Connection-Disconnection loop

[bookmark2 0]

Hello,

 

I'm triyng to connect to AirVPN over Tor, but after a succesful connection, in few seconds it disconnect, then do a new connection and another disconnection, and so on in an infinite loop.

What can be the problem?

I'm in a virtual machine with Windows XP, my network is behind a corporate router.

Please note that the Tor connection alone works perfectly.

 

This is my log:

 

Wed Oct 23 13:02:26 2013 OpenVPN 2.3.2 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [iPv6] built on Aug 22 2013
Enter Management Password:
Wed Oct 23 13:02:26 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Wed Oct 23 13:02:26 2013 Need hold release from management interface, waiting...
Wed Oct 23 13:02:26 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Wed Oct 23 13:02:26 2013 MANAGEMENT: CMD 'state on'
Wed Oct 23 13:02:26 2013 MANAGEMENT: CMD 'log all on'
Wed Oct 23 13:02:26 2013 MANAGEMENT: CMD 'hold off'
Wed Oct 23 13:02:26 2013 MANAGEMENT: CMD 'hold release'
Wed Oct 23 13:02:27 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Oct 23 13:02:27 2013 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9150
Wed Oct 23 13:02:27 2013 MANAGEMENT: >STATE:1382526147,TCP_CONNECT,,,
Wed Oct 23 13:02:27 2013 TCP connection established with [AF_INET]127.0.0.1:9150
Wed Oct 23 13:02:28 2013 TCPv4_CLIENT link local: [undef]
Wed Oct 23 13:02:28 2013 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:9150
Wed Oct 23 13:02:28 2013 MANAGEMENT: >STATE:1382526148,WAIT,,,
Wed Oct 23 13:02:29 2013 MANAGEMENT: >STATE:1382526149,AUTH,,,
Wed Oct 23 13:02:29 2013 TLS: Initial packet from [AF_INET]127.0.0.1:9150, sid=239afa78 ac79025e
Wed Oct 23 13:02:37 2013 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Wed Oct 23 13:02:37 2013 VERIFY OK: nsCertType=SERVER
Wed Oct 23 13:02:37 2013 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Wed Oct 23 13:02:57 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Oct 23 13:02:57 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 23 13:02:57 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Oct 23 13:02:57 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 23 13:02:57 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Oct 23 13:02:57 2013 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:9150
Wed Oct 23 13:02:58 2013 MANAGEMENT: >STATE:1382526178,GET_CONFIG,,,
Wed Oct 23 13:02:59 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Oct 23 13:03:00 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.5.4.6 10.5.4.5'
Wed Oct 23 13:03:00 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Oct 23 13:03:00 2013 OPTIONS IMPORT: LZO parms modified
Wed Oct 23 13:03:00 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Oct 23 13:03:00 2013 OPTIONS IMPORT: route options modified
Wed Oct 23 13:03:00 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Oct 23 13:03:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Oct 23 13:03:00 2013 MANAGEMENT: >STATE:1382526180,ASSIGN_IP,,10.5.4.6,
Wed Oct 23 13:03:00 2013 open_tun, tt->ipv6=0
Wed Oct 23 13:03:00 2013 TAP-WIN32 device [Connessione alla rete locale (LAN) 2] opened: \\.\Global\{ADB74DBD-312B-4C68-8F59-C7C6392A1827}.tap
Wed Oct 23 13:03:00 2013 TAP-Windows Driver Version 9.9
Wed Oct 23 13:03:00 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.4.6/255.255.255.252 on interface {ADB74DBD-312B-4C68-8F59-C7C6392A1827} [DHCP-serv: 10.5.4.5, lease-time: 31536000]
Wed Oct 23 13:03:00 2013 Successful ARP Flush on interface [3] {ADB74DBD-312B-4C68-8F59-C7C6392A1827}
Wed Oct 23 13:03:05 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Oct 23 13:03:05 2013 C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 10.65.<removed>
Wed Oct 23 13:03:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Parametro non corretto.   [status=87 if_index=2]
Wed Oct 23 13:03:05 2013 Route addition via IPAPI failed [adaptive]
Wed Oct 23 13:03:05 2013 Route addition fallback to route.exe
Wed Oct 23 13:03:05 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed Oct 23 13:03:05 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.5.4.5
Wed Oct 23 13:03:05 2013 Route addition via IPAPI succeeded [adaptive]
Wed Oct 23 13:03:05 2013 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.5.4.5
Wed Oct 23 13:03:05 2013 Route addition via IPAPI succeeded [adaptive]
Wed Oct 23 13:03:05 2013 MANAGEMENT: >STATE:1382526185,ADD_ROUTES,,,
Wed Oct 23 13:03:05 2013 C:\WINDOWS\system32\route.exe ADD 10.5.0.1 MASK 255.255.255.255 10.5.4.5
Wed Oct 23 13:03:05 2013 Route addition via IPAPI succeeded [adaptive]
Wed Oct 23 13:03:05 2013 Initialization Sequence Completed
Wed Oct 23 13:03:05 2013 MANAGEMENT: >STATE:1382526185,CONNECTED,SUCCESS,10.5.4.6,127.0.0.1
Wed Oct 23 13:03:46 2013 Connection reset, restarting [0]
Wed Oct 23 13:03:46 2013 C:\WINDOWS\system32\route.exe DELETE 10.5.0.1 MASK 255.255.255.255 10.5.4.5
Wed Oct 23 13:03:46 2013 Route deletion via IPAPI succeeded [adaptive]
Wed Oct 23 13:03:46 2013 C:\WINDOWS\system32\route.exe DELETE 127.0.0.1 MASK 255.255.255.255 10.65.<removed>
Wed Oct 23 13:03:46 2013 ROUTE: route deletion failed using DeleteIpForwardEntry: Parametro non corretto.  
Wed Oct 23 13:03:46 2013 Route deletion via IPAPI failed [adaptive]
Wed Oct 23 13:03:46 2013 Route deletion fallback to route.exe
Wed Oct 23 13:03:46 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed Oct 23 13:03:47 2013 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.5.4.5
Wed Oct 23 13:03:47 2013 Route deletion via IPAPI succeeded [adaptive]
Wed Oct 23 13:03:47 2013 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.5.4.5
Wed Oct 23 13:03:47 2013 Route deletion via IPAPI succeeded [adaptive]
Wed Oct 23 13:03:47 2013 Closing TUN/TAP interface
Wed Oct 23 13:03:47 2013 SIGUSR1[soft,connection-reset] received, process restarting
Wed Oct 23 13:03:47 2013 MANAGEMENT: >STATE:1382526227,RECONNECTING,connection-reset,,
Wed Oct 23 13:03:47 2013 Restart pause, 5 second(s)

