Jump to content
Not connected, Your IP: 18.221.93.167
Sign in to follow this  
Mikkelmcl

Your forwarded ports to amule

Recommended Posts

I would like to get high ID in aMule but can not figure it out with the port because I have high ID when I turn off my VPN but low ID when I have the thought.

When I set up a TCP port will be the first green but when I put it in amule becomes gray and writes Not reachable on IP over the external port 1****, TCP protocol. Error: 111 - Connection refused.

what should I do about it??

Share this post


Link to post

I would like to get high ID in aMule but can not figure it out with the port because I have high ID when I turn off my VPN but low ID when I have the thought.

When I set up a TCP port will be the first green but when I put it in amule becomes gray and writes Not reachable on IP over the external port 1****, TCP protocol. Error: 111 - Connection refused.

what should I do about it??

Hello!

A grey token means that your service is not reachable. Please make sure that it is running and that the configured port in aMule matches the remotely forwarded port number, or the remapped local port number, and the protocol type (TCP or UDP). Also, keep in mind that aMule, contrarily to eMule, needs various additional forwarded ports: http://en.wikipedia.org/wiki/aMule

Have a look at our FAQ for further details on how to forward ports and to map local ports to remotely forwarded ports:

https://airvpn.org/faq

Please do not hesitate to contact us for any further information.

Kind regards

Share this post


Link to post

I would like to get high ID in aMule but can not figure it out with the port because I have high ID when I turn off my VPN but low ID when I have the thought.

When I set up a TCP port will be the first green but when I put it in amule becomes gray and writes Not reachable on IP over the external port 1****, TCP protocol. Error: 111 - Connection refused.

what should I do about it??

Hello!

A grey token means that your service is not reachable. Please make sure that it is running and that the configured TCP port in aMule matches the remotely forwarded port number, or the remapped local port number, and the protocol type (TCP or UDP). Also, keep in mind that aMule, contrarily to eMule, needs various additional forwarded ports: http://en.wikipedia.org/wiki/aMule

Have a look at our FAQ for further details on how to forward ports and to map local ports to remotely forwarded ports:

https://airvpn.org/faq

Please do not hesitate to contact us for any further information.

Kind regards

I have inside my Netgear and make the port to be open. I have written to the port I've made for amule into the forwarded ports also, I have included them in amule too but they keep and be gray yet

Share this post


Link to post

I have inside my Netgear and make the port to be open. I have written to the port I've made for amule into the forwarded ports also, I have included them in amule too but they keep and be gray yet

Hello!

Please do not forward your router ports for aMule. They have nothing to do with the problem and they expose your system to dangerous correlation attacks (further details: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1616&Itemid=142).

You should have obtained a "red" token, which underlines the danger. Since you have obtained a "grey token" AND you have forwarded also that port on your router, your service is not reachable neither on your real IP address nor on the AirVPN exit-IP address you're connected to.

Your account have further forwarded ports which are on "green" status. Just follow the same procedure for the port which still has a grey token. In particular, please check that the port number and its protocol on aMule match the remotely forwarded port number & protocol. If in doubt: select "TCP & UDP", do not remap to a local port, and just change the port(s) on aMule to match the remotely forwarded port number(s) (leave "Local Port" field empty).

Please do not hesitate to contact us for any further information.

Kind regards

Share this post


Link to post

I have inside my Netgear and make the port to be open. I have written to the port I've made for amule into the forwarded ports also, I have included them in amule too but they keep and be gray yet

Hello!

Please do not forward your router ports for aMule. They have nothing to do with the problem and they expose your system to dangerous correlation attacks (further details: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1616&Itemid=142).

You should have obtained a "red" token, which underlines the danger. Since you have obtained a "grey token" AND you have forwarded also that port on your router, your service is not reachable neither on your real IP address nor on the AirVPN exit-IP address you're connected to.

Your account have further forwarded ports which are on "green" status. Just follow the same procedure for the port which still has a grey token. In particular, please check that the port number and its protocol on aMule match the remotely forwarded port number & protocol. If in doubt: select "TCP & UDP", do not remap to a local port, and just change the port(s) on aMule to match the remotely forwarded port number(s) (leave "Local Port" field empty).

Please do not hesitate to contact us for any further information.

Kind regards

thanks for help now, there is a high ID on amule but now slices the

can not connect to the VPN it says invalid VPN

Share this post


Link to post

thanks for help now, there is a high ID on amule but now slices the

can not connect to the VPN it says invalid VPN

Hello!

Can you please tell us which program says "Invalid VPN"? Also, can you please describe all the steps you perform to obtain that message, and send us the OpenVPN connection logs?

Kind regards

Share this post


Link to post

thanks for help now, there is a high ID on amule but now slices the

can not connect to the VPN it says invalid VPN

Hello!

