Bij deze copy/paste zijn er twee kritische opmerkingen. Een eerste opmerking is dat als u op de link
https://github.com/angristan/openvpn-install klikt dan zie ik tot mijn grote verbazing dat enkel stokoude versies van Ubuntu compatibel zijn en dus mijn versie is te nieuw voor deze methode zo lijkt het toch, dan ben ik desondanks aardig goed opweg en zou ik enkel die *open VPN client * nog moeten kunnen installeren omdat de configuratiefile via de verschillende stappen inderdaad wel terug te vinden is via /home/david/david.ovpn
Is er een mogelijkheid om dit vooralsnog te proberen want op het einde krijg ik dan dat de toegang gewijgerd is voor ssh poort 22, op zich niet zo gek want ik gebruik poort 1194 maar ik heb niet voor .ssh gekozen wel voor AES-128-GCM cipher Datachannel UDP protocol. Helemaal beneden zit ik vast en zoals reeds aangehaald zou ik enkel nog die open VPN client moeten installeren, in feite zou dan alles moeten werken...
Open VPN soms hoor ik dat het nergens goed voor is maar als ik hoor over Huawei en die spionage komt helaas ook hier voor zag ik dat de Windows 10 laptop in de FireWall bij de outbound filter inderdaad Chinese tekens en dan achteraan zag ik dat de uitgever Wuhantechnologies was, ook een leuke Chinese kalender er gratis bij en ze zouden gewoon live kunnen zien wat je aan het typen bent want zijn printer hadden ze ook geblokkeerd door snel een #.txt bestand op zijn Windows laptop te zetten.
Het zou volgens mij eerder een Windows probleem zijn waarbij apps continu met elkaar in verbinding staan om zo info uit te wisselen en dat zou best we eens een verklaring kunnen zijn want hoe ze het voor elkaar krijgen lijkt me erg geavanceerd en snap het fijne er niet van...
Nog een reden om bij Ubuntu of Linux te blijven
Hier ziet u hoever ik voorlopig ben geraakt, tips of een betere tutorial en een handleiding alvorens je al die opties moet kiezen zou wel aangewezen zijn.
Wat is jullie mening over openVPN want je bent meteen enorm veel geld kwijt als je voor NordVPN kiest en wat heb je er in de praktijk aan die extra uitgave?
david@david-SATELLITE-C70-A:~$ sudo ./openvpn-ubuntu-install.sh
[sudo] password for david:
Sorry, try again.
[sudo] password for david:
Welcome to the OpenVPN installer!
The git repository is available at:
https://github.com/angristan/openvpn-installI need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 192.168.178.27
It seems this server is behind NAT. What is its public IPv4 address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: 213.219.164.187
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? [y/n]: n
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 8
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n
Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See
https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: y
Choose which cipher you want to use for the data channel:
1) AES-128-GCM (recommended)
2) AES-192-GCM
3) AES-256-GCM
4) AES-128-CBC
5) AES-192-CBC
6) AES-256-CBC
Cipher [1-6]: 1
Choose what kind of certificate you want to use:
1) ECDSA (recommended)
2) RSA
Certificate key type [1-2]: 1
Choose which curve you want to use for the certificate's key:
1) prime256v1 (recommended)
2) secp384r1
3) secp521r1
Curve [1-3]: 1
Choose which cipher you want to use for the control channel:
1) ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)
2) ECDHE-ECDSA-AES-256-GCM-SHA384
Control channel cipher [1-2]: 1
Choose what kind of Diffie-Hellman key you want to use:
1) ECDH (recommended)
2) DH
DH key type [1-2]: 1
Choose which curve you want to use for the ECDH key:
1) prime256v1 (recommended)
2) secp384r1
3) secp521r1
Curve [1-3]: 1
The digest algorithm authenticates tls-auth packets from the control channel.
Which digest algorithm do you want to use for HMAC?
1) SHA-256 (recommended)
2) SHA-384
3) SHA-512
Digest algorithm [1-3]: 1
You can add an additional layer of security to the control channel with tls-auth and tls-crypt
tls-auth authenticates the packets, while tls-crypt authenticate and encrypt them.
