I love my Pi, but i bought a refurbished HP ProLiant DL360 G7 for less than $200 off Amazon and this thing is a beast. I’m loading down every home service I need, from Plex-Media to DNS Blackhole. I’m looking forward to testing this OpenVPN install video when I get home tonight. Thanks Hak5. As always, your tutorials are second to none. Fun, detailed, and insightful in ways only seasoned veterans of the field can provide.
This was a great run through. Thanks so much for making this pretty straight forward. This gave me what I did not have before. Going through docs and tutorials and the like it always had a LOT of extra. This was just a handbook on "Lets just make this work." You rock!
You guys rock. I just followed this video and set up an OpenVPN server on a Raspberry Pi on my home network. and it works. I must confess that I followed another of your vids about OpenVPS SA on a VPS, and that didn't work for me (I kept getting four different 10.x.x.x subnets, and the gateway at home (the Pi) and the client (a laptop) ended up on different subnets) , and the simplified script based setups out there in Internet Land didn't work for me either (I think it may have been routing issue). Anyway - it's working now. Great! Keeps up the good work.
Awesome episode, welcome back guys! Darren did a really good job of keeping a 50+ minute setup and operation video interesting. I bet this is going to help a lot of people! Setting things up on my Pi 3 right now!
I'm a total hacking noob, but this was so much fun to watch. I'll get this running, and I'll also enjoy seeing your videos about raspberry pi and RF. Keep up the good work!
: ) The trick is to use the ridges in your fingers, along with the top of each. We have 8 fingers with 4 bits on each half byte, or hex from 0-F on one hand and 00-F0 on the other. This makes thinking binary and hex a little easier. Look up the Hexadecimal finger-counting scheme.
In fact it works well locally but not over the Internet. My client gives a TLS Error: TLS key negotiation failed to occur within 60 seconds. It looks like a firewall issue on port 1194. Anyone got this error ?
You mean on the router? I have a basic router where I can only do simple port mapping : I can set a local IP address, a protocol, local port and public port. I set my vpn server local IP to UDP and both ports to 1194, but it is not working. Is there something I missed ? Or my router is not suitable ? Thanks!
Thanks Darren, I was pulling what little hair I have left trying to configure an OpenVPN server. Off to deploy this tech for my travels. Snubs, the mnemonic helps me where the wrong character can make you elated or deflated.
The Best Explanation !!! I referred to many videos , but out of all tNice tutorials was the best I could find among all .... Also got to know many tNice tutorialngs
I know, I know, 2 years later... First, thanks for this - its very informative, and you'd be surprised how few VPN server setup walkthroughs there are out there. If you all are still paying attention to comments, it might be cool to give a refresher on why "allow ssh" on its own isn't very safe (just explain you're keeping your putty session active). Not sure if you guys have done a ssh keypair video but i'd love to see an updated/current one.
Great job! You guys should do a video where you tunnel openvpn through Stunnel or any other methods that can bypass deep packet inspections. Getting Stunnel to work took me 10+ hours so I would love to see what other methods you guys can pull off!
I "hacked" my way through this alone. I wish this video was available when I was working this out. Needless to say my solution is functioning the same but I ended up making things a bit more complicated. Great job on this video! I would like to see an ipv6 video.
HEEELP! at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...? I am running Debian 8.6 on Pi
WOW, what a fantastic demo. I could follow every step. It was all crystal clear and matched my requirements precisely. Nice hats too. All working perfectly after realising I'd messed up by uncommenting the line "tls-auth ta.key 0 #" as directed by some shoddier how-to page. My bad should have come here first!!!. But Seriously, this was great. Thank You Thank You Thank you.
@Hak5 - I can't like this episode enough times! I will be playing around with OpenVPN server running on OpenWRT to manage a few remote networks. I also loved episodes #2017 and #2018; I'm drafting some ideas for my backpack "Network pocket" (housing hotspot gear, and extra storage, etc)... I'll publish a photo and tag yo guys. I need an extra nano =). #jokeNotjoke. Anyway - Love your show. I've been a fan for over nine years!
