On 16/08/2023 15:05, Jason Long via Openvpn-users wrote:
On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
On Wed, Aug 16, 2023 at 06:35:01AM +0000, Jason Long wrote:
[...snip...]
Hello,
I used
"https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/"
tutorial to create my OpenVPN server.
*sigh* Never use a random blog post on "how to do XYZ" when the project
itself has its own set of documentation. No matter which project it is.
I've read enough of those random "OpenVPN how-tos" over the last 15+
years and the vast majority of them are not up-to-date, tricks you into
using insecure settings, being overly complicated or simply leads you to
misery.
Doing networking isn't really suitable as a "click-this-type-that" type
of how-to, because you *really* need to understand how these things
works and impacts your configuration and setup.
This guides you through the most important steps and should be
reasonably up-to-date (I spot a few things which could be improved, but
shouldn't stop you from getting a functional tun based OpenVPN tunnel
running). This documentation is provided by the official OpenVPN
project and this project is responsible for keeping the documentation in
reasonable shape.
<https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN>
Read this, read the man page entries for options used and try to
understand it. Read the pointers to the related documentation in that
wiki page. Try to understand all the information provided there. Then
you can ask questions and get sensible replies back.
If you need more documentation, buy your own copy of the OpenVPN
Cookbook by Jan Just Keijser. He is a well-trusted OpenVPN community
member and knows this stuff very well.
<https://www.packtpub.com/product/openvpn-cookbook-second-edition/9781786463128>
> Gert tole me about the multihome statement and I added it.
When Gert tells you to look at multihome, he has very good reasons for
doing that (I know him too, he is also really trustworthy - in
particular with networking and OpenVPN). But it ALSO means you should
read the documentation for suggested options too.
[...snip...]
# cat /var/log/openvpn/virt1.log
2023-08-16 06:23:18 WARNING: --topology net30 support for server configs with
IPv4 pools will be removed in a future release. Please migrate to --topology
subnet as soon as possible.
2023-08-16 06:23:18 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but
missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN
ignores --cipher for cipher negotiations.
Those two lines tells you something important. You should fix this.
I'm not going to tell you how; read the documentation. It is fully
explained in the man page.
[...snip...]
2023-08-16 06:23:18 Listening for incoming TCP connection on
[AF_INET][undef]:2000
2023-08-16 06:23:18 TCPv4_SERVER link local (bound): [AF_INET][undef]:2000
2023-08-16 06:23:18 TCPv4_SERVER link remote: [AF_UNSPEC]
I suspect this if from a server configuration (also an important detail
to tell). And it tells you your VPN server is listening TCP port 2000.
[...snip...]
2023-08-16 06:23:18 Initialization Sequence Completed
This line means that the OpenVPN tunnel is up an running. So that means
this tunnel instance is ready to see clients connecting to it.
And finally. Learn yourself some mailing list netiquette. Inline
replies and replies at the bottom are very fine. But keep the indenting
marks (>) on the original text so it's easier to understand who is
writing what and what you are responding to.
A reasonably good summary of most common mailing list netiquette rules
used in open source (and this is the official recommendation from an
open source project; not a random blog post)
<https://wiki.openstack.org/wiki/MailingListEtiquette>
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users