Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 2.6.32-042stab127.2 x86_64)
- * Documentation: https://help.ubuntu.com
- * Management: https://landscape.canonical.com
- * Support: https://ubuntu.com/advantage
- Last login: Tue Jun 18 10:35:42 2019 from 27.6.8.11
- root@ham:~# wget https://git.io/v1jlQ -O openvpn-install.sh && bash openvpn-install.sh
- --2019-06-18 11:06:30-- https://git.io/v1jlQ
- Resolving git.io (git.io)... 34.200.203.60, 34.199.255.1, 52.72.230.122, ...
- Connecting to git.io (git.io)|34.200.203.60|:443... connected.
- HTTP request sent, awaiting response... 302 Found
- Location: https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh [following]
- --2019-06-18 11:06:30-- https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh
- Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
- Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 36547 (36K) [text/plain]
- Saving to: 'openvpn-install.sh'
- openvpn-install.sh 100%[===================================>] 35.69K --.-KB/s in 0.02s
- 2019-06-18 11:06:30 (2.05 MB/s) - 'openvpn-install.sh' saved [36547/36547]
- Welcome to the OpenVPN installer!
- The git repository is available at: https://github.com/angristan/openvpn-install
- I need to ask you a few questions before starting the setup.
- You can leave the default options and just press enter if you are ok with them.
- I need to know the IPv4 address of the network interface you want OpenVPN listening to.
- Unless your server is behind NAT, it should be your public IPv4 address.
- IP address: 192.99.148.130
- Checking for IPv6 connectivity...
- Your host appears to have IPv6 connectivity.
- Do you want to enable IPv6 support (NAT)? [y/n]: y
- What port do you want OpenVPN to listen to?
- 1) Default: 1194
- 2) Custom
- 3) Random [49152-65535]
- Port choice [1-3]: 2
- Custom port [1-65535]: 23718
- What protocol do you want OpenVPN to use?
- UDP is faster. Unless it is not available, you shouldn't use TCP.
- 1) UDP
- 2) TCP
- Protocol [1-2]: 1
- What DNS resolvers do you want to use with the VPN?
- 1) Current system resolvers (from /etc/resolv.conf)
- 2) Self-hosted DNS Resolver (Unbound)
- 3) Cloudflare (Anycast: worldwide)
- 4) Quad9 (Anycast: worldwide)
- 5) Quad9 uncensored (Anycast: worldwide)
- 6) FDN (France)
- 7) DNS.WATCH (Germany)
- 8) OpenDNS (Anycast: worldwide)
- 9) Google (Anycast: worldwide)
- 10) Yandex Basic (Russia)
- 11) AdGuard DNS (Russia)
- DNS [1-10]: 3
- Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
- Enable compression? [y/n]: n
- Do you want to customize encryption settings?
- Unless you know what you're doing, you should stick with the default parameters provided by the script.
- Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
- See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
- Customize encryption settings? [y/n]: n
- Okay, that was all I needed. We are ready to setup your OpenVPN server now.
- You will be able to generate a client at the end of the installation.
- Press any key to continue...
- Hit:1 http://archive.canonical.com/ubuntu xenial InRelease
- Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
- Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
- Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
- Fetched 218 kB in 0s (282 kB/s)
- Reading package lists... Done
- Reading package lists... Done
- Building dependency tree
- Reading state information... Done
- ca-certificates is already the newest version (20170717~16.04.2).
- gnupg is already the newest version (1.4.20-1ubuntu3.3).
- The following packages were automatically installed and are no longer required:
- liblzo2-2 libpkcs11-helper1
- Use 'apt autoremove' to remove them.
- 0 upgraded, 0 newly installed, 0 to remove and 190 not upgraded.
- --2019-06-18 11:07:39-- https://swupdate.openvpn.net/repos/repo-public.gpg
- Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.18.188.225, 104.18.187.225
- Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.18.188.225|:443... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 1806 (1.8K) [binary/octet-stream]
- Saving to: 'STDOUT'
- - 100%[===================================>] 1.76K --.-KB/s in 0s
- 2019-06-18 11:07:39 (66.8 MB/s) - written to stdout [1806/1806]
- OK
- Hit:1 http://archive.canonical.com/ubuntu xenial InRelease
- Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
- Get:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
- Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
- Get:5 http://build.openvpn.net/debian/openvpn/stable xenial InRelease [3214 B]
- Get:6 http://build.openvpn.net/debian/openvpn/stable xenial/main amd64 Packages [1022 B]
- Fetched 223 kB in 0s (251 kB/s)
- Reading package lists... Done
- Reading package lists... Done
- Building dependency tree
- Reading state information... Done
- iptables is already the newest version (1.6.0-2ubuntu3).
- ca-certificates is already the newest version (20170717~16.04.2).
- curl is already the newest version (7.47.0-1ubuntu2.13).
- openssl is already the newest version (1.0.2g-1ubuntu4.15).
- wget is already the newest version (1.17.1-1ubuntu1.5).
- Suggested packages:
- resolvconf easy-rsa
- The following NEW packages will be installed:
- openvpn
- 0 upgraded, 1 newly installed, 0 to remove and 190 not upgraded.
- Need to get 0 B/488 kB of archives.
- After this operation, 1161 kB of additional disk space will be used.
- Preconfiguring packages ...
- Selecting previously unselected package openvpn.
- (Reading database ... 26051 files and directories currently installed.)
- Preparing to unpack .../openvpn_2.4.7-xenial0_amd64.deb ...