Hey guys, been a real fan for a long time, quisck question... when you mentioned to be able to through this build into an arduino... any arduino specific in mind?
will you ever post an updated version of this? half of the commands just wont work at all since easy-rsa has updated so much. and you are using sysV while 2020 pretty much uses systemd
If you’re getting a KEY_CONFIG error stating the openssl.cnf is not correct or similar, use this while in the specified directory of the issue (where build-ca is located): ln -s openssl-1.0.0.cnf openssl.cnf
Can you guys do an episode on how o set up openVPN with a connection tethered from your phone ? You mentioned that's how you operate at home, and so do I. Would hugely appreciate it... And yeah we don't mind long episodes :-)
don't you have to port forward in you router ? i'm confused this is different from other OpenVPN setups I did all of this and it's not what i'm looking for, BUT HEY I LEARNED SO MUCH ABOUT LINUX FROM THIS VIDEO !!! thanks guys.
How would this compare to a Paid Service? like a monthly service, that will hide your IP address. Will a OpenVPN Server on your network provide a private connection too the network and Internet. Will all Traffic from the Client be protected by the Server? This seem great to connect too your Network from a Wireless client, however What I am looking for is a VPN for privacy on a windows/ ubuntu wired desktop client.
It appears that there have been a number of changes since 2016. Wondering if you might do an update for 2019? (I initially thought this was a 2019 tutorial because of the title.)
I've got a bullet proof configuration using diffie-hellman 4096 RSA keys with fail2ban to protect the OpenVPN as well... And password authentication on top of it.
Please make OpenVPN with OBFS proxy video (Scrambling the traffic). I searched the internet and youtube and couldn’t find any good guide about it. OpenVPN traffic is blocked in some countries for censoring the internet .
HEEELP! at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...? I am running Debian 8.6 on Pi
I found the error I made. In this video, he names his crt and key files the standard 'server' name. I made my files with a custom name for myself, and I had to define my own filenames in the server.conf config file. After that and restart the service, my network interface popped up, and it was working :) If you are going with custom names, don't forgtet to define the custom client keynames in the OVPN file too
Dear Hak5 Team, it was a great tutorial! It helped me learning the complete process of setting up VPN very clearly. But I was wondering how to scale it up? For example, the openvpn server is running in one instance now. But how to use another instance behind a DNS (or Load balancer) so that the IP remain same but my service can handle more clients? Need this concept for academic purpose. Will you please make a tutorial on this topic, it will be really helpful. Thanks
IIIIIIIIIIII LOOOOOOOOOOOOOOOOOOOOOOOOOOVEEEEEE YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU I spent straight 3 hour on the Arch wiki and now it work omg I was so so close 17:41 I put tun0 instead of the real one lmaoooo i'm so glad it work
So apparently if you change the port in both server.conf and your .ovpn file, you still need to have 1194/udp allowed in ufw, or else it doesn't work. Is there something in the openvpn code that's talking localhost over that port? Or is it the 10.x.x.x server network that needs it?
Edit : My appologies. When using a config file, omit the leading double dash "--" for the command. Simply put tun-ipv6 in it, then follow the rest. Original Post "For IPv6, you need to add the --tun-ipv6 to the profile/config file. You then replace IPv4 addresses with IPv6 addresses. Be warned. Most people are NOT on IPv6 yet, as most admins don't want to take the time to comprehend what the new formula is. Also, subnets become a thing of the past, due to the number of possible addresses being such that you could assign one to every grain of sand on Earth.... Option explained : --tun-ipv6 Build a tun link capable of forwarding IPv6 traffic. Should be used in conjunction with --dev tun or --dev tunX. A warning will be displayed if no specific IPv6 TUN support for your OS has been compiled into OpenVPN."