Can you please tell us which program says "Invalid VPN"? Also, can you please describe all the steps you perform to obtain that message, and send us the OpenVPN connection logs?

Kind regards

this is ubuntu it does often it just goes out of VPN also writes that it can not come back because it is a Invalid VPN?

where to find my OpenVPN connection logs?

Share this post


Link to post

this is ubuntu it does often it just goes out of VPN also writes that it can not come back because it is a Invalid VPN?

where to find my OpenVPN connection logs?

Hello!

Please launch OpenVPN with the log or log-append directive. Just put the directives in the air.ovpn configuration file or launch openvpn stating the directive option. For example:

sudo openvpn /path-to/air.ovpn --log-append filename

You will find the logs in the file .

Kind regards

Share this post


Link to post

this is ubuntu it does often it just goes out of VPN also writes that it can not come back because it is a Invalid VPN?

where to find my OpenVPN connection logs?

Hello!

Please launch OpenVPN with the log or log-append directive. Just put the directives in the air.ovpn configuration file or launch openvpn stating the directive option. For example:

<code>sudo openvpn /path-to/air.ovpn --log-append filename</code>

You will find the logs in the file <filename>.

Kind regards

is it here is openvpn??? criminals I do not know where I can find it???

OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

General Options:

--config file : Read configuration options from file.

--help : Show options.

--version : Show copyright and version information.

Tunnel Options:

--local host : Local host name or ip address. Implies --bind.

--remote host [port] : Remote host name or ip address.

--remote-random : If multiple --remote options specified, choose one randomly.

--remote-random-hostname : Add a random string to remote DNS name.

--mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'.

--proto p : Use protocol p for communicating with peer.

p = udp (default), tcp-server, or tcp-client

--proto-force p : only consider protocol p in list of connection profiles.

p = udp6, tcp6-server, or tcp6-client (ipv6)

--connect-retry n : For --proto tcp-client, number of seconds to wait

between connection retries (default=5).

--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).

--connect-retry-max n : Maximum connection attempt retries, default infinite.

--auto-proxy : Try to sense proxy settings (or lack thereof) automatically.

--http-proxy s p [up] [auth] : Connect to remote host

through an HTTP proxy at address s and port p.

If proxy authentication is required,

up is a file containing username/password on 2 lines, or

'stdin' to prompt from console. Add auth='ntlm' if

the proxy requires NTLM authentication.

--http-proxy s p 'auto[-nct]' : Like the above directive, but automatically

determine auth method and query for username/password

if needed. auto-nct disables weak proxy auth methods.

--http-proxy-retry : Retry indefinitely on HTTP proxy errors.

--http-proxy-timeout n : Proxy timeout in seconds, default=5.

--http-proxy-option type [parm] : Set extended HTTP proxy options.

Repeat to set multiple options.

VERSION version (default=1.0)

AGENT user-agent

--socks-proxy s [p] [up] : Connect to remote host through a Socks5 proxy at

address s and port p (default port = 1080).

If proxy authentication is required,

up is a file containing username/password on 2 lines, or

'stdin' to prompt for console.

--socks-proxy-retry : Retry indefinitely on Socks proxy errors.

--resolv-retry n: If hostname resolve fails for --remote, retry

resolve for n seconds before failing (disabled by default).

Set n="infinite" to retry indefinitely.

--float : Allow remote to change its IP address/port, such as through

DHCP (this is the default if --remote is not used).

--ipchange cmd : Execute shell command cmd on remote ip address initial

setting or change -- execute as: cmd ip-address port#

--port port : TCP/UDP port # for both local and remote.

--lport port : TCP/UDP port # for local (default=1194). Implies --bind.

--rport port : TCP/UDP port # for remote (default=1194).

--bind : Bind to local address and port. (This is the default unless

--proto tcp-client or --http-proxy or --socks-proxy is used).

--nobind : Do not bind to local address and port.

--dev tunX|tapX : tun/tap device (X can be omitted for dynamic device.

--dev-type dt : Which device type are we using? (dt = tun or tap) Use

this option only if the tun/tap device used with --dev

does not begin with "tun" or "tap".

--dev-node node : Explicitly set the device node rather than using

/dev/net/tun, /dev/tun, /dev/tap, etc.

--lladdr hw : Set the link layer address of the tap device.

--topology t : Set --dev tun topology: 'net30', 'p2p', or 'subnet'.

--tun-ipv6 : Build tun link capable of forwarding IPv6 traffic.

--ifconfig l rn : TUN: configure device to use IP address l as a local

endpoint and rn as a remote endpoint. l & rn should be

swapped on the other peer. l & rn must be private

addresses outside of the subnets used by either peer.

TAP: configure device to use IP address l as a local

endpoint and rn as a subnet mask.

--ifconfig-ipv6 l r : configure device to use IPv6 address l as local

endpoint (as a /64) and r as remote endpoint

--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead

pass --ifconfig parms by environment to scripts.

--ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the

connection doesn't match the remote side.

--route network [netmask] [gateway] [metric] :

Add route to routing table after connection

is established. Multiple routes can be specified.

netmask default: 255.255.255.255

gateway default: taken from --route-gateway or --ifconfig

Specify default by leaving blank or setting to "nil".

--route-ipv6 network/bits [gateway] [metric] :

Add IPv6 route to routing table after connection

is established. Multiple routes can be specified.

gateway default: taken from --route-ipv6-gateway or --ifconfig

--max-routes n : Specify the maximum number of routes that may be defined

or pulled from a server.

--route-gateway gw|'dhcp' : Specify a default gateway for use with --route.

--route-metric m : Specify a default metric for use with --route.

--route-delay n [w] : Delay n seconds after connection initiation before

adding routes (may be 0). If not specified, routes will

be added immediately after tun/tap open. On Windows, wait

up to w seconds for TUN/TAP adapter to come up.

--route-up cmd : Execute shell cmd after routes are added.

--route-noexec : Don't add routes automatically. Instead pass routes to

--route-up script using environmental variables.

--route-nopull : When used with --client or --pull, accept options pushed

by server EXCEPT for routes.

--allow-pull-fqdn : Allow client to pull DNS names from server for

--ifconfig, --route, and --route-gateway.

--redirect-gateway [flags]: Automatically execute routing

commands to redirect all outgoing IP traffic through the

VPN. Add 'local' flag if both OpenVPN servers are directly

connected via a common subnet, such as with WiFi.

Add 'def1' flag to set default route using using 0.0.0.0/1

and 128.0.0.0/1 rather than 0.0.0.0/0. Add 'bypass-dhcp'

flag to add a direct route to DHCP server, bypassing tunnel.

Add 'bypass-dns' flag to similarly bypass tunnel for DNS.

--redirect-private [flags]: Like --redirect-gateway, but omit actually changing

the default gateway. Useful when pushing private subnets.

--push-peer-info : (client only) push client info to server.

--setenv name value : Set a custom environmental variable to pass to script.

--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow

directives for future OpenVPN versions to be ignored.

--script-security level mode : mode='execve' (default) or 'system', level=

0 -- strictly no calling of external programs

1 -- (default) only call built-ins such as ifconfig

2 -- allow calling of built-ins and scripts

3 -- allow password to be passed to scripts via env

--shaper n : Restrict output to peer to n bytes per second.

--keepalive n m : Helper option for setting timeouts in server mode. Send

ping once every n seconds, restart if ping not received

for m seconds.

--inactive n [bytes] : Exit after n seconds of activity on tun/tap device

produces a combined in/out byte count < bytes.

--ping-exit n : Exit if n seconds pass without reception of remote ping.

--ping-restart n: Restart if n seconds pass without reception of remote ping.

--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a

remote address.

--ping n : Ping remote once every n seconds over TCP/UDP port.

--multihome : Configure a multi-homed UDP server.

--fast-io : (experimental) Optimize TUN/TAP/UDP writes.

--remap-usr1 s : On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM').

--persist-tun : Keep tun/tap device open across SIGUSR1 or --ping-restart.

--persist-remote-ip : Keep remote IP address across SIGUSR1 or --ping-restart.

--persist-local-ip : Keep local IP address across SIGUSR1 or --ping-restart.

--persist-key : Don't re-read key files across SIGUSR1 or --ping-restart.

--passtos : TOS passthrough (applies to IPv4 only).

--tun-mtu n : Take the tun/tap device MTU to be n and derive the

TCP/UDP MTU from it (default=1500).

--tun-mtu-extra n : Assume that tun/tap device might return as many

as n bytes more than the tun-mtu size on read

(default TUN=0 TAP=32).

--link-mtu n : Take the TCP/UDP device MTU to be n and derive the tun MTU

from it.

--mtu-disc type : Should we do Path MTU discovery on TCP/UDP channel?

'no' -- Never send DF (Don't Fragment) frames

'maybe' -- Use per-route hints

'yes' -- Always DF (Don't Fragment)

--mtu-test : Empirically measure and report MTU.

--fragment max : Enable internal datagram fragmentation so that no UDP

datagrams are sent which are larger than max bytes.

Adds 4 bytes of overhead per datagram.

--mssfix [n] : Set upper bound on TCP MSS, default = tun-mtu size

or --fragment max value, whichever is lower.

--sndbuf size : Set the TCP/UDP send buffer size.

--rcvbuf size : Set the TCP/UDP receive buffer size.

--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).

--mlock : Disable Paging -- ensures key material and tunnel

data will never be written to disk.

--up cmd : Shell cmd to execute after successful tun device open.

