OpenVPN on OpenVIX Images

[SnowManUK]

Hi All,

I have been playing with Kodi and IPTV and have found that a number of IP's and Domain names are being blocked (tested on Virmin and Sky).

I already use OpenVPN on my PC's and Phone to my own server (UK Docklands) and am going to try and setup my GigaBlue and then ZGemma and document it.

I am going to make it Certificate based logins which seems to be easy to install and then it can AutoRun.

I will try and make it generic for OpenVPN providers so you should be able to use this guide with other providers.

If you have any experience of this, then please let me know, if not, I will start from scratch.

Thanks

 

[kiddac]

All I know is every time I tried experimenting with openatv it kept bricking my box. So I gave up in the end.
So make sure you have a full backup before you start faffing.

 

[peterb5163]

Good luck. I have tired setting it up with no luck. I'm running on OpenATV 5.3 following kiddacs barebones guide, could not get it working. I advise getting a BT homehub 5a a solder gun and following the following guide from openwrt.Org (if posting external links not allowed admin please remove) https://wiki.openwrt.org/toh/bt/homehub_v5a then you can run openVPN from your router

 

[dsayers2014]

Have a look here http://www.techkings.org/zgemma-star-2s/67774-open-vpn-tsmedia.html?highlight= some found it buggy for me it worked then tried again and had errors

 

[SnowManUK]

Hello All,

So managed to spend some dedicated time on this.

I followed this guide : https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
Used Certificate based authentication as the Box might have trouble authenticating.

I then tested it out of the box, and it did not work. So began the debugging process of both server and client.
Finally found the problem, it was down to the tunnel MTU/MSS size, an invalid size causes the tunnel to fail.

So if you follow the above guide then use these configs (delete the default openvpn.conf)

UDP.CONF:
#################################################
# OpenVPN config for UDP Connections #
# Comments are preceded with '#' or ';' #
#################################################

# Which TCP/UDP port should OpenVPN listen on?
port 443
# TCP or UDP server?
proto udp
# "dev tun" will create a routed IP tunnel. "dev tap" will create an ethernet tunnel.
dev tun0
# SSL/TLS root certificate (ca), certificate
ca ca.crt
cert servername.crt
key servername.key
# Diffie hellman parameters.
dh dh2048.pem
# Configure server mode and supply a VPN subnet (top half of subnet)
server 10.200.200.0 255.255.255.128
# Maintain a record of client <-> virtual IP address
ifconfig-pool-persist ipp-udp.txt
# Needed to access LAN while VPN is up.
push "redirect-gateway def1 bypass-dhcp"
# Push DNS Servers
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.8.8"
# The keepalive directive causes ping-like
keepalive 10 120
# Enable compression on the VPN link. If you enable it here, you must also enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
max-clients 50
# It's a good idea to reduce the OpenVPN privs on server
user nobody
group nogroup
# The persist options will try to avoid
persist-key
persist-tun
# Output a short status file showing
status openvpn-status-udp.log
# Set the appropriate level of log
verb 3
# Need to create this directory if you want to give static IP to user for port forwarding
client-config-dir /etc/openvpn/static/udp
-----
TCP.CONF:
*Use same elements from UDP.CONF but change below:
#################################################
# OpenVPN config for TCP Connections #
# Comments are preceded with '#' or ';' #
#################################################

# TCP or UDP server?
proto tcp
# "dev tun" will create a routed IP tunnel. "dev tap" will create an ethernet tunnel.
dev tun1
# Configure server mode and supply a VPN subnet (bottom half of subnet)
server 10.200.200.128 255.255.255.128
# Maintain a record of client <-> virtual IP address
ifconfig-pool-persist ipp-tcp.txt
# Output a short status file showing
status openvpn-status-tcp.log
# Need to create this directory if you want to give static IP to user for port forwarding
client-config-dir /etc/openvpn/static/tcp
-----
openvpn.conf (must all be lowercase)
########################
# Client config for OpenVIX Sat Box #
########################
client
dev tun1
proto udp
remote your.IP.not.dns.name 443
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
log-append /etc/openvpn/openvpn.log
fast-io
pull
route-delay 2
redirect-gateway
ca ca.crt
cert client1.crt
key client1.key
mssfix 1432
-----
IPTABLES:
# Generated by iptables-save v1.4.21
*nat
:PREROUTING ACCEPT [4:390]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o ppp+ -j MASQUERADE
-A POSTROUTING -o tun+ -j MASQUERADE
COMMIT
#
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [12:1192]
:OUTPUT ACCEPT [35:4649]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9000:10000 -j ACCEPT
-A INPUT -p udp -m multiport --dports 9000:10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A FORWARD -i tun+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun+ -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
# Drop invalid packets
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
#
-----

You can also use this client config on Windows, MAC or Linux Clients just generate another client certificate and change openvpn.conf to openvpn-udp.ovpn and put in config directory on your PC.

Hope this helps others.

Notes: I used an ArubaCloud Small VPN, EUR 1 per month, with Ubuntu 14.04 Server x64 Minimal. Port 3128 & 10000 are for SQUID & Webmin. 9000:10000 is for Static Forwarding to Clients.
Their UK Servers are fast responding as use SSD's, great transit bandwidth and stable. Be careful of GEO-IP though, some DB's see the UK IP's as Italy. So NetFlix/iPlayer might not work.

My line provider uses a server in OVH (France) to front their platform, and the ping time is sub-15ms from VPS to Line Provider.

This should allow you to bypass ISP Blocks, ISP Bandwidth throttling as your traffic will look like secure web browsing (using port 443), and should open up all KODI streams.

Please Like & Thanks if this helps you.

 

[nitro123]

Hi there guys I have a zgemma h.2s with is a Linux operating system. And I don't know which website to buy a openvpn client from? Advice will be very much appreciated.

 

[SnowManUK]

Hi,
I use my own OpenVPN Server.

But I also have a NordVPN account. They have their own client, but login to portal and they have .ovpn config files, just edit them like above and you will be fine.

 

[nitro123]

Hi SnowManUK Thanks for advice. I have signed up for a free vpn trial on NordVPN to test out. how do I upload the vpn server on to my zgemma h.2s box?

 

[nitro123]

Hi Does anyone of you guys use Nordvpn? Because I got a free trial from website yesterday and downloaded it for Linux devices and extracted folders first. And then didn't know what to do cause there were lots of ovpn and crt files there. Help please :beg: