Reinstalled my dedicated server and realized (afterwards) that I just erased my entire openvpn/mysql auth setup and I don't have an entirely working copy.

FUCK.

Okay, nothing I can do about that afterwards, setup csf right away, monitored the auth log for a minute and noticed one ip which had just connected and found it weird somehow. Blocked the ip.

Then, one second later, as my console stopped responding and that ip address suddenly looked veeeery familiar, I realized I just blocked myself. (the blocks persist across reboots)

😐

Went to the control panel and hit the reinstall button. Confirmed, and two seconds later I realized I could just have connected to any of my own fucking vpn services to unblock myself.

What in the living fuck is wrong with me @_@

Mother of god.

I spent hours and hours last week to try and get OpenVPN working. I mean, OpenVPN is working perfectly fine (on a VirtualBox (nope no vmware for me on servers) machine on a friends' dedicated server) but it wouldn't get through! As in, every forwarding/firewall rule just didn't work.

Was seriously about to lose my shit just now when I suddenly noticed the term 'TCP' in a forwarding rule.

Looked at the .ovpn file: proto udp

I added the exact same rule for UDP as a forward within VirtualBox.

It worked.

Well, there goes quite some hours 😐

And solely because I didn't realise that I setup a forwarding thingy for the wrong protocol.

I feel very stupid now :(

Tonight I want to try to setup an openvpn server with mysql based authentication because I'd love to somehow setup/become a vpn provider.

Of course there's a huge ass legal part but let's first make sure I know the technology of the top of my head!

Just ranting this out because I'm excited 😊

On the train's public WiFi while traveling and want to use a VPN connection to one of my own VPN servers.

I'm now just realizing that the openvpn port is probably not an allowed one on this network and I set the port to the default openvpn one 😥

Fuck me sideways right now.

After a few hours, I think I just got mysql based openvpn authentication working O_o

Fucking yay! Now let's implement a maximum amount of connections per user.

Yes, rants can be happy too.

One day with a lot of hours trying later:

Got an OpenVPN server running from scratch and can (still have to write the actual authentication code) accept or refuse clients through a php script ran from a bash script with a username and password.

Fuck yeah!

That awkward moment when I was able to run three docker containers on a 512MB server:
1. DotNet core web service
2. MySQL
3. OpenVPN

BUT I cannot run:
1. NodeJs web service
2. MongoDB container

Spent two hours configuring the damn server to get hit by this T_T

It's vacation for me for two weeks of which one week will be a vacation outside the country and one will be home-time.

Will work on redesigning my entire server 'infrastructure' and an automated website/openvpn/whateverthefuckiwanttodeployorwhatever system solely written in bash/shell scripting.

Partly because it's awesome to learn new Linux-related stuff and partly because I really want to have this functionality and would love to write it myself.

Also working on three side projects of which two will become a service and one will be released into the open :)

But, tomorrow will be dancing my ass off to quite some of my favourite producers :D

!rant
I'm just amazed what 512MB of RAM can do :O
That's htop from my VPS I feel sorry for the CPU though.

It is running three docker containers:
1. Dotnet Core
2. MySQL
3. OpenVPN

Something strange just happened, activated Fail2ban on another server and instantly blocked me when I already had ssh session open >_>

Does macOS terminal keep on sending ssh authentication requests? Or is my OpenVPN that keeps on sending requests.

Why does this keep on happening to me T_T

I've been lurking for a while but I had it up to here with these goddamned "js sucks" posts.

I'm not gonna deny js has severe design problems,
or that chromium is a motherfucking vampire
or that it's a goddamn pain in the ass to understand how to babel webpack + plugins correctly

that is all true.

the problem is that it's just a lazy damn circlejerk at this point where no learning is gained, with no outlook on any possible solution of these problems, let alone ANY type of actual collaboration to help the situation.

sometimes people don't even care to specify what is specifically wrong with js. It's just "js sucks" and that's it, farm ++.

slack is a ram hog, yes, yes, we know... WE KNOW.
every 5 days someone has to remind that!

is there any solution? why is it a ram hog? is electron the problem, or is the slack source code doing weird shit?
are there any lightweight alternatives to electron?

That's actual good conversation, but no, apparently it's impossible to drop the snarky tone for 2 seconds.

I think it's fine to point out defficiencies in applications, but it's not ok to shitpost on and on.

