ANSWERED CLI Open VPN Connection problems on Slackware 14.1

[impure_parrott 0]

Greetings.

 

I've been struggling with this issue for about a couple of weeks now and have learned a great deal, but would like to browse the internet again for more than troubleshooting purposes.  I'm having difficulty connecting via my web browser or any services. 

 

I'm currently using Slackware 14.1 and openvpn and attempting to set up the connection using the command line interface.  When I start the openvpn service using the .ovpn files created by the config generator, I receive the following output (I've edited out my mac id):

 

Tue Feb 24 23:11:01 2015 OpenVPN 2.3.6 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Dec 10 2014
Tue Feb 24 23:11:01 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.03
Tue Feb 24 23:11:01 2015 Control Channel Authentication: tls-auth using INLINE static key file
Tue Feb 24 23:11:01 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 24 23:11:01 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 24 23:11:01 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Feb 24 23:11:01 2015 Attempting to establish TCP connection with [AF_INET]108.59.11.194:443 [nonblock]
Tue Feb 24 23:11:02 2015 TCP connection established with [AF_INET]108.59.11.194:443
Tue Feb 24 23:11:02 2015 TCPv4_CLIENT link local: [undef]
Tue Feb 24 23:11:02 2015 TCPv4_CLIENT link remote: [AF_INET]108.59.11.194:443
Tue Feb 24 23:11:02 2015 TLS: Initial packet from [AF_INET]108.59.11.194:443, sid=3c651317 3fb7291b
Tue Feb 24 23:11:03 2015 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Tue Feb 24 23:11:03 2015 Validating certificate key usage
Tue Feb 24 23:11:03 2015 ++ Certificate has key usage  00a0, expects 00a0
Tue Feb 24 23:11:03 2015 VERIFY KU OK
Tue Feb 24 23:11:03 2015 Validating certificate extended key usage
Tue Feb 24 23:11:03 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 24 23:11:03 2015 VERIFY EKU OK
Tue Feb 24 23:11:03 2015 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Tue Feb 24 23:11:06 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb 24 23:11:06 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 24 23:11:06 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb 24 23:11:06 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 24 23:11:06 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Tue Feb 24 23:11:06 2015 [server] Peer Connection Initiated with [AF_INET]108.59.11.194:443
Tue Feb 24 23:11:08 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Feb 24 23:11:08 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.5.19.114 10.5.19.113'
Tue Feb 24 23:11:08 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 24 23:11:08 2015 OPTIONS IMPORT: LZO parms modified
Tue Feb 24 23:11:08 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 24 23:11:08 2015 OPTIONS IMPORT: route options modified
Tue Feb 24 23:11:08 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 24 23:11:08 2015 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=mac id is correct
Tue Feb 24 23:11:08 2015 TUN/TAP device tun0 opened
Tue Feb 24 23:11:08 2015 TUN/TAP TX queue length set to 100
Tue Feb 24 23:11:08 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Feb 24 23:11:08 2015 /usr/sbin/ip link set dev tun0 up mtu 1500
Tue Feb 24 23:11:08 2015 /usr/sbin/ip addr add dev tun0 local 10.5.19.114 peer 10.5.19.113
Tue Feb 24 23:11:13 2015 /usr/sbin/ip route add 108.59.11.194/32 via 192.168.0.1
Tue Feb 24 23:11:13 2015 /usr/sbin/ip route add 0.0.0.0/1 via 10.5.19.113
Tue Feb 24 23:11:13 2015 /usr/sbin/ip route add 128.0.0.0/1 via 10.5.19.113
Tue Feb 24 23:11:13 2015 /usr/sbin/ip route add 10.5.0.1/32 via 10.5.19.113
Tue Feb 24 23:11:13 2015 Initialization Sequence Completed
^CTue Feb 24 23:11:56 2015 event_wait : Interrupted system call (code=4) -< killed the service here
Tue Feb 24 23:11:56 2015 /usr/sbin/ip route del 10.5.0.1/32
Tue Feb 24 23:11:56 2015 /usr/sbin/ip route del 108.59.11.194/32
Tue Feb 24 23:11:56 2015 /usr/sbin/ip route del 0.0.0.0/1
Tue Feb 24 23:11:56 2015 /usr/sbin/ip route del 128.0.0.0/1
Tue Feb 24 23:11:56 2015 Closing TUN/TAP interface
Tue Feb 24 23:11:56 2015 /usr/sbin/ip addr del dev tun0 local 10.5.19.114 peer 10.5.19.113
Tue Feb 24 23:11:56 2015 SIGINT[hard,] received, process exiting