Execute as: cmd tun/tap-dev tun-mtu link-mtu \

ifconfig-local-ip ifconfig-remote-ip

(pre --user or --group UID/GID change)

--up-delay : Delay tun/tap open and possible --up script execution

until after TCP/UDP connection establishment with peer.

--down cmd : Shell cmd to run after tun device close.

(post --user/--group UID/GID change and/or --chroot)

(script parameters are same as --up option)

--down-pre : Call --down cmd/script before TUN/TAP close.

--up-restart : Run up/down scripts for all restarts including those

caused by --ping-restart or SIGUSR1

--user user : Set UID to user after initialization.

--group group : Set GID to group after initialization.

--chroot dir : Chroot to this directory after initialization.

--cd dir : Change to this directory before initialization.

--daemon [name] : Become a daemon after initialization.

The optional 'name' parameter will be passed

as the program name to the system logger.

--syslog [name] : Output to syslog, but do not become a daemon.

See --daemon above for a description of the 'name' parm.

--inetd [name] ['wait'|'nowait'] : Run as an inetd or xinetd server.

See --daemon above for a description of the 'name' parm.

--log file : Output log to file which is created/truncated on open.

--log-append file : Append log to file, or create file if nonexistent.

--suppress-timestamps : Don't log timestamps to stdout/stderr.

--writepid file : Write main process ID to file.

--nice n : Change process priority (>0 = lower, <0 = higher).

--echo [parms ...] : Echo parameters to log output.

--verb n : Set output verbosity to n (default=1):

(Level 3 is recommended if you want a good summary

of what's happening without being swamped by output).

: 0 -- no output except fatal errors

: 1 -- startup info + connection initiated messages +

non-fatal encryption & net errors

: 2,3 -- show TLS negotiations & route info

: 4 -- show parameters

: 5 -- show 'RrWw' chars on console for each packet sent

and received from TCP/UDP (caps) or tun/tap (lc)

: 6 to 11 -- debug messages of increasing verbosity

--mute n : Log at most n consecutive messages in the same category.

--status file n : Write operational status to file every n seconds.

--status-version [n] : Choose the status file format version number.

Currently, n can be 1, 2, or 3 (default=1).

--disable-occ : Disable options consistency check between peers.

--gremlin mask : Special stress testing mode (for debugging only).

--comp-lzo : Use fast LZO compression -- may add up to 1 byte per

packet for uncompressible data.

--comp-noadapt : Don't use adaptive compression when --comp-lzo

is specified.

--management ip port [pass] : Enable a TCP server on ip:port to handle

management functions. pass is a password file

or 'stdin' to prompt from console.

To listen on a unix domain socket, specific the pathname

in place of ip and use 'unix' as the port number.

--management-client : Management interface will connect as a TCP client to

ip/port rather than listen as a TCP server.

--management-query-passwords : Query management channel for private key

and auth-user-pass passwords.

--management-hold : Start OpenVPN in a hibernating state, until a client

of the management interface explicitly starts it.

--management-signal : Issue SIGUSR1 when management disconnect event occurs.

--management-forget-disconnect : Forget passwords when management disconnect

event occurs.

--management-log-cache n : Cache n lines of log file history for usage

by the management channel.

--management-client-user u : When management interface is a unix socket, only

allow connections from user u.

--management-client-group g : When management interface is a unix socket, only

allow connections from group g.

--management-client-auth : gives management interface client the responsibility

to authenticate clients after their client certificate

has been verified.

--management-client-pf : management interface clients must specify a packet

filter file for each connecting client.

--plugin m [str]: Load plug-in module m passing str as an argument

to its initialization function.

Multi-Client Server options (when --mode server is used):

--server network netmask : Helper option to easily configure server mode.

--server-ipv6 network/bits : Configure IPv6 server mode.

--server-bridge [iP netmask pool-start-IP pool-end-IP] : Helper option to

easily configure ethernet bridging server mode.

--push "option" : Push a config file option back to the peer for remote

execution. Peer must specify --pull in its config file.

--push-reset : Don't inherit global push list for specific

client instance.

--ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets

to be dynamically allocated to connecting clients.

--ifconfig-pool-linear : Use individual addresses rather than /30 subnets

in tun mode. Not compatible with Windows clients.

--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool

data to file, at seconds intervals (default=600).

If seconds=0, file will be treated as read-only.

--ifconfig-ipv6-pool base-IP/bits : set aside an IPv6 network block

to be dynamically allocated to connecting clients.

--ifconfig-push local remote-netmask : Push an ifconfig option to remote,

overrides --ifconfig-pool dynamic allocation.

Only valid in a client-specific config file.

--ifconfig-ipv6-push local/bits remote : Push an ifconfig-ipv6 option to

remote, overrides --ifconfig-ipv6-pool allocation.

Only valid in a client-specific config file.

--iroute network [netmask] : Route subnet to client.