I would very ok with someone shitcomplaining about js is if they were doing something about it.

I'm still ok with people letting of some steam, I'm fine with people expressing frustration from direct work experience with js. I'm not ok with people and their ignorance and snarky comments and non helpfulness while comfortably laughing from their own camp of totally unrelated technologies.

Hearing sysadmins or people that code exclusively in c shit on js makes me feel my insides twirl.

Imagine I didn't do shit for linux, but I went around forums pointing out the defficiencies, like the lack of standards, and saying that mac is way better.

Or I if yapped on and on about openvpn and having an obscure as fuck api, meanwhile not doing a single fucking thing about it, or not even using it in a day to day basis.

do you hate slack's ram usage? me too and js isn't going anywhere in the next 5 years, so either do something or provide smart conversation, diagnosis of the problem or possible alternstives/solutions, otherwise stfu

i just bought a $5 digital ocean droplet, installed and set up openvpn, all from my phone.

😤😤😤

"There is a problem in your selection of --ifconfig endpoints [local=10.8.0.40, remote=255.255.255.252]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver."

WORKS PERFECTLY FINE ON MY ANDROID, AND ALL OF MY LINUX MACHINES!! Yet WanBLowS apparently needs special treatment again. AND WHAT FOR, HUH?!!! Motherfucking piece of fucking trash!!!

A BIG SHOUTOUT TO MY FRIEND @theKarlisK

He is the real MVP.

We both spent the weekend to setup OpenVPN + Pi-Hole on Oracle free tier.

He hand held me through the entire process, was super patient with my silly queries and in fact explained me everything so well that it got imprinted in my mind.

And ofc, he was super quick to debug and resolve issues and handed me all the commands for quick execution.

Super glad to have worked with him on this project.

1. firing up the terminal
2. enter sudo apt-get install openvpn easy-rsa
3. realizing I'm on my windows machine

I'm working on an open source openvpn client for linux with a gtk gui and some cool features i have in mind. I wrote most of it's daemon and now i'm going for the gui. But,... the problem is..., i'm not a ui dev, so every ui i make is awful. I feel like i'm either stuck or have to choose one of my bad ui designs. what do you think i should do? how can i get some help?

Got drunk during work time because fuck openvpn, fuck anyconnect, and fuck badly designed vpn servers in general.

A fucking pptp connection, man, a fucking pptp.

You know what would be nice? Being able to Google anything to do with VPNs without having like 90% of the results being links to how-to-setup-VPN-client pages from every goddamn obscure commercial VPN provider in existance.

If I wanted to know how to setup a VPN client to work with Crazy Dave's House-o'-VPN-n'-Cloud-Hosting's paid-for service, I probably would have Googled for that, not general things like "openvpn ethernet bridging". Why am I getting so many commercial results? Either nobody sets up their own VPNs, or the VPN companies have SEO'd the keywords good and proper.

Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.

Step 1: Acquire Rasbpery Pi
Step 2: Install Rasbian Lite
Step 3: Install PiHole
Step 4: Setup VPN
Step 5: Get a domain name for the VPN server
Step 6: Install OpenVPN on Phone
Step 7: Connect to Rasbperry PiHole Server

NO MORE ADS MOTHERFUCKERS

I hope not too many people followed this advice. It was a tutorial for making your Raspberry Pi act as a network-accessible CCTV camera, and the tutorial was good, but that end part... yikes. Don't just port forward your http stream!

At least I know how I can just have it accessible only through my OpenVPN.

Two weeks of my life! All of this is on a win10 host with docker for windows. This is Docker running openvpn, and docker running Firefox in another container sharing VPN access from first container and also opens an x11 window port for Firefox GUI. Then x11 window server on Windows host to receive GUI. So left is firefox clearnet running native, right is Firefox over vpn in all containers, simultaneously.

Fuck this client's IT department. They're a bunch of Microsoft asslickers.

How am I supposed to push code to your self-hosted GitLab instance if you restrict me to Citrix RDP????? No OpenVPN access because I'm on Linux?? Seriously? Because I am not using any of your laptops?

FUCK YOU DUMBASSES, I COULD DO A BETTER JOB THAN YOU AND I JUST PLAY WITH LINUX.

When I said I only needed terminal access I would have never imagined they were thinking of Putty inside an RDP. What a steaming shit.

