-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, 27 May 2021 23:35, Bo Berglund <bo.bergl...@gmail.com> wrote: > I have just configured my new OpenVPN server running on a RaspberryPi3B+ with > the latest release of the operating system PiOS (Debian Buster derivative). > Openvpn was installed via apt. > > I have created 3 different instances: > > serverweb.conf Allows access to the local LAN and Internet > serverlan.conf Allows access to the local LAN but not to the web > servertun.conf Allows no access to LAN or Internet, only client-to client > > I had to reboot the RPi3 in order to get VNC working and after fixing this I > went back to working on the OpenVPN stuff. I blocked use of ipv6 by setting: > proto udp4 > in all three conf files > > Then I tried to manually run an instance off of the servertunconf and once it > started I checked the port usage and found to my astonishment that not only > was > my designated port (1196) listening, but also the other two! > > But I have not yet registered openvpn as a service with the operating system > and > decided which service would be allowed to run!!!!!! > > And I have not yet fixed IPTABLES to handle the routing from the server > either... > > I have looked at the /etc/default/openvpn file but there is nothing there that > would cause the 3 instances to start running like this. > This file is where I usually specify which instances should run. > > What has happened here? > From where were they started? > And how can I fix it such that only the instances I want running will run? > Debian has a systemd unit file called openvpn.service, disable it. It starts all openvpn config files found in /etc/openvpn Openvpn ships with two specific systemd unit files: * openvpn-server@.service - For starting Openvpn servers * openvpn-client@.service - For starting Openvpn clients These two services only start a single instance as used by: * systemctl start openvpn-server@<your-server-file-name> (without .conf) * systemctl start openvpn-client@<your-client-file-name> (without .conf) The server service only starts openvpn config files in /etc/openvpn/server The client service only starts openvpn config files in /etc/openvpn/client https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/README.systemd Should get you started. R -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgsCqGACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ0EpAf/YdHBIYuLjSOMTZRCqsUJHj4Qi/QPm2w4v6QZu6GBoq4Ojey0 WzL4UYzhh9i9K+z+2NvlN72FponjJ0bl4ZE7HNVtoe0W4Bj52KX62b9h8rO2 oQ17zRDtkSmZmc9rw1ZAkFlu0rYXDPm3SD6X8F124ENvaFu4f8zoJi4WDorw umwFW/DmzqB0oLcbD7yNAoHIkhwwYCyJ4uUoLuhQqMIzuyr+ri7MYSBbbsDH JEbmL2kzL4EdnAX/NuZiDexwGh2iQKVjyFiOWi/7I0s5B+v7yNpUXTpiGtOU 972L3ah11Ygn3LH1+GL052b2yYlEbResRoZTgLfLuuaAjzG3SVBCmg== =GgdW -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