--iroute-ipv6 network/bits : Route IPv6 subnet to client.

Sets up internal routes only.

Only valid in a client-specific config file.

--disable : Client is disabled.

Only valid in a client-specific config file.

--client-cert-not-required : Don't require client certificate, client

will authenticate using username/password.

--username-as-common-name : For auth-user-pass authentication, use

the authenticated username as the common name,

rather than the common name from the client cert.

--auth-user-pass-verify cmd method: Query client for username/password and

run script cmd to verify. If method='via-env', pass

user/pass via environment, if method='via-file', pass

user/pass via temporary file.

--opt-verify : Clients that connect with options that are incompatible

with those of the server will be disconnected.

--auth-user-pass-optional : Allow connections by clients that don't

specify a username/password.

--no-name-remapping : Allow Common Name and X509 Subject to include

any printable character.

--client-to-client : Internally route client-to-client traffic.

--duplicate-cn : Allow multiple clients with the same common name to

concurrently connect.

--client-connect cmd : Run script cmd on client connection.

--client-disconnect cmd : Run script cmd on client disconnection.

--client-config-dir dir : Directory for custom client config files.

--ccd-exclusive : Refuse connection unless custom client config is found.

--tmp-dir dir : Temporary directory, used for --client-connect return file and plugin communication.

--hash-size r v : Set the size of the real address hash table to r and the

virtual address table to v.

--bcast-buffers n : Allocate n broadcast buffers.

--tcp-queue-limit n : Maximum number of queued TCP output packets.

--tcp-nodelay : Macro that sets TCP_NODELAY socket flag on the server

as well as pushes it to connecting clients.

--learn-address cmd : Run script cmd to validate client virtual addresses.

--connect-freq n s : Allow a maximum of n new connections per s seconds.

--max-clients n : Allow a maximum of n simultaneously connected clients.

--max-routes-per-client n : Allow a maximum of n internal routes per client.

--port-share host port : When run in TCP mode, proxy incoming HTTPS sessions

to a web server at host:port.

Client options (when connecting to a multi-client server):

--client : Helper option to easily configure client mode.

--auth-user-pass [up] : Authenticate with server using username/password.

up is a file containing username/password on 2 lines,

or omit to prompt from console.

--pull : Accept certain config file options from the peer as if they

were part of the local config file. Must be specified

when connecting to a '--mode server' remote host.

--auth-retry t : How to handle auth failures. Set t to

none (default), interact, or nointeract.

--server-poll-timeout n : when polling possible remote servers to connect to

in a round-robin fashion, spend no more than n seconds

waiting for a response before trying the next server.

--explicit-exit-notify [n] : On exit/restart, send exit signal to

server/remote. n = # of retries, default=1.

Data Channel Encryption Options (must be compatible between peers):

(These options are meaningful for both Static Key & TLS-mode)

--secret f [d] : Enable Static Key encryption mode (non-TLS).

Use shared secret file f, generate with --genkey.

The optional d parameter controls key directionality.

If d is specified, use separate keys for each

direction, set d=0 on one side of the connection,

and d=1 on the other side.

--auth alg : Authenticate packets with HMAC using message

digest algorithm alg (default=SHA1).

(usually adds 16 or 20 bytes per packet)

Set alg=none to disable authentication.

--cipher alg : Encrypt packets with cipher algorithm alg

(default=BF-CBC).

Set alg=none to disable encryption.

--prng alg [nsl] : For PRNG, use digest algorithm alg, and

nonce_secret_len=nsl. Set alg=none to disable PRNG.

--keysize n : Size of cipher key in bits (optional).

If unspecified, defaults to cipher-specific default.

--engine [name] : Enable OpenSSL hardware crypto engine functionality.

--no-replay : Disable replay protection.

--mute-replay-warnings : Silence the output of replay warnings to log file.

--replay-window n [t] : Use a replay protection sliding window of size n

and a time window of t seconds.

Default n=64 t=15

--no-iv : Disable cipher IV -- only allowed with CBC mode ciphers.

--replay-persist file : Persist replay-protection state across sessions

using file.

--test-crypto : Run a self-test of crypto features enabled.

For debugging only.

TLS Key Negotiation Options:

(These options are meaningful only for TLS-mode)

--tls-server : Enable TLS and assume server role during TLS handshake.

--tls-client : Enable TLS and assume client role during TLS handshake.

--key-method m : Data channel key exchange method. m should be a method

number, such as 1 (default), 2, etc.

--ca file : Certificate authority file in .pem format containing

root certificate.

--capath dir : A directory of trusted certificates (CAs and CRLs).

--dh file : File containing Diffie Hellman parameters

in .pem format (for --tls-server only).

Use "openssl dhparam -out dh1024.pem 1024" to generate.

--cert file : Local certificate in .pem format -- must be signed

by a Certificate Authority in --ca file.

