Linux Server Build: OpenVPN From Scratch

Linux Server Build: OpenVPN From Scratch - Hak5 2019

Рет қаралды 204,855

Hak5

Күн бұрын

Пікірлер

@RobertGallop 8 жыл бұрын

Yes vote for IPv6 episode in depth!

@tylermurphywilliams5866 8 жыл бұрын

why you want to know about ipv6?

@doomgod314 5 жыл бұрын

I love my Pi, but i bought a refurbished HP ProLiant DL360 G7 for less than $200 off Amazon and this thing is a beast. I’m loading down every home service I need, from Plex-Media to DNS Blackhole. I’m looking forward to testing this OpenVPN install video when I get home tonight. Thanks Hak5. As always, your tutorials are second to none. Fun, detailed, and insightful in ways only seasoned veterans of the field can provide.

@yasin7520 2 жыл бұрын

You are by far the best teacher for soft soft . It's very complicated at first - overwhelming, actually - but, you make it doable for

@tonylock7657 8 жыл бұрын

You guys rock. I just followed this video and set up an OpenVPN server on a Raspberry Pi on my home network. and it works. I must confess that I followed another of your vids about OpenVPS SA on a VPS, and that didn't work for me (I kept getting four different 10.x.x.x subnets, and the gateway at home (the Pi) and the client (a laptop) ended up on different subnets) , and the simplified script based setups out there in Internet Land didn't work for me either (I think it may have been routing issue). Anyway - it's working now. Great! Keeps up the good work.

@TheDIYer 3 жыл бұрын

i love the way you put everything you used in the description makes it easier to refer to

@qwarlockz8017 6 жыл бұрын

This was a great run through. Thanks so much for making this pretty straight forward. This gave me what I did not have before. Going through docs and tutorials and the like it always had a LOT of extra. This was just a handbook on "Lets just make this work." You rock!

@devjock 8 жыл бұрын

Awesome episode, welcome back guys! Darren did a really good job of keeping a 50+ minute setup and operation video interesting. I bet this is going to help a lot of people! Setting things up on my Pi 3 right now!

@yuudai1400 7 жыл бұрын

I'm a total hacking noob, but this was so much fun to watch. I'll get this running, and I'll also enjoy seeing your videos about raspberry pi and RF. Keep up the good work!

@KandMe1 4 жыл бұрын

This is very good and well done. Just very thorough IMAO. Been researching this for some days now and this is the best I have come across so far.

@dawnS33ker 3 жыл бұрын

an episode on ipv6 would be great. Thanks for the amazing video, guys.

@tectubedk 8 жыл бұрын

please make the ipv6 video

@WillBicks 8 жыл бұрын

Yes please.

@zizzu549 8 жыл бұрын

Yes please ipv6 video i remember it is a bunch of hex bytes to write one ipv6 address and i hate hex i have ten fingers :(

@kentosfreshmaker8850 8 жыл бұрын

I would like to see that as well. Its one of those things im not too keen on =/

@bearwolffish 8 жыл бұрын

: ) The trick is to use the ridges in your fingers, along with the top of each. We have 8 fingers with 4 bits on each half byte, or hex from 0-F on one hand and 00-F0 on the other. This makes thinking binary and hex a little easier. Look up the Hexadecimal finger-counting scheme.

@TheSakeCat 7 жыл бұрын

anders ballegaard and I was feeling lost before you told me it gets more complicated.

@talabaniinday213 2 жыл бұрын

Thanks for the kind words, I'm always happy to help! Let know if you'd like any videos on specific topics in the future. I wish you all the

@geoffhalsey2184 8 жыл бұрын

Tried it out on a virtual machine first. Worked first time! Soon to be on my cloud server. Nice one guys!

@lordraiden8792 7 жыл бұрын

I just fixed my own Pi3-based OpenVPN box thanks to your tips about the firewall. Thank you very much!!

@tectubedk 8 жыл бұрын

for all the raspberry pi users check out pivpn it is the easiest way to install openvpn

@recklessbeast Жыл бұрын

just 3 years away from 2026. You did great job regarding explanation.

@JamieAlban 6 жыл бұрын

This is the first of your vids I've watched - you guys are super fun, subscribed.

@LCFTW93 8 жыл бұрын

I would like an IPv6 episode Also why the Return on empty lines between commands?

@techkenX 8 жыл бұрын

the empty lines is to keep things clean he always do that.

@cyriljourdan1023 8 жыл бұрын

Finally a complete step by step tutorial, and it works, got it working on a Ubuntu 16.04 desktop and a nVidia Jetson TK1. Awesome ! Thanks !

