VPN一切！ OpenVPN网关教程

49 comments

1. Can you show how to do that with a raspberry pi for people who don't have an extra pc?

2. Nice and easy guide. Thanks. Thou, it is not complete when running Ubuntu 18.04 as the OpenVPN is not forwarding DNS. It bypasses the runnel and leaks DNS information.. Can you comment on it, e.g do you have a fix for it?

3. Thank you so much for this awesome tutorial! I used Ubuntu Server 19.10.1 for the Raspberry Pi 4 2GB Model and it works!

4. Request name and password. Thank you.

5. anyone way to ignore expired server certificates besides changing system date back on the client?

6. Thanks for this… I am looking for something like this to use with my Smart TV.
   But one thing is not 100% clear for me: Can I just plug in the Raspberry into my Router (Fritzbox) via Ethernet and connect the TV via Wifi to my home network and only put the Gateway IP of the VPN into the TV? So no physical or direct Wifi connection to the Raspberry needed by the TV?

7. I'm really enjoying your videos. Not sure if you're still using freeNAS but a video idea I would appreciate is how to access applications running in a FreeBSD jail from outside a home network securely. Either accessing via OpenVpn or a reverse proxy over TLS.

8. Hey I've tried it but I get an error when enabling the service:

   ubuntu@ubuntu:/etc$ sudo systemctl start rc-local.service
   
   Job for rc-local.service failed because the control process exited with error code.
   
   See "systemctl status rc-local.service" and "journalctl -xe" for details.

   Can you please help?

9. Hey,

   Do you know of a way to monitor the VPN connection? I don't constantly use it, but I'd like to know if the VPN goes down while not utilizing it.

10. For those that wanna use ipvanish, here's the wget command

    sudo wget https://www.ipvanish.com/software/configs/configs.zip

    Thank you for the video!

11. I think you should stop taking speed pills before doing videos…
    Secondly, put in your title for which OS the tutorial is meant for…

12. Falls ihr bei Swisscom seid und mit Raspberry Pi einen VPN machen möchtet, müsst ihr erst bei Swisscom anrufen. Die weisen euch dann eine spezielle IP-Adresse zu und nur mit der ist es möglich. Kein Scherz. 10.11.2019

13. Great video, i try so many tutorial to do something like this on proxmox.
    I try to build a seedbox with a killswitch for the vpn, but alltogether, i didn't know you can just use a vm with a vpn on it like a gateway for a other machine, so mutch easy to setup.

14. @all
    I think some of you might end up my rabbit hole and getting error messages at the end of tutorial
    Please change /etc/rc.local to executable

    sudo chmod +x /etc/rc.local

15. Can you use this to set up clients to be able to connect to the VPN server outside of the network?

16. without the iptables.sh (BUT with the ip_forward enabled), client using the gateway can't reach the internet.
    Also, if beforehand i launch the iptables.sh, when i run openvpn (connect.sh) it keeps on giving me:

    write UDP: Operation not permitted (code=1)
    openvpn 2.4.6
    openssh-server 1:7.9p1-10
    on Ubuntu server 19.04

    Any help?

17. I run iptables.sh and everything stops working. if I run just openvpn it works fine but can't connect from another machine. the second i run iptables i get "write UDP: Operation not permitted (code=1)" and (Temporary failure in name resolution)

18. my internet stops working all together when i run iptables.sh
    p.s im using torguard if that affects it.

19. When I'm thinking privacy I had an idea, Think of A PFSENSE BOX and you can plob several boxes connected to several HIGH SPEED ISPs. Now each box has it's own public IP that has a spoofed MAC ADDRESS TO OBTAIN A RANDOM PUBLIC IP. Now if you can install the program MACCHANGER to the WAN PORT ADAPTER to randomize it's MAC ADDRESS and obtain a new public IP, but this only happens when a user of these randomized PFSENSE BOXES that point to ech other via OSPF to your address, email, or other desti ation domain your trying to connect to. Now to further complicate the anominity all boxes are set up by OpenVPN ,and has each boxs UPDATED ROUTING TABLE THAT RESETS AT EACH ESTABLISHED CONNECTION PACKET BY PACKET. This can create a bunch of overhead but if there is a way to randomize the route by OSPF then by In ORDER down the line then back by a randomization through an algorithm? Also I probably would have a constant DD script that can write garbage to it's log files?!?! Coulld something like that be accomplished?

20. sudo apt get update && sudo apt get upgrade will do an upgrade right after an update. this saves time

21. Hey! Great Video. VPN works like a charm. I cant get the last command to work. when i start the rc-local – i get "job for rclocal.service failed because control process exited with error code" I checked the script – it is copy and paste from yours?

    in log i see: rc-local.service: Failed to execute command: Permission denied
    .

