Jump to content
Not connected, Your IP: 18.117.72.24
kohlmitohren

Trying to connect with my Raspberry Pi

Recommended Posts

Hi,

 

i am trying to connect my Raspberry Pi 2 to AirVPN with OpenVPN but i seem to do something wrong. All this worked a month ago, but for some strange reason it won't anymore.

 

It's a fresh Raspbian install with Kodi, Kvirc and OpenVPN additionally installed.

By doing : 

pi@raspberrypi:~ $ sudo openvpn Gianfar.ovpn

 

i get the following output

Thu Mar  3 19:08:42 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Thu Mar  3 19:08:42 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Thu Mar  3 19:08:42 2016 Control Channel Authentication: tls-auth using INLINE static key file
Thu Mar  3 19:08:42 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 19:08:42 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 19:08:42 2016 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu Mar  3 19:08:42 2016 UDPv4 link local: [undef]
Thu Mar  3 19:08:42 2016 UDPv4 link remote: [AF_INET]213.152.161.100:443
Thu Mar  3 19:08:42 2016 TLS: Initial packet from [AF_INET]213.152.161.100:443, sid=c0f2c659 febdba30
Thu Mar  3 19:08:42 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Thu Mar  3 19:08:42 2016 Validating certificate key usage
Thu Mar  3 19:08:42 2016 ++ Certificate has key usage  00a0, expects 00a0
Thu Mar  3 19:08:42 2016 VERIFY KU OK
Thu Mar  3 19:08:42 2016 Validating certificate extended key usage
Thu Mar  3 19:08:42 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Mar  3 19:08:42 2016 VERIFY EKU OK
Thu Mar  3 19:08:42 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Thu Mar  3 19:08:50 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Mar  3 19:08:50 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 19:08:50 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Mar  3 19:08:50 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 19:08:50 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Thu Mar  3 19:08:50 2016 [server] Peer Connection Initiated with [AF_INET]213.152.161.100:443
Thu Mar  3 19:08:52 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Mar  3 19:08:52 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.46.181 255.255.0.0'
Thu Mar  3 19:08:52 2016 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar  3 19:08:52 2016 OPTIONS IMPORT: LZO parms modified
Thu Mar  3 19:08:52 2016 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar  3 19:08:52 2016 OPTIONS IMPORT: route options modified
Thu Mar  3 19:08:52 2016 OPTIONS IMPORT: route-related options modified
Thu Mar  3 19:08:52 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Mar  3 19:08:52 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:3a:05:f8
Thu Mar  3 19:08:52 2016 TUN/TAP device tun0 opened
Thu Mar  3 19:08:52 2016 TUN/TAP TX queue length set to 100
Thu Mar  3 19:08:52 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar  3 19:08:52 2016 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar  3 19:08:52 2016 /sbin/ip addr add dev tun0 10.4.46.181/16 broadcast 10.4.255.255
Thu Mar  3 19:08:57 2016 /sbin/ip route add 213.152.161.100/32 via 192.168.0.1
Thu Mar  3 19:08:57 2016 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1
Thu Mar  3 19:08:57 2016 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1
Thu Mar  3 19:08:57 2016 Initialization Sequence Completed

 

so everything should work fine...

 

But i dont get any connection with the Webbrowser nor with Kvirc.

pi@raspberrypi:~ $ ping 8.8.8.8

 

gives the following results

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=37.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=49 time=49.3 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=49 time=37.6 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=49 time=37.0 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=49 time=38.6 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=49 time=46.8 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=49 time=38.6 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=49 time=38.7 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=49 time=38.7 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=49 time=38.5 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9014ms
rtt min/avg/max/mdev = 37.069/40.179/49.350/4.037 ms

 

 

 

pi@raspberrypi:~ $ netstat -r -e

 

gives the following:

Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         10.4.0.1        128.0.0.0       UG    0      0        0 tun0
default         192.168.0.1     0.0.0.0         UG    202    0        0 eth0
10.4.0.0        *               255.255.0.0     U     0      0        0 tun0
128.0.0.0       10.4.0.1        128.0.0.0       UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     202    0        0 eth0
213.152.161.100 192.168.0.1     255.255.255.255 UGH   0      0        0 eth0

 

 

 

Anybody got an idea what is wrong? Am I missing something?

 

Looking forward to any help.

 

 

 

 

The .ovpn configfile just for references:

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 2nd of March 2016 06:31:56 PM
# OpenVPN Client Configuration.
# AirVPN_NL-Alblasserdam_Gianfar_UDP-443
# --------------------------------------------------------

client
dev tun
proto udp
remote 213.152.161.100 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
<ca>

 

 

Share this post


Link to post

Your connection is working fine - you got a tun0 IP assigned (10.4.46.181), your routes are set and you can ping 8.8.8.8

according to your tests. This means you will have to continue troubleshooting the application/DNS part, for example what

happens when you try accessing websites by their IP and not the DNS, or what happens when you try to connect to a

specific port with nc utility.

nc -vvv airvpn.org 80


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

When it's connected have a look at the resolv.conf file

 

/etc/resolv.conf
 

I had an absoloute nightmare building myself a vpn gateway out of a pi because it keeps getting overwritten by network manager, every time I connected it got set too 127.0.0.1 and I wasn't running dnsmasq so there was nothing to resolv DNS and it ended up trying to use it's own loopback to resolv DNS which will just fail, got it working happily now and even have a web interface to select which ovpn file I want to use

 

If I can find my notes on the solution then I'll post back here, but thats the direction I'd look as it's sounding like the same issue I had

Regards

 

Me
 

Share this post


Link to post

TL;DR: It works now, but i dont know why. I did not change anything

 

Thanks to you two for your responses and help.

 

I did as you both suggested:

  • I was able to access websites with IP so it had to be a DNS problem, connecting to irc via IP also worked
  • nc -vvv airvpn.org 80 or similar obviously did not work, but by using an IP it worked 
  • /etc/resolv.conf looked good (showed IP 10.4.0.1)

I still do not know what causes this problem, but I am somehow able to surf normally again. Altough i got no clue why...

 

However I would very much appreciate your notes on your problem and the according solution as well as your web interface (sounds fancy).

Share this post


Link to post

you should have this in your config file:

 

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
 

I believe the scripts ship from AirVPN with the client bundle for linux

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...