Hey I tryed to install OpenVPN with @Nyr script. I Fixed the "OVZ" Problems and then i have an connection. But only internal not external. Like Google.de is not reachable
Are you able to ping a public IP? If yes: looks like a problem with your DNS configuration.
Does your server or client OpenVPN log show any errors or warning?
And i used for the internal IP 172.16.70.146 and then the system says its behind nat (I know) then I use the port forwarded shared public ip as "not nat" with my forwarded port.
How much disdain do you have for the moniker angristan? I swear half of the LES tickets I saw in the last couple years are due to your dated script, and the rest of it are that fork.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
WSS said: How much disdain do you have for the moniker angristan?
I have some disdain indeed, because the fork was created based on uninformed fears (the length of your keys and DH are insecure!! the transport algorithm is not secure enough!!) and other uninformed assumptions like that. I always refused to implement those "security improvements" because I'm not a commercial VPN provider with a marketing department which needs to lie to its users to get sales. I've also refused to implement "disable logs" commits and similar bullshit.
It looks like there was a market for that, and the "secure" fork was created, by a person with a social following stronger than me, a Patreon and some other bullshit. Yeah, I'm not happy about that. He even removed the GitHub header notifying the visitor that his is a fork of my original project and that information is now only buried in a very long readme, so a lot of people doesn't know that an original project exists which is cleaner and well maintained.
@Nyr said:
I don't see how my script is dated. In fact I think that it is very future proof, but I'm open to suggestions.
I'm not a native speaker so sorry if I'm wrong, but "dated" usually has negative connotations.
I was implying that you haven't done a lot with it recently, which causes the idea in some minds that it's older and no longer supported. I had no idea he removed the information that he forked your project. What a jerk.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
WSS said: I was implying that you haven't done a lot with it recently
Well, there was a pretty significant commit in September. I agree that not a lot of new stuff is pushed, but I like to keep it simple, reliable and easy to maintain. My only guarantee is to always keep it up to date in compatibility and security, not a lot of new stuff should be expected now or ever, to be honest.
But a very cool IPv6 implementation is coming soonβ’, I can say that
I tried the 172.16.70.146 Subnet and the 10.8.0.0 Subnet.
But on the 10.8.0.0 Network the Server says Options error: --local addresses must be distinct from --ifconfig addresses
And on the 172.16.70.146 Network i got an internal connection but google.com is not reacheable. I Will try it on my Mobile Device to connect. Thanks @Nyr
The iptables configuration looks right. If you don't have a firewall or other kind of conflicting stuff on the server, it must be something in your client.
Xenic said: I tried the 172.16.70.146 Subnet and the 10.8.0.0 Subnet.
Not sure what you are talking about but you don't need to change anything from the default configuration. Try installing in a clean template if needed, nothing needs to be modified other than enabling TUN.
Comments
Did you check your DNS settings? Caused me headache last time...
@Bochi yes there stand Googles DNS Server 8.8.8.8 and 8.8.4.4
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
So when I connect, he says this.
Looks like an internal connection
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
That's the purpose of a VPN - getting a private IP. Add this to your /etc/openvpn/server.conf and then restart openvpn server:
Are you able to ping a public IP? If yes: looks like a problem with your DNS configuration.
Does your server or client OpenVPN log show any errors or warning?
add an iptables-save record to allow outside connection
That is normal. Please, provide the full installation log, where I can see which IP addresses are you configuring.
Most likely, one of this did happen:
Not needed because that is configured by the script and anyway not the right place to do it (would be
/etc/openpn/server/server.conf)In the case he's using iptables, the script would take care of that stuff for him automatically, so not needed.
OpenVPN installer | WireGuard installer
Hello @Nyr mean you the client-common.txt or the openvpn-status file. Or Are you mean an other file?
Greetings Xenic
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
And i used for the internal IP 172.16.70.146 and then the system says its behind nat (I know) then I use the port forwarded shared public ip as "not nat" with my forwarded port.
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
How much disdain do you have for the moniker angristan? I swear half of the LES tickets I saw in the last couple years are due to your dated script, and the rest of it are that fork.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
@Xenic sorry for the late response, I've been sick:
iptables -t nat -Lin the server?OpenVPN installer | WireGuard installer
I have some disdain indeed, because the fork was created based on uninformed fears (the length of your keys and DH are insecure!! the transport algorithm is not secure enough!!) and other uninformed assumptions like that. I always refused to implement those "security improvements" because I'm not a commercial VPN provider with a marketing department which needs to lie to its users to get sales. I've also refused to implement "disable logs" commits and similar bullshit.
It looks like there was a market for that, and the "secure" fork was created, by a person with a social following stronger than me, a Patreon and some other bullshit. Yeah, I'm not happy about that. He even removed the GitHub header notifying the visitor that his is a fork of my original project and that information is now only buried in a very long readme, so a lot of people doesn't know that an original project exists which is cleaner and well maintained.
I don't see how my script is dated. In fact I think that it is very future proof, but I'm open to suggestions.
I'm not a native speaker so sorry if I'm wrong, but "dated" usually has negative connotations.
OpenVPN installer | WireGuard installer
I was implying that you haven't done a lot with it recently, which causes the idea in some minds that it's older and no longer supported. I had no idea he removed the information that he forked your project. What a jerk.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Well, there was a pretty significant commit in September. I agree that not a lot of new stuff is pushed, but I like to keep it simple, reliable and easy to maintain. My only guarantee is to always keep it up to date in compatibility and security, not a lot of new stuff should be expected now or ever, to be honest.
But a very cool IPv6 implementation is coming soonβ’, I can say that
OpenVPN installer | WireGuard installer
Hey @Nyr
Here is my "iptables -t nat -L" Answer:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.8.0.0/24 !10.8.0.0/24 to:172.16.70.146
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I tried the 172.16.70.146 Subnet and the 10.8.0.0 Subnet.
But on the 10.8.0.0 Network the Server says Options error: --local addresses must be distinct from --ifconfig addresses
And on the 172.16.70.146 Network i got an internal connection but google.com is not reacheable. I Will try it on my Mobile Device to connect. Thanks @Nyr
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
The iptables configuration looks right. If you don't have a firewall or other kind of conflicting stuff on the server, it must be something in your client.
Not sure what you are talking about but you don't need to change anything from the default configuration. Try installing in a clean template if needed, nothing needs to be modified other than enabling TUN.
OpenVPN installer | WireGuard installer
After 1 Hour of Fixing it works! I can access Google.com with my Australian VPN Thanks for Help @Nyr
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
One more question, will IPv6 support be added soon? Because IPv6 would be useful: D
Greetings from π©πͺ North Rhine-Westphalia, Xenic.
Yes. No promises of a timeline but IPv6 support will be a thing, sooner than later I hope.
OpenVPN installer | WireGuard installer
Looking forward to that!
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Expecting it too!!