 

 

Thanks for your suggestions.

[amnesty 18]

Wed Oct 23 13:03:05 2013 C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 10.<removed>

Wed Oct 23 13:03:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Parametro non corretto.   [status=87 if_index=2]

Wed Oct 23 13:03:05 2013 Route addition via IPAPI failed [adaptive]

 

I'm not that familiar with Tor but it looks like it's failing on the initial route command. Without SOCKS Proxy this is where it would add the route to the OpenVPN server.

 

I just tried to get AirVPN (OpenVPN) over Tor running but couldn't either.

 

I tried to search the Forum for Tor but it doesn't allow searches less than 4 characters.

I tried to search the Forum for "Tor" but it finds nothing.

[amnesty 18]

Strange, I was able to connect using the AirVPN client but not OpenVPN GUI.

 

Did you set the Proxy option in Config. Generator?

 

Check out this post:

 

https://airvpn.org/topic/54-using-airvpn-over-tor/?p=8557

[bookmark2 0]

Yes, I set up all correctly, and for a couple of seconds seems that the connection is ok, before disconnection.

I tried with or without the AirVPN client, and the result is the same, it seems that the problem is at the low level, i.e. at OpenVPN level, that keeps disconnecting, no regard if the connection is made with the AirVPN client or not.

 

A question: my corporate network use the addressing scheme 10.x.x.x, this can cause routing problems of some type, for the fact that also AirVPN uses this addressing scheme?

For example, if both subnets use addresses like 10.x.x.0 or 10.x.x.1 as default gateway or so on?

 

Thanks.

[bookmark2 0]

I tryed to connect to the VPN without Tor, and all works perfectly, so the problem is due to the VPN->Tor chain.

Any suggestion?

 

Thanks

[NaDre 157]

...

