API tools faq
paste
Guest User

Untitled

a guest
Jun 18th, 2019
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.03 KB | None | 0 0
raw download clone embed print report
  1. Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 2.6.32-042stab127.2 x86_64)
  2.  
  3. * Documentation: https://help.ubuntu.com
  4. * Management: https://landscape.canonical.com
  5. * Support: https://ubuntu.com/advantage
  6. Last login: Tue Jun 18 10:35:42 2019 from 27.6.8.11
  7. root@ham:~# wget https://git.io/v1jlQ -O openvpn-install.sh && bash openvpn-install.sh
  8. --2019-06-18 11:06:30-- https://git.io/v1jlQ
  9. Resolving git.io (git.io)... 34.200.203.60, 34.199.255.1, 52.72.230.122, ...
  10. Connecting to git.io (git.io)|34.200.203.60|:443... connected.
  11. HTTP request sent, awaiting response... 302 Found
  12. Location: https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh [following]
  13. --2019-06-18 11:06:30-- https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh
  14. Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
  15. Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
  16. HTTP request sent, awaiting response... 200 OK
  17. Length: 36547 (36K) [text/plain]
  18. Saving to: 'openvpn-install.sh'
  19.  
  20. openvpn-install.sh 100%[===================================>] 35.69K --.-KB/s in 0.02s
  21.  
  22. 2019-06-18 11:06:30 (2.05 MB/s) - 'openvpn-install.sh' saved [36547/36547]
  23.  
  24. Welcome to the OpenVPN installer!
  25. The git repository is available at: https://github.com/angristan/openvpn-install
  26.  
  27. I need to ask you a few questions before starting the setup.
  28. You can leave the default options and just press enter if you are ok with them.
  29.  
  30. I need to know the IPv4 address of the network interface you want OpenVPN listening to.
  31. Unless your server is behind NAT, it should be your public IPv4 address.
  32. IP address: 192.99.148.130
  33.  
  34. Checking for IPv6 connectivity...
  35.  
  36. Your host appears to have IPv6 connectivity.
  37.  
  38. Do you want to enable IPv6 support (NAT)? [y/n]: y
  39.  
  40. What port do you want OpenVPN to listen to?
  41. 1) Default: 1194
  42. 2) Custom
  43. 3) Random [49152-65535]
  44. Port choice [1-3]: 2
  45. Custom port [1-65535]: 23718
  46.  
  47. What protocol do you want OpenVPN to use?
  48. UDP is faster. Unless it is not available, you shouldn't use TCP.
  49. 1) UDP
  50. 2) TCP
  51. Protocol [1-2]: 1
  52.  
  53. What DNS resolvers do you want to use with the VPN?
  54. 1) Current system resolvers (from /etc/resolv.conf)
  55. 2) Self-hosted DNS Resolver (Unbound)
  56. 3) Cloudflare (Anycast: worldwide)
  57. 4) Quad9 (Anycast: worldwide)
  58. 5) Quad9 uncensored (Anycast: worldwide)
  59. 6) FDN (France)
  60. 7) DNS.WATCH (Germany)
  61. 8) OpenDNS (Anycast: worldwide)
  62. 9) Google (Anycast: worldwide)
  63. 10) Yandex Basic (Russia)
  64. 11) AdGuard DNS (Russia)
  65. DNS [1-10]: 3
  66.  
  67. Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
  68. Enable compression? [y/n]: n
  69.  
  70. Do you want to customize encryption settings?
  71. Unless you know what you're doing, you should stick with the default parameters provided by the script.
  72. Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
  73. See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
  74.  
  75. Customize encryption settings? [y/n]: n
  76.  
  77. Okay, that was all I needed. We are ready to setup your OpenVPN server now.
  78. You will be able to generate a client at the end of the installation.
  79. Press any key to continue...
  80. Hit:1 http://archive.canonical.com/ubuntu xenial InRelease
  81. Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
  82. Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
  83. Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
  84. Fetched 218 kB in 0s (282 kB/s)
  85. Reading package lists... Done
  86. Reading package lists... Done
  87. Building dependency tree
  88. Reading state information... Done
  89. ca-certificates is already the newest version (20170717~16.04.2).
  90. gnupg is already the newest version (1.4.20-1ubuntu3.3).
