Issue setting a VPN connection

akdom · January 13, 2015, 8:05am

Hi!

It is not the first time I’m setting a VPN, but it’s the first time it’s not working

I created the connection in KDE network manager, and then I set “Automatically connect to VPN” in Wired Connection 1 (eth0).
I disconnect then reconnect, I’m sucesfully connected to Wired Connection 1 andmy pr0xy.sh vpn, but my ip address remain unchanged.

I set my DNS servert in Wired connection 1 (eth0) to 146.185.134.104.

Under debian, I had no trouble. What am I doing wrong?

Thanks!

AJSlye · January 13, 2015, 11:52am

Search the forum before posting this has been discussed already.
This is also posted in the wrong place, please post in the appropriate part of the forum for which version you downloaded, Standard or Rolling.

akdom · January 13, 2015, 7:01pm

Thanks, I’ll post in this category in the future

I did search, but nothing is working. I read all threads here: http://forums.netrunner-os.com/search.php?action=results&sid=3fbb43a68d061b971e28d36b55f7d190&sortby=lastpost&order=desc

:S

Here’s what I did:

Add>OpenVPN
General:
All user may connect to this network Checked

VPN:
Gateway: nl.proxy.sh
Connection Type: Password
CA Cert File: /home/me/.kde4/share/apps/networkmanagement/certificates/proxysh_conf/ca.crt
IPv4:
Method: automatic
I also tried automatic (only addresses) with custom DNS (from proxy.sh)

I can connect to the VPN, it creates a tunnel connection with 0kb/s bandwidth usage.

After maybe 5 minutes I get a notification saying tun0 was disconnected, but I can see the VPN connection is still active.

whatismyip.com always return my original IP address…

flipper · January 13, 2015, 7:20pm

Do you get a working connection by using the terminal?

sudo openvpn --config /path/to/your/ovpnfile/xxxxxxx.ovpn

AJSlye · January 14, 2015, 12:20am

You’ll need to install the network-manager openvpn plugin first:
Open Octopi and search for networkmanager, the openvpn plugin will be in the list and you can install it from there.
or you can just use the following command in a terminal:

sudo pacman -S networkmanager-openvpn

There are also other network manager plugins that are not installed by default:
[attachment=577]

You can also use the import vpn from within the network manager connection editor.
right click on the NM Widget in the panel and click on the gear, next got to file > import vpn and select your *.ovpn file:

akdom · January 14, 2015, 7:21am

AJSlye:

You’ll need to install the network-manager openvpn plugin first:
Open Octopi and search for networkmanager, the openvpn plugin will be in the list and you can install it from there.
or you can just use the following command in a terminal:
sudo pacman -S networkmanager-openvpn
There are also other network manager plugins that are not installed by default:

You can also use the import vpn from within the network manager connection editor.
right click on the NM Widget in the panel and click on the gear, next got to file > import vpn and select your *.ovpn file:

I already installed all the required dependencies, I forgot to mention that, sorry.
Importing my ovpn and connecting to it still doesnt change my ip :S

It is WORKING!! But it’s not very practical haha

Output:

