OpenVPN Debian/Ubuntu Setup Script for OpenVZ

An new awesomer script is now available! Check it out!

I have edited a script (credits below as well as a CentOS/RHEL version) for automated OpenVPN setup. OpenVPN server on your OpenVZ VPS can be set up in under a couple of minutes. Port forwarding, client config, key archiving, and config setup is all done for you. Note that setting the port to 53 can be used to bypass captive portals as an alternative to using iodine. Feedback is appreciated.

Make sure that your VPS has it’s TUN/TAP modules enabled by your provider first. To verify it is working, enter the command below:

cat /dev/net/tun

If you receive this message, your TUN/TAP device is ready for use:

cat: /dev/net/tun: File descriptor in bad state

If you receive this message, contact your provider for assistance:

cat: /dev/net/tun: No such file or directory

To install the script, copy and paste this into your SSH client of choice:

wget http://www.putdispenserhere.com/wp-content/uploads/openvpninstall.sh
chmod +x openvpninstall.sh
./openvpninstall.sh

Script Source:

#!/bin/bash
# Interactive OpenVPN install script on a OpenVZ VPS
# Tested on Debian 5, 6, and Ubuntu 10.10
# 2011 v1.5
# Author Denis D. - Modified by Commander Waffles
# http://bluemodule.com/software/openvpn-install-script-for-openvz-vps/
# http://www.putdispenserhere.com/openvpn-debianubuntu-setup-script-for-openvz/

echo "################################################"
echo "Interactive OpenVPN Install Script for OpenVZ VPS Machines v1.5"
echo "by Denis D. http://www.bluemodule.com"
echo "Modified by Commander Waffles http://www.putdispenserhere.com"
echo "Should work on various deb-based Linux distos."
echo "Tested on Debian 5, 6, and Ubuntu 10.10"
echo
echo "Make sure to message your provider and have them enable"
echo "TUN, IPtables, and NAT modules prior to setting up OpenVPN."
echo
echo "You need to set up the server before creating more client keys."
echo "A separate client keyset is required per connection or machine."
echo "When creating certificated you can put \".\" to skip a field for all fields" 
echo "except for \"Common Name\" and password fields."
echo "################################################"
echo
echo
echo "################################################"
echo "Select on option:"
echo "1) Set up new OpenVPN server AND create one client"
echo "2) Create additional clients"
echo "################################################"
read x
if test $x -eq 1; then
	echo "Specify server port number that you want the server to use (eg. 1194 to use OpenVPN defaults or 53 for Captive Portal bypassing - make sure you're not running bind or named):"
	read p
	echo "Enter client username that you want to create (eg. client1):"
	read c

# get the VPS IP
ip=`grep address /etc/network/interfaces | grep -v 127.0.0.1  | awk '{print $2}'`

echo
echo "################################################"
echo "Downloading OpenVPN 2.2.0"
echo "################################################"
case $(lsb_release -is) in Debian) wget http://build.openvpn.net/downloads/releases/debian/5/openvpn_2.2.0-debian0_i386.deb;; Ubuntu) wget http://build.openvpn.net/downloads/releases/ubuntu/10.04/openvpn_2.2.0-ubuntu0_i386.deb;; *) echo "Unkown distribution";; esac

echo
echo "################################################"
echo "Downloading and Installing Dependencies"
echo "################################################"
apt-get update
apt-get install liblzo2-2 libpkcs11-helper1 openvpn-blacklist
case $(lsb_release -is) in Debian) dpkg -i openvpn_2.2.0-debian0_i386.deb;; Ubuntu) dpkg -i openvpn_2.2.0-ubuntu0_i386.deb;; *) echo "Unkown distribution";; esac

echo
echo "################################################"
echo "Creating Server Config"
echo "\"Common Name\" must be filled."
echo "Please insert : server"
echo "################################################"
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