--key file : Local private key in .pem format.

--pkcs12 file : PKCS#12 file containing local private key, local certificate

and optionally the root CA certificate.

--tls-cipher l : A list l of allowable TLS ciphers separated by : (optional).

: Use --show-tls to see a list of supported TLS ciphers.

--tls-timeout n : Packet retransmit timeout on TLS control channel

if no ACK from remote within n seconds (default=2).

--reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd.

--reneg-pkts n : Renegotiate data chan. key after n packets sent and recvd.

--reneg-sec n : Renegotiate data chan. key after n seconds (default=3600).

--hand-window n : Data channel key exchange must finalize within n seconds

of handshake initiation by any peer (default=60).

--tran-window n : Transition window -- old key can live this many seconds

after new key renegotiation begins (default=3600).

--single-session: Allow only one session (reset state on restart).

--tls-exit : Exit on TLS negotiation failure.

--tls-auth f [d]: Add an additional layer of authentication on top of the TLS

control channel to protect against DoS attacks.

f (required) is a shared-secret passphrase file.

The optional d parameter controls key directionality,

see --secret option for more info.

--askpass [file]: Get PEM password from controlling tty before we daemonize.

--auth-nocache : Don't cache --askpass or --auth-user-pass passwords.

--crl-verify crl: Check peer certificate against a CRL.

--tls-verify cmd: Execute shell command cmd to verify the X509 name of a

pending TLS connection that has otherwise passed all other

tests of certification. cmd should return 0 to allow

TLS handshake to proceed, or 1 to fail. (cmd is

executed as 'cmd certificate_depth X509_NAME_oneline')

--tls-export-cert [directory] : Get peer cert in PEM format and store it

in an openvpn temporary file in [directory]. Peer cert is

stored before tls-verify script execution and deleted after.

--tls-remote x509name: Accept connections only from a host with X509 name

x509name. The remote host must also pass all other tests

of verification.

--ns-cert-type t: Require that peer certificate was signed with an explicit

nsCertType designation t = 'client' | 'server'.

--remote-cert-ku v ... : Require that the peer certificate was signed with

explicit key usage, you can specify more than one value.

value should be given in hex format.

--remote-cert-eku oid : Require that the peer certificate was signed with

explicit extended key usage. Extended key usage can be encoded

as an object identifier or OpenSSL string representation.

--remote-cert-tls t: Require that peer certificate was signed with explicit

key usage and extended key usage based on RFC3280 TLS rules.

t = 'client' | 'server'.

PKCS#11 Options:

--pkcs11-providers provider ... : PKCS#11 provider to load.

--pkcs11-protected-authentication [0|1] ... : Use PKCS#11 protected authentication

path. Set for each provider.

--pkcs11-private-mode hex ... : PKCS#11 private key mode mask.

0 : Try to determind automatically (default).

1 : Use Sign.

2 : Use SignRecover.

4 : Use Decrypt.

8 : Use Unwrap.

--pkcs11-cert-private [0|1] ... : Set if login should be performed before

certificate can be accessed. Set for each provider.

--pkcs11-pin-cache seconds : Number of seconds to cache PIN. The default is -1

cache until token is removed.

--pkcs11-id-management : Acquire identity from management interface.

--pkcs11-id serialized-id 'id' : Identity to use, get using standalone --show-pkcs11-ids

SSL Library information:

--show-ciphers : Show cipher algorithms to use with --cipher option.

--show-digests : Show message digest algorithms to use with --auth option.

--show-engines : Show hardware crypto accelerator engines (if available).

--show-tls : Show all TLS ciphers (TLS used only as a control channel).

Generate a random key (only for non-TLS static key encryption mode):

--genkey : Generate a random key to be used as a shared secret,

for use with the --secret option.

--secret file : Write key to file.

Tun/tap config mode (available with linux 2.4+):

--mktun : Create a persistent tunnel.

--rmtun : Remove a persistent tunnel.

--dev tunX|tapX : tun/tap device

--dev-type dt : Device type. See tunnel options above for details.

--user user : User to set privilege to.

--group group : Group to set privilege to.

PKCS#11 standalone options:

--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.

--verb option can be added *BEFORE* this.

Share this post


Link to post

is it here is openvpn??? criminals I do not know where I can find it???

OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

Hello!

Not sure to understand the question. If what you pasted is the output of the command "openvpn", then you have openvpn installed in your Ubuntu box.

If you wish to know where it is located, try

whereis openvpn

If you need to install it, try (as superuser):

aptitude install openvpn

or you might just upgrade it:

aptitude upgrade openvpn

Finally please follow the instructions. Remember to generate certificates, configuration and key with "Member Area"->"Access without our client" and paste the 4 files you will find inside the archive air.zip where appropriate.

