6 posts tagged Openvpn
Right. With the pandemic and all none of us are going to travel much but still...
About a year ago I purchased myself an OpenWRT router to use on the plane and in hotels.
And so far I really like both the device and the Hong Kong based brand (launching new and updated products, and releasing relatively regular updates for older products). Pick a device that fits your needs (USB powered? LTE? Small form factor?).
Rather simple script. Using log file instead of management interface.
Part has to run as Root (due to Munin most likely not having access to read the log files. Working with the management interface could solve this.Create /usr/local/bin/getVpnUsers.sh:
#!/bin/bash echo "VPN.value `cat /var/log/openvpn-status.log | sed -e '1,/Common Name/d' | sed -e '/ROUTING TABLE/,$d' | wc -l`" > /tmp/.vpn_munin.txt
You can change the name of VPN.value to the VPN name and/or add multiple lines (each with a different NAME.value if you’re running more than one VPN user. Be sure to cat the right log file).
For no clear reason, OpenVPN on Mac with Tunnelblick (any version, had this problem for a few years already) results in these kind of error messages (and refuses to connect):
2013-02-05 17:44:31 write UDPv4: Can't assign requested address (code=49) 2013-02-05 17:44:33 write UDPv4: Can't assign requested address (code=49)
This seems to appear more often when swapping WiFi/IP range (after my Mac goes into sleep). But also happens when connecting to the same WiFi. It doesn’t change anything whether I disconnect OpenVPN before putting the Mac to sleep.
I recently started to notice following error messages on my openVPN server.
ovpn-server[6306]: vpn.rootspirit.com/85.234.x.y:62068 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)This basically means that the TUN or TAP interface is making more packets than the real (TCP) interface can handle.As I need to run OpenVPN using the TCP protocol (instead of the faster UDP protocol; as UDP is often blocked in networks I use my VPN in) I experimented by increasing the tcp-queue-limit. The default is 64, and I’ve set it to 256. So far, everything still seems to be working fine (but more packets will be queued before being dropped by OpenVPN, requiring less retransmissions).
There’s a great GUI out for OpenVPN & Windows, located here.
However, this GUI includes an old OpenVPN, that is no longer compatible with Windows 7 and Windows Vista.
The TUN/TAP driver will be blocked due to compatibility issues, and when trying to connect to a VPN, you’ll get an error along the lines of:
All TAP-Win32 adapters on this system are currently in use
The simplest fix, is to install the GUI package (including the old OpenVPN binaries), and reinstall OpenVPN afterwards.
A short howto, as I was unable to find any clear ones on the net.
I'm using Mac OS X (Leopard) as client, and a Gentoo server as server/host.
I both tried Viscosity and Tunnelblick on my Mac as OpenVPN software, and Viscosity is probably somewhat easier to configure (using the GUI), it was shareware. So I ended up using Tunnelblick and it seems to be doing its job quite well.
First of all, make sure Gentoo is set up and working as intended. I used my home router as VPN server (having both eth0 and eth1 (= ppp0).