# creating server.conf file
echo ";local $ip" > /etc/openvpn/server.conf
echo "port $p" >> /etc/openvpn/server.conf
echo "proto udp" >> /etc/openvpn/server.conf
echo "dev tun" >> /etc/openvpn/server.conf
echo "ca /etc/openvpn/keys/ca.crt" >> /etc/openvpn/server.conf
echo "cert /etc/openvpn/keys/server.crt" >> /etc/openvpn/server.conf
echo "key /etc/openvpn/keys/server.key" >> /etc/openvpn/server.conf
echo "dh /etc/openvpn/keys/dh1024.pem" >> /etc/openvpn/server.conf
echo "server 10.8.0.0 255.255.255.0" >> /etc/openvpn/server.conf
echo "ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
echo "push \"redirect-gateway def1 bypass-dhcp\"" >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 8.8.8.8\"" >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 8.8.4.4\"" >> /etc/openvpn/server.conf
echo "keepalive 5 30" >> /etc/openvpn/server.conf
echo "comp-lzo" >> /etc/openvpn/server.conf
echo "persist-key" >> /etc/openvpn/server.conf
echo "persist-tun" >> /etc/openvpn/server.conf
echo "status openvpn-status.log" >> /etc/openvpn/server.conf
echo "verb 3" >> /etc/openvpn/server.conf

cd /etc/openvpn/easy-rsa/2.0/
. ./vars
./clean-all

echo
echo "################################################"
echo "Building Certifcate Authority"
echo "\"Common Name\" must be filled."
echo "################################################"
./build-ca

echo
echo "################################################"
echo "Building Server Certificate"
echo "\"Common Name\" must be filled."
echo "Please insert : server"
echo "################################################"
./build-key-server server
./build-dh

cp -R /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys

echo
echo "################################################"
echo "Starting Server"
echo "################################################"
/etc/init.d/openvpn start

echo
echo "################################################"
echo "Forwarding IPv4 and Enabling It On boot"
echo "################################################"
echo 1 > /proc/sys/net/ipv4/ip_forward
# saves ipv4 forwarding and and enables it on-boot
cat >> /etc/sysctl.conf <<END
net.ipv4.ip_forward=1
END
sysctl -p

echo
echo "################################################"
echo "Updating IPtables Routing and Enabling It On boot"
echo "################################################"
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $ip
# saves iptables routing rules and enables them on-boot
iptables-save > /etc/iptables.conf
cat > /etc/network/if-pre-up.d/iptables <<END
#!/bin/sh
iptables-restore < /etc/iptables.conf
END
chmod +x /etc/network/if-pre-up.d/iptables

echo
echo "################################################"
echo "Building certificate for client $c"
echo "\"Common Name\" must be filled."
echo "Please insert like same cert : $c"
echo "################################################"
./build-key $c

echo "client" > /etc/openvpn/keys/$c.ovpn
echo "dev tun" >> /etc/openvpn/keys/$c.ovpn
echo "proto udp" >> /etc/openvpn/keys/$c.ovpn
echo "remote $ip $p" >> /etc/openvpn/keys/$c.ovpn
echo "resolv-retry infinite" >> /etc/openvpn/keys/$c.ovpn
echo "nobind" >> /etc/openvpn/keys/$c.ovpn
echo "persist-key" >> /etc/openvpn/keys/$c.ovpn
echo "persist-tun" >> /etc/openvpn/keys/$c.ovpn
echo "ca ca.crt" >> /etc/openvpn/keys/$c.ovpn
echo "cert $c.crt" >> /etc/openvpn/keys/$c.ovpn
echo "key $c.key" >> /etc/openvpn/keys/$c.ovpn
echo "comp-lzo" >> /etc/openvpn/keys/$c.ovpn
echo "verb 3" >> /etc/openvpn/keys/$c.ovpn

cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys

cd /etc/openvpn/keys/
tar -czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn

echo
echo "################################################"
echo "One client keyset for $c generated."
echo "To connect:"
echo "1) Download /etc/openvpn/keys/clientkeys.tgz using a client such as WinSCP/FileZilla."
echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory."
echo "3) Extract the contents of clientkeys.tgz to the VPN folder."
echo "4) Start openvpn-gui, right click the tray icon and click Connect on your client name."
echo "To generate additonal client keysets, run the script again with option #2."
echo "################################################"


