled
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 360: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 361: systemctl: command not found
openvpnsetup.sh: line 362: systemctl: command not found
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config


So:



root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
Script to generate unified config for Windows App
sage: newclient.sh <common-name>
Generating a 2048 bit RSA private key
.......................................+++
...............................................................................................................................+++
writing new private key to 'try.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'try'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn









share|improve this question

























    up vote
    0
    down vote

    favorite












    I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)



    My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:




    https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)




    Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits, and it works fine.
    However, when I go on my OrangePi, it does not work.



    After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...



    I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..



    My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l).



    Can you guide me to the right path? :(



    Here is the return of this script on my OrangePi:



    root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
    TUN/TAP is enabled
    IPv4 forwarding is already enabled
    NAME="Ubuntu"
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package netfilter-persistent
    Firewall stopped and disabled on system startup
    awk: line 0: regular expression compile failed (missing operand)
    [ ]+|
    Select server IP to listen on (only used for IPv4):
    1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
    2) External IP - 90.51.33.97

    2
    Select server PORT to listen on:
    1) tcp 443 (recommended)
    2) udp 1194 (default)
    3) Enter manually (proto (lowercase!) port)

    2
    Select server cipher:
    1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
    2) AES-256-CBC
    3) AES-128-CBC (default for OpenVPN 2.3.x)
    4) BF-CBC (insecure)

    2
    Enable IPv6? (ensure that your machine have IPv6 support):
    1) Yes
    2) No

    1
    Check your selection
    Server will listen on 90.51.33.97
    Server will listen on udp 1194
    Server will use AES-256-CBC cipher
    IPv6 - 1 (1 is enabled, 0 is disabled)
    Press enter to continue...
    NAME="Ubuntu"
    Using CA Common Name: Fort-Funston CA
    Generating a 2048 bit RSA private key
    ....................................+++
    ...+++
    writing new private key to 'ca.key'
    -----
    Generating a 2048 bit RSA private key
    ............+++
    ....+++
    writing new private key to 'server-cert.key'
    -----
    Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName :PRINTABLE:'US'
    stateOrProvinceName :PRINTABLE:'CA'
    localityName :PRINTABLE:'SanFrancisco'
    organizationName :PRINTABLE:'Fort-Funston'
    organizationalUnitName:PRINTABLE:'MyVPN'
    commonName :PRINTABLE:'server-cert'
    name :PRINTABLE:'EasyRSA'
    emailAddress :IA5STRING:'my@vpn.net'
    Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)

    Write out database with 1 new entries
    Data Base Updated
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
    Generating a 2048 bit RSA private key
    ...........+++
    ..+++
    writing new private key to 'revoked.key'
    -----
    Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName :PRINTABLE:'US'
    stateOrProvinceName :PRINTABLE:'CA'
    localityName :PRINTABLE:'SanFrancisco'
    organizationName :PRINTABLE:'Fort-Funston'
    organizationalUnitName:PRINTABLE:'MyVPN'
    commonName :PRINTABLE:'revoked'
    name :PRINTABLE:'EasyRSA'
    emailAddress :IA5STRING:'my@vpn.net'
    Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)

    Write out database with 1 new entries
    Data Base Updated
    Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
    Revoking Certificate 01.
    Data Base Updated
    Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
    revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
    error 23 at 0 depth lookup:certificate revoked
    Error 23 indicates that revoke is successful
    IPv6 forwarding is already enabled
    OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
    NAME="Ubuntu"
    openvpnsetup.sh: line 360: systemctl: command not found
    openvpnsetup.sh: line 360: systemctl: command not found
    openvpnsetup.sh: line 361: systemctl: command not found
    openvpnsetup.sh: line 361: systemctl: command not found
    openvpnsetup.sh: line 362: systemctl: command not found
    Setup is complete. Happy VPNing!
    Use /etc/openvpn/newclient.sh to generate client config


    So:



    root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
    Script to generate unified config for Windows App
    sage: newclient.sh <common-name>
    Generating a 2048 bit RSA private key
    .......................................+++
    ...............................................................................................................................+++
    writing new private key to 'try.key'
    -----
    Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName :PRINTABLE:'US'
    stateOrProvinceName :PRINTABLE:'CA'
    localityName :PRINTABLE:'SanFrancisco'
    organizationName :PRINTABLE:'Fort-Funston'
    organizationalUnitName:PRINTABLE:'MyVPN'
    commonName :PRINTABLE:'try'
    name :PRINTABLE:'EasyRSA'
    emailAddress :IA5STRING:'my@vpn.net'
    Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)

    Write out database with 1 new entries
    Data Base Updated
    OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
    COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn









    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)



      My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:




      https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)




      Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits, and it works fine.
      However, when I go on my OrangePi, it does not work.



