Freddy500 0 Posted ... I'm trying to setup a FreeBSD nas to connect to the internet through airvpn. I seem to be able to connect but I cannot access the internet. could anyone help me analyze why? I will share the steps I followed so it might help others: I installed Openvpn 2.3.2 from the portstree I downloaded a .ovpn file from https://airvpn.org/generator/ with linux and my preferred server selected. Then I pasted the content of this file into a .conf file in the /usr/local/etc/openvpn/ directory on the FreeBSD machine. I set the following in the /etc/rc.conf file (not sure if it is needed to set the openvpn_if and what to set it to?) openvpn_enable="YES" openvpn_if="tap" I start the connection with the following command (vpnname.conf being whatever name I used to save the .ovpn content into a .conf file): openvpn --config /usr/local/etc/openvpn/vpnname.conf I get the following as output: Fri Jan 24 17:51:45 2014 OpenVPN 2.3.2 amd64-portbld-freebsd9.2 [sSL (OpenSSL)] [LZO] [eurephia] [MH] [iPv6] built on Jan 24 2014 Fri Jan 24 17:51:45 2014 Socket Buffers: R=[4194304->65536] S=[9216->65536] Fri Jan 24 17:51:45 2014 UDPv4 link local: [undef] Fri Jan 24 17:51:45 2014 UDPv4 link remote: [AF_INET]62.212.72.175:443 Fri Jan 24 17:51:45 2014 TLS: Initial packet from [AF_INET]62.212.72.175:443, sid=a1047ef2 40f00af9 Fri Jan 24 17:51:45 2014 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Fri Jan 24 17:51:45 2014 VERIFY OK: nsCertType=SERVER Fri Jan 24 17:51:45 2014 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Fri Jan 24 17:51:45 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Fri Jan 24 17:51:45 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Jan 24 17:51:45 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Fri Jan 24 17:51:45 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Jan 24 17:51:45 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Fri Jan 24 17:51:45 2014 [server] Peer Connection Initiated with [AF_INET]62.212.72.175:443 Fri Jan 24 17:51:47 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Fri Jan 24 17:51:48 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.5.202 10.4.5.201' Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: timers and/or timeouts modified Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: LZO parms modified Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: --ifconfig/up options modified Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: route options modified Fri Jan 24 17:51:48 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Fri Jan 24 17:51:48 2014 ROUTE_GATEWAY 192.168.0.1 Fri Jan 24 17:51:48 2014 TUN/TAP device /dev/tun0 opened Fri Jan 24 17:51:48 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Fri Jan 24 17:51:48 2014 /sbin/ifconfig tun0 10.4.5.202 10.4.5.201 mtu 1500 netmask 255.255.255.255 up Fri Jan 24 17:51:48 2014 /sbin/route add -net 62.212.72.175 192.168.0.1 255.255.255.255 add net 62.212.72.175: gateway 192.168.0.1 Fri Jan 24 17:51:48 2014 /sbin/route add -net 0.0.0.0 10.4.5.201 128.0.0.0 add net 0.0.0.0: gateway 10.4.5.201 Fri Jan 24 17:51:48 2014 /sbin/route add -net 128.0.0.0 10.4.5.201 128.0.0.0 add net 128.0.0.0: gateway 10.4.5.201 Fri Jan 24 17:51:48 2014 /sbin/route add -net 10.4.0.1 10.4.5.201 255.255.255.255 add net 10.4.0.1: gateway 10.4.5.201 Fri Jan 24 17:51:48 2014 Initialization Sequence Completed This seems fine but, as I said before, the server cannot connect to the internet. ifconfig tun0 gives the following: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::205:5dff:fef5:369%tun0 prefixlen 64 scopeid 0x9 inet 10.4.5.202 --> 10.4.5.201 netmask 0xffffffff nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 1863 netstat -nrfinet gives: Internet: Destination Gateway Flags Refs Use Netif Expire 0.0.0.0/1 10.4.5.201 UGS 0 12 tun0 => default 192.168.0.1 UGS 0 636 dc0 10.4.0.1/32 10.4.5.201 UGS 0 