Feb 14, 2018
0 comments
Pivpn is an opensource project for making it easy to transform your Raspberry Pi into a VPN server.
It is very easy to install:
$ curl -L https://install.pivpn.io | bashFollow the wizard and you will be having a VPN server in no-time. The only thing I changed was creating a stronger key: 4096 bit.
But in the end it did not work, so I started debugging. First I checked for sockets:
# ss -tulpn
0 128 *:22 *:* user: (("sshd",pid=506,fd=3))But it looks only ssh port is open, however here is a catch, ss does not show open UDP ports (openvpn uses UDP) on ARM devices, this is a bug. So another tool to see open sockets is netstat.
# netstat -tunap
...
udp 0 0 0.0.0.0:1194 0.0.0.0:* 3176/openvpn
...So openvpn is running and the socket is open. Next I looked at the strace output, by running openvpn manually on my Raspberry Pi:
# strace /usr/sbin/openvpn --verb 11 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pidAnd it kept spitting out these lines over and over:
poll([{fd=5, events=POLLIN|POLLPRI}, {fd=4, events=POLLIN|POLLPRI}], 2, 10000) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLPRI}, {fd=4, events=POLLIN|POLLPRI}], 2, 10000) = 0 (Timeout)
lseek(3, 0, SEEK_SET) = 0
write(3, "TITLE\tOpenVPN 2.4.0 arm-unknown-"..., 134) = 134
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=127, ...}) = 0
write(3, "TIME\tTue Feb 13 19:53:44 2018\t15"..., 41) = 41
write(3, "HEADER\tCLIENT_LIST\tCommon Name\tR"..., 175) = 175
write(3, "HEADER\tROUTING_TABLE\tVirtual Add"..., 89) = 89
write(3, "GLOBAL_STATS\tMax bcast/mcast que"..., 44) = 44
write(3, "END\n", 4) = 4
lseek(3, 0, SEEK_CUR) = 487
ftruncate(3, 487) = 0First I thought there was something wrong with my time but then I saw the string "ROUTING TABLE", I was hoping I did not need to edit my iptables but I had to add these 2 lines to forward the vpn tunnel.
-I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -j ACCEPTAnd it worked! Conclussion blame manual written iptables!
1