Cyberghost VPN

Having issues with your DietPi installation or found a bug? Post it here.
Post Reply
qed
Posts: 20
Joined: Tue Feb 02, 2021 4:47 am

Cyberghost VPN

Post by qed »

I was trying to use the default dietpi openvpn installer (as custom) to setup Cyberghost VPN, but seemed to fail.

Anyone had and success with installing the Cyberghost config/ovpn, crt's and key with the dietpi VPN package?

error:

Code: Select all

root@Pi:/etc/openvpn# systemctl status dietpi-vpn.service
Warning: The unit file, source configuration file or drop-ins of dietpi-vpn.service changed on disk. Run 'systemctl daemon-reload' to reload units.
● dietpi-vpn.service - VPN Client (DietPi)
   Loaded: loaded (/etc/systemd/system/dietpi-vpn.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since *************** *******************
  Process: 7897 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client.ovpn (code=exited, status=1/FAILURE)
 Main PID: 7897 (code=exited, status=1/FAILURE)

*************** pi systemd[1]: Starting VPN Client (DietPi)...
*************** pi openvpn[7897]: Options error: --ca fails with 'ca.crt': No such file or directory (errno=2)
*************** pi openvpn[7897]: Options error: --cert fails with 'client.crt': No such file or directory (errno=2)
*************** pi openvpn[7897]: WARNING: cannot stat file 'client.key': No such file or directory (errno=2)
*************** pi openvpn[7897]: Options error: --key fails with 'client.key': No such file or directory (errno=2)
*************** pi openvpn[7897]: Options error: Please correct these errors.
*************** pi openvpn[7897]: Use --help for more information.
*************** pi systemd[1]: dietpi-vpn.service: Main process exited, code=exited, status=1/FAILURE
*************** pi systemd[1]: dietpi-vpn.service: Failed with result 'exit-code'.
*************** pi systemd[1]: Failed to start VPN Client (DietPi).
root@pi:/etc/openvpn#
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: Cyberghost VPN

Post by Joulinar »

Maybe you would need to check inside the config file if there is anything specified for these files.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 3514
Joined: Sat Nov 18, 2017 6:21 pm

Re: Cyberghost VPN

Post by MichaIng »

Usually the ovpn files contain the certificate and key inline. Here it doesn't seem to be the case. So you'd need to download those separately (probably included with the archive you got the ovpn from already?) and put them right next to the client.ovpn.
qed
Posts: 20
Joined: Tue Feb 02, 2021 4:47 am

Re: Cyberghost VPN

Post by qed »

I thought thats what the dietpi openvpn 'custom' option does? It asked me where the cyberghost ovpn was located, I selected it and it appeared to updated the client.ovpn file. I'll have a re-look at the difference between the orignal and the client.ovpn files to compare.
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: Cyberghost VPN

Post by Joulinar »

Our script just invoke the config file. It should not download any keys.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 3514
Joined: Sat Nov 18, 2017 6:21 pm

Re: Cyberghost VPN

Post by MichaIng »

Only credentials and up/down scripts are added to the client config, nothing else. As said, usually cert and key are embedded, so nothing else is required, but obviously this is not true in case of Cyberghost VPN.
qed
Posts: 20
Joined: Tue Feb 02, 2021 4:47 am

Re: Cyberghost VPN

Post by qed »

Possibly relating to ipv6 - Ghostvpn does not use ipv6, so disabled it in /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
ref: https://support.cyberghostvpn.com/hc/en ... a-Terminal

Also may be realted to the way the /var/lib/dietpi/dietpi-vpn/settings_ovpn.conf file is used.

I used the ghost default config file (was basically the same as the client.ovpn anyhow), rebooted and it worked. Strange the dietpi-VPN (custom) option fails to start the service....

GhostVPN setup found here: https://support.cyberghostvpn.com/hc/en ... a-Terminal
User avatar
MichaIng
Site Admin
Posts: 3514
Joined: Sat Nov 18, 2017 6:21 pm

Re: Cyberghost VPN

Post by MichaIng »

IPv6 is disabled automatically when the connection is established: https://github.com/MichaIng/DietPi/blob ... #L182-L184

If the unmodified config file works, then how does it differ from the client.ovpn derived from it? And did you copy/move the original one into /etc/openvpn or did you load it from a different directory? And if so, which other files are in this different directory?

EDIT:
The setup link actually explains pretty well what we suspected already:
Now, the saved config is a ZIP file, which contains the following single files:

ca.crt: This is the certificate of the certification authority
client.crt: This is the user certification file
client.key: This is your private key file
openvpn.ovpn: This is your OpenVPN configuration file
The first three files need to be moved into /etc/openvpn to work, while you obviously loaded openvpn.ovpn from the directory where you extracted it, where the files are present.
Post Reply