Giter Club home page Giter Club logo

simple-openvpn-server's Issues

Remove comp-lzo option from client config

I couldn't push my fix as this repo is locked.

But you can remove the comp-lzo remove client conf now as it already removed from server config

The line is 243 in openvpn.sh

image

BTW: Maybe consider open the repo to allow people to push their branch?

Feature Request: LDAP authentication to Azure Windows server

Just curious, it may be well out of scope, but we are using this to secure access to a Windows server in Azure, but as it works now only the certificate is used to authenticate to the VPN. Would it be possible to extend this to query LDAP on a Windows server in Azure to look up the username and also require a password along with the certificate?

Done APT-GET upgrade and service is not running any more

Hi,

I have done an upgrade and apparently the service stopped running.
My Azure VM also changed his public ip address so I am not sure what is causing the issue.

The service status is as "active (exited)"

How can I fix this?

Thank you

AWS no internet

I installed your script on AWS, it connects to the server but there is no Internet and do not open sites

Auto revoke after 31 days

Hi,
Any idea please to make auto revoke client certificate after 31 days (or any date) ?
So we are able to revoke with admin panel or auto revoke following settings.
Thanks ! Nice openvpn admin !
Raz

Deployment error - Package certbot is not available, but is referred to by another package.

I got this error just now. Any ideas on resolving?

{
  "code": "VMExtensionProvisioningError",
  "message": "VM has reported a failure when processing extension 'openvpn-setup' (publisher 'Microsoft.Azure.Extensions' and type 'CustomScript'). Error message: 'Enable failed: failed to execute command: command terminated with exit status=5\n[stdout]\nHit:1 http://archive.ubuntu.com/ubuntu focal InRelease\nGet:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]\nGet:3 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]\nGet:4 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]\nGet:5 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3230 kB]\nGet:6 http://archive.ubuntu.com/ubuntu focal-updates/main Translation-en [513 kB]\nGet:7 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [17.2 kB]\nGet:8 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2849 kB]\nGet:9 http://archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [397 kB]\nGet:10 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 c-n-f Metadata [552 B]\nGet:11 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1177 kB]\nGet:12 http://archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [282 kB]\nGet:13 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [25.7 kB]\nGet:14 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [26.2 kB]\nGet:15 http://archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [7880 B]\nGet:16 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 c-n-f Metadata [620 B]\nGet:17 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [45.7 kB]\nGet:18 http://archive.ubuntu.com/ubuntu focal-backports/main Translation-en [16.3 kB]\nGet:19 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 c-n-f Metadata [1420 B]\nGet:20 http://archive.ubuntu.com/ubuntu focal-backports/restricted amd64 c-n-f Metadata [116 B]\nGet:21 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [25.0 kB]\nGet:22 http://archive.ubuntu.com/ubuntu focal-backports/universe Translation-en [16.3 kB]\nGet:23 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 c-n-f Metadata [880 B]\nGet:24 http://archive.ubuntu.com/ubuntu focal-backports/multiverse amd64 c-n-f Metadata [116 B]\nGet:25 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2853 kB]\nGet:26 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [431 kB]\nGet:27 http://security.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [13.2 kB]\nGet:28 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [2730 kB]\nGet:29 http://security.ubuntu.com/ubuntu focal-security/restricted Translation-en [382 kB]\nGet:30 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 c-n-f Metadata [552 B]\nGet:31 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [952 kB]\nGet:32 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [200 kB]\nGet:33 http://security.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [19.2 kB]\nGet:34 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [23.9 kB]\nGet:35 http://security.ubuntu.com/ubuntu focal-security/multiverse Translation-en [5904 B]\nGet:36 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 c-n-f Metadata [548 B]\nReading package lists...\nReading package lists...\nBuilding dependency tree...\nReading state information...\nPackage certbot is not available, but is referred to by another package.\nThis may mean that the package is missing, has been obsoleted, or\nis only available from another source\n\nPackage fcgiwrap is not available, but is referred to by another package.\nThis may mean that the package is missing, has been obsoleted, or\nis only available from another source\n\n165\n\n[stderr]\n?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240409%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240409T164708Z&X-Amz-Expires=300&X-Amz-Signature=a961b7db3030c6d0e4b7a804fd8891b9917431e8ab6365c9040f85dca738835f&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.1.tgz&response-content-type=application%2Foctet-stream\nResolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...\nConnecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 40960 (40K) [application/octet-stream]\nSaving to: ‘/root/EasyRSA-3.0.1.tgz’\n\n     0K .......... .......... .......... ..........           100% 45.7M=0.001s\n\n2024-04-09 16:47:08 (45.7 MB/s) - ‘/root/EasyRSA-3.0.1.tgz’ saved [40960/40960]\n\nmv: cannot stat '/etc/openvpn/EasyRSA-3.0.1/': No such file or directory\nchown: cannot access '/etc/openvpn/easy-rsa/': No such file or directory\nopenvpn.sh: line 97: cd: /etc/openvpn/easy-rsa/: No such file or directory\nopenvpn.sh: line 100: ./easyrsa: No such file or directory\nopenvpn.sh: line 101: ./easyrsa: No such file or directory\nopenvpn.sh: line 102: ./easyrsa: No such file or directory\nopenvpn.sh: line 103: ./easyrsa: No such file or directory\nopenvpn.sh: line 106: ./easyrsa: No such file or directory\ncp: cannot stat 'pki/ca.crt': No such file or directory\ncp: cannot stat 'pki/private/ca.key': No such file or directory\ncp: cannot stat 'pki/dh.pem': No such file or directory\ncp: cannot stat 'pki/issued/server.crt': No such file or directory\ncp: cannot stat 'pki/private/server.key': No such file or directory\ncp: cannot stat '/etc/openvpn/easy-rsa/pki/crl.pem': No such file or directory\nchown: cannot access '/etc/openvpn/crl.pem': No such file or directory\nopenvpn.sh: line 115: openvpn: command not found\nFailed to restart [email protected]: Unit [email protected] not found.\nmv: cannot stat '/etc/openvpn/clients/': No such file or directory\nchown: cannot access '/etc/openvpn/easy-rsa': No such file or directory\nchmod: cannot access '/etc/openvpn/crl.pem': No such file or directory\nchmod: cannot access '/etc/openvpn/easy-rsa/': No such file or directory\nmv: cannot stat '/etc/nginx/sites-available/default': No such file or directory\n/etc/nginx/sites-available/default: No such file or directory\nsed: can't read /etc/nginx/sites-available/default: No such file or directory\nrm: cannot remove '/var/www/html/*': No such file or directory\n--2024-04-09 16:47:08--  https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/index.sh\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.111.133, 185.199.110.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 4989 (4.9K) [text/plain]\nSaving to: ‘/var/www/html/index.sh’\n\n     0K ....                                                  100% 26.4M=0s\n\n2024-04-09 16:47:08 (26.4 MB/s) - ‘/var/www/html/index.sh’ saved [4989/4989]\n\n--2024-04-09 16:47:08--  https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/download.sh\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.111.133, 185.199.110.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 311 [text/plain]\nSaving to: ‘/var/www/html/download.sh’\n\n     0K                                                       100% 9.01M=0s\n\n2024-04-09 16:47:08 (9.01 MB/s) - ‘/var/www/html/download.sh’ saved [311/311]\n\nopenvpn.sh: line 271: htpasswd: command not found\nopenvpn.sh: line 275: certbot: command not found\nFailed to restart apache2.service: Unit apache2.service not found.\nFailed to restart nginx.service: Unit nginx.service not found.\n'. More information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot. "
}