      After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...



      I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..



      My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l).



      Can you guide me to the right path? :(



      Here is the return of this script on my OrangePi:



      root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
      TUN/TAP is enabled
      IPv4 forwarding is already enabled
      NAME="Ubuntu"
      Reading package lists... Done
      Building dependency tree
      Reading state information... Done
      E: Unable to locate package netfilter-persistent
      Firewall stopped and disabled on system startup
      awk: line 0: regular expression compile failed (missing operand)
      [ ]+|
      Select server IP to listen on (only used for IPv4):
      1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
      2) External IP - 90.51.33.97

      2
      Select server PORT to listen on:
      1) tcp 443 (recommended)
      2) udp 1194 (default)
      3) Enter manually (proto (lowercase!) port)

      2
      Select server cipher:
      1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
      2) AES-256-CBC
      3) AES-128-CBC (default for OpenVPN 2.3.x)
      4) BF-CBC (insecure)

      2
      Enable IPv6? (ensure that your machine have IPv6 support):
      1) Yes
      2) No

      1
      Check your selection
      Server will listen on 90.51.33.97
      Server will listen on udp 1194
      Server will use AES-256-CBC cipher
      IPv6 - 1 (1 is enabled, 0 is disabled)
      Press enter to continue...
      NAME="Ubuntu"
      Using CA Common Name: Fort-Funston CA
      Generating a 2048 bit RSA private key
      ....................................+++
      ...+++
      writing new private key to 'ca.key'
      -----
      Generating a 2048 bit RSA private key
      ............+++
      ....+++
      writing new private key to 'server-cert.key'
      -----
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName :PRINTABLE:'US'
      stateOrProvinceName :PRINTABLE:'CA'
      localityName :PRINTABLE:'SanFrancisco'
      organizationName :PRINTABLE:'Fort-Funston'
      organizationalUnitName:PRINTABLE:'MyVPN'
      commonName :PRINTABLE:'server-cert'
      name :PRINTABLE:'EasyRSA'
      emailAddress :IA5STRING:'my@vpn.net'
      Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)

      Write out database with 1 new entries
      Data Base Updated
      Generating DH parameters, 2048 bit long safe prime, generator 2
      This is going to take a long time
      .........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
      Generating a 2048 bit RSA private key
      ...........+++
      ..+++
      writing new private key to 'revoked.key'
      -----
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName :PRINTABLE:'US'
      stateOrProvinceName :PRINTABLE:'CA'
      localityName :PRINTABLE:'SanFrancisco'
      organizationName :PRINTABLE:'Fort-Funston'
      organizationalUnitName:PRINTABLE:'MyVPN'
      commonName :PRINTABLE:'revoked'
      name :PRINTABLE:'EasyRSA'
      emailAddress :IA5STRING:'my@vpn.net'
      Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)

      Write out database with 1 new entries
      Data Base Updated
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Revoking Certificate 01.
      Data Base Updated
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
      error 23 at 0 depth lookup:certificate revoked
      Error 23 indicates that revoke is successful
      IPv6 forwarding is already enabled
      OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
      NAME="Ubuntu"
      openvpnsetup.sh: line 360: systemctl: command not found
      openvpnsetup.sh: line 360: systemctl: command not found
      openvpnsetup.sh: line 361: systemctl: command not found
      openvpnsetup.sh: line 361: systemctl: command not found
      openvpnsetup.sh: line 362: systemctl: command not found
      Setup is complete. Happy VPNing!
      Use /etc/openvpn/newclient.sh to generate client config


