hwdsl2 / openvpn-install Goto Github PK
View Code? Open in Web Editor NEWOpenVPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE, Amazon Linux 2 and Raspberry Pi OS
License: MIT License
OpenVPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE, Amazon Linux 2 and Raspberry Pi OS
License: MIT License
任务列表
描述改进建议
使用清楚简明的语言描述你的改进建议。
1.当检测到服务器没有ipv6地址的时候自动在服务器配置文件中添加push "block-ipv6"来禁用客户端ipv6防止ipv6泄露。
2.当用户选择cloudflare DNS的时候同时添加cloudflare的IPV6 dns服务器,dhcp-option DNS 2606:4700:4700::1111和dhcp-option DNS 2606:4700:4700::1001
3.使用最新版的openvpn而不是系统软件库的openvpn,目前测试debian12最新版默认安装的openvpn版本是2.6.3,而官方已发布的版本是2.6.5,新版本更稳定安全快速,不然每次安装完还需要使用命令手动更新到openvpn官方库的最新版,
mkdir -p /etc/apt/keyrings # directory does not exist on older releases
curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg --dearmor > /etc/apt/keyrings/openvpn-repo-public.gpg
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/openvpn-repo-public.gpg] http://build.openvpn.net/debian/openvpn/release/2.6 bookworm main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
apt update
apt upgrade
你的改进建议与遇到的问题有关吗?请描述。
(如果适用)清楚,简洁地说明问题所在。
我没有遇到问题
其它信息
添加关于该改进建议的其它信息。
Hi guys.
Can you guys create a script on your official GitHub page to set up the OpenVPN server on the Windows server too?
Thanks.
任务列表
问题描述
使用清楚简明的语言描述这个 bug。
重现步骤
重现该 bug 的步骤:
期待的正确结果
简要地描述你期望的正确结果。
日志
添加错误日志以帮助解释该问题(如果适用)。
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)
其它信息
添加关于该 bug 的其它信息。
问题描述
The OpenVPN link in the readme.md is not working on azure ubuntu 22, after following the instructions, the service failed to restart if you use command to check the status. This wasted me hours because i suppose the installation was correct, but it failed every time(reinstall still failed).
重现步骤
重现该 bug 的步骤:
Found at least below openvpn setup works on Azure ubuntu 22: https://github.com/angristan/openvpn-install
期待的正确结果
but actual status is dead
日志
use below command to check service status
systemctl status openvpn@server
服务器信息(请填写以下信息)
The openvpn client configuration is straigthforward for mobile openvpn but not desktop if not using a graphical network manager as a configuration file has to be manually written.
It would be really nice to have an openvpn .ovpn config file generated (only the mobile .mobileconfig is).
How can I create a new client configuration with a port 25000 or something custom? Just for one specific client.
Error: Ubuntu 18.04 or higher is required to use this installer.
This version of Ubuntu is too old and unsupported.
any option to have vpn on Ubuntu 18.04
Checklist
Describe the issue
tpc dosn't work after installation nothing happends.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I excpect it going to work :)
Logs
Sorry, maybe tomorrow.
Server (please complete the following information)
OS: Debian 10,11, Fedora 36
Hosting provider GCP, Libvirt, Localhost
Device: Android
Additional context
won't work, i tried change protocol after installation, it's start but doesn't work anyway (in this case it maybe firewall issue, i'm not shure).
p.s. thanks, it's really great work
Hello,
Thank you and really appreciate for such a geneious solution you share!
Is it possible to obfuscate traffic that goes through openvpn? my ISP blocked openvpn...
Thanks
Mon Jan 1 16:27:08 2024 TUN: adding address failed using service: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 ERROR: route addition failed using service: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 TUN: setting IPv6 mtu using service failed: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 ERROR: route addition failed using service: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 ERROR: route addition failed using service: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 ERROR: route addition failed using service: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 ERROR: route addition failed using service: element not found。 [status=1168 if_index=10]
Mon Jan 1 16:27:08 2024 ERROR: Some routes were not successfully added. The connection may not function correctly
The above is the warning that appears in the Openvpn-GUI software
使用场景:使用竞价型云主机,每次需要的时候临时从以前安装好此shell的镜像创建一个新的实例。此时新创建的实例的IP会重新分配,我使用ios的openvpn官方App试图用之前的配置文件连接会失败(IP变化了失败是自然的)。
尝试在App中修改服务器IP,或者手动修改之前服务器上的xxx.ovpn文件中的服务器IP为当前最新的IP都无法连接。
是否不适用这种需要临时生成实例的场景?