Kind regards

Share this post


Link to post

mikkelmcl@mikkelmcl-System-Product-Name:~$ whereis openvpn

openvpn: /usr/sbin/openvpn /etc/openvpn /usr/lib/openvpn /usr/include/openvpn /usr/share/openvpn /usr/share/man/man8/openvpn.8.gz

what should I write now and find OpenVPN

Share this post


Link to post

mikkelmcl@mikkelmcl-System-Product-Name:~$ whereis openvpn

openvpn: /usr/sbin/openvpn /etc/openvpn /usr/lib/openvpn /usr/include/openvpn /usr/share/openvpn /usr/share/man/man8/openvpn.8.gz

what should I write now and find OpenVPN

Hello!

Let's assume that you paste all the 4 files (certificates, key and configuration that you find in air.zip) in a certain directory, let's say /home/mikkelmcl/airvpn

Then you might just type:

sudo /usr/sbin/openvpn /home/mikkelmcl/airvpn/air.ovpn --log-append /home/mikkelmcl/airvpn/airvpn.log

After that, open airvpn.log with any text editor, copy its content and paste here.

Kind regards

Share this post


Link to post

the 4 files are in a directory called air

mikkelmcl@mikkelmcl-System-Product-Name:~$ sudo /usr/sbin/openvpn /home/mikkelmcl/air/air.ovpn --log-append /home/mikkelmcl/air/airvpn.log

Options error: I'm trying to parse "/home/mikkelmcl/air/air.ovpn" as an --option parameter but I don't see a leading '--'

Use --help for more information.

what do I do wrong

Share this post


Link to post

the 4 files are in a directory called air

mikkelmcl@mikkelmcl-System-Product-Name:~$ sudo /usr/sbin/openvpn /home/mikkelmcl/air/air.ovpn --log-append /home/mikkelmcl/air/airvpn.log

Options error: I'm trying to parse "/home/mikkelmcl/air/air.ovpn" as an --option parameter but I don't see a leading '--'

Use --help for more information.

what do I do wrong

Hello!

Whoops, sorry, type this:

sudo /usr/sbin/openvpn --config /home/mikkelmcl/air/air.ovpn --log-append /home/mikkelmcl/air/airvpn.log

Kind regards

Share this post


Link to post

could not open the file you do not have the necessary permissions to open the file???

Hello!

Which file?

[EDIT]

If you refer to airvpn.log, it's because it's generated by openvpn running as su. Access it for example with:

sudo nano airvpn.log

copy all the content and paste here.

Or you could copy & paste through xclip. Examples:

If you use the KDE desktop manager:

kdesudo xclip airvpn.log

then paste with the central mouse button.

If you use the Gnome desktop manager:

gksudo xclip airvpn.log

then paste with the central mouse button.

xclip reads from standard in, or from one or more files, and makes the data available as an X selection for pasting into X applications.

Kind regards

Share this post


Link to post

Thu Mar 8 02:21:08 2012 OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

Thu Mar 8 02:21:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Mar 8 02:21:08 2012 Cannot load certificate file user.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_C$

Thu Mar 8 02:21:08 2012 Exiting

Share this post


Link to post

Thu Mar 8 02:21:08 2012 OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

Thu Mar 8 02:21:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Mar 8 02:21:08 2012 Cannot load certificate file user.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_C$

Thu Mar 8 02:21:08 2012 Exiting

Hello!

The air.ovpn configuration file has no absolute path to certificates and key files. Before launching openvpn, either you edit the air.ovpn or you make sure to be in the correct directory, for example

cd /home/mikkelmcl/air

Kind regards

Share this post


Link to post

I do not understand it I only get it from and is in the correct folder type cd air

also sudo nano airvpn.log

Hello!

Is the file user.crt in the same directory where air.ovpn, ca.crt and user.key are? The error message clearly says that user.crt could not be found.

sudo nano airvpn.log
just opens the nano editor with su privileges and loads the file airvpn.log. Once inside, you can select the text with the mouse, then right-click and select "Copy".

Kind regards

Share this post


Link to post

user.crt in the same directory where air.ovpn, ca.crt and user.key are

i are all the same in the same folder.

what a progarm should I use to and open the ones I've tried will not open the file

Share this post


Link to post

user.crt in the same directory where air.ovpn, ca.crt and user.key are

i are all the same in the same folder.

what a progarm should I use to and open the ones I've tried will not open the file

Hello!

So, to summarize and simplify:

cd /home/mikkelmcl/air
sudo openvpn --config air.ovpn --log-append airvpn.log

Wait a minute until the connection is established, then browse to https://airvpn.org. Check the central box in the bottom of the page. If it's green and says "Connected!" then you have successfully connected. From now on you might like to use some graphical user interface for OpenVPN if you don't feel comfortable with command lines.

