ANSWERED AirVPN on Debian (Proxmox)

[rmoff 15]

I'm having problems getting openVPN to work on a Debian machine that is a Proxmox container.

 

I have installed openvpn and the airvpn config files, and started the service. However, traffic isn't routed over the VPN. Using this command:

curl -s http://icanhazip.com/

I get back my actual ISP's IP, not the airVPN one that I'd expect if the traffic were going over the VPN. 

 

Looking at /var/log/daemon.log I can see a message that I think is the issue:  NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: LZO compression initialized
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: Socket Buffers: R=[245760->131072] S=[245760->131072]
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: Local Options hash (VER=V4): '22188c5b'
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2156]: Expected Remote Options hash (VER=V4): 'a8f55717'
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: UDPv4 link local: [undef]
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: UDPv4 link remote: [AF_INET]95.211.138.19:443
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: TLS: Initial packet from [AF_INET]95.211.138.19:443, sid=3ca4a15a 67ccb496
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: VERIFY OK: nsCertType=SERVER
Dec 28 14:29:37 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org
Dec 28 14:29:38 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 28 14:29:38 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 28 14:29:38 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 28 14:29:38 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 28 14:29:38 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Dec 28 14:29:38 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: [server] Peer Connection Initiated with [AF_INET]95.211.138.19:443
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.31.206 10.4.31.205'
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: OPTIONS IMPORT: LZO parms modified
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: OPTIONS IMPORT: route options modified
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: ROUTE: default_gateway=UNDEF
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: TUN/TAP device tun0 opened
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: TUN/TAP TX queue length set to 100
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: /sbin/ifconfig tun0 10.4.31.206 pointopoint 10.4.31.205 mtu 1500
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.31.205
Dec 28 14:29:40 media01 ovpn-AirVPN_Europe_UDP-443.ovpn[2157]: Initialization Sequence Completed

I've googled around the message, but I don't understand enough about networking to know what to do to fix it. 

Before I start openvpn, this is my network state: 

root@media01:/# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 venet0
root@media01:/# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4740 (4.6 KiB)  TX bytes:4740 (4.6 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:252 (252.0   TX bytes:108 (108.0 

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.10.201  P-t-P:192.168.10.201  Bcast:192.168.10.201  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

And after I start openvpn: 

 

root@media01:/# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.4.0.1        10.4.13.237     255.255.255.255 UGH   0      0        0 tun0
10.4.13.237     *               255.255.255.255 UH    0      0        0 tun0
default         *               0.0.0.0         U     0      0        0 venet0
root@media01:/# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4740 (4.6 KiB)  TX bytes:4740 (4.6 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.4.13.238  P-t-P:10.4.13.237  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0   TX bytes:0 (0.0 

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:125 errors:0 dropped:0 overruns:0 frame:0
          TX packets:127 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12101 (11.8 KiB)  TX bytes:9998 (9.7 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.10.201  P-t-P:192.168.10.201  Bcast:192.168.10.201  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

What do I need to do to get this to work? 

 

thanks.

[Staff 9973]

Hello,

 

it seems an OpenVPN 2.2.1 bug which shows up every time default route does not use a gateway (such as in PPP): https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/771148

 

In the link above you will also find a workaround.

 

Kind regards

[rmoff 15]

Hello,

 

it seems an OpenVPN 2.2.1 bug which shows up every time default route does not use a gateway (such as in PPP): https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/771148

 

In the link above you will also find a workaround.

 

Kind regards

 

Hi, I did find that page on my Googling, but couldn't get any of the solutions to work. Are you referring to this bit: 

To function properly, OpenVPN should create a host route through ppp0. To do this, no gateway IP address is required at all. E.g. if your OpenVPN-server's address is 1.2.3.4, then the client should create a route like "ip route add 1.2.3.4/32 dev ppp0" instead of "ip route add 1.2.3.4/32 via $GATEWAY dev ppp0".

I couldn't work out the equivalent of these commands for my particular setup.

 

thanks. 

[rmoff 15]

Fixed it using info from here - basically replacing the existing venet ip address with a veth network device for the container instead. Works a treat now