Oh you guys don't have a secret management service as any enterprise should? Oh I cannot add a secret management service as part of the solution I am building for you guys because "Hurr Durr yOu HaVe NoT pUt ThIs In ThE pRoJeCt PrOpOsAl sO nO"

Fuck you guys. You guys only don't want to move to the cloud to not lose your jobs. I would be far more productive than relying on you pieces of dumbassery.

They are all having each others back in using shit technology and practices.

Spent 30 minutes searching for openVPN on my VPS to end up remembering I have it as a docker container and not installed directly on the system :\

TL;DR Dear boss, firstly, you always get someone to review anything important done by a fucking intern.
Secondly, you do not give access to your fucking client's production server to an intern.
Thirdly, you don't ask your fucking intern to test the intern's work that has not been reviewed by anyone directly on your client's fucking production server.

Last week, the boss and one of the lead devs (the only guy with some serious knowledge about systems and networking) decided to give me (an intern who barely has any work experience) the task of fixing or finding an alternate solution to allowing their support team access to their client machines. Currently they used a reverse SSH tunnel and an intermediary VH but for some reason, that was very unreliable in terms of availability. I suggested using OpenVPN and explained how it would work. Seemed to be a far better idea and they accepted. After several days of working through documentations and guides and everything, I figured out how OpenVPN works and managed to deploy a TEST server and successfully test remote access using two VMs. On seeing my tests, the boss told me that he wanted to test it on the client network. I agreed. Today he comes to me and he tells me to prepare testing for tomorrow and that the client technician is going to give me access to one of their boxes. And then he adds, "It's a working prod server. We'll see if we can make it work on that" and left. I gaped at him for a while and asked another dev guy in the room if what I heard was right. He confirmed. Turns out, the lead dev and the boss's son (who also works here) had had a huge argument since morning on the same issue and finally the dev guy had washed it off his hands and declared that if anything goes wrong from testing it on production, it's entirely the boss's own fault. That's when the boss stepped in and approached me. I ran back to his office and began to explain why prod servers don't top the list of things you can fuck around with. But he simply silenced me saying, "What can go wrong?" and added, "You shouldn't stay still. You should keep moving". Okay, like firstly what the fuck and secondly, what the fuck?.
Even though OpenVPN client is not the scariest thing to install, tomorrow's going to be fun.

I am so fucking lost.

I literally have zero expectations from life for now and future.

There was a time when I had so much clarity in my life. Rather, I was known for it.
Folks used to reach me out for guidance and my approaches even worked for others.

I was goal oriented and biased towards action. Failing and learning from it, I used to make things happen and with constant feedback kept progressing.

While none of that has changed, I still feel lost and numb. No, I am not depressed or suffering through any mental illness. I am physical active and able to feel the happiness.

But the recent incident with a narcissistic, left me emotionally handicap. I can no longer feel any kind of love or affection. I overcame the damage done and healed myself.

But now, I am done. Even if I engage with anyone for a relationship it would be mostly for sex. I can care for people around me and be affectionate towards them but when it comes to an intimate relationship, I feel it's not something I can do in this lifetime. I tried multiple times but failed.

These days, all I am doing is putting my heads down and working like crazy. Never in my life I worked more than 10 hours in an entire week. Now, I work 10+ hours everyday. During that time, I am highly productive.

And in my free time, I am busy housekeeping different life problems. Either paying bills, figuring out an insurance, planning some investment, or making some kind of life decision.

It's draining me. I feel as if I am losing sanity. But that's the only thing I am able to do.

Maybe it's the lockdown effect. Maybe some damage is yet to be healed.

But I got nothing better to do. I have some good ideas. Not those hipster-ish disruptive Million dollar ideas, but decent enough to solve a problem for a strong use case.

However, all of this is becoming overwhelming these days. Because decision making is complex and difficult task. It can make or break the future.

As of now I am confused how should I go about pursuing two of the important projects that I want to accomplish.

1. Migrating out of Google ecosystem. Is it even practically possible for my use case? What are the alternatives? Planning to opt in for a paid cloud storage so have to factor in that aspect as well.

I want to keep this new setup only for official use like bank and government stuff. Maybe family and close friends. Then have current ids for public logins and sharing it with retards whom I can block or ignore if they harass me. The research is overwhelming but having a structured setup gives insane amount of efficiency when life is spam free.