@cyriljourdan1023 8 жыл бұрын

In fact it works well locally but not over the Internet. My client gives a TLS Error: TLS key negotiation failed to occur within 60 seconds. It looks like a firewall issue on port 1194. Anyone got this error ?

@pgwollan 8 жыл бұрын

Is it port forwarded?

@cyriljourdan1023 8 жыл бұрын

You mean on the router? I have a basic router where I can only do simple port mapping : I can set a local IP address, a protocol, local port and public port. I set my vpn server local IP to UDP and both ports to 1194, but it is not working. Is there something I missed ? Or my router is not suitable ? Thanks!

@pgwollan 8 жыл бұрын

Any router should have some form of port forwarding. What router do you have?

@cyriljourdan1023 8 жыл бұрын

I have the Vodafone EasyBox 804. Do you recommend any router ?

@colorflydigital 2 жыл бұрын

The Best Explanation !!! I referred to many videos , but out of all tNice tutorials was the best I could find among all .... Also got to know many tNice tutorialngs

@ClevioGrenouille 4 жыл бұрын

this is the best tutorial i have ever seen on the net.

@suijurisinfowarrior 8 жыл бұрын

Thanks Darren, I was pulling what little hair I have left trying to configure an OpenVPN server. Off to deploy this tech for my travels. Snubs, the mnemonic helps me where the wrong character can make you elated or deflated.

@kristoffseisler2163 4 жыл бұрын

will you ever post an updated version of this? half of the commands just wont work at all since easy-rsa has updated so much. and you are using sysV while 2020 pretty much uses systemd

@Derbauer 7 жыл бұрын

great show guys loved the detailed content and the long duration with comprehensive walk through. much appreciated.

@kc9aop 8 жыл бұрын

I "hacked" my way through this alone. I wish this video was available when I was working this out. Needless to say my solution is functioning the same but I ended up making things a bit more complicated. Great job on this video! I would like to see an ipv6 video.

@blameTheDane 8 жыл бұрын

lol

@pcastro3783 7 жыл бұрын

Of all the effen tutorials, you guys got me up and running. Thank you!

@zainuddinbrahim4625 3 жыл бұрын

i truly support ur programs guys because I am a unix guy.

@Quinqx 8 жыл бұрын

Would love to see an in-depth IPv6 episode showing up! Keep up the good stuff! :)

@bdonham 8 жыл бұрын

Congratulations on the podcast Award.

@rubenb.molina6968 8 жыл бұрын

@Hak5 - I can't like this episode enough times! I will be playing around with OpenVPN server running on OpenWRT to manage a few remote networks. I also loved episodes #2017 and #2018; I'm drafting some ideas for my backpack "Network pocket" (housing hotspot gear, and extra storage, etc)... I'll publish a photo and tag yo guys. I need an extra nano =). #jokeNotjoke. Anyway - Love your show. I've been a fan for over nine years!

@WoobiewookieBlogspot 6 жыл бұрын

I know, I know, 2 years later... First, thanks for this - its very informative, and you'd be surprised how few VPN server setup walkthroughs there are out there. If you all are still paying attention to comments, it might be cool to give a refresher on why "allow ssh" on its own isn't very safe (just explain you're keeping your putty session active). Not sure if you guys have done a ssh keypair video but i'd love to see an updated/current one.

@pierrotlunairehh 8 жыл бұрын

+1 for an 'ipv6 for dummies'!!!

@tzisorey 8 жыл бұрын

Yes, do an IPv6 episode! We need more people to be aware of, and fluent with, IPv6!

@androidgeek123 8 жыл бұрын

Please do a Ipv6 episode!

@bryanburton3172 8 жыл бұрын

WOW, what a fantastic demo. I could follow every step. It was all crystal clear and matched my requirements precisely. Nice hats too. All working perfectly after realising I'd messed up by uncommenting the line "tls-auth ta.key 0 #" as directed by some shoddier how-to page. My bad should have come here first!!!. But Seriously, this was great. Thank You Thank You Thank you.

@adrianopinaffo 4 жыл бұрын

In 5 years I will come back to say that even though we have fireguard, this is still relevant

@baiqing 8 жыл бұрын

Great job! You guys should do a video where you tunnel openvpn through Stunnel or any other methods that can bypass deep packet inspections. Getting Stunnel to work took me 10+ hours so I would love to see what other methods you guys can pull off!