jay@DSK01XL ~]$ sudo openvpn --config "/home/jay/Desktop/psh-ovpn-medium/Mac, Linux & Android Configs/Netherlands Hub - TCP.ovpn" Wed Jan 14 02:17:20 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 2 2014 Wed Jan 14 02:17:20 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Enter Auth Username: ******** Enter Auth Password: ********** Wed Jan 14 02:17:29 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed Jan 14 02:17:29 2015 Attempting to establish TCP connection with [AF_INET]5.255.80.80:843 [nonblock] Wed Jan 14 02:17:30 2015 TCP: connect to [AF_INET]5.255.80.80:843 failed, will try again in 5 seconds: Connection refused Wed Jan 14 02:17:36 2015 TCP connection established with [AF_INET]77.237.248.179:843 Wed Jan 14 02:17:36 2015 TCP/UDP: Dynamic remote address changed during TCP connection establishment Wed Jan 14 02:17:36 2015 TCPv4_CLIENT link local: [undef] Wed Jan 14 02:17:36 2015 TCPv4_CLIENT link remote: [AF_INET]77.237.248.179:843 Wed Jan 14 02:18:36 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Jan 14 02:18:36 2015 TLS Error: TLS handshake failed Wed Jan 14 02:18:36 2015 Fatal TLS error (check_tls_errors_co), restarting Wed Jan 14 02:18:36 2015 SIGUSR1[soft,tls-error] received, process restarting Wed Jan 14 02:18:36 2015 Restart pause, 5 second(s) Wed Jan 14 02:18:41 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed Jan 14 02:18:41 2015 Attempting to establish TCP connection with [AF_INET]81.4.111.37:843 [nonblock] Wed Jan 14 02:18:42 2015 TCP: connect to [AF_INET]81.4.111.37:843 failed, will try again in 5 seconds: Connection refused Wed Jan 14 02:18:48 2015 TCP: connect to [AF_INET]31.204.155.183:843 failed, will try again in 5 seconds: Connection refused Wed Jan 14 02:18:54 2015 TCP connection established with [AF_INET]77.237.248.179:843 Wed Jan 14 02:18:54 2015 TCP/UDP: Dynamic remote address changed during TCP connection establishment Wed Jan 14 02:18:54 2015 TCPv4_CLIENT link local: [undef] Wed Jan 14 02:18:54 2015 TCPv4_CLIENT link remote: [AF_INET]77.237.248.179:843 Wed Jan 14 02:19:55 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Jan 14 02:19:55 2015 TLS Error: TLS handshake failed Wed Jan 14 02:19:55 2015 Fatal TLS error (check_tls_errors_co), restarting Wed Jan 14 02:19:55 2015 SIGUSR1[soft,tls-error] received, process restarting Wed Jan 14 02:19:55 2015 Restart pause, 5 second(s) Wed Jan 14 02:20:00 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed Jan 14 02:20:00 2015 Attempting to establish TCP connection with [AF_INET]46.249.58.53:843 [nonblock] Wed Jan 14 02:20:01 2015 TCP connection established with [AF_INET]46.249.58.53:843 Wed Jan 14 02:20:01 2015 TCPv4_CLIENT link local: [undef] Wed Jan 14 02:20:01 2015 TCPv4_CLIENT link remote: [AF_INET]46.249.58.53:843 Wed Jan 14 02:20:01 2015 TLS: Initial packet from [AF_INET]46.249.58.53:843, sid=0ab9f148 967ca4eb Wed Jan 14 02:20:01 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed Jan 14 02:20:04 2015 VERIFY OK: depth=1, C=SC, ST=VA, L=Victoria, O=Proxy.sh, CN=proxy.sh, name=IT, emailAddress=admin@proxy.sh Wed Jan 14 02:20:04 2015 Validating certificate key usage Wed Jan 14 02:20:04 2015 ++ Certificate has key usage 00a0, expects 00a0 Wed Jan 14 02:20:04 2015 VERIFY KU OK Wed Jan 14 02:20:04 2015 Validating certificate extended key usage Wed Jan 14 02:20:04 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Jan 14 02:20:04 2015 VERIFY EKU OK Wed Jan 14 02:20:04 2015 VERIFY OK: depth=0, C=SC, ST=VA, L=Victoria, O=Proxy.sh, CN=server, emailAddress=admin@proxy.sh Wed Jan 14 02:20:07 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Jan 14 02:20:07 2015 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication Wed Jan 14 02:20:07 2015 Data Channel Decrypt: Cipher 'AES

Thanks a lot!
Do you think it’s possible to use it with nm? I never had to troubleshoot a vpn conection before!

