Jump to content
Not connected, Your IP: 3.138.179.120
Sign in to follow this  
Freddy500

How to setup FreeBSD

Recommended Posts

I'm trying to setup a FreeBSD nas to connect to the internet through airvpn. I seem to be able to connect but I cannot access the internet. could anyone help me analyze why? I will share the steps I followed so it might help others:

 

  1. I installed Openvpn 2.3.2 from the portstree
  2. I downloaded a .ovpn file from https://airvpn.org/generator/ with linux and my preferred server selected. Then I pasted the content of this file into a .conf file in the /usr/local/etc/openvpn/ directory on the FreeBSD machine.
  3. I set the following in the /etc/rc.conf file (not sure if it is needed to set the openvpn_if and what to set it to?)
    openvpn_enable="YES"
    openvpn_if="tap"
  4. I start the connection with the following command (vpnname.conf being whatever name I used to save the .ovpn content into a .conf file):
    openvpn --config /usr/local/etc/openvpn/vpnname.conf

I get the following as output:

Fri Jan 24 17:51:45 2014 OpenVPN 2.3.2 amd64-portbld-freebsd9.2 [sSL (OpenSSL)] [LZO] [eurephia] [MH] [iPv6] built on Jan 24 2014
Fri Jan 24 17:51:45 2014 Socket Buffers: R=[4194304->65536] S=[9216->65536]
Fri Jan 24 17:51:45 2014 UDPv4 link local: [undef]
Fri Jan 24 17:51:45 2014 UDPv4 link remote: [AF_INET]62.212.72.175:443
Fri Jan 24 17:51:45 2014 TLS: Initial packet from [AF_INET]62.212.72.175:443, sid=a1047ef2 40f00af9
Fri Jan 24 17:51:45 2014 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Fri Jan 24 17:51:45 2014 VERIFY OK: nsCertType=SERVER
Fri Jan 24 17:51:45 2014 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Fri Jan 24 17:51:45 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 24 17:51:45 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 24 17:51:45 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 24 17:51:45 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 24 17:51:45 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Jan 24 17:51:45 2014 [server] Peer Connection Initiated with [AF_INET]62.212.72.175:443
Fri Jan 24 17:51:47 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Jan 24 17:51:48 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.5.202 10.4.5.201'
Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: LZO parms modified
Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: route options modified
Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jan 24 17:51:48 2014 ROUTE_GATEWAY 192.168.0.1
Fri Jan 24 17:51:48 2014 TUN/TAP device /dev/tun0 opened
Fri Jan 24 17:51:48 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jan 24 17:51:48 2014 /sbin/ifconfig tun0 10.4.5.202 10.4.5.201 mtu 1500 netmask 255.255.255.255 up
Fri Jan 24 17:51:48 2014 /sbin/route add -net 62.212.72.175 192.168.0.1 255.255.255.255
add net 62.212.72.175: gateway 192.168.0.1
Fri Jan 24 17:51:48 2014 /sbin/route add -net 0.0.0.0 10.4.5.201 128.0.0.0
add net 0.0.0.0: gateway 10.4.5.201
Fri Jan 24 17:51:48 2014 /sbin/route add -net 128.0.0.0 10.4.5.201 128.0.0.0
add net 128.0.0.0: gateway 10.4.5.201
Fri Jan 24 17:51:48 2014 /sbin/route add -net 10.4.0.1 10.4.5.201 255.255.255.255
add net 10.4.0.1: gateway 10.4.5.201
Fri Jan 24 17:51:48 2014 Initialization Sequence Completed

This seems fine but, as I said before, the server cannot connect to the internet. 

