ingmar's picture

I have no physical  access to my vps and my provider has all kinds of turnkey available but not the one i need.

Can i install turnkey openvpn on a fresh install of Debian Jessie 64?

 

edit

 

What i've tried so far is to tar an install of Turnkey openvpn from the root / 

to untar it at the root of the fresh install.

This works for another situation i had and it all comes to excluding certain dirs and files from the backkup.

When i do this in this situation with:

tar -zcvpf /tars/vpn.gz --directory=/ --exclude='etc/fstab' --exclude='etc/dbus-1' --exclude='etc/network/interfaces' --exclude='boot' --exclude='dev' --exclude='tars' --exclude='proc' --exclude='sys' --exclude='tmp' --exclude='run' --exclude='mnt' --exclude='media' --exclude='lost+found' .

And then Untar it at / of the new system with:

tar -zxvpf vpn.gz

And do a reboot

The system boots up but halts on: failed to start login service and failed to start lsb

Forum: 
Tags: 
Jeremy Davis's picture

Perhaps we can encourage them to allow you to host the TurnKey appliance? If you'd rather not post it publicly email me: jeremy AT turnkeylinux.org. Also some providers allow you to get ISOs loaded, perhaps yours does too?

In theory what you are trying to do is possible, but as you've discovered, you'll need the right set of exclusions. Unfortunately I don't know what they are...

ingmar's picture

So sorry not following up on this post cause i'd forgotten about it.

 

It turned out that the Turnkey image is build with a software aplliance that interacts with paid services and that's not what i want so there was no need for me to further investigate.

I have only limited specific needs in regard tot VPN and that is giving people acces to the internet with the highest level of security provided in an easy to understand and automated way.

My search resulted in this nice docker thing (didn't knew about it at all!) and got it running.

Next challenge is to build a simple webinterface to interact with this which i have to invent and make myself.

 

https://github.com/kylemanna/docker-openvpn

 

My hosting provider is https://www.vpshosting.nl/

As far as i can see they don't provide in Turnkey ISO's.

 

Oops!! Edit!!

My hosting provider was yourhosting.nl at the time of writing this post. They offer several Turnkey Iso's but not the one i wanted. I moved away from them for another reason namely not giving me the proper support which almost caused a haert attack on this side. ;)

Besides that it's a very professional organization with a very well organized interface for their client with many possibillities to choose from. 

Jeremy Davis's picture

You don't need to pay to use the TurnKey Linux OpenVPN appliance. I test each build with a free Android client at build time. So I'm not sure where you got that information but it is incorrect.

Having said that, it does come default with TKLBAM (our backup and migration tool) pre-installed. For ease of use and a nice web UI you do need to register with us. And to get the best out of it you do need to pay a subscription, but it's not compulsory. You don't even need to register with us if you don't want to as you can use alternate backends (such as local filesystem or Google Docs). Perhaps you misunderstood that part?

Also if you launch it on AWS there are fees. So again, that may be where the misunderstanding occurred?

Regardless, I'm glad that you have found something that suits your purposes. FYI we also provide docker builds, which I hadn't considered but probably should have thought of...

Is your solution using OpenVPN still? If so there are a number of projects aiming to do the same thing. Have a look here. Unfortunately though, last I checked they were all abandonware. The only maintained one I am aware of is the one provided by OpenVPN themselves (which you do need to pay for). If/when I find a good reliable open source web UI I'd really like to add it to our appliance but am yet to find one. Perhaps you could revive one of the old abandoned projects? Or perhaps just pull out the bits you need? Regardless, I'd be interested to hear how you go. Who knows, if you make a cool open source one, perhaps we'll use yours!? :)

We developed the commandline OpenVPN helper scripts that we include with our OpenVPN appliance inhouse. They are free open source software so please feel free to rob them to use behind your webUI. One of the really cool features IMO is the QR code generator with a disposable URL. I reckon that would integrate really nicely into a WebUI! Anyway, even though you aren't using TurnKey, I'd be really interested to hear how you go and checkout your WebUI.

ingmar's picture

Sorry but i'm not a developer that one can work with. Just grabbing what i need to get things done and doing it all by myself and trying to comprehend it all every day. ;-) Very fragmented knowledge over here with no solid base.

About the paying i remember that it told me that only two connections where available for testing purposes? 

Jeremy Davis's picture

Thanks for the additional info. I've just done some googling and I don't think you were using TurnKey when you came across the 2 connection limitation. Or if you were, you must have "upgraded" to "OpenVPN Access Server". OpenVPN do provide the "OpenVPN Access Server" as a free (of charge) downloadable VM.

As you can see on the OpenVPN site, it's the (free-of-charge, but not free open source) "OpenVPN Access Server" that has the 2 concurrent connection limit.

The "OpenVPN Community Edition" (often just called "OpenVPN") is fully free (as in free open source) and has no limitations. On the downside, it also doesn't have a pretty web UI and needs to be configured manually (hence why we include the helper scripts with our server). We install the "OpenVPN Community Edition" (free as in speech) version in our appliance.

I know it's a bit confusing... But for what it's worth, have a look here for example, or the last post in this thread.

Out of interest what are you using now? Are you still using OpenVPN?

Jeremy Davis's picture

I haven't spent a lot of time with Docker containers but AFAIK, to make OpenVPN work properly inside a container, you need to run it as a "privileged" container. Doing that has some security implications (e.g. here) which you probably should consider.

If you can run it and get it working in non-privileged mode please post back.

Also one very last thing. I think your selling yourself short saying that you're "not a developer"! Sounds like you are developing stuff to me! When I started playing with TurnKey (about 8-9 years ago) I had very little Linux experience and had basically zero programming skills. I was what they call a "Windows power user". But with lots of playing, lots of reading and a fair bit of time trying to help others out with their issues, I ended up getting a job with TurnKey! :)

ingmar's picture

Using now in experimental setup to learn:

https://github.com/kylemanna/docker-openvpn

using this command:

  • docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
    

doing things all as root on the host that is. Something to also investigate when actually deploying but first things first. It's hard enough as it is. ;)

And can succesfully connect to it by using client downloaded from here using the .ovpn created within the dockerimage.

 

Many thanks for the links you posted! " use OpenVPN AS for configuration and once working, switch to OpenVPN CE using such configuration as base." sounds great and i'm gonna take a closer look. :-)

 

Add new comment