Hey just finding you two and love the video. I just recently tried to install openvpn on my Ubuntu 16.1 laptop and had a couple of questions. 1. is this usefull when you're travelling a lot, or rather is it still affective? 2. not sure why but I can't see openvpn in the manager, have I done something wrong?
unzip is wrong you need to echo the gz file to the conf file gunzip -c /usr/share/doc/openvpn> /examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf
Question : how to make a LINUX PC run 2 PCI M-Audio Delta 1010 ( that model with Breakout Box ), to be used with COKOS REAPER DAW ( Digital Audio Workstation ) for LINUX ??? Please consider making a VIDEO showing that ... Please ...
Well, a great video but a couple of problems. After running the instructions implicitly, it killed my connection to my apache server running on the box hosting a website and my ssh which I had going to another port besides port 22. :/ Might be a good point to bring up some finer details on what the firewall config may cause if you have some preconfigured things done on the box you're setting this up on.
@@josh_fisherits because its pointing to a file that isnt there. in the /etc/openvpn/easy-rsa directory run: ln -s openssl-1.0.0.cnf openssl.cnf, which symlinks the openssl.cnf file to the one with a version... hope this helps, you arent the only one that has had the problem :)
Guys thanks for the vid - validated a bunch of stuff - A question remains.... So the part where we direct DNS traffic back to google's public 8.8.... That's the exact part I've been battling with, so as NOT to do that - aka I want my DNS coming from the VPN server (So I've done that by pushing my VPN public address OR the internal 10.8, either way... I'm having issues there, because my VPN aint forwarding DNS on out from there). Isn't it what you did there by pushing DNS as google's public servers doing the opposite of what we were trying to do? i.e. If my client DNS was already google's 8.8 (for argument's sake) and we pushed 8.8 - that would have had a net effect of no change, thereby allowing DNS leak still? Shouldn't we be pushing DNS to the VPN server, and then dealing with that via iptables and routing ... and DNS forwarding of some kind from the VPS hosting the VPN?
... Or is it that the default gateway property of the VPN means that it's gonna go to the VPN anyway, and we simply need the DNS to be something both VPN server and Client can see? Apologies for what might be nooby questions - but until I can really understand all the routing going on... ^^ Thumbs up for all the rest, loved the video that told me in 50 mins what's taken me about 2 weeks to sleuth out - wish I'd found this vid sooner!
Great tutorial. I have an OpenVPN server running on a Raspberry Pi and also an OpenVPN Access Server running on Ubuntu 14.04. Both of them seem to have issues with speed. Do you have any advice on how to increase my up/down speeds?
HEEELP! at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...? I am running Debian 8.6 on Pi
I found the error I made. In this video, he names his crt and key files the standard 'server' name. I made my files with a custom name for myself, and I had to define my own filenames in the server.conf config file. After that and restart the service, my network interface popped up, and it was working :) If you are going with custom names, don't forgtet to define the custom client keynames in the OVPN file too
Yes vote for IPv6 episode in depth!
why you want to know about ipv6?
I love my Pi, but i bought a refurbished HP ProLiant DL360 G7 for less than $200 off Amazon and this thing is a beast. I’m loading down every home service I need, from Plex-Media to DNS Blackhole. I’m looking forward to testing this OpenVPN install video when I get home tonight.
Thanks Hak5. As always, your tutorials are second to none. Fun, detailed, and insightful in ways only seasoned veterans of the field can provide.
This was a great run through. Thanks so much for making this pretty straight forward. This gave me what I did not have before. Going through docs and tutorials and the like it always had a LOT of extra. This was just a handbook on "Lets just make this work." You rock!
You are by far the best teacher for soft soft . It's very complicated at first - overwhelming, actually - but, you make it doable for
You guys rock. I just followed this video and set up an OpenVPN server on a Raspberry Pi on my home network. and it works. I must confess that I followed another of your vids about OpenVPS SA on a VPS, and that didn't work for me (I kept getting four different 10.x.x.x subnets, and the gateway at home (the Pi) and the client (a laptop) ended up on different subnets) , and the simplified script based setups out there in Internet Land didn't work for me either (I think it may have been routing issue). Anyway - it's working now. Great!