@agentgreenland 8 жыл бұрын

HEEELP! at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...? I am running Debian 8.6 on Pi

@agentgreenland 8 жыл бұрын

I found the error I made. In this video, he names his crt and key files the standard 'server' name. I made my files with a custom name for myself, and I had to define my own filenames in the server.conf config file. After that and restart the service, my network interface popped up, and it was working :) If you are going with custom names, don't forgtet to define the custom client keynames in the OVPN file too

@Attranaan 7 жыл бұрын

Ilannguaq Kivioq for a grand total of 4 files right? server.crt server.key client.crt client.key

@Attranaan 7 жыл бұрын

Ilannguaq Kivioq nevermind. rebooted and now I'm getting tun0

@pierredahmani4101 4 жыл бұрын

This tutorial helped me out so much, both of you are great. Thanks!

@etzard 8 жыл бұрын

ip6 yes please

@pingpong1138 8 жыл бұрын

Man I love when things are badly documented

@MinecraftAzsassin 6 жыл бұрын

If you’re getting a KEY_CONFIG error stating the openssl.cnf is not correct or similar, use this while in the specified directory of the issue (where build-ca is located): ln -s openssl-1.0.0.cnf openssl.cnf

@JasonSpiffy 8 жыл бұрын

Okay Ive tried this twice. I cant get it to work. The tunnel is connected and I receive an ip address from the vpn server. No internet connectivity.

@djemsmortimer 8 жыл бұрын

I've got a bullet proof configuration using diffie-hellman 4096 RSA keys with fail2ban to protect the OpenVPN as well... And password authentication on top of it.

@1998goodboy 8 жыл бұрын

i always wordered, what laptop is Shannon using??

@Macadoof 8 жыл бұрын

You guys are lovely. Thank you for a great video, I learned a lot here.

@hfrnd-hu2kz 8 жыл бұрын

Hey guys, been a real fan for a long time, quisck question... when you mentioned to be able to through this build into an arduino... any arduino specific in mind?

@gerlisonlima6098 2 жыл бұрын

Bro it’s very intimidating! I’ve been slacking on it for a month now. The symbols are very confusing. You have to train your mind to

@AydinJamshidi 5 жыл бұрын

Please make OpenVPN with OBFS proxy video (Scrambling the traffic). I searched the internet and youtube and couldn’t find any good guide about it. OpenVPN traffic is blocked in some countries for censoring the internet .

@MehdiHaghgoo 5 жыл бұрын

You guys are great! Keep up the good work!

@RomanLeBg 5 жыл бұрын

IIIIIIIIIIII LOOOOOOOOOOOOOOOOOOOOOOOOOOVEEEEEE YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU I spent straight 3 hour on the Arch wiki and now it work omg I was so so close 17:41 I put tun0 instead of the real one lmaoooo i'm so glad it work

@iamjohnhenry 5 жыл бұрын

It appears that there have been a number of changes since 2016. Wondering if you might do an update for 2019? (I initially thought this was a 2019 tutorial because of the title.)

@Gazza2485 8 жыл бұрын

Have you guys done a segment on proxy-chaining ?

@troyfred8007 6 жыл бұрын

Darren, whats the deal with the bandana on your wrist? Is that for a purpose or fashion?

@Crestoify 8 жыл бұрын

Welcome back Hak5, welcome back!

@swivellogic 7 жыл бұрын

So apparently if you change the port in both server.conf and your .ovpn file, you still need to have 1194/udp allowed in ufw, or else it doesn't work. Is there something in the openvpn code that's talking localhost over that port? Or is it the 10.x.x.x server network that needs it?

@SrFrancia0 7 жыл бұрын

Does anyone know where I could get full documentation on what they do in the episode? I tried following the video and ended up with it not working and not having learned nearly anything (I blame you, copy-paste). I would like to re-try it but actually knowing what I'm doing. I've looked up in the OpenVPN wiki but it seems messy to me and can't quite find the certificate things.

@licklake1 8 жыл бұрын

So openvpn is creating a symmetric keys the background and putting it into the .ovpn file?

@MrSimonsmoke 8 жыл бұрын

Thanks for the tutorial , now I get the server running on my Rpi ! Feel for u guys and keep it up~

@agentgreenland 8 жыл бұрын

@cubemage3336 5 жыл бұрын

hi, when I entered the "service openvpn start" command, I got "active (exited)" as a status and didn't get the tun0 either. Then, after searching in Google, I realized that after Ubuntu 18.04, services get started with the "systemctl start [service]" command. But then, I got the an error and after looking at the log, it seems openvpn was looking for a file called "ta.key". It wasn't there, so the service didn't start. Lastly, I searched Google again and found out I had to go to /etc/openvpn and run the "openvpn --genkey --secret ta.key" command. After that, the service could be started and I had the tun0 interface show up. Now here's the question. Do I need to replace the "service.key" we made in this tutorial with the "ta.key" I just made, or are they two different things for two different uses?

