Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : Which Linux OS I should run for openvpn?

[mark103]

Hi guys,

I have just rented xen virtual private server with 128mb of ram and I need your help. I have a trouble of install openvpn on my server as I'm using CentOS 5.5 32bit PyGrub, I couldn't be able to forward the IP because I keep getting this:

Code:

iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded

I have opened the ticket to support and within hours, they have replied. Here's what they said:

Code:

Mark,

I just realized that you chose a 32-bit template, which run's it's own Kernel via PyGrub (does not share the host Kernel because it's 64-bit). You'll need to recompile your kernel for your specific needs, as this is an unmanaged VPS.

---------------------------------------------------------------

Regards,
Michael McRae

I am not sure what I am going to do now, whether to stick with 32-bit or change to 64-bit. So here's the two options for me.

Options 1: If I go with CentOS 32-bit, I will need to rebuilt kernel and other modules to get the openvpn working in order, it will use less ram.

Options 2: If I go with CentOS 64-bit, the kernel and other modules are already installed on the server which I wouldn't need to rebuilt while I will need to install openvpn, but it will use more ram.


Can you give me an advice with which options i should go with and tell me why? if i should go with 64-bit, I want to know how much ram would I have left it for myself after it have been used to run CentOS 64-bit and openvpn?

Any advice would be much appreciated.

Thanks,
Mark

[Laststop]

That's strange,

I've never had that problem myself, and I run a CentOS 32Bit VPS with 98MB Dedicated ram, and 128MB SWAP and have no problem's whatso ever.

Have you tried looking else where for a provider that can assist you more then your current one has with the OpenVPN solution? As I know of plenty providers that even offer budget solutions that have VPN capabilities already enabled and ready for you after your VPS is provisioned such as like BuyVM.

But, personally. I would just re-install your OS with the 64bit option and do it, but you won't have much ram left running a 64bit option OS on a 128mb Memory VPS.

But if you are experienced with linux and managing a VPS; it shouldn't be to hard for you to rebuild it and get it setup property.

[backtogeek]

Are you using OpenVPN Access Server or Openvpn community edition?

That is a known issue on the access server version that happens from time to time, few simple fixes are to simply flush your ip tables 'iptables -F' then 'service iptables restart' then 'service openvpnas restart'

Make sure you do a full update and reboot too.

Personally I suggest 32bit Debian or CentOS for OpenVPN

If it is access server your running there is a support channel on freenode #openvpn-as , if not have a look at it, it does come with 2 free licenses out of the box and has a Web UI for management.

[mark103]

Quote:

Originally Posted by Laststop

That's strange,

I've never had that problem myself, and I run a CentOS 32Bit VPS with 98MB Dedicated ram, and 128MB SWAP and have no problem's whatso ever.

Have you tried looking else where for a provider that can assist you more then your current one has with the OpenVPN solution? As I know of plenty providers that even offer budget solutions that have VPN capabilities already enabled and ready for you after your VPS is provisioned such as like BuyVM.

But, personally. I would just re-install your OS with the 64bit option and do it, but you won't have much ram left running a 64bit option OS on a 128mb Memory VPS.

But if you are experienced with linux and managing a VPS; it shouldn't be to hard for you to rebuild it and get it setup property.

Yeah, it sound very strange but I'm using Xen server installed CentOS 32-bit PyGrub without kernel. I tried with 64-bit and it works fine, but it uses alot of ram. Do you know where I can install or upgrade kernel on my xen server that will make the iptables to works?

[mark103]

Quote:

Originally Posted by backtogeek

Are you using OpenVPN Access Server or Openvpn community edition?

That is a known issue on the access server version that happens from time to time, few simple fixes are to simply flush your ip tables 'iptables -F' then 'service iptables restart' then 'service openvpnas restart'

Make sure you do a full update and reboot too.