Keeps up the good work.
i love the way you put everything you used in the description makes it easier to refer to
Awesome episode, welcome back guys!
Darren did a really good job of keeping a 50+ minute setup and operation video interesting. I bet this is going to help a lot of people! Setting things up on my Pi 3 right now!
This is very good and well done. Just very thorough IMAO. Been researching this for some days now and this is the best I have come across so far.
I just fixed my own Pi3-based OpenVPN box thanks to your tips about the firewall.
Thank you very much!!
an episode on ipv6 would be great. Thanks for the amazing video, guys.
I'm a total hacking noob, but this was so much fun to watch. I'll get this running, and I'll also enjoy seeing your videos about raspberry pi and RF. Keep up the good work!
just 3 years away from 2026. You did great job regarding explanation.
please make the ipv6 video
Yes please.
Yes please ipv6 video i remember it is a bunch of hex bytes to write one ipv6 address and i hate hex i have ten fingers :(
I would like to see that as well. Its one of those things im not too keen on =/
: ) The trick is to use the ridges in your fingers, along with the top of each. We have 8 fingers with 4 bits on each half byte, or hex from 0-F on one hand and 00-F0 on the other. This makes thinking binary and hex a little easier. Look up the Hexadecimal finger-counting scheme.
anders ballegaard and I was feeling lost before you told me it gets more complicated.
this is the best tutorial i have ever seen on the net.
Tried it out on a virtual machine first. Worked first time! Soon to be on my cloud server.
Nice one guys!
for all the raspberry pi users check out pivpn it is the easiest way to install openvpn
This is the first of your vids I've watched - you guys are super fun, subscribed.
Finally a complete step by step tutorial, and it works, got it working on a Ubuntu 16.04 desktop and a nVidia Jetson TK1. Awesome ! Thanks !
In fact it works well locally but not over the Internet. My client gives a TLS Error: TLS key negotiation failed to occur within 60 seconds.
It looks like a firewall issue on port 1194. Anyone got this error ?
Is it port forwarded?
You mean on the router? I have a basic router where I can only do simple port mapping : I can set a local IP address, a protocol, local port and public port. I set my vpn server local IP to UDP and both ports to 1194, but it is not working. Is there something I missed ? Or my router is not suitable ? Thanks!
Any router should have some form of port forwarding. What router do you have?
I have the Vodafone EasyBox 804. Do you recommend any router ?
Of all the effen tutorials, you guys got me up and running. Thank you!
i truly support ur programs guys because I am a unix guy.
Thanks for the kind words, I'm always happy to help! Let know if you'd like any videos on specific topics in the future. I wish you all the
great show guys loved the detailed content and the long duration with comprehensive walk through. much appreciated.
Thanks Darren, I was pulling what little hair I have left trying to configure an OpenVPN server.
Off to deploy this tech for my travels.
Snubs, the mnemonic helps me where the wrong character can make you elated or deflated.
Please do a Ipv6 episode!
Would love to see an in-depth IPv6 episode showing up! Keep up the good stuff! :)
The Best Explanation !!! I referred to many videos , but out of all tNice tutorials was the best I could find among all .... Also got to know many tNice tutorialngs
I know, I know, 2 years later...
First, thanks for this - its very informative, and you'd be surprised how few VPN server setup walkthroughs there are out there. If you all are still paying attention to comments, it might be cool to give a refresher on why "allow ssh" on its own isn't very safe (just explain you're keeping your putty session active). Not sure if you guys have done a ssh keypair video but i'd love to see an updated/current one.
+1 for an 'ipv6 for dummies'!!!
Great job! You guys should do a video where you tunnel openvpn through Stunnel or any other methods that can bypass deep packet inspections. Getting Stunnel to work took me 10+ hours so I would love to see what other methods you guys can pull off!
I would like an IPv6 episode
Also why the Return on empty lines between commands?
the empty lines is to keep things clean he always do that.