@joshw.7710 6 жыл бұрын

No /etc/openvpn/easy-rsa/openssl.cnf file could be found Further invocations will fail

@josh_fisher 5 жыл бұрын

I have the same issue. Found a fix?

@mrslwiseman 5 жыл бұрын

@@josh_fisherits because its pointing to a file that isnt there. in the /etc/openvpn/easy-rsa directory run: ln -s openssl-1.0.0.cnf openssl.cnf, which symlinks the openssl.cnf file to the one with a version... hope this helps, you arent the only one that has had the problem :)

@alabalistic 5 жыл бұрын

@@mrslwiseman Thank you very much You show me the way

@Darkl0ud_Productions 8 жыл бұрын

When I did this I ended up sending the cert to my android and it was wanting to connect to my internal network address rather than my external network?

@tariqquadeer7855 7 жыл бұрын

How would i change the rules differently if i used iptables instead of ufw? ufw was giving me other problems, i have iptables setup.

@Dany-rh5ur 6 жыл бұрын

I've done this on my Ubuntu Server 16.04 running behind NAT on VMware. However, I'm not able to connect outside clients to my OpenVPN. I've also tried to port forward all incoming packets on UDP 1194 to my server. Didn't help.. Any suggestions?

@PayneJon77 7 жыл бұрын

Hey just finding you two and love the video. I just recently tried to install openvpn on my Ubuntu 16.1 laptop and had a couple of questions. 1. is this usefull when you're travelling a lot, or rather is it still affective? 2. not sure why but I can't see openvpn in the manager, have I done something wrong?

@Darkl0ud_Productions 8 жыл бұрын

followed this to the T and I have no tun0 interface...

@agentgreenland 8 жыл бұрын

Me too! :-\ at around 36:18, he says he gets the new tun0 network interface, because he had started the openVPN service, but I don't get that device when I type ifconfig...! :-\ Why is that...? I am running Debian 8.6 on Pi

@Darkl0ud_Productions 8 жыл бұрын

so after I had commented that, I rebooted and it was fixed... try that mate.

@agentgreenland 8 жыл бұрын

+Warren Brown I have tried rebooting it and even tried making the interface manually by issuing the command "openvpn --mktun --dev tun0", still no luck. This issue is also present when doing it on a Ubuntu Server 16.04-64bit virtual machine. The main reason I want a VPN connection, is so I can issue WakeOnLAN packets to start up my computer when I'm away. Also to potentially transfer backups. I have rented a server that I consider doing this on instead, and connect both my Pi to it as well as whatever other client I might be using out of the house, so that I hopefully can SSH in to my Pi. I am just concerned if I get the same issue on my server. Full disclosure: I am using a Pine64, not excactly a Raspberry Pi. But Pine64 also has a headless Debian OS, very similar to the Pi's headless OS. I am even running Pi-Hole on it, which is originally designed for Pi. But again, this issue is also present on my Ubunut Server 16.04 virtual box

@WIKIKALI 5 жыл бұрын

Great tutorial A while ago I was looking for him

@djuhl002 6 жыл бұрын

What actually gets encrypted once you activate the client? I have a nginx server with phpmyadmin installed. Do I need to tell nginx the ip address off the openvpn client, or is any traffic on my lan encrypted once the client is activated?

@hasanordek 3 жыл бұрын

Great video! But, this means for every user I have to create a user account on that Linux server?

@poohbearceren62 8 жыл бұрын

daren i need your help after executing cli ./clean all and ./build-ca i get error message saying path pointing to the wrong direction should say there should be a comment on new version 2x

@Mocart096 7 жыл бұрын

Hey, I have some problems to run OVPN connection from Raspberry Pi0w/ Pi3 as a client ( with Jessie edition ). Can I set up access to server using network manager with VPN option ?. Is there any manual how to setup Raspberry based clients or maybe is there any dedicated client for Raspberry PI ?

@inhissteps-prasanna3532 2 жыл бұрын

good work and thank you so much, Greetings from Egypt

@hasimali1937 2 жыл бұрын

Did you get fruity or producer edition? Im looking to buy soft soft but i dont know if Producer edition is worth it...

@surrealalucard 7 жыл бұрын

@Darren! when going back and forth between directories, type cd -

@bullmarket7061 2 жыл бұрын

Please update this tutorial again. Make it based on new versions. Thanks. Awesome channel.

@Canadian789119 8 жыл бұрын

How would this compare to a Paid Service? like a monthly service, that will hide your IP address. Will a OpenVPN Server on your network provide a private connection too the network and Internet. Will all Traffic from the Client be protected by the Server? This seem great to connect too your Network from a Wireless client, however What I am looking for is a VPN for privacy on a windows/ ubuntu wired desktop client.

@seanjohn1031 7 жыл бұрын

how would you do all this on a VM since i dont have a pineapple? do i just keep it as a .conf file?

@AD-1000 2 жыл бұрын

Hey, I just wanted to check briesofty if there is a way for to import a new soft into the program, for example softs or sotNice tutorialng that

@nesterpen7587 6 жыл бұрын

I have installed openvpn but I am not seeing any example config files. All folders are empty. Why so ?

@mingass1 8 жыл бұрын

How to deal in this case with dynamic public IP address. When public IP address will be changed this VPN server will work or not???

@himanipku22 5 жыл бұрын

Are there any extra steps when setting up a server that will be accessed through nat?

@ChristopherDeVries 8 жыл бұрын

Fantastic tutorial guys. Thank you for making this video.

@alfie-teq 8 жыл бұрын

I have an ASUS router that has an OpenVPN server built in. With that can I build all my keys, carts and all the other files required in OS X? What is required?

@michaelchannel550 6 жыл бұрын

Hi. created a VM with ubuntu server in microsoft azure. i follow all the steps in this video. i import the .ovpn file to my iphone, it doesn't connect to the server. i also configure the network security group on the Azure VM setting to allow port 1194/UDP. still not working. please help. thanks

@kelvinklufio2849 5 жыл бұрын

In the demo, you guys used ovpn, is that going to work for just any client; link me connecting CentOS client machine?

@czarart14 6 жыл бұрын

hi my openvpn server Diffie-Helman parameters was set 2048 bit, is it possible to change it to 4096 bit?

8 жыл бұрын

you can make alarms & notifications with iptables when can you do a tut on this? :) it takes some googling but last time i checked it got advanced lol

@PyraxV 7 жыл бұрын

Im running debian on the command line and when i installed ufw and made all the changes, it works but now ufw keeps outputting random data on my terminal. Stuff like "UFW BLOCK IN=ETH0 OUT= MAC=some random mac address"

@PyraxV 7 жыл бұрын

Edit: If you have this problem, type "ufw logging off" to stop the logging

@SilentNote 5 жыл бұрын

Question : how to make a LINUX PC run 2 PCI M-Audio Delta 1010 ( that model with Breakout Box ), to be used with COKOS REAPER DAW ( Digital Audio Workstation ) for LINUX ??? Please consider making a VIDEO showing that ... Please ...

@vandorb12 5 жыл бұрын

Hak5 (kinda) aren't the folks to ask about that. Go hit up one of the audio forums or The Reaper Blog on Facebook.

@sairarivera6993 2 жыл бұрын

and build tracks from there and leave the rest for a later session. I did both but did the first way initially and it took a day to get through

@moronibarboza7051 2 жыл бұрын

How can I add the navigation bar you are using?

@R_Ultraloud 7 жыл бұрын

I get it to work to "Initialization Sequence Completed"... so far so good. openvpn is enabled. The problem is that I can't browse any webpage if I do "$ sudo openvpn pinneaple.ovpn". I triple check the instructions from Shannon and Darren. Using openvpn2.3.10 on Ubuntu 16.04 Any help would be appreciated.

@ankittiwari4230 7 жыл бұрын

Hello, I have followed exact steps but al last while testing it gives TLS handshake failed error plz help..

@drwhowhogrub3908 7 жыл бұрын

Anyone know the difference between this and openvpn-as? Is it just that there is no GUI?

@Aaron-qg7dz 5 жыл бұрын

I’m connected but it’s still not hiding my exterior IP in my web browser. So I add redirect-gateway def1 to the bottom of my .ovpn file but nothing changed.. can anyone help?

@trondnylkken956 5 жыл бұрын

Hi Is this method possible to get a ip adress for other country so it looks like I am in other country? I have a private network and ubuntu servers one with 6 websites in wordpress and some computer and a static ip. I like to use the vpn to let me see norwegian tv on internet when I am abroad. Is this what I need?

@nebuchadnezzar7774 7 жыл бұрын

awesome vidorial* (new word) anyways I have a problem setting up the tap0 device in openvpn since I running this from a rPi I have it connected through ethernet. is it the same as the tun setup?

@vansh_tiwari 5 жыл бұрын

I'm make the openvpn server & client they are connecte properly.. But please tell me how to access ip camera, plc & hmi they are connected to client side mean i want to access these three devices by ovpen network In this my medium us raspberry pi 3

@bryn7678 7 жыл бұрын

Options error: In [CMD-LINE]:1: Error opening configuration file: pineapple.ovpn Use --help for more information. i am getting this error can you help please