FAQ¶

How do I update the script?¶

See Updating the Script.

How do I renew certificates?¶

See Client Management — Renewing and Server Management — Renewing.

How do I check for DNS leaks?¶

After connecting to the VPN, visit:

• dnsleaktest.com
• ipleak.net

If your ISP's DNS servers appear, you have a DNS leak.

Fixing DNS Leaks on Linux¶

Linux DNS management varies. Common solutions:

# If using systemd-resolved
resolvectl status

# If using NetworkManager
nmcli device show | grep DNS

The script adds block-outside-dns for Windows clients to prevent DNS leaks.

How do I troubleshoot IPv6 issues?¶

1. Verify the server has IPv6 connectivity:

   ping6 -c 4 google.com
   

2. Check that IPv6 forwarding is enabled:

   sysctl net.ipv6.conf.all.forwarding
   # Should return: 1
   

3. Verify firewall rules allow IPv6:

   ip6tables -L -n
   

What sysctl changes are made?¶

The script creates /etc/sysctl.d/99-openvpn.conf with:

net.ipv4.ip_forward = 1
# If IPv6 is enabled:
net.ipv6.conf.all.forwarding = 1

These are removed during uninstallation.

How do I allow client-to-client communication?¶

See Customization — Client-to-Client.

How do I give VPN clients access to the LAN?¶

See Customization — Push LAN Routes.

How do I set up split tunneling?¶

See Customization — Split Tunnel.

Can I run OpenVPN on port 443 alongside a web server?¶

See Customization — Port 443 Multiplexing.

How do I create multiple clients at once?¶

See Customization — Batch Client Creation.

How do I customize the client configuration template?¶

See Customization — Client Configuration Template.

How do I create password-protected clients?¶

See Client Management — Adding a Client (password-protected section).

Why is compression disabled?¶

See Security — Compression.