A question: my corporate network use the addressing scheme 10.x.x.x, this can cause routing problems of some type, for the fact that also AirVPN uses this addressing scheme?

For example, if both subnets use addresses like 10.x.x.0 or 10.x.x.1 as default gateway or so on?

...

 

The short answer is that yes, in some rare circumstances addressing conflicts could occur.

 

If this does happen, the odds are that any conflict can be resolved just by configuring the routing table entries a bit differently than the default.

 

But if that is not possible, then there are some configuration options to the OpenVPN client to overcome the problem. You can configure the OpenVPN client to do its own NAT ("Network Address Translation") to move the address you see the VPN interface at to another completely different sub-net.

 

I use these configuration options for a rather different purpose. If you are interested see this post:

 

https://airvpn.org/topic/9518-faking-static-local-vpn-addess-using-client-nat-and-ifconfig/?do=findComment&comment=10449

 

If you are not from a technical background, that post may be very hard to understand. I did not provide a lot of background explanation. I just put it there for completeness.

[bookmark2 0]

Thanks for your answer.

I have some techincal background, but I'm not able to understand your instructions, I will try to use it at last, if any other solution fails.

 

I'm very disappointed that I'm paying for a service, and the AirVPN Staff is not trying to help me to solve my problems.

 

I hope in some suggestions from Staff.

Thanks.

[amnesty 18]

Wed Oct 23 13:03:05 2013 C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 10.65.<removed>

 

Wed Oct 23 13:03:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Parametro non corretto.   [status=87 if_index=2]

Wed Oct 23 13:03:05 2013 Route addition via IPAPI failed [adaptive]

 

Have you tried to add the route manually? If that works, try adding this to your config:

 

route-method exe

 route-delay 2

[bookmark2 0]

No, I didnt' tried it.

You mean, executing

    route.exe ADD 127.0.0.1 MASK 255.255.255.255 10.65.xx.xx

from command line?

 

Thanks.

[bookmark2 0]

I tried to add the route manually from the command line, same result, no way...

 

What is the meaning of the instructions you suggested:

 

route-method exe

route-delay 2

 

Thanks.

[NaDre 157]

Have a look at this:

 

https://airvpn.org/topic/10191-should-use-outboundbindaddress-for-openvpn-over-tor/

 

I think leaving the Tor SOCKS proxy gateway program to use the default gateway is extremely dubious, since the default gateway once you start the VPN relies on the Tor SOCKS proxy itself! I certainly saw issues on my PC with the configuration left that way. It may be that the connection is degrading far faster in your case.

[amnesty 18]

I tried to add the route manually from the command line, same result, no way...

 

What is the meaning of the instructions you suggested:

 

route-method exe

route-delay 2

 

Thanks.

 

I'm not sure if you are aware of this- you need to run the route cmd with administrative privileges or it will also fail.

I noticed in your log that you're disconnected in 40 seconds.

Perhaps you should try placing it in your config file.

 

From: http://openvpn.net/index.php/open-source/documentation/manuals/openvpn-20x-manpage.html

 

 

--route-method m

    Which method m to use for adding routes on Windows?

 

    ipapi (default) -- Use IP helper API.

    exe -- Call the route.exe shell command.

 

You are getting, "Route addition via IPAPI failed" perhaps changing to exe will resolve the issue.

 

--route-delay [n] [w]

    Delay n seconds (default=0) after connection establishment, before adding routes. If n is 0, routes will be added immediately upon connection establishment. If --route-delay is omitted, routes will be added immediately after TUN/TAP device open and --up script execution, before any --user or --group privilege downgrade (or --chroot execution.)

 

    This option is designed to be useful in scenarios where DHCP is used to set tap adapter addresses. The delay will give the DHCP handshake time to complete before routes are added.

 

    On Windows, --route-delay tries to be more intelligent by waiting w seconds (w=30 by default) for the TAP-Win32 adapter to come up before adding routes.

[bookmark2 0]

I'm not sure if you are aware of this- you need to run the route cmd with administrative privileges or it will also fail.

I noticed in your log that you're disconnected in 40 seconds.

Perhaps you should try placing it in your config file.

 

From: http://openvpn.net/index.php/open-source/documentation/manuals/openvpn-20x-manpage.html

 

 

--route-method m

<cut>

 

Thanks for all info.