Pingtest to 108.59.11.194:

PING 108.59.11.194 (108.59.11.194) 56(84) bytes of data.
64 bytes from 108.59.11.194: icmp_seq=1 ttl=48 time=49.1 ms
64 bytes from 108.59.11.194: icmp_seq=2 ttl=48 time=46.1 ms
64 bytes from 108.59.11.194: icmp_seq=3 ttl=48 time=46.1 ms
64 bytes from 108.59.11.194: icmp_seq=4 ttl=48 time=50.6 ms
64 bytes from 108.59.11.194: icmp_seq=5 ttl=48 time=48.9 ms
64 bytes from 108.59.11.194: icmp_seq=6 ttl=48 time=45.2 ms
^C
--- 108.59.11.194 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5006ms
rtt min/avg/max/mdev = 45.288/47.732/50.636/1.971 ms


So it looks like I have a connection to the AirVPN server.  My first thought was an iptables issue.  I stopped the service and still cannot connect to anything outside of the AirVPN server.

 

I tried to update and got no response to slackwares update servers.  I've tried Midori and Firefox browsers and get no connection. 

 

I would appreciate any feedback with getting my configuration set up properly so I can browse the net freely again.

 

Thanks.

 

 

[InactiveUser 188]

Have you ruled out DNS problems?

Connect to the VPN, then:

 

ping google.com
ping 8.8.8.8
 

If you can ping 8.8.8.8 but not google.com, it's a DNS problem.

 

The file /etc/resolv.conf should contain 10.5.0.1 (or 10.4.0.1), the internal AirVPN DNS server, or any another reachable DNS server.

 

If you can't ping 8.8.8.8, what are your iptables rules?

If you do any firewalling, compare your rules to https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/ . You're able connect to the VPN server but maybe the FORWARD rules for the tun interface are incorrect/missing.

The post i linked to uses eth0 in its example, your interface is wlan0 so you'd have to replace all mentions of eth+ with wlan+.

[impure_parrott 0]

Greetings.

 

Thanks for pointing out the resolv.conf file.  I discovered that the file did not contain either AirVPN DNS servers that you mentioned.  I had to manually input the DNS servers in order to get a connection.  Previously, I turned iptables off for testing purposes when I couldn't connect to try to identify the root cause of the issue.  I did get connected after editing the file the file resolv.conf.  I'll have to look into adding a update-resolv-conf script.   

 

Thanks for you help.

[jabbadabba 0]

I could not connect with airvpn client (Slackware 14.1 32-bit).

My solution, Slackware 14.1 32-bit. For 64-bit adjust accordingly (download the 64-bit packages instead). The result is a vpn connection using the command line (terminal).

Install openresolv package from http://pkgs.org/slackware-14.1/freestylers-i486/openresolv-3.5.4-i486-1_fs.tgz.html (or 64-bit)

As root "installpkg openresolv-3.5.4-i486-2_slack.txz"

Download openresolv from this link (we need the update-resolv-conf file), not included in the previous package:
https://slackbuilds.org/slackbuilds/14.1/network/openresolv.tar.gz

Unpack and copy update-resolv-conf to /etc/openvpn
chmod +x update-resolv-conf

- Generate a ovpn configuration from your airvpn account

- Append this code to the genereated airvpn ovpn-file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Copy the airvpn ovpn file to /etc/openvpn
(may be not necessary)

openvpn /etc/openvpn/generated-airvpn.ovpn

You will now connect to airvpn.

A similar and more elegant solution is here:
https://blog.paranoidpenguin.net/2014/12/ipredator-openvpn-slackware-linux-14-1-setup/