Setting up VPN on Ubuntu VPS @ linode

ubuntu vpn vps openvpn linode

6,043

That wiki article is complete and utter balls. Don't use OpenVPN bridging unless you really, really know why you want to use it. It makes everything about 100 times harder. I'd start with the official OpenVPN HOWTO and go from there.

6,043

kitsune

Updated on September 17, 2022

Comments

kitsune almost 2 years

I'm really struggling with this because I'm not a network admin, only a mortal programmer.

Linode gives you an external and internal IP for use with other nodes on the linode network. In my case I've configured my external interface like this:

# The loopback interface
auto lo
iface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.
auto eth0 eth0:0 eth0:1

# eth0 - This is the main IP address that will be used for most outbound connec$
# The address, netmask and gateway are all necessary.
iface eth0 inet static
 address 97.107.XXX.XX
 netmask 255.255.255.0
 gateway 97.107.XXX.1


# eth0:1 - Private IPs have no gateway (they are not publicly routable) so all $
# specify is the address and netmask.
iface eth0:1 inet static
 address 192.168.140.135
 netmask 255.255.128.0

What's missing here before eth0:1 is the interface eth0:0 which I want to use for my VPN. Do I have to do this? Well I added this to my interfaces file between eth0 and eth0:1

iface eth0:0 inet static
 address 10.10.10.1
 netmask 255.0.0.0

So I've started installing openvpn and generated the keys. This worked, as far as I can judge. I'm having problems with the openvpn server configuration. I want to be able to access my VPS' files from home or on the go, and maybe access the internet through it (maybe at a later stage, I don't know, I'm mainly interested in having access to my VPS and its files)

Among others, I have the following in my server.conf

dev tap1
server-bridge 10.10.10.1 255.0.0.0 10.10.10.50 10.10.10.100

Is this correct? Or do I have to use something else there.

I added some iptables mumbo jumbo for the bridges.

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

It says tap0 here even tho everywhere else it's tap1. I'm getting these numbers from a guide (http://www.linode.com/wiki/index.php/OpenVPN). I don't know whether this is correct.

I then created a bridge-start script:

 #!/bin/bash
 #################################
 # Set up Ethernet bridge on Linux
 # Requires: bridge-utils
 #################################
 # Define Bridge Interface
 br="br0"
 # Define list of TAP interfaces to be bridged,
 # for example tap="tap0 tap1 tap2".
 tap="tap1"
 # Define physical ethernet interface to be bridged
 # with TAP interface(s) above.
 eth="eth0:0"
 eth_ip="10.10.10.1"
 eth_netmask="255.0.0.0"
 eth_broadcast="10.10.10.255"
 for t in $tap; do
   openvpn --mktun --dev $t
 done

Again, I have no idea what I'm actually doing here... Since I decided to use 10.10.10.1 I guess the default netmask would be 255.0.0.0. I've also added a similar bridge-stop script. Anyways if I want to start my bridge-start script I'm getting:

kitsune@makemake:/etc/openvpn/# /etc/openvpn/bridge-start
Thu Jun 25 21:08:36 2009 TUN/TAP device tap1 opened
Thu Jun 25 21:08:36 2009 Persist state set to: ON
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address

When I then try to start the openvpn it fails.

Can anybody make sense of this?