This tutorial helped me out so much, both of you are great. Thanks!
You guys are lovely. Thank you for a great video, I learned a lot here.
Great tutorial
A while ago I was looking for him
I "hacked" my way through this alone. I wish this video was available when I was working this out. Needless to say my solution is functioning the same but I ended up making things a bit more complicated. Great job on this video!
I would like to see an ipv6 video.
lol
Congratulations on the podcast Award.
Thanks for the tutorial , now I get the server running on my Rpi ! Feel for u guys and keep it up~
HEEELP!
at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...?
I am running Debian 8.6 on Pi
Welcome back Hak5, welcome back!
WOW, what a fantastic demo. I could follow every step. It was all crystal clear and matched my requirements precisely. Nice hats too.
All working perfectly after realising I'd messed up by uncommenting the line "tls-auth ta.key 0 #" as directed by some shoddier how-to page. My bad should have come here first!!!. But Seriously, this was great. Thank You Thank You Thank you.
@Hak5 - I can't like this episode enough times!
I will be playing around with OpenVPN server running on OpenWRT to manage a few remote networks. I also loved episodes #2017 and #2018; I'm drafting some ideas for my backpack "Network pocket" (housing hotspot gear, and extra storage, etc)...
I'll publish a photo and tag yo guys. I need an extra nano =). #jokeNotjoke.
Anyway - Love your show. I've been a fan for over nine years!
and build tracks from there and leave the rest for a later session. I did both but did the first way initially and it took a day to get through
Hey guys, been a real fan for a long time, quisck question... when you mentioned to be able to through this build into an arduino... any arduino specific in mind?
Yes, do an IPv6 episode! We need more people to be aware of, and fluent with, IPv6!
In 5 years I will come back to say that even though we have fireguard, this is still relevant
Great video! But, this means for every user I have to create a user account on that Linux server?
ip6 yes please
Literally the greatest
will you ever post an updated version of this? half of the commands just wont work at all since easy-rsa has updated so much.
and you are using sysV while 2020 pretty much uses systemd
Fantastic tutorial guys. Thank you for making this video.
you can make alarms & notifications with iptables when can you do a tut on this? :) it takes some googling but last time i checked it got advanced lol
Please update this tutorial again. Make it based on new versions. Thanks. Awesome channel.
If you’re getting a KEY_CONFIG error stating the openssl.cnf is not correct or similar, use this while in the specified directory of the issue (where build-ca is located): ln -s openssl-1.0.0.cnf openssl.cnf
Man I love when things are badly documented
Can you guys do an episode on how o set up openVPN with a connection tethered from your phone ? You mentioned that's how you operate at home, and so do I. Would hugely appreciate it... And yeah we don't mind long episodes :-)
good work and thank you so much, Greetings from Egypt
I recomnd you two to buy the Producer Edition (And if you have got money, buy the Full Bundle)
don't you have to port forward in you router ? i'm confused this is different from other OpenVPN setups
I did all of this and it's not what i'm looking for, BUT HEY I LEARNED SO MUCH ABOUT LINUX FROM THIS VIDEO !!! thanks guys.
Yes, IPv6 and networking protocols please!
You guys are great! Keep up the good work!
Darren, whats the deal with the bandana on your wrist? Is that for a purpose or fashion?
you're doing great, thanks!
Right here with ya, bro
How would this compare to a Paid Service? like a monthly service, that will hide your IP address.
Will a OpenVPN Server on your network provide a private connection too the network and Internet. Will all Traffic from the Client be protected by the Server? This seem great to connect too your Network from a Wireless client, however What I am looking for is a VPN for privacy on a windows/ ubuntu wired desktop client.
Did you get fruity or producer edition? Im looking to buy soft soft but i dont know if Producer edition is worth it...
i always wordered, what laptop is Shannon using??
i love you guys. thanks for the awesome videos
Bro it’s very intimidating! I’ve been slacking on it for a month now. The symbols are very confusing. You have to train your mind to
been waiting for this
It appears that there have been a number of changes since 2016. Wondering if you might do an update for 2019?