 

ifconfig tun0 gives the following:

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::205:5dff:fef5:369%tun0 prefixlen 64 scopeid 0x9
        inet 10.4.5.202 --> 10.4.5.201 netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 1863

netstat -nrfinet gives:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
0.0.0.0/1          10.4.5.201         UGS         0       12   tun0 =>
default            192.168.0.1        UGS         0      636    dc0
10.4.0.1/32        10.4.5.201         UGS         0        0   tun0
10.4.5.201         link#9             UH          0        0   tun0
10.4.5.202         link#9             UHS         0        0    lo0
62.212.72.175/32   192.168.0.1        UGS         0      349    dc0
127.0.0.1          link#8             UH          0      231    lo0
128.0.0.0/1        10.4.5.201         UGS         0      319   tun0
192.168.0.0/24     link#2             U           0     2062    dc0
192.168.0.107      link#2             UHS         0       28    lo0
255.255.255.255    link#7             UHb         0       18  plip0

Am I forgetting something/doing something wrong? I do not have any pf rules set. I have an almost non existing knowledge of FreeBSD and used some basic guides to get to this point. 

 

Of course with this setup I have not set my login/password for airvpn and I'm not asked to enter it either. Is this maybe a problem? I tried setting it up using a .auth file and adding a auth-user-pass /usr/local/etc/openvpn/whatevername.auth line to the .conf but that didn't make any difference. 

Share this post


Link to post

openvpn_enable="YES"

openvpn_if="tap"

 

Hello!

 

It should be

openvpn_if="tun"

but that does not really matter, it will be overridden by the configuration file.

 

Maybe it's just a DNS issue, what is the content of resolv.conf? Also, please read here:https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf

 

You can quickly determine whether it's a DNS issue by trying the following commands:

 

ping -c 4 10.4.0.1

ping -c 4 google.com

ping -c 4 8.8.8.8

 

so that you can immediately see whether the traffic is tunneled and/or names are resolved or not. If in doubt do not hesitate to post the output of the aforementioned commands.

 

Finally, keep in mind that our service does not support IPv6.

Of course with this setup I have not set my login/password for airvpn and I'm not asked to enter it either. Is this maybe a problem? I tried setting it up using a .auth file and adding a auth-user-pass /usr/local/etc/openvpn/whatevername.auth line to the .conf but that didn't make any difference.

 

Of course. This is correct: the authentication is based on double certificate and secret key (embedded in the .ovpn file) not on login/password.

 

Kind regards

Share this post


Link to post

I get the following outputs:

 

# ping -c 4 10.4.0.1
PING 10.4.0.1 (10.4.0.1): 56 data bytes
64 bytes from 10.4.0.1: icmp_seq=0 ttl=64 time=19.812 ms
64 bytes from 10.4.0.1: icmp_seq=1 ttl=64 time=18.293 ms
64 bytes from 10.4.0.1: icmp_seq=2 ttl=64 time=16.798 ms
64 bytes from 10.4.0.1: icmp_seq=3 ttl=64 time=17.466 ms

--- 10.4.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.798/18.092/19.812/1.125 ms
ping -c 4 google.com
ping: cannot resolve google.com: Host name lookup failure
ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=49 time=48.946 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=49.753 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=49 time=48.852 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=49 time=49.874 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 48.852/49.356/49.874/0.460 ms

Not sure what this means but it seems to indicate a dns issue in the google case?

 

 

I then followed the instructions on this page: https://wiki.archlinux.org/index.php/OpenVPN#DNS. I installed openresolv from usr/ports/dns/openresolv and checked that resolv.conf indicates that it is generated by resolvconf. I couldn't find an update-resolv-conf script so I created one in /usr/local/etc/openvpn/ and made it executable. I then added the following to the openvpn conf file:

script-security 2
up /usr/local/etc/openvpn/update-resolv-conf
down /usr/local/etc/openvpn/update-resolv-conf

When I execute the script I get the following error:

Sun Jan 26 13:26:54 2014 /usr/local/etc/openvpn/update-resolv-conf tun0 1500 1558 10.4.5.202 10.4.5.201 init
Sun Jan 26 13:26:54 2014 WARNING: Failed running command (--up/--down): could not execute external program
Sun Jan 26 13:26:54 2014 Exiting due to fatal error

Not sure how to solve this. Maybe a worng path used in the script?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...