On the contrary, if the central box is red and says "Not connected", send us the airvpn.log file. Since it requires root privileges to be accessed, open it with

sudo nano airvpn.log

If the nano editor is not installed, install it with

sudo aptitude install nano

or use your favourite editor, or copy to clipboard with xclip as said before.

We're looking forward to hearing from you.

Kind regards

Share this post


Link to post

Thu Mar 8 02:21:08 2012 OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

Thu Mar 8 02:21:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Mar 8 02:21:08 2012 Cannot load certificate file user.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_C$

Thu Mar 8 02:21:08 2012 Exiting

Thu Mar 8 16:02:27 2012 OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

Thu Mar 8 16:02:27 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Mar 8 16:02:27 2012 WARNING: file 'user.key' is group or others accessible

Thu Mar 8 16:02:27 2012 LZO compression initialized

Thu Mar 8 16:02:27 2012 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Thu Mar 8 16:02:27 2012 Socket Buffers: R=[126976->131072] S=[126976->131072]

Thu Mar 8 16:02:27 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Thu Mar 8 16:02:27 2012 Local Options hash (VER=V4): '22188c5b'

Thu Mar 8 16:02:27 2012 Expected Remote Options hash (VER=V4): 'a8f55717'

Thu Mar 8 16:02:27 2012 UDPv4 link local: [undef]

Thu Mar 8 16:02:27 2012 UDPv4 link remote: [AF_INET]178.248.29.132:443

Thu Mar 8 16:02:27 2012 TLS: Initial packet from [AF_INET]178.248.29.132:443, sid=c5fc376f f1cd7ab5

Thu Mar 8 16:02:28 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Thu Mar 8 16:02:28 2012 VERIFY OK: nsCertType=SERVER

Thu Mar 8 16:02:28 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Thu Mar 8 16:02:29 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Thu Mar 8 16:02:29 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Mar 8 16:02:29 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Thu Mar 8 16:02:29 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Mar 8 16:02:29 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Thu Mar 8 16:02:29 2012 [server] Peer Connection Initiated with [AF_INET]178.248.29.132:443

Thu Mar 8 16:02:31 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Thu Mar 8 16:02:31 2012 AUTH: Received AUTH_FAILED control message

Thu Mar 8 16:02:31 2012 SIGTERM received, sending exit notification to peer

Thu Mar 8 16:02:36 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Thu Mar 8 16:02:36 2012 TCP/UDP: Closing socket

Thu Mar 8 16:02:36 2012 SIGTERM[soft,exit-with-notification] received, process exiting

Thu Mar 8 16:02:53 2012 OpenVPN 2.2.0 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011

Thu Mar 8 16:02:53 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Mar 8 16:02:53 2012 WARNING: file 'user.key' is group or others accessible

Thu Mar 8 16:02:53 2012 LZO compression initialized

Thu Mar 8 16:02:53 2012 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Thu Mar 8 16:02:53 2012 Socket Buffers: R=[126976->131072] S=[126976->131072]

Thu Mar 8 16:02:53 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Thu Mar 8 16:02:53 2012 Local Options hash (VER=V4): '22188c5b'

Thu Mar 8 16:02:53 2012 Expected Remote Options hash (VER=V4): 'a8f55717'

Thu Mar 8 16:02:53 2012 UDPv4 link local: [undef]

Thu Mar 8 16:02:53 2012 UDPv4 link remote: [AF_INET]178.248.29.132:443

Thu Mar 8 16:02:53 2012 TLS: Initial packet from [AF_INET]178.248.29.132:443, sid=8fe2bc2f c5a4f58c

Thu Mar 8 16:02:53 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Thu Mar 8 16:02:53 2012 VERIFY OK: nsCertType=SERVER

Thu Mar 8 16:02:53 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Thu Mar 8 16:02:54 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Thu Mar 8 16:02:54 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Mar 8 16:02:54 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Thu Mar 8 16:02:54 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Mar 8 16:02:54 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Thu Mar 8 16:02:54 2012 [server] Peer Connection Initiated with [AF_INET]178.248.29.132:443

Thu Mar 8 16:02:56 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Thu Mar 8 16:03:01 2012 TCP/UDP: Closing socket

Thu Mar 8 16:03:01 2012 SIGTERM[soft,exit-with-notification] received, process exiting

Share this post


Link to post

Hello!

Excellent, all the problems are solved. The AUTH_FAILED error you see was probably due to a double connection attempt (remember that you can't double-connect an account).

Now that you have made sure that OpenVPN works, you can cofigure a GUI for additional comfort of usage. In our website you can find instructions for network-manager.

Please do not hesitate to contact us for any further information.

Kind regards

Share this post


Link to post

yes it run well but when I get the log of the VPN it takes 2-4 attempts before I can come back and any time I need to restart your computer and it is normal that I need it??

where can I find the GUI instructions for network-manager??

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...