      So:



      root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
      Script to generate unified config for Windows App
      sage: newclient.sh <common-name>
      Generating a 2048 bit RSA private key
      .......................................+++
      ...............................................................................................................................+++
      writing new private key to 'try.key'
      -----
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName :PRINTABLE:'US'
      stateOrProvinceName :PRINTABLE:'CA'
      localityName :PRINTABLE:'SanFrancisco'
      organizationName :PRINTABLE:'Fort-Funston'
      organizationalUnitName:PRINTABLE:'MyVPN'
      commonName :PRINTABLE:'try'
      name :PRINTABLE:'EasyRSA'
      emailAddress :IA5STRING:'my@vpn.net'
      Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)

      Write out database with 1 new entries
      Data Base Updated
      OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
      COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn









      share|improve this question













      I have a problem for setup my VPN on OrangePi(This is a micro-computer same as Raspberry Pi)



      My project is to configure a VPN with ipv6 on him. So, i have find a project on github, which proposes to automate the creation of this:




      https://github.com/xl-tech/OpenVPN-easy-setup (By xl-tech)




      Before testing it on my OrangePi, I tried to start this script under my VM running on Ubuntu 16.04 LTS 64Bits, and it works fine.
      However, when I go on my OrangePi, it does not work.



      After browsing the error messages displayed (related to the fact that the iptables firewall is not setup I guess), I can not find the cause that would prevent it from really working ...



      I still have a lot to learn, it's been a few hours that I block and I can not find why this don't work..



      My OrangePi runs on Ubuntu 14.04.5 LTS(GNU/Linux 3.4.39 armv7l).



      Can you guide me to the right path? :(



      Here is the return of this script on my OrangePi:



      root@OrangePI:~/OpenVPN-easy-setup# bash openvpnsetup.sh
      TUN/TAP is enabled
      IPv4 forwarding is already enabled
      NAME="Ubuntu"
      Reading package lists... Done
      Building dependency tree
      Reading state information... Done
      E: Unable to locate package netfilter-persistent
      Firewall stopped and disabled on system startup
      awk: line 0: regular expression compile failed (missing operand)
      [ ]+|
      Select server IP to listen on (only used for IPv4):
      1) Internal IP - 192.168.1.11 25.33.106.84 2620:9b::1921:6a54 (in case you are behind NAT)
      2) External IP - 90.51.33.97

      2
      Select server PORT to listen on:
      1) tcp 443 (recommended)
      2) udp 1194 (default)
      3) Enter manually (proto (lowercase!) port)

      2
      Select server cipher:
      1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
      2) AES-256-CBC
      3) AES-128-CBC (default for OpenVPN 2.3.x)
      4) BF-CBC (insecure)

      2
      Enable IPv6? (ensure that your machine have IPv6 support):
      1) Yes
      2) No

      1
      Check your selection
      Server will listen on 90.51.33.97
      Server will listen on udp 1194
      Server will use AES-256-CBC cipher
      IPv6 - 1 (1 is enabled, 0 is disabled)
      Press enter to continue...
      NAME="Ubuntu"
      Using CA Common Name: Fort-Funston CA
      Generating a 2048 bit RSA private key
      ....................................+++
      ...+++
      writing new private key to 'ca.key'
      -----
      Generating a 2048 bit RSA private key
      ............+++
      ....+++
      writing new private key to 'server-cert.key'
      -----
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName :PRINTABLE:'US'
      stateOrProvinceName :PRINTABLE:'CA'
      localityName :PRINTABLE:'SanFrancisco'
      organizationName :PRINTABLE:'Fort-Funston'
      organizationalUnitName:PRINTABLE:'MyVPN'
      commonName :PRINTABLE:'server-cert'
      name :PRINTABLE:'EasyRSA'
      emailAddress :IA5STRING:'my@vpn.net'
      Certificate is to be certified until Sep 21 10:09:07 2023 GMT (1825 days)

      Write out database with 1 new entries
      Data Base Updated
      Generating DH parameters, 2048 bit long safe prime, generator 2
      This is going to take a long time
      .........+..................................+................................................................................................+..........................................................................................................................................................................................................................................+.................................+....................................................................................................................................................+....+..................................................................................................................................................................................................+.................................................+.........................................+...........................................................................................................................................................................................................................................................................+.................................................................................................+................................................................................................+...........................................................................................................................................+....+....................................................................................+...........................................................................................................................................................................++*++*
      Generating a 2048 bit RSA private key
      ...........+++
      ..+++
      writing new private key to 'revoked.key'
      -----
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName :PRINTABLE:'US'
      stateOrProvinceName :PRINTABLE:'CA'
      localityName :PRINTABLE:'SanFrancisco'
      organizationName :PRINTABLE:'Fort-Funston'
      organizationalUnitName:PRINTABLE:'MyVPN'
      commonName :PRINTABLE:'revoked'
      name :PRINTABLE:'EasyRSA'
      emailAddress :IA5STRING:'my@vpn.net'
      Certificate is to be certified until Sep 21 10:17:42 2023 GMT (1825 days)