  91. The following packages were automatically installed and are no longer required:
  92. liblzo2-2 libpkcs11-helper1
  93. Use 'apt autoremove' to remove them.
  94. 0 upgraded, 0 newly installed, 0 to remove and 190 not upgraded.
  95. --2019-06-18 11:07:39-- https://swupdate.openvpn.net/repos/repo-public.gpg
  96. Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.18.188.225, 104.18.187.225
  97. Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.18.188.225|:443... connected.
  98. HTTP request sent, awaiting response... 200 OK
  99. Length: 1806 (1.8K) [binary/octet-stream]
  100. Saving to: 'STDOUT'
  101.  
  102. - 100%[===================================>] 1.76K --.-KB/s in 0s
  103.  
  104. 2019-06-18 11:07:39 (66.8 MB/s) - written to stdout [1806/1806]
  105.  
  106. OK
  107. Hit:1 http://archive.canonical.com/ubuntu xenial InRelease
  108. Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
  109. Get:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
  110. Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
  111. Get:5 http://build.openvpn.net/debian/openvpn/stable xenial InRelease [3214 B]
  112. Get:6 http://build.openvpn.net/debian/openvpn/stable xenial/main amd64 Packages [1022 B]
  113. Fetched 223 kB in 0s (251 kB/s)
  114. Reading package lists... Done
  115. Reading package lists... Done
  116. Building dependency tree
  117. Reading state information... Done
  118. iptables is already the newest version (1.6.0-2ubuntu3).
  119. ca-certificates is already the newest version (20170717~16.04.2).
  120. curl is already the newest version (7.47.0-1ubuntu2.13).
  121. openssl is already the newest version (1.0.2g-1ubuntu4.15).
  122. wget is already the newest version (1.17.1-1ubuntu1.5).
  123. Suggested packages:
  124. resolvconf easy-rsa
  125. The following NEW packages will be installed:
  126. openvpn
  127. 0 upgraded, 1 newly installed, 0 to remove and 190 not upgraded.
  128. Need to get 0 B/488 kB of archives.
  129. After this operation, 1161 kB of additional disk space will be used.
  130. Preconfiguring packages ...
  131. Selecting previously unselected package openvpn.
  132. (Reading database ... 26051 files and directories currently installed.)
  133. Preparing to unpack .../openvpn_2.4.7-xenial0_amd64.deb ...
  134. Unpacking openvpn (2.4.7-xenial0) ...
  135. Processing triggers for libc-bin (2.23-0ubuntu4) ...
  136. Processing triggers for systemd (229-4ubuntu12) ...
  137. Processing triggers for man-db (2.7.5-1) ...
  138. Setting up openvpn (2.4.7-xenial0) ...
  139. * Restarting virtual private network daemon(s)... * No VPN is running.
  140. Processing triggers for libc-bin (2.23-0ubuntu4) ...
  141. Processing triggers for systemd (229-4ubuntu12) ...
  142. --2019-06-18 11:07:52-- https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
  143. Resolving github.com (github.com)... 192.30.253.112
  144. Connecting to github.com (github.com)|192.30.253.112|:443... connected.
  145. HTTP request sent, awaiting response... 302 Found
  146. Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190618T150752Z&X-Amz-Expires=300&X-Amz-Signature=43b1c625c24a87512a5e0f6c95a2a8927b65afb2aa4304b8299a4672860a76ad&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream [following]
  147. --2019-06-18 11:07:52-- https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190618T150752Z&X-Amz-Expires=300&X-Amz-Signature=43b1c625c24a87512a5e0f6c95a2a8927b65afb2aa4304b8299a4672860a76ad&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream
  148. Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.166.27
  149. Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.166.27|:443... connected.
  150. HTTP request sent, awaiting response... 200 OK
  151. Length: 40840 (40K) [application/octet-stream]
  152. Saving to: '/root/EasyRSA-unix-v3.0.6.tgz'
  153.  
  154. /root/EasyRSA-unix-v3.0.6 100%[===================================>] 39.88K --.-KB/s in 0.01s
  155.  
  156. 2019-06-18 11:07:52 (2.61 MB/s) - '/root/EasyRSA-unix-v3.0.6.tgz' saved [40840/40840]
  157.  
  158.  
  159. Note: using Easy-RSA configuration from: ./vars
  160.  