22. Will this slow down the internet speed at home? How about VPN client setup for you away from home and connect to home using VPN setup?

23. does this setup support remote connection to your home vpn?

24. Great guide, with this i finally got the VPN gateway to work, but i have some questions.

    After server reboot, when the server starts my computers can access internet for a few pings, exposing my ISP IP until the VPN starts, is there anything we can do about that?

    What if my VPN gateway is on subnet 192.168.50.0/24 but my router is on 192.168.1.0/24, do i need to create a route or iptable for that? and how do i do it?

    I had problems to create a static route from 192.168.50.0/24 to this device while on 192.168.1.0/24 in my USG 3p, so need to find another solution

25. Great tutorial. Very succinct and to the point. I also really liked your tutorial on ad blocking the whole house. I just need to set up Nextcloud and these two and I'll be set. 🙂

26. I'm having slight issues here, when enabling and running the rc-local.service, it constantly is trying to save the iptables,(constant save done being printed to the terminal) the vpn works, but snail pace(5 down 1 up on a 40/10 connection) any ideas?

27. It is truly brave apply netplans without testing and lost the ssh connect with typos. 😀 Thanks for a good video. Is there any reason to not to use permanent chances on iptables?

28. I'm doing this on Debian rather than Ubuntu due to i386 cpu. All great until I get to "sudo bash iptables.sh" when I'm left with just a flashing cursor. Any ideas please?

29. 16:04 "this is still pinging over here in my pihole" …. epic

30. I have setup a gateway but is there a way to route all traffic to it or do i have to add the gateway on each device?

31. Hi Jeff! Great video tutorial. I've been running an openvpn server when needed on my main system up until now but I've been wanting to migrate it to my FreeNAS server for a while now.
    I see you have an InWin 301 case on your desk and I am curious to know how you setup the fans (seeing as I have one myself). Do you have 2 bottom intake fans, 2 front exhaust fans and one rear exhaust? I've noticed despite my best cable management attempts that the exhaust area on the right of the case behind the honeycomb mesh is quite air restrictive. I cannot seem to be able to dump hot air out of the case quickly enough whilst gaming.

32. How about not using a legacy method to run those files? Systemd on reboot????

33. When using and email "In auth.txt" as username the connection fails to connect with status "Auth Failed", when passing the username and password manually connection works … any suggestions on how to bypass this? could be a character (@) on the username that makes it fail?

34. This video earned my subscription… Absolutely wonderful.
    I not only liked the topic but the fantastic way of explaining it expanding the information

35. You don't need to type sudo bash every time. You can just type sudo <script> as you've defined the shell within the script with the #!. You just need to make the script executable with chmod +x <script>

36. FYI, OpenSSH is now available natively in Windows 10 from version 1809. You can simply SSH from a Command Prompt / PowerShell
    https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse

37. Want a sponsor? For my own vpn i currently have its a ovh

38. 'gateway4' doesn't need to be in brackets because it's not an array; you can't have more than one gateway. the other fields can support multiple entries per line, whether you use them or not.

39. Real questions – how do you daisy chain OpenVPN VPNs? Because there are issues with default gateway settings when you connect to VPN while being already connected to different VPN.

40. Putty is bloat, just use the terminal.

41. Is this all free?

42. Excellent tutorial. I came here because I'm interested in making a local VPN for other reasons. Couple comments:

    The sysctl port forwarding would be better in a static file /etc/systctl.d/40-portforwarding.conf would be okay
    echo "net.ipv4.ip_forward net.ipv4.ip_forward = 1" > /etc/systctl.d/40-portforwarding.conf

    It'll now apply this setting on boot.
    Then sysctl -p to enable it for the session (or reboot is fine)

    Then you don't have to run the sysctl command in your start script.

    Meanwhile, the /etc/rc.local hack was just… No..
    Put the script in /usr/local/bin/startvpn.sh and use systemd properly 😀

43. Great tutorial. I use PIA. What change do need to make to the ovpn file? Or how should it look like (the command)?

44. Yaml square brackets denote arrays or lists. You can have multiple address and multiple nameservers so they're in brackets. You can only have one gateway so there are no brackets

45. Ok ..great.lost you at 2:24 what the fudge are u talking about.?thanks for nothing

46. One of these days (maybe April 1st) I want to hear him say "…as always, I'm Joe" and see how many people rewind.

47. This was great! Thank yoh

48. dam nord needs to throw you some duckets

49. I opened up Patty but she got mad..lol

Comments are closed.