# runs this if option 2 is selected
elif test $x -eq 2; then
	echo "Enter client username that you want to create (eg. client2):"
	read c
	
ip=`grep address /etc/network/interfaces | grep -v 127.0.0.1  | awk '{print $2}'`
p=`grep -n 'port' /etc/openvpn/server.conf | cut -d' ' -f2`

echo
echo "################################################"
echo "Building certificate for client $c"
echo "\"Common Name\" must be filled."
echo "Please insert like same cert : $c"
echo "################################################"
cd /etc/openvpn/easy-rsa/2.0
source ./vars
./vars
./build-key $c

echo "client" > /etc/openvpn/keys/$c.ovpn
echo "dev tun" >> /etc/openvpn/keys/$c.ovpn
echo "proto udp" >> /etc/openvpn/keys/$c.ovpn
echo "remote $ip $p" >> /etc/openvpn/keys/$c.ovpn
echo "resolv-retry infinite" >> /etc/openvpn/keys/$c.ovpn
echo "nobind" >> /etc/openvpn/keys/$c.ovpn
echo "persist-key" >> /etc/openvpn/keys/$c.ovpn
echo "persist-tun" >> /etc/openvpn/keys/$c.ovpn
echo "ca ca.crt" >> /etc/openvpn/keys/$c.ovpn
echo "cert $c.crt" >> /etc/openvpn/keys/$c.ovpn
echo "key $c.key" >> /etc/openvpn/keys/$c.ovpn
echo "comp-lzo" >> /etc/openvpn/keys/$c.ovpn
echo "verb 3" >> /etc/openvpn/keys/$c.ovpn

cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys

cd /etc/openvpn/keys/
tar -czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn

echo
echo "################################################"
echo "One client keyset for $c generated."
echo "To connect:"
echo "1) Download /etc/openvpn/keys/clientkeys.tgz using a client such as WinSCP/FileZilla."
echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory."
echo "3) Extract the contents of clientkeys.tgz to the VPN folder."
echo "4) Start openvpn-gui, right click the tray icon and click Connect on your client name."
echo "################################################"

else
echo "Invalid selection, quitting."
exit
fi

Original source (CentOS version) and inspiration from Denis:
http://bluemodule.com/software/openvpn-install-script-for-openvz-vps/

Bookmark the permalink.
  • tom

    Great! It works better than the other script I once used.

    Questions:

    1. The generated *.opvn file for client does not include the IP address of the VPN server by default (as I just tested) so it actually fails to connect. I have to manually set the server IP in the file for it to work.

    2. If you have iodine working, do you still need to make Openvpn listen ton port 53? I am confused here. I guess you don’t need openvpn on port 53 anymore if you have iodine working. Which method is better?

    • admin

      1. It works for me strangely enough. I ran this script on Debian BuyVM VPSes, and HostRail VPSes without issue (testing each time). Which provider are you using this on? What OS?

      2. Iodine was my first bypassing system. The advantage of iodine is the mtu is dynamic (I believe). I am biased to iodine for very locked down networks (some hotel chains) and Openvpn for performance and ease of setup and use.

      • iWhiteTiger

        Hello CommanderWaffles,

        I’ve used the script several times but no luck. I got connected through OpenVPN client but it says (No Internet Access)
        Also, when I looked at the VPN IP in the PC info, it doesn’t have a Default Gateway configured. 
        Any idea?

        Thanks,

        • Anonymous

          What OS are you using now?

          • iWhiteTiger

            Hi CommanderWaffles,

            Sorry for my late response. I’m using Windows 7 in all my machines.
            I even tried to setup the OpenVPN manually step by step and got the same results.

            Also, just to testing, did similar setup with my Ubuntu in VMWare to generate the Certs and keys and apply them on my DD-WRT Router and worked smoothly without any issues.

            Thanks,

          • Anonymous

            Have you checked the ovpn file after you extract it? Can you post everything but the ip?

    • admin

      Perhaps the IP detect command doesn’t work.

      Try this in your terminal (from this script):
      ifconfig venet0:0 | grep 'inet addr' | awk {'print $2'} | sed s/.*://

      If that doesn’t work, try this:
      grep address /etc/network/interfaces | grep -v 127.0.0.1 | awk '{print $2}'

      Third option:
      ifconfig venet0:0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'

      Please let me know which works and gives back your public IP.

  • tom

    Thank you for replying.

    I tried on my Xen VPS server. The First and Third method do not work, and I got the error message:

    venet0:0: error fetching interface information: Device not found

    The second one works.

    BTW. how to subscribe to your blog?

