root@3237:~# ./openvpnsetup.sh
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="Ubuntu"
Reading package lists... Done
Building dependency tree
Reading state information... Done
iptables is already the newest version (1.6.0-2ubuntu3).
easy-rsa is already the newest version (2.2.2-2).
iptables-persistent is already the newest version (1.0.4).
netfilter-persistent is already the newest version (1.0.4).
curl is already the newest version (7.47.0-1ubuntu2.2).
openssl is already the newest version (1.0.2g-1ubuntu4.8).
openvpn is already the newest version (2.3.10-1ubuntu2.1).
0 upgraded, 0 newly installed, 0 to remove and 144 not upgraded.
./openvpnsetup.sh: line 50: ufw: command not found
Select server IP to listen on (only used for IPv4):
1) Internal IP - 192.168.102.64 2001:41d0:1:777c:200:c0a8:6640:0 (in case you are behind NAT)
2) External IP - 87.250.250.242
1
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)
3
Enter proto and port (like tcp 80 or udp 53): tcp 51262
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)
3
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No
2
Check your selection
Server will listen on 192.168.102.64 2001:41d0:1:777c:200:c0a8:6640:0
Server will listen on tcp 51262
Server will use AES-128-CBC cipher
IPv6 - 0 (1 is enabled, 0 is disabled)
Press enter to continue...
mkdir: cannot create directory '/etc/openvpn/easy-rsa': File exists
mkdir: cannot create directory '/etc/openvpn/easy-rsa/keys': File exists
mkdir: cannot create directory '/etc/openvpn/logs': File exists
mkdir: cannot create directory '/etc/openvpn/bundles': File exists
mkdir: cannot create directory '/etc/openvpn/ccd': File exists
NAME="Ubuntu"
Using CA Common Name: Fort-Funston CA
Generating a 2048 bit RSA private key
....................................................+++
.....................+++
writing new private key to 'ca.key'
-----
Generating a 2048 bit RSA private key
.............................................................+++
.......................+++
writing new private key to 'server-cert.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'server-cert'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Aug 15 08:43:21 2022 GMT (1825 days)
failed to update database
TXT_DB error number 2
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.............................................+.....................+..................................................................................................................................................................................................................................................................+....................................................................................+..............................+........+.......................................................................................................................................................................................................................................................................................................................................................................................+......................................................+...............................+...+...+..............................................................+.........................+..............................+......................+..........................................................................................................+...........+...................................................................................................................................+.................................+....................................................................................+..............................+.....................................+......................................................................................................+....................................................................+..........................................................................................+......+.....................................................................................................................................................+......+.........................................................+.............+............................................................................+........................................................................................................................................................................................................................................+.......................................+............................................+...................................................................................................................................+..........................................................................................+....................................................+.................................................................................................................................................................................................................................................+....................................................................................................................................................+...........................+.............................................................................+............................................................................+....................................................................................+..............................................................................................+..........................+....................................................................................................................................................................................................................+.........................................................................................................................................+......................................................................................................................................................+.............+..........................................................................+........................................................................................................................+..................................................................................................................................................................................................................................................................................................................................................................................................................................................+...............................................................................+...........................+...........................+........................+................................+..................................................................................................................................................+.............................................................................................................................+...........+........................................+...........................................................................................................................................................................................................................................................................+.......................................................................................................................................................................................................................................................................................................................+...............................+..................................................................................................................................................................................+...........................................................................................................................................+..........................................................+........................+................................................+....+................................+..............................................+..........................................................................................+.............................+.......................................................................................................+..........................................+.......................................................................................................................................................................................................................................+......................................++*++*
Generating a 2048 bit RSA private key
...........................................................................................................................................+++
...........................+++
writing new private key to 'revoked.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyVPN'
commonName :PRINTABLE:'revoked'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'my@vpn.net'
Certificate is to be certified until Aug 15 08:44:57 2022 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Revoking Certificate 02.
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
revoked.crt: C = US, ST = CA, L = SanFrancisco, O = Fort-Funston, OU = MyVPN, CN = revoked, name = EasyRSA, emailAddress = my@vpn.net
error 23 at 0 depth lookup:certificate revoked
Error 23 indicates that revoke is successful
OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
NAME="Ubuntu"
Synchronizing state of netfilter-persistent.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable netfilter-persistent
Job for netfilter-persistent.service failed because the control process exited with error code. See "systemctl status netfilter-persistent.service" and "journalctl -xe" for details.
Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.
Job for netfilter-persistent.service failed because the control process exited with error code. See "systemctl status netfilter-persistent.service" and "journalctl -xe" for details.
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config
journalctl -xe output:
Aug 16 04:47:14 3237 systemd[1]: Starting OpenVPN connection to server...
-- Subject: Unit openvpn@server.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit openvpn@server.service has begun starting up.
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Aug 16 04:47:14 3237 systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Aug 16 04:47:14 3237 systemd[1]: Failed to start OpenVPN connection to server.
-- Subject: Unit openvpn@server.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit openvpn@server.service has failed.
--
-- The result is failed.
Aug 16 04:47:14 3237 systemd[1]: openvpn@server.service: Unit entered failed state.
Aug 16 04:47:14 3237 systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
Aug 16 04:47:14 3237 systemd[1]: Stopped netfilter persistent configuration.
-- Subject: Unit netfilter-persistent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit netfilter-persistent.service has finished shutting down.
Aug 16 04:47:14 3237 systemd[1]: Starting netfilter persistent configuration...
-- Subject: Unit netfilter-persistent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit netfilter-persistent.service has begun starting up.
Aug 16 04:47:14 3237 netfilter-persistent[4679]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Aug 16 04:47:14 3237 netfilter-persistent[4679]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Aug 16 04:47:14 3237 netfilter-persistent[4679]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 2
Aug 16 04:47:14 3237 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Aug 16 04:47:14 3237 systemd[1]: Failed to start netfilter persistent configuration.
-- Subject: Unit netfilter-persistent.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit netfilter-persistent.service has failed.
--
-- The result is failed.
Aug 16 04:47:14 3237 systemd[1]: netfilter-persistent.service: Unit entered failed state.
Aug 16 04:47:14 3237 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Aug 16 04:47:14 3237 systemd[1]: Reloading.
Aug 16 04:47:14 3237 systemd[1]: [/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Server config script reports "yay!", but services start fail here https://github.com/xl-tech/OpenVPN-easy-setup/blob/master/openvpnsetup.sh#L360-L362 Clean ubuntu box,
journalctl -xe
output: