Differences

This shows you the differences between two versions of the page.

--- userguide:openvpn:openvpnconfig [2017/04/21 07:04]
+++ userguide:openvpn:openvpnconfig [2017/04/21 08:51] (current)
@@ Line 4: / Line 4: @@
 OpenVPN is an open-source VPN application that lets you create and join a private network securely over the public Internet. When enabled, your Users can use this server as endpoint for their internet connection. The settings of OpenVPN can be configured on this GUI page.
-These services are divided between wto sub-tabs:
+These services are divided between two sub-tabs:
   * [[#General|General]]
   * [[#Client Certificates|Client Certificates]]
 BlueOnyx uses [[https://openvpn.net/index.php/open-source/345-openvpn-project.html|OpenVPN v2.4.1-2]] as its OpenVPN server.
+For troubleshooting [[#Troubleshooting OpenVPN|troubleshooting]] information please scroll to the end of this page.
 ----
@@ Line 64: / Line 67: @@
   * Folder icon: Download ZIP-file with the OVPN key and the certificates
   * Trashcan icon: Allows you to revoke the issued certificate and to block this users OpenVPN access.
+===Troubleshooting OpenVPN===
+If your OpenVPN server is not starting, then please try to start it manually from SSH as 'root' and check what the status of the server says. The commands for this are as follows:
+==BlueOnyx 5209R:==
+''systemctl restart openvpn@server.service''
+''systemctl status openvpn@server.service''
+==BlueOnyx 5207R, 5208R or Aventurin{e} 6108R:==
+''/sbin/service openvpn restart''
+''ps axf|grep openvpn''
+The configuration files for OpenVPN reside under ''/etc/openvpn/'' and all user certificates can be found under ''/etc/openvpn/easy-rsa/pki''. If you ever plan on migrating the OpenVPN access from one server to another, then be sure to move the ''/etc/openvpn/'' directory across to the new server as well. This will retain both the server certificates and the user certificates.
+Under Aventurin{e} or OpenVZ the VPS in question with the OpenVPN package installed must have the capability [[https://openvz.org/VPN_via_the_TUN/TAP_device|Net/TUN]] enabled. In Aventurin{e} this can be done via the GUI interface under VPS / Basic Settings by ticking the respective checkbox and saving. Also make sure your Aventurin{e} node has the kernel module "tun" loaded ("modprobe tun").
+==Useful shell-tools:==
+  * ''/etc/openvpn/easy-rsa/user_cert.sh'': This takes a username as an argument and creates OpenVPN access for that user.
+  * ''/etc/openvpn/easy-rsa/user_revoke.sh'': This takes a username as an argument and revokes OpenVPN access for that user. The certificate of that user will be invalidated and revoked, so he cannot login with these credentials again. If the user is currently logged in, he will be logged out.
+  * ''/etc/openvpn/easy-rsa/list-crl'': Must be run from inside the /etc/openvpn/easy-rsa/ directory. Shows a list of all revoked user certificates.
+  * ''/etc/openvpn/easy-rsa/init.sh'': Initial setup script. Should not be run manually.
+  * ''/etc/openvpn/easy-rsa/gen_dh.sh'': Initial setup script for the 2048 bit Diffie Hellman keys. Is used once during initial setup of the package.
+  * ''/etc/openvpn/easy-rsa/easyrsa'': Full Easy-RSA 3.0 command toolkit, which is used by the GUI to set up, configure and to revoke keys.

wiki.blueonyx.it

User Tools

Site Tools

Differences

Page Tools