      Write out database with 1 new entries
      Data Base Updated
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Revoking Certificate 01.
      Data Base Updated
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
      error 23 at 0 depth lookup:certificate revoked
      Error 23 indicates that revoke is successful
      IPv6 forwarding is already enabled
      OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
      NAME="Ubuntu"
      openvpnsetup.sh: line 360: systemctl: command not found
      openvpnsetup.sh: line 360: systemctl: command not found
      openvpnsetup.sh: line 361: systemctl: command not found
      openvpnsetup.sh: line 361: systemctl: command not found
      openvpnsetup.sh: line 362: systemctl: command not found
      Setup is complete. Happy VPNing!
      Use /etc/openvpn/newclient.sh to generate client config


      So:



      root@OrangePI:~/OpenVPN-easy-setup# /etc/openvpn/newclient.sh try
      Script to generate unified config for Windows App
      sage: newclient.sh <common-name>
      Generating a 2048 bit RSA private key
      .......................................+++
      ...............................................................................................................................+++
      writing new private key to 'try.key'
      -----
      Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName :PRINTABLE:'US'
      stateOrProvinceName :PRINTABLE:'CA'
      localityName :PRINTABLE:'SanFrancisco'
      organizationName :PRINTABLE:'Fort-Funston'
      organizationalUnitName:PRINTABLE:'MyVPN'
      commonName :PRINTABLE:'try'
      name :PRINTABLE:'EasyRSA'
      emailAddress :IA5STRING:'my@vpn.net'
      Certificate is to be certified until Sep 21 10:56:28 2023 GMT (1825 days)

      Write out database with 1 new entries
      Data Base Updated
      OpenVPN 2.3.2 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
      COMPLETE! Copy the new unified config from here: /etc/openvpn/bundles/try.ovpn






      linux ubuntu raspberry-pi openvpn vpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 22 at 20:59









      Marshall Cocop

      31




      31




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          You're getting error messages as the script is not finding the systemctl command:



          openvpnsetup.sh: line 360: systemctl: command not found


          The missing command is used to control systemd, the cutting-edge (sometimes bleeding-edge) init subsystem.



          According to this old Ubuntu wiki page, the earliest possible version systemd was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd, I think Ubuntu used to use upstart as its init subsystem.



          A transition from one type of init subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd, the systemctl command is the universal tool for most service management tasks.



          You should now read lines #360, #361 and #362 in the openvpnsetup.sh script, find out what the systemctl commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system, and replace them with upstart-style service definitions.



          From your github link, those lines are:



          systemctl enable netfilter-persistent & systemctl start netfilter-persistent
          systemctl enable openvpn@server & systemctl start openvpn@server
          systemctl restart netfilter-persistent


          i.e. enable netfilter-persistent and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.






          share|improve this answer




















          • Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
            – Marshall Cocop
            Sep 22 at 22:46











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470766%2fopenvpn-problem-for-setup-a-vpn-supporting-ipv6-on-linux%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote



          accepted










          You're getting error messages as the script is not finding the systemctl command:



          openvpnsetup.sh: line 360: systemctl: command not found


          The missing command is used to control systemd, the cutting-edge (sometimes bleeding-edge) init subsystem.



          According to this old Ubuntu wiki page, the earliest possible version systemd was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd, I think Ubuntu used to use upstart as its init subsystem.



          A transition from one type of init subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd, the systemctl command is the universal tool for most service management tasks.



          You should now read lines #360, #361 and #362 in the openvpnsetup.sh script, find out what the systemctl commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system, and replace them with upstart-style service definitions.



