Impossible to set up OpenVPN on LowEndSpirit Netherlands VPS; and also no reverse DNS possible

bobo36 · March 2020

Hello,

Issue 1 :

After hours and hours, I concluded that it is not possible to set up VPN on Netherlands location on LowEndSpirit. I had a VPN at Italy location since the beginning of LowEndSpirit. OpenVPN was working and installing well, I reinstalled it like 10 times. But then, Italy location closed.

So I got a Netherlands LowEndSpirit VPS. But it is not possible to install any VPN on it. Indeed, original script from Nyr https://github.com/Nyr/openvpn-install gives me the message
" Unable to initialize the iptables/netfilter NAT table, setup can't continue.
Make sure that your system has iptables/netfilter available.
If using OpenVZ, ask your provider to enable full netfilter support."
and script from Angristan https://github.com/angristan/openvpn-install is giving me a similar error.

When trying to manually set an iptables redirection, it says that 'nat' table does not exist.

So it is possible to install OpenVPN, and even connect to it. But it will only be possible to ping the local machine, nothing will be redirected. So it is not possible to access the Internet with it. So it is useless.

Of course : TUN/TAP is enabled, I reinstalled the VPS multiple times under various versions of Debian (Debian 8 to Debian 10) with various versions of openvpn-install script. I used "reconfigured networking" a lot of time but I did not solve my issue.

Issue 2:

It is not possible to set a reverse DNS to my IP. "Reverse DNS is disabled for this ipaddress. Please contact support".

Best regards,

lentro · March 2020

What provider is this? Link?

bobo36 · March 2020

Inception Hosting provider, location Netherlands.

lgsin · March 2020

Issue2:Are you trying to set rdns on ipv4? It's shared resource so not being able to set rdns would be normal.

saibal · March 2020

Have you tried this?

seanho · March 2020

Yep, just touch /option.netfilter and wait at most half an hour for the host cron job to pick it up. The file will then be renamed to /netfilter.enabled, container will reboot on its own, and you'll be good to go.

There's also /option.fuse and /option.nfs. Only applies to Ant's NAT services, not mikho's or others'.

This was in the NAT LES forum stickies since several months ago; unfortunately, we're in the transition between the old and new forums now.

InceptionHosting · March 2020

110% possible, around 400 OpenVPN servers running in that location alone.

rDNS on a NAT IP? I think perhaps the reality is that you should not have bought this service, feel free to pop a ticket in for a refund.

mobile · March 2020

try
#sudo openvpn-install.sh

yes, type sudo while you're root. it's stupid but it works

InceptionHosting · March 2020

also if you want to know the actual real reason it is probably that you dont have iptables installed

skorous · March 2020

@AnthonySmith said: also if you want to know the actual real reason it is probably that you dont have iptables installed

Please, please, PLEASE let it be this.

InceptionHosting · March 2020

@skorous said: Please, please, PLEASE let it be this.

it will be.

flips · March 2020

@mobile said:
try
#sudo openvpn-install.sh

yes, type sudo while you're root. it's stupid but it works

Huh? Any technical explanation for why this would make any difference?
(It shouldn't if you became root by su - or sudo -i?)

mobile · March 2020

@flips said:

@mobile said:
try
#sudo openvpn-install.sh

yes, type sudo while you're root. it's stupid but it works

Huh? Any technical explanation for why this would make any difference?
(It shouldn't if you became root by su - or sudo -i?)

it's magic

thanks ramnode

some /sbin/* commands do need explicitly declare sudo iirc, the change happens in Wheezy if it's debian, it was on mailinglist but i already forget which mail now (welp, years years ago)

you either do #sudo <sbin> or edit your iptables using absolute path

from:

if ! iptables -t nat -nL &>/dev/null; then
    echo "Unable to initialize the iptables/netfilter NAT table, setup can't continue.
Make sure that your system has iptables/netfilter available.
If using OpenVZ, ask your provider to enable full netfilter support."
    exit
fi

to:

if ! /usr/sbin/iptables -t nat -nL &>/dev/null; then
    echo "Unable to initialize the iptables/netfilter NAT table, setup can't continue.
Make sure that your system has iptables/netfilter available.
If using OpenVZ, ask your provider to enable full netfilter support."
    exit
fi

if sudo isn't your fancy, you probably need to update your script to be like that. there's plenty sbin that share this behavior but i can't really list it right now, nah just use absolute path when you're shell scripting

lentro · March 2020

@flips said:

@mobile said:
try
#sudo openvpn-install.sh

yes, type sudo while you're root. it's stupid but it works

Huh? Any technical explanation for why this would make any difference?
(It shouldn't if you became root by su - or sudo -i?)

The script is just designed to check if you have used sudo I think. No other reason. As you noted, the technical side is that both are running root, so it shouldn’t make a difference.

mobile · March 2020

@lentro said:

@flips said:

@mobile said:
try
#sudo openvpn-install.sh

yes, type sudo while you're root. it's stupid but it works

Huh? Any technical explanation for why this would make any difference?
(It shouldn't if you became root by su - or sudo -i?)

The script is just designed to check if you have used sudo I think. No other reason. As you noted, the technical side is that both are running root, so it shouldn’t make a difference.

nah, this part is what check you, not the iptables

if [[ "$EUID" -ne 0 ]]; then
    echo "Sorry, you need to run this as root"
    exit
fi

flips · March 2020

I would think $EUID might be different due to

how you became root (login shell or not, as in -i with sudo)
setuid bit
Maybe differences in dash vs bash as /bin/sh (applicable if using #!/bin/sh and not #!/bin/bash or env bash ...)

Iroshan464 · March 2020

I setup openvpn on a 128mb open vz Nat very easily.
Used this script.
https://github.com/angristan/openvpn-install

bobo36 · March 2020

Indeed, it was just that I needed to run the script as sudo while being root ... Thank you very much for your help.

As for rDNS, I did not meant that, but back in the days we could have haproxy redirection from mydomain.com:80 --> server_ip:port.

proxima · May 2020

@seanho said:
Yep, just touch /option.netfilter and wait at most half an hour for the host cron job to pick it up. The file will then be renamed to /netfilter.enabled, container will reboot on its own, and you'll be good to go.

There's also /option.fuse and /option.nfs. Only applies to Ant's NAT services, not mikho's or others'.

This was in the NAT LES forum stickies since several months ago; unfortunately, we're in the transition between the old and new forums now.

Thankyou verymuch. This sorted it for me. Been at it for weeks. Trying different os's, different scripts.
Its magic once u know how. Great.

Clouvider · May 2020

I believe that’s documented in their KB?

InceptionHosting · May 2020

@Clouvider said: I believe that’s documented in their KB?

Yup

Impossible to set up OpenVPN on LowEndSpirit Netherlands VPS; and also no reverse DNS possible

Comments

thanks ramnode