2. Migrating my Pihole and OpenVPN setup out of Digital Ocean to GCP. Primarily because $5 is a lot of amount for my computational requirements and Google has used my data enough, for me to use the free tier.
However, there isn't a simple script for a tech noob like me, to go ahead and setup something. I did find a Github repository but the documentation is kind of outdated so RTFM failed for me.

I don't know whether to pursue my start-up or let it go and focus on moving to Europe.

It's just so fucking stupid to even exist. And let's not forget taxes. Bloody taxes.

Was just reading some of the OpenVPN scripts to renew a certificate where I forgot to source the vars file first (apparently OpenVPN stores those in a separate file that you always have to source first, and I tend to forget it sometimes).

Reading the revoke-full script that OpenVPN provides, it's just bash so I can read it no problem. But traversing through it and trying to understand it... Horrible! There's a test file in $RT named keys/revoke-test.pem. It's not used anywhere in OpenVPN for anything useful as far as I'm aware. The script however - the script that's running on a production server! - attempts to remove this file. It doesn't exist. Test files do (or at least should) not exist in production. They're not supposed to be there.

It exports empty variables. Some of them are set by the sourced vars file, some aren't. Not entirely sure why it's exporting variables as empty when they're uninitialized, or why it doesn't just unset the ones that are initialized.

And finally it goes ahead and revokes the key file that I'm actually concerned about through regular OpenSSL and verifies it.

Not to mention that the lack of the sourced vars file, which admittedly I should think about in the current status quo, if it *always* needs to be sourced anyway... Why doesn't the script do that itself then? One less thing to go wrong. But hey, proper design?

Gore. I don't have any other words for it.

And before anyone tells me that I should go and fix it if I'm so worried about it. Remember, I am not a developer. That's the job of the developers that made this in the first place.

A follow up rant to my rant about "breaking the interwebs":

I fixed the interwebs and I also installed OpenVPN on one of my Raspberry Pis, it seems to be working just like I wanted it to work :3

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

You can connect to Docker containers directly via IP in Linux, but not on Mac/Windows (no implementation for the docker0 bridged network adapter).

You can map ports locally, but if you have the same service running, it needs different ports. Furthermore if you run your tests in a container on Jenkins, and you let it launch other containers, it has to connect via IP address because it can't get access to exposed host ports. Also you can't run concurrent tests if you expose host ports.

My boss wanted me to change the tests so it maps the host port and changes from connecting to the IP to localhost if a certain environment variable was present. That's a horrible idea. Tests should be tests and not run differently on different environments. There's no point in having tests otherwise!

Finally found a solution where someone made a container that routed traffic to docker containers via a set of tun adapters and openvpn. It's kinda sad Docker hasn't implemented this natively for Mac/Windows yet.

!rant,
please bare with me :)
What is the difference between having a VPS with OpenVPN and connecting to it and between registering for a VPN provider?

whenever I suspend my laptop my openvpn would get stuck on reconnecting and I'd have to ctrl c and wait for like minutes so it would correctly close. so I only used VPN when I really needed it.

but then I found out: mullvad (my VPN host supports wireguard! and so wireguard is a more passive protocol, and doesn't need to keep open the connection. so now I can just set my VPN to "always on" and not worry about it anymore, yay!

ps: you should have seen my face when I found out mullvad gives away free stickers! :D

Man I fucking love debugging Windows applications... OpenVPN dun shit the bed because the management interface is locked (on the Windows client I presume?) - so poke that error message into the Gargler along with "openvpn windows"... First result, OpenVPN forums. Excellent. ... Some dickhead in the forums: "this is the wrong forum, this is for Access-Server users, and you the user MUST have terminated the process".

Come fucking on! If only I could replace this fucking device with a proper OS already (and no I can't). Windows itself being a clusterfuck is one thing but the goddamn support around it. Atrocious!

i wrote a website, a server in go, a small os in c, a game in js, a game and server and web scraper and other desktop apps in java, mobile apps with flutter, a website with php also, implemented aes in go, wrote a parser in java. done sysadmin stuff on my vps and pihole/openvpn/nextcloud on my rpi. learn about c vulnerabilities and used metasploit. attempted to write an interpreted language. did some led displays with arduino. currently learning tensorflow.

i have never...
- written a driver
- made a game with a game engine
- created a file encoding
- implemented an oauth2 server
- made an api
- worked with vr

what am i missing? i want to be a very well rounded dev.

Not a rant but i got my first homelab server this week :D

Looking forward to playing with it. Already installed esxi,and openvpn.

:dell poweredge t130 with 16 gb ram i found for a reasonable price.

I JUST CAN NOT UPDATE THAT ONE SERVER TO DEBIAN 9

- it has no /dev/sda but a /dev/ploopXXXXX which is mounted as / but I can't see it
- uname says it's Linux 2.6.32-042stab126.2 and it says Debian some lines later in the ssh login
- there is no boot loader (I can't find it)
- lsb_release tells me it's running Debian 9.6 stretch, I put stretch into the apt sources
- in /boot there are 2 different versions: 3.16.0-7-amd64 and 4.9.0-8-amd64
- and I do not have physical access to it

WHAT THE FUCK AM I SUPPOSED TO DO?!

I wanted to install OpenVPN on it but that Linux Version doesn't support the Tunnel Interface /dev/net/tun

My beard has grown during the time i've been waiting for Emscripten SDK to get installed

In Syria, my connection speed is 512kbps and Google repositories is blocked, so i had to run OpenVPN using a VPNBook account located in Poland to get everything working, and i guess you all know how connection speed is screwed when you use a VPN, i hardly got 300kbps

The bright side is having to do ZERO configurations on Linux before installation

I haven't touched my OpenVPN server configuration in almost a year. Everything seemed to "just work" the way I wanted it.
I have now just found out that all ipv6 DNS queries were actually going to the wrong ip.

Why am I such a magnet for stupid shit like this?
Every time I try to do something beautiful, elaborate, complex, I always get some small shitty detail wrong.
It's like "close, but no cigar".
Every.
Single.
Time.

Sigh

Bonus fun fact: I only found out thanks to Windows' DNS leak feature. Thanks, Windows!

There is no joy in life

So I finally managed to set up networking on my 3D printer's raspberry pi: now it can connect to my phone's hotspot or to my uni's wifi network, depending on which is available.

Then I set up OpenVPN, using a remote server as a middleman so I can connect to the printer remotely and start/stop/monitor prints from anywhere.

Everything works great, except for one thing: whenever the Pi connects to the uni's network first, OpenVPN fails to start and connect to my server, rendering the printer unavailable (unless I use an ethernet cable, but that's not a viable operation since I need to lift the printer, and it's heavy).
The only for it to work as intended is to either:
a) keep my hotspot active (which kinda defeats the point), or
b) let it connect to my hotspot first (so that OpenVPN can start properly) and then turn off the hotspot, allowing the printer to reconnect to the uni's wifi and reconnect to my vpn.

Why won't things just work the way they're supposed to? 😭

The name of today is Murphy.

So, the LAN at location A can't reach the one at location B. Turns out that something yet unknown is blowing fuses at location A, but after disconnecting a ton of unknowns, the router and a radio link station are up again. Yay Internet, but still no VPN connection to location B.

Needing the passwords for the OpenVPN servers, I notice that encfs4win refuses to mount the drive where the password manager files reside. Of course, any problem must have the company of other problems. Eventually, the encfs drive mounts on another computer.

So, I can access the OpenVPN computer running the client side and check the logs, which tell me that network B is unreachable.

Both networks and an encfs setup all die at the same time? Right, Murphy, what are you going to come up with next? No, don't tell me because I just got read errors from a hard drive.

no VPN
ping 1.1.1.1 => 22ms

with VPN
....
....
timeout

I reset my Linode VPS to vanilla Arch after the blundered attempt to use an unsupported Linux distro. Now I'm reinstalling OpenVPN and decided to try out IPv6 networking over the tunnel. Got my free address block and it is SO AWESOME, even typing the addresses feels nicer. I never want to touch IPv4 octets again.

That horrible, dreadful, feeling when your openvpn server is not working as intended anymore, and yet you can't remember what was the last thing you changed a few weeks ago.
Even worse, one client seems to still work just fine, while another seems completely broken.

- pc1 (windows): all good
- phone 1 (android 8.1): no connectivity, both internal and external
- phone 2 (android 7): all good

All with the exact same config.

If there is a god, I must be in hell. Otherwise I cannot see the point of this sensless torture.

On holiday with parents and gf...
Wifi here forces you to use their DNS (using Google's or Cloudflare or any other DNS is blocked)...
Can't use my OpenVPN either...

fuck...

AHHHHHHHHHHGGGH

I HATE VPN SETUP

- Trying OpenSwan
Installing open swan on a Debian machine.. setting up the config.
Restarting openswan. Syntax error. No syntax error to be found.
Different tutorial.. it starts! Try to connect.. I can’t connect. Look at the logs. No errors.
Tcpdump. My traffic is coming through.. all fine.. try to connect again.. it works! (Nothing changed!)
Try to ping somewhere else.. no connectivity.
Try to ping an IP in the same network.. works fine. So I have connectivity, just no internet.
Spend an hour finding out about traffic directions of which no one seems to know what they really mean.
Boss tells me to stop using openswan because it’s deprecated and replaced by strong swan..

- Strongswan
Reinstall Debian machine, install strongswan. Copy openswan config. Oh, they’re incompatible? Look up strong swan config, and the service starts.
Connect to the VPN.. it works! Again, no internet, just connectivity in the same network. Spend 2h debugging the config, disable firewalls everywhere, find an ancient bug in the Debian package related to my issues.. ok, let’s try compiling from source.. you know what, let’s not. I’ll throw this Debian machine away and try something completely different.

- pfSense
Ok, this looks easy enough! Let’s just click through the initial setup, change some firewall rules, create an L2TP VPN with a simple wizard.
Try to connect to VPN. First, it times out. Maybe a firewall issue? Turn off firewall.. ah, something happens now. I get an error message right after trying to connect to the VPN. Hmm, the port doesn’t even get opened when I enable the firewall.. this implementation seems a bit buggy.. let’s try their OpenVPN module.

Configure OpenVPN. Documentation isn’t that clear.. apparently a client isn’t actually a client but a user is a client.. ok, there’s a hidden checkbox somewhere.
Now where do I download my certificate? Oh, I need a plug-in for that.. ok, interesting. Able to download the certificate, import it, connect and.. YES!!! I can ping! But, I have no DNS..
Apparently, ICMP isn’t getting filtered but all outbound ports are.. yet the firewall is completely disabled. Maybe I need outbound NAT? Oh. There’s no clear documentation on where to configure it. Find some ancient doc, set it up, still no outbound connectivity.

AHAHAHAHHHHHHHHHHG

Then I tried VyOS. I had a great L2TP VPN working in less than 15 mins. Thank you VyOS for actually providing proper docs and proper software.

!rant
Woohoo! Finally managed to set up ipv6 tunnelling on my openvpn server, now all my clients can reach ipv6 resources too!
The only hiccup is that I have to manually specify an ipv6 address to each client beforehand, or they won't get one automatically, but that seems to be an OpenVPN-related issue.
Still, feeling great! Finally figured this out :D

Hey
Any good resources for writing openvpn client in PHP?
I tried Googling but couldn't find any good article in layman's terms

Thanks

If you develop something with bulk-internet-traffic (caching, backup and so on) buffer that long that OpenVPN can connect without interruption of a download, stream or so...

For our current project, we connect to three different OpenVPNs:

Our dev OpenVPN (to get Jenkins/Artifactory)
The ops team devops OpenVPN (to get to environment)
The vendor's VPN for single signon

All of them have different keys and one connects to LDAP and uses a password we can't change.

Goddammit have tried for several days to get a vpn up and running so we can have a mac as build server.

I have opened the ports on the router, tried l2tp and openvpn, everything works on the local network.

However accessing my static ip from my ISP, it just gives me weird errors from the devices no information. Goddammit what to do....

I'm on vacation and we wanted VPN connections back to Sweden to access some sites thats only available in Sweden
So I setup a raspberry pi as access point using hostapd and openvpn from there.
So we have two wireless network options where we are: fast unsecure or slow and from Sweden, just choose what you are going to do on the device that you connect with.
Tablets, computer, phones and so on.

!rant

I am too stupid to setup OpenVPN. If I give you access to the VM it's on, would someone set it up for me? There's a $60 Amazon gift card in it for you. As well as having a developer at your beck and call to return the favor.

Lemme just say... Wow. Wireguard... It's so incredibly simple and elegant. I cannot believe how easy and how little reading it needed to set it up.

And unlike OpenVPN, the Android client is even able to override the system's DNS servers, meaning I can finally start blocking nosy apps from contacting their big brothers in the cloud via DNS blackholing!

Wow. Wireguard... 10/10. Simple, fast to set up, elegant.