Jump to content
Not connected, Your IP: 13.59.1.58
Sign in to follow this  
D35Tvu7

Connection Refused in Whonix Gateway, VPN before Tor

Recommended Posts

Hello,

 

I need help for my VPN setup. I already have very good skills in using Windows Operating Systems, but i am a new in linux, started using it 1 month ago.

 

My Main Operating System is Linux Mint 18.1. Virtualbox is installed with Whonix Gateway and Whonix Workstation.

 

I was able to run AirVPN Service with Eddie Client on any servers without problems. But for some reason, i can't connect to VPN with OpenVPN Client over Linux Terminal.

First i tried port forwarding on my router and then it worked.

 

But i don't want to open router ports for security reasons.

Maybe i should forward the needed ports directly over eddie client. Following protocol settings were used:

AirVPN_Netherlands_SSH-80 (VPN over SSH, all Netherlands Servers, Port 80)

 

I know all connections are established over remote 127.0.0.1 1412 in openvpn.config. Another port i figured out in AirVPN_Netherlands_SSH-80.sh file is Port 2018.

I think the best way to open it would be over Linux Mint directly, but i dont know how to do it. But running VPN in Linux Mint is not as important as running VPN in Whonix-Gateway.

 

That was the first part. The second part are the same connection issues when trying to setup AirVPN over the Whonix Gateway OpenVPN client. The VPN should run before entering Tor Network.

I always got the Error: Connection Refused.

 

Maybe the problem is the same, and i have to open ports there, too. But i could not figure out, how to open ports in whonix firewall. The setup is very complex at all. I would like to know, if anyone was able to do this setup correctly.

 

I used the how to from Whonix Wiki Page:

https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Inside_Whonix-Gateway

 

Maybe my openvpn.config file is wrong. I even don't know if i really need this file, becaue the .ovpn contains almost the same command lines.

 

I think i should add the config of the most important files, to check out wrong details:

 

 


sudo nano /etc/whonix_firewall.d/50_user.conf

 


 

## Make sure Tor always connects through the VPN.## Enable: 1## Disable: 0## DISABELD BY DEFAULT, because it requires a VPN provider.VPN_FIREWALL=1## For OpenVPN.#VPN_INTERFACE=tun0## Destinations you don not want routed through the VPN.## 10.0.2.2-10.0.2.24: VirtualBox DHCP#      LOCAL_NET="\#         127.0.0.0-127.0.0.24 \#         192.168.0.0-192.168.0.24 \#         192.168.1.0-192.168.1.24 \#         10.152.152.0-10.152.152.24 \#         10.0.2.2-10.0.2.24 \#      "

 


sudo nano /etc/sudoers.d/tunnel_unpriv

 


 

tunnel ALL=(ALL) NOPASSWD: /bin/iptunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *Defaults:tunnel !requiretty

That are mostly Whonix specific settings, but then things started to get complicated, because the Tutorial Example VPN was Riseup VPN.

 

I don't know if auth.txt is working exactly the same Way for AirVPN. I added username and password for AirVPN instead of Riseup...

 

 


sudo nano /etc/openvpn/auth.txt

 


 

riseupusernamevpnsecret

Here is the openvpn.conf file that I have written...

 

 

################################ VPN provider specific settings ################################auth-user-pass auth.txt## using AirVPN Netherlands SSH All Servers Port 80remote 127.0.0.1 1412 ca sshtunnel.keyremote-cert-tls serverresolv-retry infinitenobindroute-delay 5verb 3route 213.152.161.41 255.255.255.255 net_gateway###################################### TUNNEL_FIREWALL specific settings ######################################proto tcpclientdev tun0persist-tunpersist-keyscript-security 2#up "/etc/openvpn/update-resolv-conf script_type=up dev=tun0"#down "/etc/openvpn/update-resolv-conf script_type=down dev=tun0"user tunneliproute /usr/bin/ip_unpriv

<ca>
-----BEGIN CERTIFICATE-----
........

........

........
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
........

........

........
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
........

........
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
.........

.........

.........
-----END OpenVPN Static key V1-----
</tls-auth>

sudo nano /etc/openvpn/openvpn.conf

 

I think the main problem is the connection to remote server 127.0.0.1 1412. It is a little bit confusing, that all servers of netherlands -or even if i had used global server list for SSH VPN Port 80- using the same remote server. Alternatively, i could add all IP's manually, right?

Then my file should look like this:

 

################################ VPN provider specific settings ################################auth-user-pass auth.txt## using AirVPN Netherlands SSH All Servers Port 80remote 213.152.180.4 3599remote 109.202.107.4 3599remote 109.202.107.9 3599remote 109.202.107.14 3599remote 109.202.107.19 3599remote 109.232.227.132 3599remote-random## i will not list all of them now...ca sshtunnel.keyremote-cert-tls serverresolv-retry infinitenobindcipher AES-256-CBCcomp-lzo noroute-delay 5verb 3route 213.152.161.41 255.255.255.255 net_gateway###################################### TUNNEL_FIREWALL specific settings ######################################proto tcpclientdev tun0persist-tunpersist-keyscript-security 2#up "/etc/openvpn/update-resolv-conf script_type=up dev=tun0"#down "/etc/openvpn/update-resolv-conf script_type=down dev=tun0"user tunneliproute /usr/bin/ip_unpriv
<ca>

-----BEGIN CERTIFICATE-----
........

........

........
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
........

........

........
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
........

........
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
.........

.........

.........
-----END OpenVPN Static key V1-----
</tls-auth>

 

Depending to this .conf file, I have to open port 3599.

I would like to know, where i had failed configuration and how to open ports in Whonix Firewall / AirVPN Client Area.

 

Best regards

Share this post


Link to post

I might be mistaken but I don't think you should put your private key in a forum post?

 

I edited all out, thanks for the advice.  

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...