    • admin

      The reason why the first and second method don’t work is because they look for venet0:0. That is the virtual ethernet adapter for OpenVZ VPSes, it doesn’t show up in Xen based VPSes. I will update the script with the second ip detect method. You can add the blog via RSS if you like, but it has a bunch of off topic videos that I keep for friends.

      http://www.putdispenserhere.com/feed/rss/

  • I just deleted the Debian 5 Lenny 13 VPS and Installed Ubuntu 11.04 64-bit.
    I then Ran your script, and same errors. I have installed it fine with no problems on Ubuntu 11.04 32-bit running on my local PC just after It failed on VPS247. So it seems it is something to do with my host vps247.com – Sad as a VPS on a local PC is not much use. I wanted it running on my main work server.

    Here is the install, maybe you can point out what I am doing wrong:

    1) Set up new OpenVPN server AND create one client
    2) Create additional clients
    ################################################
    1
    Specify server port number that you want the server to use (eg. 1194 to use OpenVPN defaults or 53 for Captive Portal bypassing – make sure you’re not running bind or named):
    1194
    Enter client username that you want to create (eg. client1):
    jason

    ################################################
    Downloading OpenVPN 2.2.0
    ################################################
    –2011-08-10 22:32:22–  http://build.openvpn.net/downloads/releases/ubuntu/10.04/openvpn_2.2.0-ubuntu0_i386.deb
    Resolving build.openvpn.net… 67.228.206.23
    Connecting to build.openvpn.net|67.228.206.23|:80… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 436444 (426K) [application/x-debian-package]
    Saving to: `openvpn_2.2.0-ubuntu0_i386.deb’

    100%[======================================>] 436,444      353K/s   in 1.2s

    2011-08-10 22:32:24 (353 KB/s) – `openvpn_2.2.0-ubuntu0_i386.deb’ saved [436444/436444]

    ################################################
    Downloading and Installing Dependencies
    ################################################
    Ign http://security.ubuntu.com natty-security InRelease
    Ign http://archive.ubuntu.com natty InRelease
    Ign http://archive.ubuntu.com natty-updates InRelease
    Hit http://security.ubuntu.com natty-security Release.gpg
    Hit http://archive.ubuntu.com natty Release.gpg
    Hit http://security.ubuntu.com natty-security Release
    Hit http://archive.ubuntu.com natty-updates Release.gpg
    Hit http://archive.ubuntu.com natty Release
    Hit http://security.ubuntu.com natty-security/main amd64 Packages
    Hit http://archive.ubuntu.com natty-updates Release
    Ign http://security.ubuntu.com natty-security/main TranslationIndex
    Hit http://archive.ubuntu.com natty/main amd64 Packages
    Hit http://archive.ubuntu.com natty/universe amd64 Packages
    Ign http://archive.ubuntu.com natty/main TranslationIndex
    Ign http://archive.ubuntu.com natty/universe TranslationIndex
    Hit http://archive.ubuntu.com natty-updates/main amd64 Packages
    Hit http://archive.ubuntu.com natty-updates/universe amd64 Packages
    Ign http://archive.ubuntu.com natty-updates/main TranslationIndex
    Ign http://archive.ubuntu.com natty-updates/universe TranslationIndex
    Ign http://security.ubuntu.com natty-security/main Translation-en
    Ign http://archive.ubuntu.com natty/main Translation-en
    Ign http://archive.ubuntu.com natty/universe Translation-en
    Ign http://archive.ubuntu.com natty-updates/main Translation-en
    Ign http://archive.ubuntu.com natty-updates/universe Translation-en
    Reading package lists… Done
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    The following NEW packages will be installed:
      liblzo2-2 libpkcs11-helper1 openvpn-blacklist
    0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
    Need to get 1176 kB of archives.
    After this operation, 2544 kB of additional disk space will be used.
    Get:1 http://archive.ubuntu.com/ubuntu/ natty/main liblzo2-2 amd64 2.03-2 [59.2 kB]
    Get:2 http://archive.ubuntu.com/ubuntu/ natty/main libpkcs11-helper1 amd64 1.07-1build1 [48.1 kB]
    Get:3 http://archive.ubuntu.com/ubuntu/ natty/main openvpn-blacklist all 0.4 [1068 kB]
    Fetched 1176 kB in 0s (2687 kB/s)
    Selecting previously deselected package liblzo2-2.
    (Reading database … 21030 files and directories currently installed.)
    Unpacking liblzo2-2 (from …/liblzo2-2_2.03-2_amd64.deb) …
    Selecting previously deselected package libpkcs11-helper1.
    Unpacking libpkcs11-helper1 (from …/libpkcs11-helper1_1.07-1build1_amd64.deb) …
    Selecting previously deselected package openvpn-blacklist.
    Unpacking openvpn-blacklist (from …/openvpn-blacklist_0.4_all.deb) …
    Processing triggers for man-db …
    Setting up liblzo2-2 (2.03-2) …
    Setting up libpkcs11-helper1 (1.07-1build1) …
    Setting up openvpn-blacklist (0.4) …
    Processing triggers for libc-bin …
    ldconfig deferred processing now taking place
    dpkg: error processing openvpn_2.2.0-ubuntu0_i386.deb (–install):
     package architecture (i386) does not match system (amd64)
    Errors were encountered while processing:
     openvpn_2.2.0-ubuntu0_i386.deb

