Thanks,
How could I miss that one? I will try that very soon. That should be what I need.
TUTORIAL Easy OpenVPN
- Thread starter dad311
- Start date
Thanks,
How could I miss that one? I will try that very soon. That should be what I need.
I followed the instructions in how-to but the internet on client stopped working after connecting to VPN.
Anyone succeeded in making this work?
Have ever similar scripts creating VPN in bridge mode existed? I tried several times to make these scripts but failed. Honestly I could not create a working bridge mode VPN.
Anyone succeeded in making this work?
Have ever similar scripts creating VPN in bridge mode existed? I tried several times to make these scripts but failed. Honestly I could not create a working bridge mode VPN.
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
Are you running the Proxmox version? If so did you follow these notes at the bottom of the Proxmox PDF? This is needed to allow traffic to route. I dont recommend passing IP traffic though a PBX/VPN.
IP MASQUERADE & ROUTING:
To enable routing between the VPN LAN and local LAN perform the edits on the Easy OpenVPN VM:
iptables -t nat -A PREROUTING -i tun0 -j DNAT --to VM.ip" (where VM.ip is the ipaddress of eth0)
To save these changes to the firewall type “service iptables save”
Also, edit file “/etc/sysctl.conf” and change the line “net.ipv4.ip_forward = 0” to read “net.ipv4.ip_forward =
1”.
Execute the following command:
$ /sbin/sysctl -w net.ipv4.ip_forward=1
Next, you will need to tell your firewall/router how your local LAN can reach your new VPN LAN. In your
router add a static route that points 10.8.0.0 to the eth0 interface IP of your OpenVPN server. If you are using dd-wrt firmware, these setting are located under Setup>Advanced Routing.
I had limited success routing Internet traffic. I was able to-do it, but had a DNS issue. I added my local DNS server(192.168.100.1) to /etc/resolv.conf on the client and was able to ping Google. I think the only thing I'm missing here, is getting the DNS push to work.
Below are the lines I added to my server.conf file for the default route:
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.100.1"
Sorry, I don't have any bridging scripts.
IP MASQUERADE & ROUTING:
To enable routing between the VPN LAN and local LAN perform the edits on the Easy OpenVPN VM:
iptables -t nat -A PREROUTING -i tun0 -j DNAT --to VM.ip" (where VM.ip is the ipaddress of eth0)
To save these changes to the firewall type “service iptables save”
Also, edit file “/etc/sysctl.conf” and change the line “net.ipv4.ip_forward = 0” to read “net.ipv4.ip_forward =
1”.
Execute the following command:
$ /sbin/sysctl -w net.ipv4.ip_forward=1
Next, you will need to tell your firewall/router how your local LAN can reach your new VPN LAN. In your
router add a static route that points 10.8.0.0 to the eth0 interface IP of your OpenVPN server. If you are using dd-wrt firmware, these setting are located under Setup>Advanced Routing.
I had limited success routing Internet traffic. I was able to-do it, but had a DNS issue. I added my local DNS server(192.168.100.1) to /etc/resolv.conf on the client and was able to ping Google. I think the only thing I'm missing here, is getting the DNS push to work.
Below are the lines I added to my server.conf file for the default route:
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.100.1"
Sorry, I don't have any bridging scripts.
Thanks for your very detailed guide.
I am using PIAF installed as a VMware machine. Do the tricks above still work? If so I want to try.
In regard of DNS issue, have you ever tried Google DNS 8.8.8.8 instead of local DNS? like: push "dhcp-option DNS 8.8.8.8" ?
I am using PIAF installed as a VMware machine. Do the tricks above still work? If so I want to try.
In regard of DNS issue, have you ever tried Google DNS 8.8.8.8 instead of local DNS? like: push "dhcp-option DNS 8.8.8.8" ?
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
Dont know if the commands above will work in VMware, but if your running a VMware Server, I would create a dedicated OpenVPN VM.
To-do this:
- Install a new Centos 5.5 VM in VMware.
- Run the Easy Openvpn scripts in your new Centos VM.
I have never tried to push Google DNS or any other DNS to the VPN. I dont have the need.
As for the commands above, the ipv4 stuff should work, the iptables command might work or need a modification.
Dont forget the router setup stuff so you local LAN can access the VPN LAN. If you do this NONE of your local machines will need a VPN address (except the server).
Easy OpenVPN was designed to create a "basic" OpenVPN server which gives you simple point-point connections, without any routing. After the basic setup, everyone will have different requirements and wants.
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
Good point, there are a lot of ways to skin this cat. My dd-wrt could do it also.
