iptables-openvpn.service priority

[kiplandiles]

OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Ubuntu 16.04.5 LTS

I just used the script this weekend and had an issue with iptables. I think you really want After instead of Before in the generated iptables-openvpn.service ... After=network-online.target

Without the change the iptables-openvpn service will fail because it can't get access to the xtables.lock (network not fully up yet).

Other that that - great script. I did edit the script to change the OpenVPN network to 10.8.6.0/24 so that would be a nice addition. I also noticed that ip_forwarding did not stick causing all kinds of issues. I finally just modified /etc/sysctl.conf manually; although, I did notice that you add a 20-openvpn.conf to /etc/sysctl.d but for some reason it did not get picked up. Man pages say it should be 30- for Ubuntu so I just renamed it to 30-openvpn.conf and updated your script again.

[angristan]

Thanks for the feedback. Did "30-openvpn.conf" work for you?

[randshell]

@angristan Nyr uses 30-openvpn.conf https://github.com/Nyr/openvpn-install/commit/b3953963bac3ef048ffd09d7dcb9992eea383acb