    ################################################
    Creating Server Config
    “Common Name” must be filled.
    Please insert : server
    ################################################
    cp: cannot stat `/usr/share/doc/openvpn/examples/easy-rsa/’: No such file or directory
    ./openvpninstall.sh: line 64: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 65: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 66: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 67: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 68: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 69: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 70: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 71: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 72: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 73: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 74: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 75: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 76: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 77: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 78: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 79: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 80: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 81: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 82: /etc/openvpn/server.conf: No such file or directory
    ./openvpninstall.sh: line 84: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory
    ./openvpninstall.sh: line 85: ./vars: No such file or directory
    ./openvpninstall.sh: line 86: ./clean-all: No such file or directory

    ################################################
    Building Certifcate Authority
    “Common Name” must be filled.
    ################################################
    ./openvpninstall.sh: line 93: ./build-ca: No such file or directory

    ################################################
    Building Server Certificate
    “Common Name” must be filled.
    Please insert : server
    ################################################
    ./openvpninstall.sh: line 101: ./build-key-server: No such file or directory
    ./openvpninstall.sh: line 102: ./build-dh: No such file or directory
    cp: cannot stat `/etc/openvpn/easy-rsa/2.0/keys’: No such file or directory

    ################################################
    Starting Server
    ################################################
    ./openvpninstall.sh: line 110: /etc/init.d/openvpn: No such file or directory

    ################################################
    Forwarding IPv4 and Enabling It On boot
    ################################################
    net.ipv4.ip_forward = 1

    ################################################
    Updating IPtables Routing and Enabling It On boot
    ################################################

    ################################################
    Building certificate for client jason
    “Common Name” must be filled.
    Please insert like same cert : jason
    ################################################
    ./openvpninstall.sh: line 142: ./build-key: No such file or directory
    ./openvpninstall.sh: line 144: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 145: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 146: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 147: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 148: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 149: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 150: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 151: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 152: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 153: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 154: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 155: /etc/openvpn/keys/jason.ovpn: No such file or directory
    ./openvpninstall.sh: line 156: /etc/openvpn/keys/jason.ovpn: No such file or directory
    cp: cannot stat `/etc/openvpn/easy-rsa/2.0/keys/jason.crt’: No such file or directory
    cp: cannot stat `/etc/openvpn/easy-rsa/2.0/keys/jason.key’: No such file or directory
    ./openvpninstall.sh: line 161: cd: /etc/openvpn/keys/: No such file or directory
    tar: ca.crt: Cannot stat: No such file or directory
    tar: jason.crt: Cannot stat: No such file or directory
    tar: jason.key: Cannot stat: No such file or directory
    tar: jason.ovpn: Cannot stat: No such file or directory
    tar: Exiting with failure status due to previous errors

    ################################################
    One client keyset for jason generated.
    To connect:
    1) Download /etc/openvpn/keys/clientkeys.tgz using a client such as WinSCP/FileZilla.
    2) Create a folder named VPN in C:Program FilesOpenVPNconfig directory.
    3) Extract the contents of clientkeys.tgz to the VPN folder.
    4) Start openvpn-gui, right click the tray icon and click Connect on your client name.
    To generate additonal client keysets, run the script again with option #2.
    ################################################
    root@Jason-Ubuntu:~#

    • Anonymous

      The problem is that you are running 64bit ubuntu and the script download the 32bit edition.