EDIT another try with a different server:

[jay@DSK01XL ~]$ sudo openvpn --config "/home/jay/Desktop/psh-ovpn-medium/Mac, Linux & Android Configs/Germany Hub - TCP.ovpn" Wed Jan 14 02:44:52 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 2 2014 Wed Jan 14 02:44:52 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Enter Auth Username: ******** Enter Auth Password: ********** Wed Jan 14 02:45:07 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed Jan 14 02:45:07 2015 Attempting to establish TCP connection with [AF_INET]80.255.3.77:843 [nonblock] Wed Jan 14 02:45:08 2015 TCP connection established with [AF_INET]80.255.3.77:843 Wed Jan 14 02:45:08 2015 TCPv4_CLIENT link local: [undef] Wed Jan 14 02:45:08 2015 TCPv4_CLIENT link remote: [AF_INET]80.255.3.77:843 Wed Jan 14 02:45:09 2015 TLS: Initial packet from [AF_INET]80.255.3.77:843, sid=7fb6a305 07baa3d6 Wed Jan 14 02:45:09 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed Jan 14 02:45:11 2015 VERIFY OK: depth=1, C=SC, ST=VA, L=Victoria, O=Proxy.sh, CN=proxy.sh, name=IT, emailAddress=admin@proxy.sh Wed Jan 14 02:45:11 2015 Validating certificate key usage Wed Jan 14 02:45:11 2015 ++ Certificate has key usage 00a0, expects 00a0 Wed Jan 14 02:45:11 2015 VERIFY KU OK Wed Jan 14 02:45:11 2015 Validating certificate extended key usage Wed Jan 14 02:45:11 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Jan 14 02:45:11 2015 VERIFY EKU OK Wed Jan 14 02:45:11 2015 VERIFY OK: depth=0, C=SC, ST=VA, L=Victoria, O=Proxy.sh, CN=server, emailAddress=admin@proxy.sh Wed Jan 14 02:45:14 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Jan 14 02:45:14 2015 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication Wed Jan 14 02:45:14 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Jan 14 02:45:14 2015 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication Wed Jan 14 02:45:14 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA Wed Jan 14 02:45:14 2015 [server] Peer Connection Initiated with [AF_INET]80.255.3.77:843 Wed Jan 14 02:45:16 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Jan 14 02:45:16 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.16.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.16.0.14 10.16.0.13' Wed Jan 14 02:45:16 2015 OPTIONS IMPORT: timers and/or timeouts modified Wed Jan 14 02:45:16 2015 OPTIONS IMPORT: --ifconfig/up options modified Wed Jan 14 02:45:16 2015 OPTIONS IMPORT: route options modified Wed Jan 14 02:45:16 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Wed Jan 14 02:45:16 2015 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp3s0 HWADDR=30:85:a9:8f:38:79 Wed Jan 14 02:45:16 2015 TUN/TAP device tun1 opened Wed Jan 14 02:45:16 2015 TUN/TAP TX queue length set to 100 Wed Jan 14 02:45:16 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Jan 14 02:45:16 2015 /usr/bin/ip link set dev tun1 up mtu 1500 Wed Jan 14 02:45:16 2015 /usr/bin/ip addr add dev tun1 local 10.16.0.14 peer 10.16.0.13 Wed Jan 14 02:45:18 2015 /usr/bin/ip route add 80.255.3.77/32 via 192.168.1.1 Wed Jan 14 02:45:18 2015 /usr/bin/ip route add 0.0.0.0/1 via 10.16.0.13 Wed Jan 14 02:45:18 2015 /usr/bin/ip route add 128.0.0.0/1 via 10.16.0.13 Wed Jan 14 02:45:18 2015 /usr/bin/ip route add 10.16.0.1/32 via 10.16.0.13 RTNETLINK answers: File exists Wed Jan 14 02:45:18 2015 ERROR: Linux route add command failed: external program exited with error status: 2 Wed Jan 14 02:45:18 2015 Initialization Sequence Completed

flipper · January 14, 2015, 7:48am

It works here through the nm.
In your output I see some difficulties connecting to TCP and TLS handshake errors at start.

Goto advanced options where you edit your vpn credentials. Also check TLS-settings tab, if there’s a key set up.
Maybe you need to check, use TCP-connection, in your network manager

askorbeta · January 14, 2015, 8:54am

@akdom
Hi, for me the solutions provided here:
http://forums.netrunner-os.com/showthread.php?tid=16143&highlight=vpn
worked for me.
I hope this could be useful.
askorbeta

flipper · January 14, 2015, 6:38pm

Can you check, if there’s a ‘route-delay’ set up into your ovpn file, otherwise try to add

route-delay 3

into your ovpn file,

Remove the old entry in your nm, and re-import the ovpn in your nm. and give it another try.