Ive been thinking about adding a pfsense VM firewall, but from what I read, I cant do it with OpenVZ.
As of last week, all my VMs are OpenVZ, OpenVZ uses a lot less memory and CPU.
Ive been thinking about adding a pfsense VM firewall, but from what I read, I cant do it with OpenVZ.
As of last week, all my VMs are OpenVZ, OpenVZ uses a lot less memory and CPU.
true but pfsense is pretty lightweight. i have a centos5 openvz server, a piaf openvz pbx, a windows xp kvm and the pfsense kvm and my HN load is:
14:44:40 up 3 days, 19:40, 2 users, load average: 1.92, 1.78, 1.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.8.0.2 12:55 16:08 0.34s 0.02s -bash
root pts/1 10.8.0.2 12:57 1.00s 0.27s 0.01s w
(btw, this is only as high as it is because i am installing a couple of new kvms i am playing with.)
14:44:40 up 3 days, 19:40, 2 users, load average: 1.92, 1.78, 1.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.8.0.2 12:55 16:08 0.34s 0.02s -bash
root pts/1 10.8.0.2 12:57 1.00s 0.27s 0.01s w
(btw, this is only as high as it is because i am installing a couple of new kvms i am playing with.)
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
Maybe, Ill give it a try then. Ill have to get another ethernet card.
On my Proxmox server I have:
3 - OpenVPNs
PBX
Centos Desktop
Wordpress
Simple Invoices
Thats 7 total OpenVZ servers.
15:43:43 up 12 days, 4 min, 2 users, load average: 0.08, 0.02, 0.01
proxmox:~# free -m
total used free shared buffers cached
Mem: 3949 2895 1054 0 748 1124
-/+ buffers/cache: 1023 2926
Swap: 4095 88 4007
Very impressive!
On my Proxmox server I have:
3 - OpenVPNs
PBX
Centos Desktop
Wordpress
Simple Invoices
Thats 7 total OpenVZ servers.
15:43:43 up 12 days, 4 min, 2 users, load average: 0.08, 0.02, 0.01
proxmox:~# free -m
total used free shared buffers cached
Mem: 3949 2895 1054 0 748 1124
-/+ buffers/cache: 1023 2926
Swap: 4095 88 4007
Very impressive!
The Deacon
Guru
- Joined
- Jan 29, 2008
- Messages
- 296
- Reaction score
- 14
OK - built the vpn box (thank you VERY much for building the OpenVZ!)
Got everything going up to this point:
This is what I get when I try that:
Am I missing something?
Got everything going up to this point:
This is what I get when I try that:
Code:
[root@vpn EasyOpenVPN]# iptables -t nat -A PREROUTING -i tun0 -j DNAT --to 192.168.100.250
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.Am I missing something?
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
Did you edit "/etc/vz/vz.conf" on the Proxmox server as noted in the pdf? If not be very careful with the cut & paste. Here is a better link than whats pasted below.
These edits to “/etc/vz/vz.conf” may need to be completed for iptables to work correctly. My system already
had these edits so Im not 100% if they are needed for OpenVPN only.
sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG
ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf
/etc/init.d/vz restart
These edits to “/etc/vz/vz.conf” may need to be completed for iptables to work correctly. My system already
had these edits so Im not 100% if they are needed for OpenVPN only.
sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG
ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf
/etc/init.d/vz restart
The Deacon
Guru
- Joined
- Jan 29, 2008
- Messages
- 296
- Reaction score
- 14
That was it!
I must have missed that step. Thanks!
It worked like a champ!
Now to VPN into the bad boy...
I must have missed that step. Thanks!
It worked like a champ!
Now to VPN into the bad boy...
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
That was it!
I must have missed that step. Thanks!
It worked like a champ!
Now to VPN into the bad boy...
Great, now I can update my pdf from "maybe needed" to "needed". thx.
MichiganTelephone
Guru
- Joined
- Jun 29, 2009
- Messages
- 258
- Reaction score
- 0
Does anyone know how to contact the author of this software to ask a question? I tried to install "Easy OpenVPN" on a non-virtualized system running Centos 5 (not PBX in a Flash, which is why I'm not going into detail here). The first script appeared to run fine but the second one generated numerous errors and did not complete successfully. I'm wondering if there is a permissions issue - specifically, after the first script does its work, and the first line of the second script that copies files runs, are any of the files in /etc/openvpn/easy-rsa/ supposed to have the executable bit set? I ask because none of them do, and I suspect (but don't know for sure) that may be why the second script is failing.
