Re: [Openvpn-users] How to enable timestamps in server logfile?
On Mon, Jun 20, 2022 at 08:51:47 +0200, Bo Berglund wrote: > Originally I used OpenVPN since around 2014 on RaspberryPi to access my home > LAN. I did not have an Ubuntu server back then. > Then in 2016 I built the Ubuntu server to handle a lot of other things too, > like > subversion and such, and I also installed OpenVPN there. > But I no longer remember *how* I installed it, it might have been done using > some apt repository fiddling so I am now on the wrong branch The top entry in the /usr/share/doc/openvpn/changelog.Debian.gz should give you at least a little information about the specific build of the currently-installed version of the package... > What would be the proper way to do the manual upgrade? > > Is there a way to find out from where the openvpn I do have is coming and what > is blocking it from being upgraded via apt in that case? > [...] > apt policy openvpn > openvpn: > Installed: 2.4.7-xenial0 > Candidate: 2.4.7-xenial0 > Version table: > *** 2.4.7-xenial0 100 > 100 /var/lib/dpkg/status > 2.4.7-1ubuntu2.20.04.4 500 > 500 http://se.archive.ubuntu.com/ubuntu focal-updates/main amd64 > Packages > 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 > Packages > 500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 > Packages > 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages This "apt policy" shows that you have the standard Ubuntu repos in your apt.sources list, and thus the standard package is available to install. (It doesn't get installed by default because the dpkg version sort algorithm treats "2.4.7-xenial0" as newer than the version "2.4.7-1ubuntu2.20.04.4" and doesn't want to downgrade the package.) But I think you would be able to manually force installation of the stock Focal package using the command "apt install openvpn/focal" to force selection of the version of the package from the specified distro. (Or alternatively "apt install openvpn=2.4.7-1ubuntu2.20.04.4" to give an explicit version string.) > Can I just uninstall openvpn and then install via apt to get the latest? > Or will that throw out any custom config I have done too? ("remove" -- as opposed to "purge" -- will leave all custom config files, so they should be there waiting when you install the package again. But I'd say you might as well try the "install .../focal" approach first and see if you can do it all in one step.) > Currently over the summer I am not at my home LAN but I connect there via > OpenVPN on my router, so presumably I would have to wait until I am back home > so > I have direct access to the server, right? > (Since I would lose connection once the server OpenVPN goes down). Yeah -- in that case it's probably best to wait... (If the package upgrade works as expected, OpenVPN would automatically start back up afterwards, so you'd presumably just see a slight pause in your ssh session and then resume normal operation... but if anything goes wrong with the upgrade, you'd be in trouble) Nathan Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239 ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Force all DNS queries over VPN
Hi, On 18/06/22 22:49, Ian Pilcher wrote: I've got a simple OpenVPN setup that allows me to connect to my home network while traveling. I am using the redirect-gateway option to route all non-local traffic over the VPN when connected, but I haven't yet been able to figure out how to ensure that all DNS queries use the VPN nameserver. I am specifying the DNS server with "push dhcp-option DNS 172.31.249.1", but it only seems to affect the nameserver that my laptop uses for reverse DNS lookups on that particular subnet. When I connect from my laptop (using NetworkManager-openvpn), I see this in the log: Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: setting upstream servers from DBus Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.249.1#53(via tun0) Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.249.1#53 for domain 249.31.172.in-addr.arpa Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain penurio.us Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain 250.31.172.in-addr.arpa Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain 1.255.31.172.in-addr.arpa Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain 254.250.31.172.in-addr.arpa How can I make the client send all DNS queries to the VPN DNS server? this depends a little on whether your system is using systemd-resolve or not, plus on how you have configured the NetworkManager. For example, if you have configured the VPN profile in NetworkManager to "Use this connection only for resources on its network" then there is a fair chance that the DNS server will apply only to the VPN IP ranges. However, you seem to be using dnsmasq at the back - so how does NetworkManager tell dnsmasq which DNS servers to use? On my Fedora 35 system, which uses systemd-resolve, I see that the DNS settings are set *per interface* - this is not something that OpenVPN controls, but the NetworkManager+dnsmasq backends on your distro. Which distro are you using? HTH, JJK ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How to enable timestamps in server logfile?
On Sun, 19 Jun 2022 18:10:14 -0400, Nathan Stratton Treadway wrote: >> I am not enough into Linux to get anything useful from this... >> Hopefully you can. > >Well, I don't know how much difference it will make for your overall >project, but this output shows that you are still running an old >("xenial") version of OpenVPN... and that package puts .service files >under both > /lib/ >and > /usr/lib/ > >So I think that explains the results you saw from your "find" commands. > >I'm guessing you used a locally-build package for 2.4.7 under Xenial >(since the Ubuntu repo for Xenial has version 2.3.10)... but the naming >conventions clash ("-xenial0" is greater than "-1ubuntu" in the package >version-string sort order) and so the system didn't automatically move >to the Focal-provided package when you upgraded. Originally I used OpenVPN since around 2014 on RaspberryPi to access my home LAN. I did not have an Ubuntu server back then. Then in 2016 I built the Ubuntu server to handle a lot of other things too, like subversion and such, and I also installed OpenVPN there. But I no longer remember *how* I installed it, it might have been done using some apt repository fiddling so I am now on the wrong branch >Anyway, unless you have a specific reason to stick with the -xenial >package, you could go ahead and manually upgrade to the >2.4.7-1ubuntu2.20.04.4 version of the package... at which point all your >.service files should appear together under /usr/lib/ (and from that >point your system should automaticly offer to update to newer versions >of the package within Focal, if any someday get released). What would be the proper way to do the manual upgrade? Is there a way to find out from where the openvpn I do have is coming and what is blocking it from being upgraded via apt in that case? Checking version gives this: $ openvpn --version OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.10 Originally developed by James Yonan Copyright (C) 2002-2018 OpenVPN Inc Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes with_gnu_ld=yes with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_sysroot=no I tried this to see more about openvpn on my system: sudo apt list --installed | grep openvpn openvpn/now 2.4.7-xenial0 amd64 [installed,local] apt policy openvpn openvpn: Installed: 2.4.7-xenial0 Candidate: 2.4.7-xenial0 Version table: *** 2.4.7-xenial0 100 100 /var/lib/dpkg/status 2.4.7-1ubuntu2.20.04.4 500 500 http://se.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 2.4.7-1ubuntu2 500 500 http://se.archive.ubuntu.com/ubuntu focal/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages Can I just uninstall openvpn and then install via apt to get the latest? Or will that throw out any custom config I have done too? Currently over the summer I am not at my home LAN but I connect there via OpenVPN on my router, so presumably I would have to wait until I am back home so I have direct access to the server, right? (Since I would lose connection once the server OpenVPN goes down). -- Bo Berglund Developer in Sweden ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users