Skip to main content

OpenVPN

Адаптация старых OpenVPN конфигов к новым релизам OpenVPN

2.3 → 2.4

При переходе часто встречается ошибка. Текстового примера под рукой нет

Добавить

tls-cipher "DEFAULT:@SECLEVEL=0"

в начало .conf файла, вот так:

tls-remote Unrecognized option

Options error: Unrecognized option or missing or extra parameter(s) in lala.ovpn:95: tls-remote (2.5.7)
Use --help for more information.

tls-remote упразднён:

tls-remote lala.my.com

Вместо него:

verify-x509-name lala.my.com name

Варианты синтаксиса:

verify-x509-name 'C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=uk1.vpn.giganews.com'

Add the server's cipher ('BF-CBC') to --data-ciphers

OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.

Надо добавить в конфиг:

cipher BF-CBC

Autostart OpenVPN systemd

In order to configure OpenVPN to autostart for systemd, complete the following steps:

Run the command:

# sudo nano /etc/default/openvpn

and uncomment, or remove, the “#” in front of

AUTOSTART="all"

then press ‘Ctrl X’ to save the changes and exit the text editor.

Move the .ovpn file with the desired server location to the ‘/etc/openvpn’ folder:

# sudo cp /location/whereYouDownloadedConfigfilesTo/Germany.ovpn /etc/openvpn/

Edit the .ovpn file you copied in the previous step and change the line ‘auth-user-pass’ to ‘auth-user-pass pass’:

# sudo nano /etc/openvpn/Germany.ovpn

then press ‘Ctrl X’ to save the changes and exit the text editor.

In the ‘/etc/openvpn’ folder, create a text file called pass:

# sudo nano /etc/openvpn/pass

and enter your IVPN Account ID (starts with ‘ivpn’) on the first line and any non-blank text on the 2nd line, then press ‘Ctrl X’ to save the changes and exit the text editor.

(Optional) Change the permissions on the pass file to protect the credentials:

# sudo chmod 400 /etc/openvpn/pass

Rename the .ovpn file to ‘client.conf’:

# sudo cp /etc/openvpn/Germany.ovpn /etc/openvpn/client.conf

On Ubuntu 16.04 LTS, OpenVPN installs and initiates a service by default. If you are using Ubuntu 16.04 LTS, skip to step 10.
For Ubuntu 18.04 LTS and up, enable the OpenVPN service to run while booting:

# sudo systemctl enable openvpn@client.service

Reload the daemons:

# sudo systemctl daemon-reload

Start the OpenVPN service:

# sudo service openvpn@client start

Reboot and test if it is working by checking the external IP:

# curl ifconfig.co

If curl is not installed:

# sudo apt install curl

https://www.ivpn.net/knowledgebase/linux/linux-autostart-openvpn-in-systemd-ubuntu/

Back to top