注:每次在新的实例上重新安装是可以的。但希望直接使用以前安装好的镜像文件直接生成的实例就能用最方便了。只需要保存一个使用那个镜像的启动模板一键即可随时启动新实例并使用openvpn服务。使用完后随时销毁实例省钱。
I'm trying to install OpenVPN Server on a IPv6 only VPS:
Starting OpenVPN setup using default options.
RTNETLINK answers: Network is unreachable
Error: Could not detect this server's IP address.
Abort. No changes were made.
Checklist
Describe the issue
running script on linux mint 21.1 results in:
Error: Ubuntu 18.04 or higher is required to use this installer.
This version of Ubuntu is too old and unsupported.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
successful execution of scripting
Logs
Error: Ubuntu 18.04 or higher is required to use this installer.
This version of Ubuntu is too old and unsupported.
Server (please complete the following information)
Client (please complete the following information)
Additional context
Linux Mint 21 is based on Ubuntu 22.04 which satisfies the minimum version requirements.
is this possible?
CloudConnexa.
Access Server.
Community server.
OpenVPN Server built-in in a router
Which of the above is the server type?
what is more good cryptographically secure protocol TCP or UDP, if i want security, privacy, and speed simultaneously.
thank you
Please can someone point or leave a step by step to setup multi protocol / multi port Openvpn Server.
Ubuntu 20.04
Thanks
Hello,
can you include a webinterface dashboard that shows the current status and connected users within your auto-installer?
Describe the issue
Doesn't work on Kinetic router.
Logs
[I] Aug 8 18:44:19 kernel: IPv6: ADDRCONF(NETDEV_UP): ovpn_br1: link is not ready
[I] Aug 8 18:44:19 ndm: Network::Interface::Base: "OpenVPN1": "base" changed "conf" layer state "disabled" to "running".
[I] Aug 8 18:44:19 ndm: Network::Interface::Base: "OpenVPN1": interface is up.
[I] Aug 8 18:44:19 ndm: Core::System::StartupConfig: saving (http/rci).
[I] Aug 8 18:44:22 ndm: Core::System::StartupConfig: configuration saved.
[I] Aug 8 18:44:27 ndm: Network::Interface::Supplicant: "OpenVPN1": authentication is unchanged.
[I] Aug 8 18:44:27 ndm: Network::Interface::Base: "OpenVPN1": description saved.
[I] Aug 8 18:44:27 ndm: Network::Interface::Base: "OpenVPN1": deleted all roles.
[I] Aug 8 18:44:27 ndm: Network::Interface::Base: "OpenVPN1": assigned role "misc" for OpenVPN1.
[I] Aug 8 18:44:27 ndm: Network::Interface::Ip: "OpenVPN1": IP address cleared.
[I] Aug 8 18:44:27 ndm: Network::Interface::Base: "OpenVPN1": static MTU is 1324.
[I] Aug 8 18:44:27 ndm: Dns::InterfaceSpecific: "OpenVPN1": cleared static name server list.
[I] Aug 8 18:44:27 ndm: Network::Interface::Ip: "OpenVPN1": TCP-MSS adjustment disabled.
[I] Aug 8 18:44:28 ndm: OpenVpn::Interface: "OpenVPN1": configuration successfully saved.
[I] Aug 8 18:44:28 ndm: OpenVpn::Interface: "OpenVPN1": enable automatic routes accept via tunnel.
[I] Aug 8 18:44:28 ndm: OpenVpn::Interface: "OpenVPN1": set connection via any interface.
[I] Aug 8 18:44:28 ndm: Network::Interface::Base: "OpenVPN1": schedule cleared.
[I] Aug 8 18:44:28 ndm: Core::System::StartupConfig: saving (http/rci).
[E] Aug 8 18:44:30 OpenVPN1: Unrecognized option or missing or extra parameter(s) in configuration: (line 2): dev (2.6.0)
[E] Aug 8 18:44:30 OpenVPN1: Exiting due to fatal error
[E] Aug 8 18:44:30 ndm: Service: "OpenVPN1": unexpectedly stopped.
[W] Aug 8 18:44:30 ndm: OpenVpn::Interface: "OpenVPN1": configuration is invalid.
[I] Aug 8 18:44:31 ndm: Core::System::StartupConfig: configuration saved.
任务列表
描述改进建议
使用清楚简明的语言描述你的改进建议。
运行该脚本后会检测是否安装ocserv,如果没有安装则自动安装,安装完成后再次运行可以管理用户,修改密码,添加删除用户,卸载,ocserv是一个SSL VPN协议,tcp使用了TLS1.3加密,udp使用了DTLS1.2加密,需要域名和证书,这是官网,https://ocserv.gitlab.io/www/download.html,ocserv速度很快,兼容思科的客户端anyconnect,所以也很方便。
你的改进建议与遇到的问题有关吗?请描述。
(如果适用)清楚,简洁地说明问题所在。
其它信息
添加关于该改进建议的其它信息。
Running the script again, there does not seem to be an option to update the installation. Would I have to delete and reinstall from scratch in order to update?
I don’t know if it is already supported
I deployed the openvpn on one host and its working as expected, later I installed openvon on another host and that is also working fine but the problem is I can nit use both openvpns simultaneously and seems like as they are using same private network settings which is conflicting with other setup.
Is it possible the support custom private network during the setup so we can deploy multiple openvpn with unique private network?
任务列表
使用ChaCha20-Poly1305加密算法和SHA256来替代之前的加密算法,经过测试这个加密算法+UDP协议使用起来速度更快,ChaCha20-Poly1305是最快最新的算法,兼容tls1.3,aes加密算法比较老,性能差。
描述改进建议
使用清楚简明的语言描述你的改进建议。
你的改进建议与遇到的问题有关吗?请描述。
(如果适用)清楚,简洁地说明问题所在。
其它信息
添加关于该改进建议的其它信息。
任务列表
问题描述
使用清楚简明的语言描述这个 bug。
重现步骤
重现该 bug 的步骤:
期待的正确结果
简要地描述你期望的正确结果。
日志
添加错误日志以帮助解释该问题(如果适用)。
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)
其它信息
添加关于该 bug 的其它信息。
No-logging of user activity policy.
can you add :
no logging of traffic
no logging of DNS requests
no logging of connections, including when one is made, when it disconnects, for how long, or any kind of timestamp
no logging of IP addresses
no logging of user bandwidth
verb 0
log-append /dev/null
感谢提供的一键安装脚本
实际使用时发现,如果在实际使用的时候需要为两个环境装openvpn(比如 develop、production)
而且两个vpn同时连接的时候,分配的ip地址段会发生冲突,都是10.8.0.0/24
可以把网段设置当成选项参数吗?可以默认为 10.8.0.0/24,如果有需求可以使用用户自定义的网段
The script works nicely.
For connecting to it via mikrotik openvpn client we face folowing problems:
Currently unsupported OpenVPN features:
- UDP mode
- LZO compression
- TLS authentication
- authentication without username/password
link for more info: https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN
Any idae how to adopt script to work with mikrotik?
Both the community version and the commercial version seem to support dco. Does your deployment script enable dco by default?
任务列表
增加aes-128-gcm加密,这个算法速度是最快的,我尝试修改脚本中的aes256cbc为aes128gcm sha256后安装,发现安装连接后日志文件显示是aes-256-gcm-sha384,不知道为什么,明明配置文件已经显示为aes128gcm
描述改进建议
使用清楚简明的语言描述你的改进建议。
你的改进建议与遇到的问题有关吗?请描述。
(如果适用)清楚,简洁地说明问题所在。
其它信息
添加关于该改进建议的其它信息。
任务列表
描述改进建议
希望在配置脚本过程中可以配置纯IPv6的连接
你的改进建议与遇到的问题有关吗?请描述。
校园网对于IPv6流量免流,所以我有proto使用udp6的需求。我详细阅读了配置过程,脚本缺失了这方面的配置。
文档上并没有看到如何重启openvpn,比如我修改了server.conf 我该怎么重启呢?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.