0 tun0 10.4.5.201 link#9 UH 0 0 tun0 10.4.5.202 link#9 UHS 0 0 lo0 62.212.72.175/32 192.168.0.1 UGS 0 349 dc0 127.0.0.1 link#8 UH 0 231 lo0 128.0.0.0/1 10.4.5.201 UGS 0 319 tun0 192.168.0.0/24 link#2 U 0 2062 dc0 192.168.0.107 link#2 UHS 0 28 lo0 255.255.255.255 link#7 UHb 0 18 plip0 Am I forgetting something/doing something wrong? I do not have any pf rules set. I have an almost non existing knowledge of FreeBSD and used some basic guides to get to this point. Of course with this setup I have not set my login/password for airvpn and I'm not asked to enter it either. Is this maybe a problem? I tried setting it up using a .auth file and adding a auth-user-pass /usr/local/etc/openvpn/whatevername.auth line to the .conf but that didn't make any difference. Quote Share this post Link to post
Staff 10014 Posted ... openvpn_enable="YES"openvpn_if="tap" Hello! It should be openvpn_if="tun"but that does not really matter, it will be overridden by the configuration file. Maybe it's just a DNS issue, what is the content of resolv.conf? Also, please read here:https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf You can quickly determine whether it's a DNS issue by trying the following commands: ping -c 4 10.4.0.1ping -c 4 google.comping -c 4 8.8.8.8 so that you can immediately see whether the traffic is tunneled and/or names are resolved or not. If in doubt do not hesitate to post the output of the aforementioned commands. Finally, keep in mind that our service does not support IPv6.Of course with this setup I have not set my login/password for airvpn and I'm not asked to enter it either. Is this maybe a problem? I tried setting it up using a .auth file and adding a auth-user-pass /usr/local/etc/openvpn/whatevername.auth line to the .conf but that didn't make any difference. Of course. This is correct: the authentication is based on double certificate and secret key (embedded in the .ovpn file) not on login/password. Kind regards Quote Share this post Link to post
Freddy500 0 Posted ... I get the following outputs: # ping -c 4 10.4.0.1 PING 10.4.0.1 (10.4.0.1): 56 data bytes 64 bytes from 10.4.0.1: icmp_seq=0 ttl=64 time=19.812 ms 64 bytes from 10.4.0.1: icmp_seq=1 ttl=64 time=18.293 ms 64 bytes from 10.4.0.1: icmp_seq=2 ttl=64 time=16.798 ms 64 bytes from 10.4.0.1: icmp_seq=3 ttl=64 time=17.466 ms --- 10.4.0.1 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 16.798/18.092/19.812/1.125 ms ping -c 4 google.com ping: cannot resolve google.com: Host name lookup failure ping -c 4 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=49 time=48.946 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=49.753 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=49 time=48.852 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=49 time=49.874 ms --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 48.852/49.356/49.874/0.460 ms Not sure what this means but it seems to indicate a dns issue in the google case? I then followed the instructions on this page: https://wiki.archlinux.org/index.php/OpenVPN#DNS. I installed openresolv from usr/ports/dns/openresolv and checked that resolv.conf indicates that it is generated by resolvconf. I couldn't find an update-resolv-conf script so I created one in /usr/local/etc/openvpn/ and made it executable. I then added the following to the openvpn conf file: script-security 2 up /usr/local/etc/openvpn/update-resolv-conf down /usr/local/etc/openvpn/update-resolv-conf When I execute the script I get the following error: Sun Jan 26 13:26:54 2014 /usr/local/etc/openvpn/update-resolv-conf tun0 1500 1558 10.4.5.202 10.4.5.201 init Sun Jan 26 13:26:54 2014 WARNING: Failed running command (--up/--down): could not execute external program Sun Jan 26 13:26:54 2014 Exiting due to fatal error Not sure how to solve this. Maybe a worng path used in the script? Quote Share this post Link to post