  161. init-pki complete; you may now create a CA or requests.
  162. Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki
  163.  
  164. read EC key
  165. writing EC key
  166.  
  167. Note: using Easy-RSA configuration from: ./vars
  168.  
  169. Using SSL: openssl OpenSSL 1.0.2g 1 Mar 2016
  170. Generating a 256 bit EC private key
  171. writing new private key to '/etc/openvpn/easy-rsa/pki/private/server_PUKOKY0pJeOhGJDD.key.T8PICPZ6MJ'
  172. -----
  173. Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
  174. Check that the request matches the signature
  175. Signature ok
  176. The Subject's Distinguished Name is as follows
  177. commonName :ASN.1 12:'server_PUKOKY0pJeOhGJDD'
  178. Certificate is to be certified until Jun 2 15:07:53 2022 GMT (1080 days)
  179.  
  180. Write out database with 1 new entries
  181. Data Base Updated
  182.  
  183. Note: using Easy-RSA configuration from: ./vars
  184.  
  185. Using SSL: openssl OpenSSL 1.0.2g 1 Mar 2016
  186. Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
  187.  
  188. An updated CRL has been created.
  189. CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
  190.  
  191. * Applying /etc/sysctl.d/10-console-messages.conf ...
  192. kernel.printk = 4 4 1 7
  193. * Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
  194. net.ipv6.conf.all.use_tempaddr = 2
  195. net.ipv6.conf.default.use_tempaddr = 2
  196. * Applying /etc/sysctl.d/10-kernel-hardening.conf ...
  197. sysctl: permission denied on key 'kernel.kptr_restrict'
  198. * Applying /etc/sysctl.d/10-link-restrictions.conf ...
  199. * Applying /etc/sysctl.d/10-magic-sysrq.conf ...
  200. sysctl: permission denied on key 'kernel.sysrq'
  201. * Applying /etc/sysctl.d/10-network-security.conf ...
  202. net.ipv4.conf.default.rp_filter = 1
  203. net.ipv4.conf.all.rp_filter = 1
  204. net.ipv4.tcp_syncookies = 1
  205. * Applying /etc/sysctl.d/10-ptrace.conf ...
  206. * Applying /etc/sysctl.d/10-zeropage.conf ...
  207. vm.mmap_min_addr = 65536
  208. * Applying /etc/sysctl.d/20-openvpn.conf ...
  209. net.ipv4.ip_forward = 1
  210. net.ipv6.conf.all.forwarding = 1
  211. * Applying /etc/sysctl.d/99-sysctl.conf ...
  212. * Applying /etc/sysctl.conf ...
  213. Synchronizing state of openvpn.service with SysV init with /lib/systemd/systemd-sysv-install...
  214. Executing /lib/systemd/systemd-sysv-install enable openvpn
  215. mkdir: cannot create directory '/etc/iptables': File exists
  216. Created symlink from /etc/systemd/system/multi-user.target.wants/iptables-openvpn.service to /etc/systemd/system/iptables-openvpn.service.
  217.  
  218. Tell me a name for the client.
  219. Use one word only, no special characters.
  220. Client name: thanos
  221.  
  222. Do you want to protect the configuration file with a password?
  223. (e.g. encrypt the private key with a password)
  224. 1) Add a passwordless client
  225. 2) Use a password for the client
  226. Select an option [1-2]: 1
  227.  
  228. Note: using Easy-RSA configuration from: ./vars
  229.  
  230. Using SSL: openssl OpenSSL 1.0.2g 1 Mar 2016
  231. Generating a 256 bit EC private key
  232. writing new private key to '/etc/openvpn/easy-rsa/pki/private/thanos.key.imhHJv6x0c'
  233. -----
  234. Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
  235. Check that the request matches the signature
  236. Signature ok
  237. The Subject's Distinguished Name is as follows
  238. commonName :ASN.1 12:'thanos'
  239. Certificate is to be certified until Jun 2 15:08:06 2022 GMT (1080 days)
  240.  
  241. Write out database with 1 new entries
  242. Data Base Updated
  243.  
  244. Client thanos added, the configuration file is available at /root/thanos.ovpn.
  245. Download the .ovpn file and import it in your OpenVPN client.
  246. root@ham:~#
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!