Personally I suggest 32bit Debian or CentOS for OpenVPN

If it is access server your running there is a support channel on freenode #openvpn-as , if not have a look at it, it does come with 2 free licenses out of the box and has a Web UI for management.

I'm using OpenVPN and nothing is else. I can't flush my ip tables using with 'iptables -F', because kernel need to be upgraded. I keep getting this:

Code:

iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

here's the command.

[root@server1 ~]#iptables -F
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@server1 ~]#


The reason I'm awake of it doesn't work, because some modules of kernel is missing or need to be upgraded. I have tried with 64-bit which it has kernel in it and it works quite well. I don't know what to do, but please can you help me to find the upgraded version for kernel that it will make the iptables and other methods to work well like the 64-bit did but I want to use 32-bit?

[backtogeek]

Well I would say regardless of the fact that the VPS is unmanaged if your host is offering templates with broken IPTABLES right out of the box then they need to deal with that not you.

Anyway, you dont need any extra modules to use iptables it should be compiled in the kernel already

what is the output of:

rpm -q iptables

and

cat /etc/sysconfig/iptables-config

[mark103]

The output for this line of rpm -q iptables is:

Code:

iptables-1.3.5-5.3.el5_4.1

And the last output for this line is:

Code:

[root@server1 ~]#cat /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

[backtogeek]

change IPTABLES_MODULES_UNLOAD="yes" to IPTABLES_MODULES_UNLOAD="no" and reboot

[mark103]

Thanks, I have made the change and I have reboot. After I have reboot, when I input the command in putty:

Code:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

I still get this:

Code:

iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded

Any idea?

[mark103]

do anyone know how to fix this?

[JacobK]

Can you run /script/fixxenkernel and see if that will help you out.

[mark103]

No I can't, it doesn't support it because I'm using Xen VM.

[VirtualSRV]

Maybe you should get an OpenVZ VPS which supports OpenVPN natively.

[VPSForge-Ray]

Quote:

Originally Posted by vpsplug

Maybe you should get an OpenVZ VPS which supports OpenVPN natively.

Are you sure that openvz supports openvpn natively? AFAIK xen supports openvpn natively because on openvz you still need to ask your vps provider to enable tun/tap.

Reload your vps to other centos versions they have and check if iptables will function properly.


You could also try to load the kernel module yourself. Ive run into this same problem before on my vps with quickweb and here's what i have done to load iptables.

Visit http://repos.nethconsulting.com/cent...ernel/modules/ and download into your /lib/modules directory the required kernel for your os. run uname -r to check your kernel version

untar the file

Code:

tar -xvzf 2.6.xxxxxxxxx.tar.gz

Load iptables

Code:

modprobe -a iptables
or 
echo "iptables" >> /etc/modules

[mark103]

Quote:

Originally Posted by VPSForge-Ray

Are you sure that openvz supports openvpn natively? AFAIK xen supports openvpn natively because on openvz you still need to ask your vps provider to enable tun/tap.

Reload your vps to other centos versions they have and check if iptables will function properly.


You could also try to load the kernel module yourself. Ive run into this same problem before on my vps with quickweb and here's what i have done to load iptables.

Visit http://repos.nethconsulting.com/cent...ernel/modules/ and download into your /lib/modules directory the required kernel for your os. run uname -r to check your kernel version

untar the file

Code:

tar -xvzf 2.6.xxxxxxxxx.tar.gz

Load iptables

Code:

modprobe -a iptables
or 
echo "iptables" >> /etc/modules

No, I'm using Xen VM on my vps which it doesn't support tun/tap on centos 32-bit, but it does support on 64-bit.

here's the kernel version:

Code:

[root@server1 ~]#uname -r
2.6.18-164.6.1.el5xen

And here's the iptables version:

Code:

[root@server1 ~]#modprobe -a iptables
FATAL: Could not load /lib/modules/2.6.18-164.6.1.el5xen/modules.dep: No such file or directory

Can you tell me what I should do now??

How can I download the latest version of kernel into my /lib/modules directory?