(I initially thought this was a 2019 tutorial because of the title.)
Have you guys done a segment on proxy-chaining ?
Okay Ive tried this twice. I cant get it to work. The tunnel is connected and I receive an ip address from the vpn server. No internet connectivity.
I've got a bullet proof configuration using diffie-hellman 4096 RSA keys with fail2ban to protect the OpenVPN as well...
And password authentication on top of it.
Please make OpenVPN with OBFS proxy video (Scrambling the traffic). I searched the internet and youtube and couldn’t find any good guide about it. OpenVPN traffic is blocked in some countries for censoring the internet .
HEEELP!
at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...?
I am running Debian 8.6 on Pi
I found the error I made. In this video, he names his crt and key files the standard 'server' name. I made my files with a custom name for myself, and I had to define my own filenames in the server.conf config file. After that and restart the service, my network interface popped up, and it was working :) If you are going with custom names, don't forgtet to define the custom client keynames in the OVPN file too
Ilannguaq Kivioq for a grand total of 4 files right? server.crt server.key client.crt client.key
Ilannguaq Kivioq nevermind. rebooted and now I'm getting tun0
Dear Hak5 Team, it was a great tutorial! It helped me learning the complete process of setting up VPN very clearly. But I was wondering how to scale it up? For example, the openvpn server is running in one instance now. But how to use another instance behind a DNS (or Load balancer) so that the IP remain same but my service can handle more clients? Need this concept for academic purpose. Will you please make a tutorial on this topic, it will be really helpful. Thanks
IIIIIIIIIIII LOOOOOOOOOOOOOOOOOOOOOOOOOOVEEEEEE YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU I spent straight 3 hour on the Arch wiki and now it work omg I was so so close 17:41 I put tun0 instead of the real one lmaoooo i'm so glad it work
So apparently if you change the port in both server.conf and your .ovpn file, you still need to have 1194/udp allowed in ufw, or else it doesn't work. Is there something in the openvpn code that's talking localhost over that port? Or is it the 10.x.x.x server network that needs it?
Edit :
My appologies. When using a config file, omit the leading double dash "--" for the command. Simply put tun-ipv6 in it, then follow the rest.
Original Post
"For IPv6, you need to add the --tun-ipv6 to the profile/config file. You then replace IPv4 addresses with IPv6 addresses.
Be warned. Most people are NOT on IPv6 yet, as most admins don't want to take the time to comprehend what the new formula is. Also, subnets become a thing of the past, due to the number of possible addresses being such that you could assign one to every grain of sand on Earth....
Option explained :
--tun-ipv6 Build a tun link capable of forwarding IPv6 traffic. Should be used in conjunction with --dev tun or --dev tunX. A warning will be displayed if no specific IPv6 TUN support for your OS has been compiled into OpenVPN."
Thank you!! . gonna try this on my PI. I now know the steps I missed :D
So openvpn is creating a symmetric keys the background and putting it into the .ovpn file?
Hey just finding you two and love the video. I just recently tried to install openvpn on my Ubuntu 16.1 laptop and had a couple of questions. 1. is this usefull when you're travelling a lot, or rather is it still affective? 2. not sure why but I can't see openvpn in the manager, have I done something wrong?
unzip is wrong you need to echo the gz file to the conf file gunzip -c /usr/share/doc/openvpn>
/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf
Can you guys do a video on NAT and port forwarding with IP tables??? Pleeeease??
Hey, I just wanted to check briesofty if there is a way for to import a new soft into the program, for example softs or sotNice tutorialng that
Please install and use ranger for your shell footage. Please...
Well said at the end.
Question : how to make a LINUX PC run 2 PCI M-Audio Delta 1010 ( that model with Breakout Box ), to be used with COKOS REAPER DAW ( Digital Audio Workstation ) for LINUX ??? Please consider making a VIDEO showing that ... Please ...
