kohlmitohren 0 Posted ... Hi, i am trying to connect my Raspberry Pi 2 to AirVPN with OpenVPN but i seem to do something wrong. All this worked a month ago, but for some strange reason it won't anymore. It's a fresh Raspbian install with Kodi, Kvirc and OpenVPN additionally installed.By doing : pi@raspberrypi:~ $ sudo openvpn Gianfar.ovpn i get the following output Thu Mar 3 19:08:42 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016 Thu Mar 3 19:08:42 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08 Thu Mar 3 19:08:42 2016 Control Channel Authentication: tls-auth using INLINE static key file Thu Mar 3 19:08:42 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 3 19:08:42 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 3 19:08:42 2016 Socket Buffers: R=[163840->131072] S=[163840->131072] Thu Mar 3 19:08:42 2016 UDPv4 link local: [undef] Thu Mar 3 19:08:42 2016 UDPv4 link remote: [AF_INET]213.152.161.100:443 Thu Mar 3 19:08:42 2016 TLS: Initial packet from [AF_INET]213.152.161.100:443, sid=c0f2c659 febdba30 Thu Mar 3 19:08:42 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Thu Mar 3 19:08:42 2016 Validating certificate key usage Thu Mar 3 19:08:42 2016 ++ Certificate has key usage 00a0, expects 00a0 Thu Mar 3 19:08:42 2016 VERIFY KU OK Thu Mar 3 19:08:42 2016 Validating certificate extended key usage Thu Mar 3 19:08:42 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Mar 3 19:08:42 2016 VERIFY EKU OK Thu Mar 3 19:08:42 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Thu Mar 3 19:08:50 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 3 19:08:50 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 3 19:08:50 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 3 19:08:50 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 3 19:08:50 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA Thu Mar 3 19:08:50 2016 [server] Peer Connection Initiated with [AF_INET]213.152.161.100:443 Thu Mar 3 19:08:52 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Mar 3 19:08:52 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.46.181 255.255.0.0' Thu Mar 3 19:08:52 2016 OPTIONS IMPORT: timers and/or timeouts modified Thu Mar 3 19:08:52 2016 OPTIONS IMPORT: LZO parms modified Thu Mar 3 19:08:52 2016 OPTIONS IMPORT: --ifconfig/up options modified Thu Mar 3 19:08:52 2016 OPTIONS IMPORT: route options modified Thu Mar 3 19:08:52 2016 OPTIONS IMPORT: route-related options modified Thu Mar 3 19:08:52 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Mar 3 19:08:52 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:3a:05:f8 Thu Mar 3 19:08:52 2016 TUN/TAP device tun0 opened Thu Mar 3 19:08:52 2016 TUN/TAP TX queue length set to 100 Thu Mar 3 19:08:52 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Mar 3 19:08:52 2016 /sbin/ip link set dev tun0 up mtu 1500 Thu Mar 3 19:08:52 2016 /sbin/ip addr add dev tun0 10.4.46.181/16 broadcast 10.4.255.255 Thu Mar 3 19:08:57 2016 /sbin/ip route add 213.152.161.100/32 via 192.168.0.1 Thu Mar 3 19:08:57 2016 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1 Thu Mar 3 19:08:57 2016 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1 Thu Mar 3 19:08:57 2016 Initialization Sequence Completed so everything should work fine... But i dont get any connection with the Webbrowser nor with Kvirc. pi@raspberrypi:~ $ ping 8.8.8.8 gives the following results PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=37.6 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=49 time=49.3 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=49 time=37.6 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=49 time=37.0 ms 64 bytes from 8.8.8.8: icmp_seq=5 ttl=49 time=38.6 ms 64 bytes from 8.8.8.8: icmp_seq=6 ttl=49 time=46.8 ms 64 bytes from 8.8.8.8: icmp_seq=7 ttl=49 time=38.6 ms 64 bytes from 8.8.8.8: icmp_seq=8 ttl=49 time=38.7 ms 64 bytes from 8.8.8.8: icmp_seq=9 ttl=49 time=38.7 ms 64 bytes from 8.8.8.8: icmp_seq=10 ttl=49 time=38.5 ms ^C --- 8.8.8.8 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9014ms rtt min/avg/max/mdev = 37.069/40.179/49.350/4.037 ms pi@raspberrypi:~ $ netstat -r -e gives the following: Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface default 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 default 192.168.0.1 0.0.0.0 UG 202 0 0 eth0 10.4.0.0 * 255.255.0.0 U 0 0 0 tun0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 192.168.0.0 * 255.255.255.0 U 202 0 0 eth0 213.152.161.100 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0 Anybody got an idea what is wrong? Am I missing something? Looking forward to any help. The .ovpn configfile just for references: # -------------------------------------------------------- # Air VPN | https://airvpn.org | Wednesday 2nd of March 2016 06:31:56 PM # OpenVPN Client Configuration. # AirVPN_NL-Alblasserdam_Gianfar_UDP-443 # -------------------------------------------------------- client dev tun proto udp remote 213.152.161.100 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo no route-delay 5 verb 3 explicit-exit-notify 5 <ca> Quote Share this post Link to post
zhang888 1066 Posted ... Your connection is working fine - you got a tun0 IP assigned (10.4.46.181), your routes are set and you can ping 8.8.8.8according to your tests. This means you will have to continue troubleshooting the application/DNS part, for example whathappens when you try accessing websites by their IP and not the DNS, or what happens when you try to connect to aspecific port with nc utility.nc -vvv airvpn.org 80 Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Mikeoxlarge 0 Posted ... When it's connected have a look at the resolv.conf file /etc/resolv.conf I had an absoloute nightmare building myself a vpn gateway out of a pi because it keeps getting overwritten by network manager, every time I connected it got set too 127.0.0.1 and I wasn't running dnsmasq so there was nothing to resolv DNS and it ended up trying to use it's own loopback to resolv DNS which will just fail, got it working happily now and even have a web interface to select which ovpn file I want to use If I can find my notes on the solution then I'll post back here, but thats the direction I'd look as it's sounding like the same issue I hadRegards Me Quote Share this post Link to post
kohlmitohren 0 Posted ... TL;DR: It works now, but i dont know why. I did not change anything Thanks to you two for your responses and help. I did as you both suggested:I was able to access websites with IP so it had to be a DNS problem, connecting to irc via IP also workednc -vvv airvpn.org 80 or similar obviously did not work, but by using an IP it worked /etc/resolv.conf looked good (showed IP 10.4.0.1)I still do not know what causes this problem, but I am somehow able to surf normally again. Altough i got no clue why... However I would very much appreciate your notes on your problem and the according solution as well as your web interface (sounds fancy). Quote Share this post Link to post
airvpnclient 13 Posted ... you should have this in your config file: script-security 2up /etc/openvpn/update-resolv-confdown /etc/openvpn/update-resolv-conf I believe the scripts ship from AirVPN with the client bundle for linux Quote Share this post Link to post