1) tls-crypt (recommended)
2) tls-auth
Control channel additional security mechanism [1-2]: 1
Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...
Ign:1 cdrom://Ubuntu 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719) xenial InRelease
Err:2 cdrom://Ubuntu 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719) xenial Release
Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs
Hit:3
http://be.archive.ubuntu.com/ubuntu xenial InRelease
Hit:4
http://archive.canonical.com/ubuntu focal InRelease
Ign:5
http://ppa.launchpad.net/hplip-isv/ppa/ubuntu xenial InRelease
Hit:6
http://dl.google.com/linux/chrome/deb stable InRelease
Get:7
http://be.archive.ubuntu.com/ubuntu xenial-updates InRelease [99,8 kB]
Hit:8
http://ppa.launchpad.net/libreoffice/ppa/ubuntu focal InRelease
Hit:9
https://packages.microsoft.com/repos/edge stable InRelease
Err:10
http://ppa.launchpad.net/hplip-isv/ppa/ubuntu xenial Release
404 Not Found [IP: 185.125.190.52 80]
Get:11
http://security.ubuntu.com/ubuntu xenial-security InRelease [99,8 kB]
Hit:12
http://repos.del.extreme-ix.org/ubuntu focal InRelease
Hit:13
http://repos.del.extreme-ix.org/ubuntu focal-updates InRelease
Hit:14
http://repos.del.extreme-ix.org/ubuntu focal-backports InRelease
Hit:15
http://repos.del.extreme-ix.org/ubuntu focal-security InRelease
Reading package lists... Done
E: The repository 'cdrom://Ubuntu 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719) xenial Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository '
http://ppa.launchpad.net/hplip-isv/ppa/ubuntu xenial Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20211016~20.04.1).
gnupg is already the newest version (2.2.19-3ubuntu2.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
iptables is already the newest version (1.8.4-3ubuntu2).
iptables set to manually installed.
ca-certificates is already the newest version (20211016~20.04.1).
curl is already the newest version (7.68.0-1ubuntu2.13).
curl set to manually installed.
openssl is already the newest version (1.1.1f-1ubuntu2.16).
openvpn is already the newest version (2.4.7-1ubuntu2.20.04.4).
wget is already the newest version (1.20.3-1ubuntu2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
--2022-10-14 20:19:26--
https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgzResolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location:
https://objects.githubusercontent.com/github-production-release-asset-2e65be/4519663/0fa24e00-72ba-11ea-9afe-6e5829eec4a4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221014%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221014T181926Z&X-Amz-Expires=300&X-Amz-Signature=a16957bfdc5b083526d966e31b6f802de3f11c8f16bd465d41094a27c7effbe3&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.7.tgz&response-content-type=application%2Foctet-stream [following]
--2022-10-14 20:19:26--
https://objects.githubusercontent.com/github-production-release-asset-2e65be/4519663/0fa24e00-72ba-11ea-9afe-6e5829eec4a4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221014%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221014T181926Z&X-Amz-Expires=300&X-Amz-Signature=a16957bfdc5b083526d966e31b6f802de3f11c8f16bd465d41094a27c7effbe3&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.7.tgz&response-content-type=application%2Foctet-streamResolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.111.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 48215 (47K) [application/octet-stream]
Saving to: ‘/root/easy-rsa.tgz’
/root/easy-rsa.tgz 100%[===================>] 47,08K --.-KB/s in 0,02s
2022-10-14 20:19:26 (2,77 MB/s) - ‘/root/easy-rsa.tgz’ saved [48215/48215]
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki
Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020
read EC key
writing EC key
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/easy-rsa-8188.JckFJ3/tmp.mnjBHB'
-----
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-8188.JckFJ3/tmp.2Enioi
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server_Sx5CGkK5ktLV8lVT'
Certificate is to be certified until Jan 16 18:19:27 2025 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-8265.5pd3IU/tmp.FdduY2
An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
* Applying /etc/sysctl.d/10-ptrace.conf ...