Alternately, does anyone know the best way to undo what the first script does? I know it installs a bunch of software (most of which is probably harmless to just leave in place) but it does this and I don't understand what it's doing here:
The reason I'm asking is because if I can't get the second script to work and want to try installing OpenVPN using a different method, I don't want any conflicts with what the first script has already done.
Alternately, does anyone know the best way to undo what the first script does? I know it installs a bunch of software (most of which is probably harmless to just leave in place) but it does this and I don't understand what it's doing here:
Code:
rpmbuild --rebuild /root/EasyOpenVPN/lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
rpm -ivh /root/EasyOpenVPN/pkcs11-helper-*.rpm
#Fix openvpn.spec file
cp /root/EasyOpenVPN/openvpn.spec.fixed /usr/src/redhat/SPECS/openvpn.spec
cp openvpn-2.1.0.tar.gz /usr/src/redhat/SOURCES/
rpmbuild -bb /usr/src/redhat/SPECS/openvpn.spec
#Install
MACHINE_TYPE=`uname -m`
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
# 64-bit stuff here
rpm -ivh /usr/src/redhat/RPMS/x86_64/openvpn-2.1.0-1.x86_64.rpm
else
# 32-bit stuff here
rpm -ivh /usr/src/redhat/RPMS/i386/openvpn-2.1.0-1.i386.rpm
fiThe reason I'm asking is because if I can't get the second script to work and want to try installing OpenVPN using a different method, I don't want any conflicts with what the first script has already done.
dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
rpmbuild --rebuild /root/EasyOpenVPN/lzo-1.08-4.rf.src.rpm rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm rpm -ivh /root/EasyOpenVPN/pkcs11-helper-*.rpm
The above installs/rebuilds packages.
#Fix openvpn.spec file cp /root/EasyOpenVPN/openvpn.spec.fixed /usr/src/redhat/SPECS/openvpn.spec
The above fixes a centos issue with the default openvpn.spec file.
cp openvpn-2.1.0.tar.gz /usr/src/redhat/SOURCES/ rpmbuild -bb /usr/src/redhat/SPECS/openvpn.spec
The above rebuilds openvpn.spec file with "fixed" version.
#Install MACHINE_TYPE=`uname -m` if [ ${MACHINE_TYPE} == 'x86_64' ]; then # 64-bit stuff here rpm -ivh /usr/src/redhat/RPMS/x86_64/openvpn-2.1.0-1.x86_64.rpm else # 32-bit stuff here rpm -ivh /usr/src/redhat/RPMS/i386/openvpn-2.1.0-1.i386.rpm fin
The above detects 64/32 bit systems.
The easiest way to find the error causing your issue is run each command in scripts 1 and 2 manually.
The above installs/rebuilds packages.
#Fix openvpn.spec file cp /root/EasyOpenVPN/openvpn.spec.fixed /usr/src/redhat/SPECS/openvpn.spec
The above fixes a centos issue with the default openvpn.spec file.
cp openvpn-2.1.0.tar.gz /usr/src/redhat/SOURCES/ rpmbuild -bb /usr/src/redhat/SPECS/openvpn.spec
The above rebuilds openvpn.spec file with "fixed" version.
#Install MACHINE_TYPE=`uname -m` if [ ${MACHINE_TYPE} == 'x86_64' ]; then # 64-bit stuff here rpm -ivh /usr/src/redhat/RPMS/x86_64/openvpn-2.1.0-1.x86_64.rpm else # 32-bit stuff here rpm -ivh /usr/src/redhat/RPMS/i386/openvpn-2.1.0-1.i386.rpm fin
The above detects 64/32 bit systems.
The easiest way to find the error causing your issue is run each command in scripts 1 and 2 manually.
MichiganTelephone
Guru
- Joined
- Jun 29, 2009
- Messages
- 258
- Reaction score
- 0
I'm not exactly a Linux geek so some of the above (some of the bolded parts) doesn't mean that much to me, for example, I don't understand why a package would need to be "rebuilt", nor would I really care unless it has the potential to somehow mess things up for me if I wind up going with another way of installing OpenVPN.
Your suggestion to run each command manually is a good one. I'll give that a try a little later and report back as to what looks amiss, if anything, or PM you if I really get stuck. Thanks for responding.
MichiganTelephone
Guru
- Joined
- Jun 29, 2009
- Messages
- 258
- Reaction score
- 0
Okay, here are the first problem lines I have encountered in the first script:
cd /root/EasyOpenVPN
-bash: cd: /root/EasyOpenVPN: No such file or directory
Did mkdir /root/EasyOpenVPN to fix that, and got down to this point...
