meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
linux:openvpn [2017/10/05 08:21] – [Configuration] niziak | linux:openvpn [2020/10/19 13:52] – niziak | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== OpenVPN ====== | ||
+ | |||
====== Installation ====== | ====== Installation ====== | ||
- | * Put clien configuration into / | + | * Put client configuration into ''/ |
- | * Enable autostart ALL or specified configs in ''/ | + | * Start openvpn services <code bash> |
- | * Generate systemd services from openvon configs <code bash> | + | systemctl start openvpn-client@config-name |
- | * Start openvpn services <code bash> | + | systemctl status openvpn-client@config-name |
+ | systemctl enable openvpn-client@config-name | ||
+ | </ | ||
+ | |||
+ | NOTE: `openvpn-client@` service doesn' | ||
+ | The result of failed openvpn daemon looks like: | ||
+ | <code bash> | ||
+ | systemctl status openvpn-client@config-name | ||
+ | ... | ||
+ | | ||
+ | Docs: man: | ||
+ | | ||
+ | | ||
+ | Main PID: 19630 (code=exited, | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | To make sure your VPN is running: | ||
+ | <code bash> | ||
+ | |||
+ | and enter following config: | ||
+ | |||
+ | < | ||
+ | [Service] | ||
+ | Restart=always | ||
+ | RestartSec=300 | ||
+ | </ | ||
+ | |||
+ | ===== issue ===== | ||
+ | < | ||
+ | openvpn[281925]: | ||
+ | openvpn[281924]: | ||
+ | </ | ||
+ | |||
+ | Solution: | ||
+ | <file | / | ||
+ | [Service] | ||
+ | ExecStart= | ||
+ | ExecStart=/ | ||
+ | %i.conf | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Deprecated ===== | ||
+ | |||
+ | | ||
+ | * Enable autostart ALL or specified configs in ''/ | ||
+ | * Generate systemd services from openvon configs <code bash> | ||
+ | * Start openvpn services <code bash> | ||
+ | |||
+ | ====== Certifcates ====== | ||
+ | * CA has to be with < | ||
+ | * basicConstraints | ||
+ | * nsCertType | ||
+ | * keyUsage | ||
+ | * subjectKeyIdentifier | ||
+ | * authorityKeyIdentifier | ||
+ | * OpenVPN Server | ||
+ | * basicConstraints | ||
+ | * subjectKeyIdentifier | ||
+ | * authorityKeyIdentifier | ||
+ | * nsCertType | ||
+ | * keyUsage | ||
+ | * extendedKeyUsage | ||
+ | * OpenVPN Client | ||
+ | * basicConstraints | ||
+ | * subjectKeyIdentifier | ||
+ | * authorityKeyIdentifier | ||
+ | * nsCertType | ||
+ | * keyUsage | ||
+ | * extendedKeyUsage | ||
====== Configuration ====== | ====== Configuration ====== | ||
Line 60: | Line 132: | ||
====== Troubleshooting ====== | ====== Troubleshooting ====== | ||
+ | |||
**Error**: "write to TUN/TAP : Invalid argument (code=22)" | **Error**: "write to TUN/TAP : Invalid argument (code=22)" | ||
**Cause**: one side use LZO compression, | **Cause**: one side use LZO compression, | ||
Line 70: | Line 143: | ||
Exiting due to fatal error\\ | Exiting due to fatal error\\ | ||
Use persist-key and persist-tun. | Use persist-key and persist-tun. | ||
- | |||
**Cause**: on VPS platform / | **Cause**: on VPS platform / | ||
+ | **Error**: unsupported protocol | ||
+ | **Cause**: Modern OpenSSL (like 1.1.1) config forbids TLSv1 | ||
+ | **Solution**: | ||
+ | <file | / | ||
+ | MinProtocol = TLSv1 | ||
+ | </ | ||
+ | |||
+ | **Error**: File transfer stuck | ||
+ | **Cause**: File transfer are using maximum packet size, which probably cannot fit to MTU limitataions | ||
+ | **Solution**: | ||
+ | < | ||
+ | # On one side of connection | ||
+ | mssfix 1400 | ||
+ | |||
+ | # MTU on tunX interface | ||
+ | # has to be set on both sides | ||
+ | tun-mtu 1400 | ||
+ | </ | ||
+ | |||
+ | More: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
====== rsyslog ====== | ====== rsyslog ====== | ||
<file txt / | <file txt / |