kernel.yama.ptrace_scope = 1
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 65536
* Applying /usr/lib/sysctl.d/30-tracker.conf ...
fs.inotify.max_user_watches = 65536
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.conf.default.promote_secondaries = 1
sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument
net.ipv4.ping_group_range = 0 2147483647
net.core.default_qdisc = fq_codel
fs.protected_regular = 1
fs.protected_fifos = 1
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-openvpn.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /usr/lib/sysctl.d/protect-links.conf ...
fs.protected_fifos = 1
fs.protected_hardlinks = 1
fs.protected_regular = 2
fs.protected_symlinks = 1
* Applying /etc/sysctl.conf ...
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn@server.service → /etc/systemd/system/openvpn@.service.
Created symlink /etc/systemd/system/multi-user.target.wants/iptables-openvpn.service → /etc/systemd/system/iptables-openvpn.service.
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: david
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/easy-rsa-8662.qVxeeK/tmp.ZTG6z1'
-----
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-8662.qVxeeK/tmp.H3OdZk
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'david'
Certificate is to be certified until Jan 16 18:20:23 2025 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
Client david added.
The configuration file has been written to /home/david/david.ovpn.
Download the .ovpn file and import it in your OpenVPN client.
david@david-SATELLITE-C70-A:~$ sudo apt install openvpn
[sudo] password for david:
Reading package lists... Done
Building dependency tree
Reading state information... Done
openvpn is already the newest version (2.4.7-1ubuntu2.20.04.4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
david@david-SATELLITE-C70-A:~$ sudo cp linuxdesktop.ovpn /etc/openvpn/client.conf
cp: cannot stat 'linuxdesktop.ovpn': No such file or directory
david@david-SATELLITE-C70-A:~$ sudo systemctl start openvpn-server@server.service
Job for openvpn-server@server.service failed because the control process exited with error code.
See "systemctl status openvpn-server@server.service" and "journalctl -xe" for details.
david@david-SATELLITE-C70-A:~$ sudo systemctl start openvpn@server.service
david@david-SATELLITE-C70-A:~$ sudo ss -tulpn | grep -i openvpn
udp UNCONN 0 0 0.0.0.0:1194 0.0.0.0:* users:(("openvpn",pid=8366,fd=7))
david@david-SATELLITE-C70-A:~$ scp root@192.168.178.27:/root/linuxdesktop.ovpn
usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]
[-J destination] [-l limit] [-o ssh_option] [-P port]
[-S program] source ... target
david@david-SATELLITE-C70-A:~$ sudo find / -iname "*.ovpn"
find: ‘/run/user/1000/doc’: Permission denied
find: ‘/run/user/1000/gvfs’: Permission denied
ssh vivek@192.168.178.27 "sudo -S cat /root/linuxdesktop.ovpnfind: ‘/proc/13056’: No such file or directory
find: ‘/proc/13057’: No such file or directory
find: ‘/proc/13058’: No such file or directory
find: ‘/proc/13059’: No such file or directory
find: ‘/proc/13060’: No such file or directory
find: ‘/proc/13061’: No such file or directory
find: ‘/proc/13062’: No such file or directory
find: ‘/proc/13063’: No such file or directory
find: ‘/proc/13064’: No such file or directory
find: ‘/proc/13065’: No such file or directory
find: ‘/proc/13066’: No such file or directory
find: ‘/proc/13067’: No such file or directory
find: ‘/proc/13070’: No such file or directory
find: ‘/proc/13071’: No such file or directory
find: ‘/proc/13072’: No such file or directory
find: ‘/proc/13073’: No such file or directory
"/home/david/david.ovpn
david@david-SATELLITE-C70-A:~$ ssh vivek@192.168.178.27 "sudo -S cat /root/linuxdesktop.ovpn" > linuxdesktop.ovpn
ssh: connect to host 192.168.178.27 port 22: Connection refused
david@david-SATELLITE-C70-A:~$