# yum install lzo-devel -y
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
Setting up Install Process
No package lzo-devel available.
Nothing to do
Apparently this happens if you don't have the "Dag RPM Repository for Red Hat Enterprise Linux" enabled. I found a post that said to add the following lines to /etc/yum.conf, but when I went to that file it suggested I create a separate file named file.repo in /etc/yum.repos.d . So I created one called dag.repo with these lines:
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
Unfortunately when I did that, I got this:
# yum install lzo-devel -y
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
dag | 975 B 00:00
dag/primary | 3.9 MB 00:02
dag 10868/10868
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package lzo-devel.i386 0:2.04-1.el5.rf set to be updated
--> Processing Dependency: lzo = 2.04-1.el5.rf for package: lzo-devel
--> Running transaction check
---> Package lzo.i386 0:2.04-1.el5.rf set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=====(etc. etc.)
Package Arch Version Repository Size
=====(etc. etc.)
Installing:
lzo i386 2.04-1.el5.rf dag 131 k
replacing lzo2.i386 2.02-3.el5.rf
lzo-devel i386 2.04-1.el5.rf dag 32 k
Transaction Summary
=====(etc. etc.)
Install 2 Package(s)
Upgrade 0 Package(s)
Total download size: 163 k
Downloading Packages:
(1/2): lzo-devel-2.04-1.el5.rf.i386.rpm | 32 kB 00:00
(2/2): lzo-2.04-1.el5.rf.i386.rpm | 131 kB 00:00
-----(etc. etc.)
Total 82 kB/s | 163 kB 00:01
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Public key for lzo-2.04-1.el5.rf.i386.rpm is not installed
The (etc. etc.) are where I cut out a lot of extraneous equals signs or dashes.
So now I'm a bit stuck. If I figure out how to get past this I'll come back and amend this post but otherwise I'm not sure how you deal with this (as I said I'm not by any means a Linux expert!).
EDIT: Finally figured out I had to do this:
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
Then the yum install lzo-devel -y finally worked. So now I am continuing on, will let you know if I encounter any other issues.
cd /root/EasyOpenVPN
-bash: cd: /root/EasyOpenVPN: No such file or directory
Did mkdir /root/EasyOpenVPN to fix that, and got down to this point...
# yum install lzo-devel -y
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
Setting up Install Process
No package lzo-devel available.
Nothing to do
Apparently this happens if you don't have the "Dag RPM Repository for Red Hat Enterprise Linux" enabled. I found a post that said to add the following lines to /etc/yum.conf, but when I went to that file it suggested I create a separate file named file.repo in /etc/yum.repos.d . So I created one called dag.repo with these lines:
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
Unfortunately when I did that, I got this:
# yum install lzo-devel -y
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
dag | 975 B 00:00
dag/primary | 3.9 MB 00:02
dag 10868/10868
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package lzo-devel.i386 0:2.04-1.el5.rf set to be updated
--> Processing Dependency: lzo = 2.04-1.el5.rf for package: lzo-devel
--> Running transaction check
---> Package lzo.i386 0:2.04-1.el5.rf set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=====(etc. etc.)
Package Arch Version Repository Size
=====(etc. etc.)
Installing:
lzo i386 2.04-1.el5.rf dag 131 k
replacing lzo2.i386 2.02-3.el5.rf
lzo-devel i386 2.04-1.el5.rf dag 32 k
Transaction Summary
=====(etc. etc.)
Install 2 Package(s)
Upgrade 0 Package(s)
Total download size: 163 k
Downloading Packages:
(1/2): lzo-devel-2.04-1.el5.rf.i386.rpm | 32 kB 00:00
(2/2): lzo-2.04-1.el5.rf.i386.rpm | 131 kB 00:00
-----(etc. etc.)
Total 82 kB/s | 163 kB 00:01
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Public key for lzo-2.04-1.el5.rf.i386.rpm is not installed
The (etc. etc.) are where I cut out a lot of extraneous equals signs or dashes.
So now I'm a bit stuck. If I figure out how to get past this I'll come back and amend this post but otherwise I'm not sure how you deal with this (as I said I'm not by any means a Linux expert!).
EDIT: Finally figured out I had to do this:
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
Then the yum install lzo-devel -y finally worked. So now I am continuing on, will let you know if I encounter any other issues.
MichiganTelephone
Guru
- Joined
- Jun 29, 2009
- Messages
- 258
- Reaction score
- 0
Continuing from previous post...
