OpenVPN-easy-setup icon indicating copy to clipboard operation
OpenVPN-easy-setup copied to clipboard

Published 20 hours ago verified publisher icon xl-tech

Didn't install correctly on CentOS 7

Open tsunamaru opened this issue 6 years ago • 6 comments

OS: CentOS Linux 7 (Core) x86_64 Kernel: 2.6.32-042stab127.2

-bash-4.2# ./openvpnsetup.sh 
TUN/TAP is enabled
IPv4 forwarding is already enabled
NAME="CentOS Linux"
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.linux.edu.lv
 * epel: mirror.bacloud.com
 * extras: centos.linux.edu.lv
 * updates: centos.linux.edu.lv
Package epel-release-7-11.noarch already installed and latest version
Nothing to do
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.linux.edu.lv
 * epel: mirror.vpsnet.com
 * extras: centos.linux.edu.lv
 * updates: centos.linux.edu.lv
Package 1:openssl-1.0.2k-8.el7.x86_64 already installed and latest version
Package iptables-1.4.21-18.3.el7_4.x86_64 already installed and latest version
Package curl-7.29.0-42.el7_4.1.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package easy-rsa.noarch 0:3.0.3-1.el7 will be installed
---> Package iptables-services.x86_64 0:1.4.21-18.3.el7_4 will be installed
---> Package openvpn.x86_64 0:2.4.5-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

<...>
   
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction

<...>

Installed:
easy-rsa.noarch 0:3.0.3-1.el7
iptables-services.x86_64 0:1.4.21-18.3.el7_4
openvpn.x86_64 0:2.4.5-1.el7                        

Complete!
Failed to execute operation: No such file or directory
Failed to stop firewalld.service: Unit firewalld.service not loaded.
Select server IP to listen on (only used for IPv4):
1) Internal IP - 127.0.0.1 xxx.xxx.xxx.xxx 10.8.0.1 xxxx:xxxx:xxxx::xxxx:xxxx  (in case you are behind NAT)
2) External IP - xxx.xxx.xxx.xxx

2
Select server PORT to listen on:
1) tcp 443 (recommended)
2) udp 1194 (default)
3) Enter manually (proto (lowercase!) port)

2
Select server cipher:
1) AES-256-GCM (default for OpenVPN 2.4.x, not supported by Ubuntu Server 16.x)
2) AES-256-CBC
3) AES-128-CBC (default for OpenVPN 2.3.x)
4) BF-CBC (insecure)

3
Enable IPv6? (ensure that your machine have IPv6 support):
1) Yes
2) No

1
Check your selection
Server will listen on xxx.xxx.xxx.xxx
Server will listen on udp 1194
Server will use AES-128-CBC cipher
IPv6 - 1 (1 is enabled, 0 is disabled)
Press enter to continue...
NAME="CentOS Linux"
cp: cannot stat '/usr/share/easy-rsa/2.0/*': No such file or directory
./openvpnsetup.sh: line 145: /etc/openvpn/easy-rsa/whichopensslcnf: No such file or directory
./openvpnsetup.sh: line 163: /etc/openvpn/easy-rsa/pkitool: No such file or directory
./openvpnsetup.sh: line 166: /etc/openvpn/easy-rsa/pkitool: No such file or directory
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time

<...>

./openvpnsetup.sh: line 172: /etc/openvpn/easy-rsa/pkitool: No such file or directory
./openvpnsetup.sh: line 173: /etc/openvpn/easy-rsa/revoke-full: No such file or directory
Error 23 indicates that revoke is successful
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.forwarding = 1
cat: /etc/openvpn/easy-rsa/keys/ca.crt: No such file or directory
cat: /etc/openvpn/easy-rsa/keys/server-cert.crt: No such file or directory
cat: /etc/openvpn/easy-rsa/keys/server-cert.key: No such file or directory
NAME="CentOS Linux"
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
Created symlink from /etc/systemd/system/basic.target.wants/ip6tables.service to /usr/lib/systemd/system/ip6tables.service.
Job for ip6tables.service failed because the control process exited with error code. See "systemctl status ip6tables.service" and "journalctl -xe" for details.
Job for ip6tables.service failed because the control process exited with error code. See "systemctl status ip6tables.service" and "journalctl -xe" for details.
Setup is complete. Happy VPNing!
Use /etc/openvpn/newclient.sh to generate client config

-bash-4.2# systemctl status ip6tables.service
● ip6tables.service - IPv6 firewall with ip6tables
   Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2018-04-01 01:59:39 MDT; 1min ago
  Process: 5991 ExecStart=/usr/libexec/iptables/ip6tables.init start (code=exited, status=1/FAILURE)
 Main PID: 5991 (code=exited, status=1/FAILURE)

Apr 01 01:59:39 xyz.vps.yourserver.se systemd[1]: Starting IPv6 firewall with ip6tables...
Apr 01 01:59:39 xyz.vps.yourserver.se ip6tables.init[5991]: ip6tables: Applying firewall rules: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'nat'
Apr 01 01:59:39 xyz.vps.yourserver.se ip6tables.init[5991]: Error occurred at line: 22
Apr 01 01:59:39 xyz.vps.yourserver.se ip6tables.init[5991]: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Apr 01 01:59:39 xyz.vps.yourserver.se systemd[1]: ip6tables.service: main process exited, code=exited, status=1/FAILURE
Apr 01 01:59:39 xyz.vps.yourserver.se ip6tables.init[5991]: [FAILED]
Apr 01 01:59:39 xyz.vps.yourserver.se systemd[1]: Failed to start IPv6 firewall with ip6tables.
Apr 01 01:59:39 xyz.vps.yourserver.se systemd[1]: Unit ip6tables.service entered failed state.
Apr 01 01:59:39 xyz.vps.yourserver.se systemd[1]: ip6tables.service failed.

tsunamaru avatar Apr 01 '18 08:04 tsunamaru

Same issue. Centos 7 (64 Bit) Minimal on hiformance.com

[root@*** OpenVPN-easy-setup]# uname -a Linux *** 2.6.32-042stab128.2 #1 SMP Thu Mar 22 10:58:36 MSK 2018 x86_64 x86_64 x86_64 GNU/Linux

lansman avatar Apr 20 '18 09:04 lansman

The same problem :-( uname -a Linux ******** 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

maxmenGMK avatar Apr 25 '18 07:04 maxmenGMK

Same problem on CentOS 7.4 on Digital Ocean VPS

iluhavlg avatar Apr 26 '18 14:04 iluhavlg

main error cp: cannot stat '/usr/share/easy-rsa/2.0/*': No such file or directory you need to install EasyRSA 2.* i downloaded EasyRSA-2.2.2.tgz and extacted to /usr/share/easy-rsa/2.0/

evgeny-smirnov avatar Apr 28 '18 06:04 evgeny-smirnov

Same Problem with me i'm using CentOS 7 NAT VPS

KashifHK123 avatar May 25 '18 04:05 KashifHK123

main error cp: cannot stat '/usr/share/easy-rsa/2.0/*': No such file or directory you need to install EasyRSA 2.* i downloaded EasyRSA-2.2.2.tgz and extacted to /usr/share/easy-rsa/2.0/

I used the tgz bundle from easy-rsa release page. Note that curl https://github.com/OpenVPN/easy-rsa/releases/download/2.2.2/EasyRSA-2.2.2.tgz -o EasyRSA-2.2.2.tgz only downloads the Github html page. I downloaded the file to local machine and used scp to copy the bundle to my server.

knightelessar avatar Dec 02 '20 14:12 knightelessar