Jump to content
Not connected, Your IP: 54.196.248.93
mr_meeple

Raspbian (Debian) OpenVPN - Cannot Resolve Host

Recommended Posts

Hello,

 

I've trying to connect to AirVPN on my Raspberry Pi running Raspbian Stretch (which is pretty much Debian Stretch). I've generated a .ovpn file here and have simply typed the command:

sudo openvpn --config AirVPN_Sweden.ovpn

However, when I do this, it sits there for ages on the following. I don't know if this means it's done or not (XXX to remove an address I think is sensitive):

Sun Jun 24 10:47:43 2018 /sbin/ip addr add dev tun1 10.10.136.46/24 broadcast 10.10.136.255
Sun Jun 24 10:47:49 2018 /sbin/ip route add XXX.XXX.XXX.XXX/32 via 192.168.0.1
Sun Jun 24 10:47:49 2018 /sbin/ip route add 0.0.0.0/1 via 10.10.136.1
Sun Jun 24 10:47:49 2018 /sbin/ip route add 128.0.0.0/1 via 10.10.136.1
Sun Jun 24 10:47:49 2018 Initialization Sequence Completed

If Ctrl+Z then bg to get control of my shell back, I then can't ping anything external at all using either a URL or an IP address.

 

The top of my .ovpn file is as follows:

client
dev tun
remote se.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
.....

What am I doing wrong?

 

(Please note: I've flushed iptables and 127.0.0.1 resolves to localhost in the hosts file.)

Share this post


Link to post

Sun Jun 24 10:47:49 2018 Initialization Sequence Completed

is the last message printed when the connection was established successfully.

Don't do ctrl-z and bg, it actually suspends OpenVPN, and I've never made good experience with this. Create a terminalception with screen by doing

screen -R openvpn

and connect inside this. ctrl-a, then d will detach and gives you your login terminal back. Reattach with

screen -r

anytime, even if you relog/reconnect to the machine.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Don't do ctrl-z and bg, it actually suspends OpenVPN, and I've never made good experience with this. Create a terminalception with screen by doing

 

Thanks that's worked well to get the VPN started.

 

My nameserver doesn't seem to be working though. I can ping an external IP address fine, but not a domain name.

 

I'm behind a router, have I forgotten to do something obvious?

Share this post


Link to post

To work around this, you could of course always add

nameserver 10.4.0.1

as the first line to the resolv.conf. This will work if you want the Pi to be connected all the time.

 

Another approach is to write very short scripts doing this work for you which would even restore the old resolv.conf after disconnecting. The most elegant way I think is to pass it along with route-up and route-pre-down directives in your ovpn config file.

# route-up.sh

#!/bin/bash
sudo mv /etc/resolv.conf /etc/resolv.conf.bak
sudo echo nameserver 10.4.0.1 > /etc/resolv.conf
# route-pre-down.sh

#!/bin/bash
sudo mv -f /etc/resolv.conf.bak /etc/resolv.conf

Save them where your ovpn file is. In the ovpn config you would add

...
key-direction 1
route-up ./route-up.sh
route-pre-down ./route-pre-down.sh
<ca>
...

Edit: I just realized, you don't even need scripts.

...
key-direction 1
route-up "mv /etc/resolv.conf /etc/resolv.conf.bak;echo nameserver 10.4.0.1 > /etc/resolv.conf"
route-pre-down "mv -f /etc/resolv.conf.bak /etc/resolv.conf"
<ca>
...

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...