          From your github link, those lines are:



          systemctl enable netfilter-persistent & systemctl start netfilter-persistent
          systemctl enable openvpn@server & systemctl start openvpn@server
          systemctl restart netfilter-persistent


          i.e. enable netfilter-persistent and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.






          share|improve this answer




















          • Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
            – Marshall Cocop
            Sep 22 at 22:46















          up vote
          0
          down vote



          accepted










          You're getting error messages as the script is not finding the systemctl command:



          openvpnsetup.sh: line 360: systemctl: command not found


          The missing command is used to control systemd, the cutting-edge (sometimes bleeding-edge) init subsystem.



          According to this old Ubuntu wiki page, the earliest possible version systemd was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd, I think Ubuntu used to use upstart as its init subsystem.



          A transition from one type of init subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd, the systemctl command is the universal tool for most service management tasks.



          You should now read lines #360, #361 and #362 in the openvpnsetup.sh script, find out what the systemctl commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system, and replace them with upstart-style service definitions.



          From your github link, those lines are:



          systemctl enable netfilter-persistent & systemctl start netfilter-persistent
          systemctl enable openvpn@server & systemctl start openvpn@server
          systemctl restart netfilter-persistent


          i.e. enable netfilter-persistent and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.






          share|improve this answer




















          • Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
            – Marshall Cocop
            Sep 22 at 22:46













          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          You're getting error messages as the script is not finding the systemctl command:



          openvpnsetup.sh: line 360: systemctl: command not found


          The missing command is used to control systemd, the cutting-edge (sometimes bleeding-edge) init subsystem.



          According to this old Ubuntu wiki page, the earliest possible version systemd was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd, I think Ubuntu used to use upstart as its init subsystem.



          A transition from one type of init subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd, the systemctl command is the universal tool for most service management tasks.



          You should now read lines #360, #361 and #362 in the openvpnsetup.sh script, find out what the systemctl commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system, and replace them with upstart-style service definitions.



          From your github link, those lines are:



          systemctl enable netfilter-persistent & systemctl start netfilter-persistent
          systemctl enable openvpn@server & systemctl start openvpn@server
          systemctl restart netfilter-persistent


          i.e. enable netfilter-persistent and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.






          share|improve this answer












          You're getting error messages as the script is not finding the systemctl command:



          openvpnsetup.sh: line 360: systemctl: command not found


          The missing command is used to control systemd, the cutting-edge (sometimes bleeding-edge) init subsystem.



          According to this old Ubuntu wiki page, the earliest possible version systemd was introduced in Ubuntu was 14.10 or more likely 15.04. You are running 14.04.5 which is older than either of those. Before systemd, I think Ubuntu used to use upstart as its init subsystem.



          A transition from one type of init subsystem to another type is a pretty major change: it affects how system startup and shutdown are performed, and how system services are defined and controlled. With systemd, the systemctl command is the universal tool for most service management tasks.



          You should now read lines #360, #361 and #362 in the openvpnsetup.sh script, find out what the systemctl commands on those lines are attempting to do, and replace them with the corresponding commands that are applicable to the upstart init subsystem. Very likely you'll also have to look for any files dropped into /etc/systemd/system, and replace them with upstart-style service definitions.



          From your github link, those lines are:



          systemctl enable netfilter-persistent & systemctl start netfilter-persistent
          systemctl enable openvpn@server & systemctl start openvpn@server
          systemctl restart netfilter-persistent


          i.e. enable netfilter-persistent and openVPN server services to start automatically at boot & start them immediately, and then restart the netfilter-persistent service one more time, probably to ensure that any changes to firewall rules that might have been made by the OpenVPN startup are immediately stored persistently.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 22 at 21:30









          telcoM

          12.2k11435




          12.2k11435











          • Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
            – Marshall Cocop
            Sep 22 at 22:46

















          • Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
            – Marshall Cocop
            Sep 22 at 22:46
















          Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
          – Marshall Cocop
          Sep 22 at 22:46





          Thank you very much, I understand better why it happened to me. So I just added these lines: /etc/init.d/openvpn restart, service openvpn restart ' Indeed, netfilter-persistent seems poorly implemented ... I will try to better understand this :) Thanks again for this message
          – Marshall Cocop
          Sep 22 at 22:46


















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470766%2fopenvpn-problem-for-setup-a-vpn-supporting-ipv6-on-linux%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?