How to route only VPN/LAN subnet traffic over OpenVPN?

By default on other systems, split tunnel is enabled - meaning, all internet traffic goes through the client Internet connection, but if traffic is destined for the OpenVPN server's subnet/OpenVPN subnet itself, it is routed over the vpn.

I have tried adding pull-filter ignore redirect-gateway and removing setenv opt block-outside-dns (in client configuration) but by doing so I remove access to the VPN LAN.

What is the proper way to configure this flavor of OpenVPN server to properly split the traffic?

New lighttpd.conf

The new lighttpd.conf should be like this:

server.modules = (
	"mod_access",
	"mod_alias",
	"mod_compress",
        "mod_redirect",
	"mod_cgi",
	"mod_auth",
        "mod_openssl"
)

cgi.assign = ( ".sh" => "/bin/bash" )

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 443

ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/server.pem"


index-file.names            = ("index.sh", "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/.lighttpdpassword"

auth.require = ( "/" =>
	(
		"method" => "basic",
		"realm" => "Password protected area",
		"require" => "user=admin"
	)
)

Thanks for your work :D

NSG not associated with nic

With the ARM template, after creating openvpnVM, it is not associating NSG to nick. I had to manually do it which is not a big deal but something to be aware if you are configurating it by clicking on ARM template link.

rm /var/www/html/*

simple-openvpn-server/openvpn.sh

Line 274 in 6b811f9

rm /var/www/html/*

Has it ever crossed your mind that /var/www/html might be used by anything other than this script?

Apparently it has, and you want it all gone - because why else would you want to delete everything before creating a single file in this folder?

This is a prime example for why one shouldn't trust random .sh scripts from github. I'm glad I run daily backups, but we know not everyone does. And using software from github shouldn't be the reason why we need backups.

Let's encrypt failed with default email.

Let's Encrypt has blocked [email protected]. Therefore, the user needs to specify an email address, or the script should automatically generate an email from the given hostname.

Additionally, the email documentation in README.md is incorrectly labeled as "protocol."

Cannot connect on HTTPS

NET::ERR_CERT_INVALID

You cannot visit XXX right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

How to fix this?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.