- Unpacking openvpn (2.4.7-xenial0) ...
- Processing triggers for libc-bin (2.23-0ubuntu4) ...
- Processing triggers for systemd (229-4ubuntu12) ...
- Processing triggers for man-db (2.7.5-1) ...
- Setting up openvpn (2.4.7-xenial0) ...
- * Restarting virtual private network daemon(s)... * No VPN is running.
- Processing triggers for libc-bin (2.23-0ubuntu4) ...
- Processing triggers for systemd (229-4ubuntu12) ...
- --2019-06-18 11:07:52-- https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
- Resolving github.com (github.com)... 192.30.253.112
- Connecting to github.com (github.com)|192.30.253.112|:443... connected.
- HTTP request sent, awaiting response... 302 Found
- Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190618T150752Z&X-Amz-Expires=300&X-Amz-Signature=43b1c625c24a87512a5e0f6c95a2a8927b65afb2aa4304b8299a4672860a76ad&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream [following]
- --2019-06-18 11:07:52-- https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190618T150752Z&X-Amz-Expires=300&X-Amz-Signature=43b1c625c24a87512a5e0f6c95a2a8927b65afb2aa4304b8299a4672860a76ad&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream
- Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.166.27
- Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.166.27|:443... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 40840 (40K) [application/octet-stream]
- Saving to: '/root/EasyRSA-unix-v3.0.6.tgz'
- /root/EasyRSA-unix-v3.0.6 100%[===================================>] 39.88K --.-KB/s in 0.01s
- 2019-06-18 11:07:52 (2.61 MB/s) - '/root/EasyRSA-unix-v3.0.6.tgz' saved [40840/40840]
- Note: using Easy-RSA configuration from: ./vars
- init-pki complete; you may now create a CA or requests.
- Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki
- read EC key
- writing EC key
- Note: using Easy-RSA configuration from: ./vars
- Using SSL: openssl OpenSSL 1.0.2g 1 Mar 2016
- Generating a 256 bit EC private key
- writing new private key to '/etc/openvpn/easy-rsa/pki/private/server_PUKOKY0pJeOhGJDD.key.T8PICPZ6MJ'
- -----
- Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
- Check that the request matches the signature
- Signature ok
- The Subject's Distinguished Name is as follows
- commonName :ASN.1 12:'server_PUKOKY0pJeOhGJDD'
- Certificate is to be certified until Jun 2 15:07:53 2022 GMT (1080 days)
- Write out database with 1 new entries
- Data Base Updated
- Note: using Easy-RSA configuration from: ./vars
- Using SSL: openssl OpenSSL 1.0.2g 1 Mar 2016
- Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
- An updated CRL has been created.
- CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
- * Applying /etc/sysctl.d/10-console-messages.conf ...
- kernel.printk = 4 4 1 7
- * Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
- net.ipv6.conf.all.use_tempaddr = 2
- net.ipv6.conf.default.use_tempaddr = 2
- * Applying /etc/sysctl.d/10-kernel-hardening.conf ...
- sysctl: permission denied on key 'kernel.kptr_restrict'
- * Applying /etc/sysctl.d/10-link-restrictions.conf ...
- * Applying /etc/sysctl.d/10-magic-sysrq.conf ...
- sysctl: permission denied on key 'kernel.sysrq'
- * Applying /etc/sysctl.d/10-network-security.conf ...
- net.ipv4.conf.default.rp_filter = 1
- net.ipv4.conf.all.rp_filter = 1
- net.ipv4.tcp_syncookies = 1
- * Applying /etc/sysctl.d/10-ptrace.conf ...
- * Applying /etc/sysctl.d/10-zeropage.conf ...
- vm.mmap_min_addr = 65536
- * Applying /etc/sysctl.d/20-openvpn.conf ...
- net.ipv4.ip_forward = 1
- net.ipv6.conf.all.forwarding = 1
- * Applying /etc/sysctl.d/99-sysctl.conf ...
- * Applying /etc/sysctl.conf ...
- Synchronizing state of openvpn.service with SysV init with /lib/systemd/systemd-sysv-install...
- Executing /lib/systemd/systemd-sysv-install enable openvpn
- mkdir: cannot create directory '/etc/iptables': File exists
- Created symlink from /etc/systemd/system/multi-user.target.wants/iptables-openvpn.service to /etc/systemd/system/iptables-openvpn.service.
- Tell me a name for the client.
- Use one word only, no special characters.
- Client name: thanos
- Do you want to protect the configuration file with a password?
- (e.g. encrypt the private key with a password)
- 1) Add a passwordless client
- 2) Use a password for the client
- Select an option [1-2]: 1
- Note: using Easy-RSA configuration from: ./vars
- Using SSL: openssl OpenSSL 1.0.2g 1 Mar 2016
- Generating a 256 bit EC private key
- writing new private key to '/etc/openvpn/easy-rsa/pki/private/thanos.key.imhHJv6x0c'
- -----
- Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
- Check that the request matches the signature
- Signature ok
- The Subject's Distinguished Name is as follows
- commonName :ASN.1 12:'thanos'
- Certificate is to be certified until Jun 2 15:08:06 2022 GMT (1080 days)
- Write out database with 1 new entries
- Data Base Updated
- Client thanos added, the configuration file is available at /root/thanos.ovpn.
- Download the .ovpn file and import it in your OpenVPN client.
- root@ham:~#
Add Comment
Please, Sign In to add comment