Next issue I hit was this:
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
error: Failed dependencies:
liblzo2.so.2 is needed by (installed) openvpn-2.0.9-1.el5.rf.i386
This one I'm drawing a blank on… first of all I'm not sure where the "(installed) openvpn-2.0.9-1.el5.rf.i386" came from, and in any case I don't know how to get around this error. I tried the obvious and got this:
# yum install liblzo2.so.2
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
Setting up Install Process
Package lzo2 is obsoleted by lzo, trying to install lzo-2.04-1.el5.rf.i386 instead
Package lzo-2.04-1.el5.rf.i386 already installed and latest version
Nothing to do
This is starting to feel a little like
EDIT: And do I feel dumb now… I just found out that OpenVPN was more than likely already installed, but probably not fully configured. Which means I probably now have two versions, or parts of two versions, that are incompatible with each other.
EDIT2: At this point I felt like I had nothing to lose (probably going to wind up wiping this system clean and reinstalling just because of the damage this script has done) so I did this:
yum remove openvpn-2.0.9-1.el5.rf.i386
And it removed the old conflicting copy. Then I did rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm again and it said
Preparing... ########################################### [100%]
package lzo-2.04-1.el5.rf.i386 (which is newer than lzo-1.08-4.rf.i386) is already installed
package lzo-devel-2.04-1.el5.rf.i386 (which is newer than lzo-devel-1.08-4.rf.i386) is already installed
So I assume that's okay.
Next I did
# rpm -ivh /root/EasyOpenVPN/pkcs11-helper-*.rpm
warning: /root/EasyOpenVPN/pkcs11-helper-1.07-2.el5.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 217521f6
Preparing... ########################################### [100%]
1
kcs11-helper ########################################### [ 50%]
2kcs11-helper-devel ########################################### [100%]
I assume the warning can safely be ignored?
Next I did:
# cp /root/EasyOpenVPN/openvpn.spec.fixed /usr/src/redhat/SPECS/openvpn.spec
cp: cannot stat `/root/EasyOpenVPN/openvpn.spec.fixed': No such file or directory
And that file really doesn't exist. Was something supposed to create it?
I am thoroughly, thoroughly frustrated at this point! I absolutely cannot recommend this script to anyone not running PiaF, and even then I'd be very cautious.
Next issue I hit was this:
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
error: Failed dependencies:
liblzo2.so.2 is needed by (installed) openvpn-2.0.9-1.el5.rf.i386
This one I'm drawing a blank on… first of all I'm not sure where the "(installed) openvpn-2.0.9-1.el5.rf.i386" came from, and in any case I don't know how to get around this error. I tried the obvious and got this:
# yum install liblzo2.so.2
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
Setting up Install Process
Package lzo2 is obsoleted by lzo, trying to install lzo-2.04-1.el5.rf.i386 instead
Package lzo-2.04-1.el5.rf.i386 already installed and latest version
Nothing to do
This is starting to feel a little like
EDIT: And do I feel dumb now… I just found out that OpenVPN was more than likely already installed, but probably not fully configured. Which means I probably now have two versions, or parts of two versions, that are incompatible with each other.
EDIT2: At this point I felt like I had nothing to lose (probably going to wind up wiping this system clean and reinstalling just because of the damage this script has done) so I did this:
yum remove openvpn-2.0.9-1.el5.rf.i386
And it removed the old conflicting copy. Then I did rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm again and it said
Preparing... ########################################### [100%]
package lzo-2.04-1.el5.rf.i386 (which is newer than lzo-1.08-4.rf.i386) is already installed
package lzo-devel-2.04-1.el5.rf.i386 (which is newer than lzo-devel-1.08-4.rf.i386) is already installed
So I assume that's okay.
Next I did
# rpm -ivh /root/EasyOpenVPN/pkcs11-helper-*.rpm
warning: /root/EasyOpenVPN/pkcs11-helper-1.07-2.el5.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 217521f6
Preparing... ########################################### [100%]
1
kcs11-helper ########################################### [ 50%]2
kcs11-helper-devel ########################################### [100%]I assume the warning can safely be ignored?
Next I did:
# cp /root/EasyOpenVPN/openvpn.spec.fixed /usr/src/redhat/SPECS/openvpn.spec
cp: cannot stat `/root/EasyOpenVPN/openvpn.spec.fixed': No such file or directory
And that file really doesn't exist. Was something supposed to create it?
I am thoroughly, thoroughly frustrated at this point! I absolutely cannot recommend this script to anyone not running PiaF, and even then I'd be very cautious.
Get 3CX - Absolutely Free!
Link up your team and customers 
Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Verify your Email
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.