Hak5 (kinda) aren't the folks to ask about that. Go hit up one of the audio forums or The Reaper Blog on Facebook.
Well, a great video but a couple of problems. After running the instructions implicitly, it killed my connection to my apache server running on the box hosting a website and my ssh which I had going to another port besides port 22. :/ Might be a good point to bring up some finer details on what the firewall config may cause if you have some preconfigured things done on the box you're setting this up on.
one more point, I don't think ( I could be wrong) root scp would work for me since I don't allow root login from outside remotely.
But after specific changes, WORKED PERFECTLY! Thanks guys!
I would love a IPv6 video!
No /etc/openvpn/easy-rsa/openssl.cnf file could be found
Further invocations will fail
I have the same issue. Found a fix?
@@josh_fisherits because its pointing to a file that isnt there. in the /etc/openvpn/easy-rsa directory run: ln -s openssl-1.0.0.cnf openssl.cnf, which symlinks the openssl.cnf file to the one with a version... hope this helps, you arent the only one that has had the problem :)
@@mrslwiseman
Thank you very much You show me the way
@Darren! when going back and forth between directories, type cd -
Guys thanks for the vid - validated a bunch of stuff - A question remains.... So the part where we direct DNS traffic back to google's public 8.8.... That's the exact part I've been battling with, so as NOT to do that - aka I want my DNS coming from the VPN server (So I've done that by pushing my VPN public address OR the internal 10.8, either way... I'm having issues there, because my VPN aint forwarding DNS on out from there). Isn't it what you did there by pushing DNS as google's public servers doing the opposite of what we were trying to do? i.e. If my client DNS was already google's 8.8 (for argument's sake) and we pushed 8.8 - that would have had a net effect of no change, thereby allowing DNS leak still? Shouldn't we be pushing DNS to the VPN server, and then dealing with that via iptables and routing ... and DNS forwarding of some kind from the VPS hosting the VPN?
... Or is it that the default gateway property of the VPN means that it's gonna go to the VPN anyway, and we simply need the DNS to be something both VPN server and Client can see?
Apologies for what might be nooby questions - but until I can really understand all the routing going on... ^^ Thumbs up for all the rest, loved the video that told me in 50 mins what's taken me about 2 weeks to sleuth out - wish I'd found this vid sooner!
And P.S it's 2020 and this video is STILL relevant - specially about the max out diffie hellman \m/ Gratz on a long standing segment!
** In which case (re: DNS)... That AT LEAST the server can see
In the demo, you guys used ovpn, is that going to work for just any client; link me connecting CentOS client machine?
Thank you very much for this nice guide!
you can change the key that pastes in putty config
Great tutorial. I have an OpenVPN server running on a Raspberry Pi and also an OpenVPN Access Server running on Ubuntu 14.04. Both of them seem to have issues with speed. Do you have any advice on how to increase my up/down speeds?
+Geo Gmz my ISP promises 100 Mbps, when wired in I get around 60 down. When connected to OpenVPN I see around 3-5 Mbps down.
Geo Gmz upload is supposed to be the same, 100, but in reality is around 5. Could that be the issue? And yes, getting same results from both machines.
Geo Gmz That's Comcast!
HEEELP!
at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...?
I am running Debian 8.6 on Pi
I found the error I made. In this video, he names his crt and key files the standard 'server' name. I made my files with a custom name for myself, and I had to define my own filenames in the server.conf config file. After that and restart the service, my network interface popped up, and it was working :) If you are going with custom names, don't forgtet to define the custom client keynames in the OVPN file too
thanks a lot + Please do a Ipv6 episode!
thanks a lot! you are a cool team!
how about a video on site to site VPN please? is it possible for both the sites to communicate on the same subnet?
any recommendations on tutorials that show how to enable Internet connection tunneling through this vpn configuration?
I feel you!
I have installed openvpn but I am not seeing any example config files. All folders are empty. Why so ?