Yes, I use an administrative user.

I tried that parameters, with different delays, but the problem persists.

 

I'm very discouraged at this point...

 

Thanks.

[bookmark2 0]

Have a look at this:

 

https://airvpn.org/topic/10191-should-use-outboundbindaddress-for-openvpn-over-tor/

 

I think leaving the Tor SOCKS proxy gateway program to use the default gateway is extremely dubious, since the default gateway once you start the VPN relies on the Tor SOCKS proxy itself! I certainly saw issues on my PC with the configuration left that way. It may be that the connection is degrading far faster in your case.

 

I'm not sure to understand completely what you said, but anyway, what I have to add to the torrc file in my specific case?

 

OutboundBindAddress <what?>

 

Thanks.

[amnesty 18]

Thanks for all info.

Yes, I use an administrative user.

I tried that parameters, with different delays, but the problem persists.

 

I'm very discouraged at this point...

 

Thanks.

What is the error in the logs?

 

I would be discouraged as well.

[bookmark2 0]

This is the log with the params suggested by you.

I don't know what is that cause the connection reset I have signed as bold.

 

Tue Oct 29 09:24:17 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Oct 29 09:24:17 2013 Need hold release from management interface, waiting...
Tue Oct 29 09:24:18 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Oct 29 09:24:18 2013 MANAGEMENT: CMD 'state on'
Tue Oct 29 09:24:18 2013 MANAGEMENT: CMD 'log all on'
Tue Oct 29 09:24:18 2013 MANAGEMENT: CMD 'hold off'
Tue Oct 29 09:24:18 2013 MANAGEMENT: CMD 'hold release'
Tue Oct 29 09:24:18 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 29 09:24:18 2013 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9150
Tue Oct 29 09:24:18 2013 MANAGEMENT: >STATE:1383035058,TCP_CONNECT,,,
Tue Oct 29 09:24:18 2013 TCP connection established with [AF_INET]127.0.0.1:9150
Tue Oct 29 09:24:18 2013 TCPv4_CLIENT link local: [undef]
Tue Oct 29 09:24:18 2013 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:9150
Tue Oct 29 09:24:18 2013 MANAGEMENT: >STATE:1383035058,WAIT,,,
Tue Oct 29 09:24:19 2013 MANAGEMENT: >STATE:1383035059,AUTH,,,
Tue Oct 29 09:24:19 2013 TLS: Initial packet from [AF_INET]127.0.0.1:9150, sid=b43bfa9f 7dcfda6d
Tue Oct 29 09:24:23 2013 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Tue Oct 29 09:24:23 2013 VERIFY OK: nsCertType=SERVER
Tue Oct 29 09:24:23 2013 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Tue Oct 29 09:24:34 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Oct 29 09:24:34 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 29 09:24:34 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Oct 29 09:24:34 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 29 09:24:34 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Oct 29 09:24:34 2013 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:9150
Tue Oct 29 09:24:35 2013 MANAGEMENT: >STATE:1383035075,GET_CONFIG,,,
Tue Oct 29 09:24:37 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Oct 29 09:24:37 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.5.7.150 10.5.7.149'
Tue Oct 29 09:24:37 2013 OPTIONS IMPORT: timers and/or timeouts modified
Tue Oct 29 09:24:37 2013 OPTIONS IMPORT: LZO parms modified
Tue Oct 29 09:24:37 2013 OPTIONS IMPORT: --ifconfig/up options modified
Tue Oct 29 09:24:37 2013 OPTIONS IMPORT: route options modified
Tue Oct 29 09:24:37 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Oct 29 09:24:37 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Oct 29 09:24:37 2013 MANAGEMENT: >STATE:1383035077,ASSIGN_IP,,10.5.7.150,
Tue Oct 29 09:24:37 2013 open_tun, tt->ipv6=0
Tue Oct 29 09:24:37 2013 TAP-WIN32 device [Connessione alla rete locale (LAN) 2] opened: \\.\Global\{ADB74DBD-312B-4C68-8F59-C7C6392A1827}.tap
Tue Oct 29 09:24:37 2013 TAP-Windows Driver Version 9.9
Tue Oct 29 09:24:37 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.7.150/255.255.255.252 on interface {ADB74DBD-312B-4C68-8F59-C7C6392A1827} [DHCP-serv: 10.5.7.149, lease-time: 31536000]
Tue Oct 29 09:24:37 2013 Successful ARP Flush on interface [3] {ADB74DBD-312B-4C68-8F59-C7C6392A1827}
Tue Oct 29 09:25:17 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Oct 29 09:25:17 2013 C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 10.35.<removed>
Tue Oct 29 09:25:17 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:18 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.5.7.149
Tue Oct 29 09:25:18 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:18 2013 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.5.7.149
Tue Oct 29 09:25:18 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:18 2013 MANAGEMENT: >STATE:1383035118,ADD_ROUTES,,,
Tue Oct 29 09:25:18 2013 C:\WINDOWS\system32\route.exe ADD 10.5.0.1 MASK 255.255.255.255 10.5.7.149
Tue Oct 29 09:25:18 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:19 2013 Initialization Sequence Completed
Tue Oct 29 09:25:19 2013 MANAGEMENT: >STATE:1383035119,CONNECTED,SUCCESS,10.5.7.150,127.0.0.1
Tue Oct 29 09:25:51 2013 Connection reset, restarting [0]
Tue Oct 29 09:25:51 2013 C:\WINDOWS\system32\route.exe DELETE 10.5.0.1 MASK 255.255.255.255 10.5.7.149
Tue Oct 29 09:25:51 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:51 2013 C:\WINDOWS\system32\route.exe DELETE 127.0.0.1 MASK 255.255.255.255 10.35.<removed>
Tue Oct 29 09:25:51 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:51 2013 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.5.7.149
Tue Oct 29 09:25:51 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:51 2013 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.5.7.149
Tue Oct 29 09:25:51 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 29 09:25:51 2013 Closing TUN/TAP interface
Tue Oct 29 09:25:52 2013 SIGUSR1[soft,connection-reset] received, process restarting
Tue Oct 29 09:25:52 2013 MANAGEMENT: >STATE:1383035152,RECONNECTING,connection-reset,,
Tue Oct 29 09:25:52 2013 Restart pause, 5 second(s)
 

