Jump to content
Not connected, Your IP: 3.209.80.87
mimosa67

failure to connect on Slackware

Recommended Posts

I've been using AirVPN with no problems for some time, running on a router. But when I try and set it up on my desktop instead, it won't connect. Using Network Manager, giving it the .ovpn file to "Import as a saved VPN configuration", it authenticates ok and appears to be connected, but is not in fact. When I try manually by doing

 

sudo openvpn Air*.ovpn

 

the connection fails after authentication with the following messages:

 

 

Tue Jul 26 07:29:44 2016 ROUTE_GATEWAY XXXXXXXX
Tue Jul 26 07:29:44 2016 TUN/TAP device tun0 opened
Tue Jul 26 07:29:44 2016 TUN/TAP TX queue length set to 100
Tue Jul 26 07:29:44 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 26 07:29:44 2016 /usr/sbin/ip link set dev tun0 up mtu 1500
Tue Jul 26 07:29:44 2016 Linux ip link set failed: could not execute external program
Tue Jul 26 07:29:44 2016 Exiting due to fatal error

There is no "ip" application on my system or in the Slackware repositories. However, I get the same error with another VPN provider when connecting on the command line, but their service works (intermittently) with Network Manager's openvpn plugin.

 

If openvpn is run without root privileges, the connection fails just before:

Tue Jul 26 07:39:05 2016 ROUTE_GATEWAY XXXXXXXXXXX
Tue Jul 26 07:39:05 2016 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Tue Jul 26 07:39:05 2016 Exiting due to fatal error
 

Apparently, the non-existent "ip" application requires root privileges. The other VPN provider fails in exactly the same way without them, so this is not a problem specific to the provider, it is something to do with my Linux setup.

 

The failure to connect using the NM GUI is quite possibly entirely unrelated. Ideally, I'd like to be able to do it both ways.

 

EDIT

 

Here is some more output, this time from NM to syslog:

 

Jul 26 08:38:16 darkstar nm-openvpn[4174]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 26 08:38:18 darkstar nm-openvpn[4174]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Jul 26 08:38:18 darkstar nm-openvpn[4174]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jul 26 08:38:31 darkstar nm-openvpn[4174]: write to TUN/TAP : Invalid argument (code=22)
Jul 26 08:39:01 darkstar last message repeated 3 times
Jul 26 08:39:41 darkstar last message repeated 4 times
 

 

 

Share this post


Link to post

Thank you! I was just wondering if it was one of those. That's really useful to know, this is not the first time I've been stumped by the expectation ip would be on my system.

Share this post


Link to post

Now I've got another problem, though - a DNS leak. I've already tried disallowing IPV6 with sysctl, but it doesn't help. I'm not really sure what more information might be helpful.

Share this post


Link to post

I'm not sure what that is, but here's the whole thing:

 

# Generated by NetworkManager
search VodafoneMobile.wifivodafonemobile.api
nameserver 192.168.0.1 #that is the interface to the router
 

 

Looks suspicious, doesn't it?

 

I was using Network Manager earlier (and indeed, would love to know how to connect to AirVPN that way, too).

Share this post


Link to post

You have to make a new entry, which should be placed on top, with:

nameserver 10.4.0.1

 

You can then leave 192.168.0.1 as a backup when not connected to VPN.

In Linux, the nameservers will be queried according to their order in resolv.conf.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Zhang, thanks, that immediately plugged the leak, without even the need to reconnect. But I would like to understand a bit better what I have done here. What is that IP? Is it linked specifically to AirVPN, or would it work with any VPN provider to stop the leak? And how did Vodafone (whose 3G service I am currently using as a stopgap) manage to get that in there? If I deleted it, would I be unable to connect to their service?

 

When testing for DNS leaks, sometimes I see e.g. Google servers, is this ok or is that a leak too? That is, do I just want to not see any results from my own ISP, and anything else is ok? On www.dnsleaktest.com, it says something that seems to suggest the opposite (only the VPN's server is ok):
 

If you are connected to a VPN service and ANY of the servers listed above are not provided by the VPN service then you have a DNS leak and are choosing to trust the owners of the above servers with your private data.

 

I tried using 208.67.222.222 (OpenDNS server) instead of 10.4.0.1, would that also be effective?

 

I will read up on nameserver, DNS and resolv.conf, but I would still be very grateful for any pointers you can give me.

Share this post


Link to post

Hello,
 
there are no DNS leaks in GNU/Linux. If your system queries for example OpenDNS while the system is connected to some VPN server, the DNS queries will be anyway tunneled up to the VPN servers, before going to OpenDNS servers. Nothing to do with DNS leaks which plague systems with incomplete DNS implementation (for example WIndows).
 
However, and obviously, if your system sends the queries to the router DNS server, then the handling of such queries becomes a matter of the router, which may "forward" them out in clear text to the DNS set in the router itself. Again, this is not a GNU/Linux DNS leak.
 
About the bonuses you get by using VPN DNS please see https://airvpn.org/specs
 
Kind regards

Share this post


Link to post

I'm not sure what that is, but here's the whole thing:

 

 

# Generated by NetworkManager
search VodafoneMobile.wifivodafonemobile.api
nameserver 192.168.0.1 #that is the interface to the router
 
 

Looks suspicious, doesn't it?

 

I was using Network Manager earlier (and indeed, would love to know how to connect to AirVPN that way, too).

 

  

You have to make a new entry, which should be placed on top, with:

nameserver 10.4.0.1

 

You can then leave 192.168.0.1 as a backup when not connected to VPN.

In Linux, the nameservers will be queried according to their order in resolv.conf.

 

You may want to look at this too:

 

https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/?p=10827

 

There seems to be an openresolv package for Slackware here:

 

https://slackbuilds.org/repository/14.2/network/openresolv/

 

Things like DHCP clients (or Network Manager) are inclined to modify /etc/resolv.conf. So manual entries can get lost.

 

Also, if you change your method of connection to AirVPN, the IP for the AirVPN DNS server changes from 10.4.0.1.

Share this post


Link to post

NaDre, thanks, something like that looks useful. I wish I could just get it to work in Network Manager, though, using the NM openvpn plugin.

 

When I connect without AirVPN, but with AirVPN's DNS server at the top of resolv.conf, ipleak.com shows my IP address as being located in a government ministry in Whitehall:

 

http://ipleak.com/ip-address-lookup/148.252.128.119

 

Is that something to do with using a 3G connection, or does it mean the government is spying on me just because I used AirVPN's DNS server?

Share this post


Link to post

...

When I connect without AirVPN, but with AirVPN's DNS server at the top of resolv.conf, ipleak.com shows my IP address as being located in a government ministry in Whitehall:

...

 

AirVPN operates a leak test site too. If you get funny results with that then staff here may be able to offer an explanation:

 

https://ipleak.net/

Share this post


Link to post

NaDre, thanks once again, that's a useful tool. It also gives that same IP, but locates it in Manchester rather than London, mentioning my 3G provider rather than a government ministry. I wonder which is correct? DNS results are associated with openDNS rather than the AirVPN one, which presumably only works if you are coming through the VPN. Here is my current /etc/resolv.conf:

 

 

$ cat /etc/resolv.conf
# AirVPN UDP nameserver
nameserver 10.4.0.1
# OpenDNS IPv4 nameservers
nameserver 208.67.222.222
#nameserver 208.67.220.220

# Generated by NetworkManager
search VodafoneMobile.wifivodafonemobile.api
nameserver 192.168.0.1
 

I will definitely look into a script like the one discussed above, that you posted a link to from the Arch wiki.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...