      Open this:
      http://pastebin.com/Bgs8v8Uz

      • Thanks a lot for your help CommanderWaffles!
        I have made a copy of these scripts now, one for 32bit and the other for 64bit. The install went fine!. The problem I had on the Debian 5 Lenny 32bit was the Key had to be added, the GPG key Xensource use to sign their packages hasn’t been added to the VM’s apt keyring on my host.

        wget -q http://updates.vmd.citrix.com/XenServer/5.5.0/GPG-KEY -O- | apt-key add –

        I also had to run this:

        aptitude install lsb-release

        As for the 64bit Ubuntu yes you were right and I thank you again for this excellent script!

  • How do we access the admin panel when running debian? (Im kinda new)

    • Anonymous

      When you get your VPS, you have 2 admin panels. The first one is WHMCS which is for paying your bills and opening support tickets. The second one is SolusVM which is for wiping your OS and making backups. Debian itself doesn’t have an admin panel. What I think you are looking for is Webmin. http://www.webmin.com/

      It allows you to manage everything from a web gui.

      • No, I meant the openvpn panel.

        • Anonymous

          Unfortunately there is the no panel. You would want to use Openvpn access server, but that is limited to 2 clients.

          • x-men

            openvpn GUI admi module allows that jux intall it

  • Syamsul

    Thanks for this great script. I did first have to install openvpn manually though on my Debian 6 RAMHost OpenVZ VPS before the script would run to completion without errors.

  • Shaorin

    When I try to connect it says: Options error: Unrecognized option or missing parameter(s) in server.ovpn:4: 172.16.74.24 (2.0.9)
    Anyone know how to fix it?

    • Anonymous

      What OS are you using on your VPS and on your PC?

  • Tazd

    Just quick one to say thanks for this script. It’s the only that worked for me after trying a few different ones.

    • Anonymous

      Glad it worked for you. Just curious to know what VPS provider are you using?

  • Dallas

    Hey there,
    Just used this script to setup my VPN on a Xen VPS server, running Debian 6. 

    I ran it once and it didn’t work, so I first manually installed openvpn (apt-get install openvpn), and then ran the script again, worked perfectly!

    Thanks!
    -Dallas

    • Anonymous

      Glad it worked for you. I don’t have a Xen VPS so I couldn’t test it. All OpenVZ because I’m cheap 😛

  • Yarykm

    worked great from the 1st try on ubuntu vps (openvz). THANKS!

    • CommanderWaffles

      Glad to help 😀

  • Tazd

    Just an FYi the http://build.openvpn.net/downloads/releases/debian/5/openvpn_2.2.0-debian0_i386.deb link in the script is no longer valid. Seems openvpn removed it.

    • CommanderWaffles

      Thanks for the heads up. I’ll try and fix it when I get time. It looks like they don’t have the same version as before as well. I have to redo the script 🙁

  • suvro

    http://build.openvpn.net/downloads/releases/ubuntu/10.04/openvpn_2.2.0-ubuntu0_i386.deb
    Resolving build.openvpn.net… 67.228.212.69
    Connecting to build.openvpn.net|67.228.212.69|:80… connected.
    HTTP request sent, awaiting response… 403 Forbidden
    2012-03-14 21:49:52 ERROR 403: Forbidden

  • x-men

    How do i revoke clients or certs

  • Running Ubuntu 10.10 64x — i get this  after i press 1 to install

    Select on option:
    1) Set up new OpenVPN server AND create one client
    2) Create additional clients
    ################################################
    1
    : bad variable name
    ovpn_install_script.sh: 195: Syntax error: “elif” unexpected (expecting “then”)
    root@server1:~#

    • CommanderWaffles

      I’ll have to retest the script and update soon. I’ll see then.

      • WanAfan

        Has it been updated ?

  • HalfEatenPie

    Hey so it seems like the old build servers are gone (or atleast they’re not working for my own servers).  I think you’ll have to update the script with the newer ones.

    Thanks though for putting this together!

  • Daniel Leger

    Thank you a thousand times for this script. I hate the easy-rsa scripts! This script should be included in the openvpn packages! Thank you, again!

    • CommanderWaffles

      Thank you for using it also 🙂

  • Fredrik Duwell

    You should make a newer version. This doesn’t seem to work anymore. It complains about the packages doesn’t exist when trying to grab OpenVPN.

  • Rafael Mourao

    Great script! This link to openvpn for debian is not working anymore, i just changed the command to “apt-get install openvpn”. Other than that, everything worked perfectly, thanks