[NaDre 157]

 

Have a look at this:

 

https://airvpn.org/topic/10191-should-use-outboundbindaddress-for-openvpn-over-tor/

 

I think leaving the Tor SOCKS proxy gateway program to use the default gateway is extremely dubious, since the default gateway once you start the VPN relies on the Tor SOCKS proxy itself! I certainly saw issues on my PC with the configuration left that way. It may be that the connection is degrading far faster in your case.

 

I'm not sure to understand completely what you said, but anyway, what I have to add to the torrc file in my specific case?

 

OutboundBindAddress <what?>

 

Thanks.

 

"<what?>" should be the IP address of your real IP interface.

 

You can see what this is (among other ways) by using this command at a command prompt ("Start Menu/All Programs/Accessories/Command Prompt"):

route print

This should produce something like this:

C:\Users\user>route print
...
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.63     10
...

The routing table entry shown (with the "Network Destination" and "Netmask" values of 0.0.0.0) is for the real default gateway. The address under "Interface" (192.168.1.63 in the example above) is what you want.

 

===

 

By the way, you have established that you are able to use Tor without OpenVPN right?

[bookmark2 0]

Thanks for the hint, but it doesn't solved the problem.

 

Yes, I can use Tor without openVpn, and OpenVpn without Tor, but not both...

 

I'm thinking that the problem can be a subnet conflict, due to usage in some part of my large corporate network of the subnets 10.5.x.x, 10.7.x.x, and so on, used also by AirVpn. I cannot determine if that subnets are used, so I'm not sure.

According to AirVpn staff this is not the case, because the subnet in which I'm in, strictly, is 10.35.x.x, but if in the corporate network exists subnets 10.5.x.x, there can be a problem, am I right?

 

Thanks

[NaDre 157]

...

I'm thinking that the problem can be a subnet conflict, due to usage in some part of my large corporate network of the subnets 10.5.x.x, 10.7.x.x, and so on, used also by AirVpn. I cannot determine if that subnets are used, so I'm not sure.

According to AirVpn staff this is not the case, because the subnet in which I'm in, strictly, is 10.35.x.x, but if in the corporate network exists subnets 10.5.x.x, there can be a problem, am I right?

...

 

When you use "route print" (without OpenVPN running), do you see any routing table entries involving the 10.5.x.x sub-net? If not, then this is not an issue.

 

I have one more suggestion. Add this to the OpenVPN config file:

route-nopull
route   0.0.0.0 128.0.0.0
route 128.0.0.0 128.0.0.0
route 10.5.0.1
dhcp-option DNS 10.5.0.1

This will set up routes exactly like the default, except that new entries for 127.0.0.1 (the "local host" address) will not be set up. These entries are not needed, since 127.0.0.1 is provided as a local interface internally by Windows (or any other OS). On my machine these entries do not cause an issue. But maybe they are on yours for some reason, so that you are losing connectivity to the Tore.exe SOCKS proxy interface.

[bookmark2 0]

When you use "route print" (without OpenVPN running), do you see any routing table entries involving the 10.5.x.x sub-net? If not, then this is not an issue.

 

I have one more suggestion. Add this to the OpenVPN config file:

route-nopull
route   0.0.0.0 128.0.0.0
route 128.0.0.0 128.0.0.0
route 10.5.0.1
dhcp-option DNS 10.5.0.1

This will set up routes exactly like the default, except that new entries for 127.0.0.1 (the "local host" address) will not be set up. These entries are not needed, since 127.0.0.1 is provided as a local interface internally by Windows (or any other OS). On my machine these entries do not cause an issue. But maybe they are on yours for some reason, so that you are losing connectivity to the Tore.exe SOCKS proxy interface.

 

I tried it, but nothing changed.

 

When I use "route print" I don't see any entry involving 10.5.x.x subnet, so I must deduct that this is not the problem.

 

I'm out of solutions then... sad...

 

Thanks.

[NaDre 157]

 

When you use "route print" (without OpenVPN running), do you see any routing table entries involving the 10.5.x.x sub-net? If not, then this is not an issue.

 

I have one more suggestion. Add this to the OpenVPN config file:

route-nopull
route   0.0.0.0 128.0.0.0
route 128.0.0.0 128.0.0.0
route 10.5.0.1
dhcp-option DNS 10.5.0.1

This will set up routes exactly like the default, except that new entries for 127.0.0.1 (the "local host" address) will not be set up. These entries are not needed, since 127.0.0.1 is provided as a local interface internally by Windows (or any other OS). On my machine these entries do not cause an issue. But maybe they are on yours for some reason, so that you are losing connectivity to the Tore.exe SOCKS proxy interface.

 

I tried it, but nothing changed.

 

When I use "route print" I don't see any entry involving 10.5.x.x subnet, so I must deduct that this is not the problem.

 

I'm out of solutions then... sad...

 

Thanks.

 

You said that you can use OpenVPN by itself. Did you you try this with TCP on port 443? Or just UDP? Using TCP 443 without Tor will use the same 10.5.*.* subnet. And most of the routing table stuff will be the same. If this will not work, try another TCP port without Tor to see if any of them work:

 

https://airvpn.org/specs/

 

If you find one that works, then try that over Tor.

[bookmark2 0]

Yes, I yet tried several tcp ports, that works without tor, but not with tor...

The AirVpn support surrended, saying me that they "have not a solution" for my problem, and that connection through proxies is not granted by airvpn...

[amnesty 18]

I was able to re-create the issue on a VM running XP. Able to run Tor, VPN or Tor over VPN but not VPN over Tor.

I get the same results in the log. However, I only tried TCP 80 over Tor.

I did not have any problems with a Win 7 VM.

 

Was also able to re-create this on an XP machine (host).

[bookmark2 0]

Thanks for your info and for the time you spent on this.

I will try on a Win7 VM, then I will report the results.

[amnesty 18]

The AirVpn support surrended, saying me that they "have not a solution" for my problem, and that connection through proxies is not granted by airvpn...

 

Strange, I am hoping this is not the case. Perhaps they meant something else because that's not what they said a few years ago:

 

https://airvpn.org/topic/54-using-airvpn-over-tor/?p=920

 

https://airvpn.org/topic/54-using-airvpn-over-tor/?p=934

 

If they did say that, this is one of my dislikes/fears of this great provider growing to much:

 

https://airvpn.org/topic/10034-ill-try-to-be-honest-for-those-looking-into-a-vpn-provider/?p=12604