Jump to content
Not connected, Your IP: 3.235.22.210
mr_meeple

Raspbian (Debian) OpenVPN - Cannot Resolve Host

Recommended Posts

Hello,

 

I've trying to connect to AirVPN on my Raspberry Pi running Raspbian Stretch (which is pretty much Debian Stretch). I've generated a .ovpn file here and have simply typed the command:

sudo openvpn --config AirVPN_Sweden.ovpn

However, when I do this, it sits there for ages on the following. I don't know if this means it's done or not (XXX to remove an address I think is sensitive):

Sun Jun 24 10:47:43 2018 /sbin/ip addr add dev tun1 10.10.136.46/24 broadcast 10.10.136.255
Sun Jun 24 10:47:49 2018 /sbin/ip route add XXX.XXX.XXX.XXX/32 via 192.168.0.1
Sun Jun 24 10:47:49 2018 /sbin/ip route add 0.0.0.0/1 via 10.10.136.1
Sun Jun 24 10:47:49 2018 /sbin/ip route add 128.0.0.0/1 via 10.10.136.1
Sun Jun 24 10:47:49 2018 Initialization Sequence Completed

If Ctrl+Z then bg to get control of my shell back, I then can't ping anything external at all using either a URL or an IP address.

 

The top of my .ovpn file is as follows:

client
dev tun
remote se.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
.....

What am I doing wrong?

 

(Please note: I've flushed iptables and 127.0.0.1 resolves to localhost in the hosts file.)

Share this post


Link to post

Sun Jun 24 10:47:49 2018 Initialization Sequence Completed

is the last message printed when the connection was established successfully.

Don't do ctrl-z and bg, it actually suspends OpenVPN, and I've never made good experience with this. Create a terminalception with screen by doing

screen -R openvpn

and connect inside this. ctrl-a, then d will detach and gives you your login terminal back. Reattach with

screen -r

anytime, even if you relog/reconnect to the machine.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Don't do ctrl-z and bg, it actually suspends OpenVPN, and I've never made good experience with this. Create a terminalception with screen by doing

 

Thanks that's worked well to get the VPN started.

 

My nameserver doesn't seem to be working though. I can ping an external IP address fine, but not a domain name.

 

I'm behind a router, have I forgotten to do something obvious?

Share this post


Link to post

To work around this, you could of course always add

nameserver 10.4.0.1

as the first line to the resolv.conf. This will work if you want the Pi to be connected all the time.

 

Another approach is to write very short scripts doing this work for you which would even restore the old resolv.conf after disconnecting. The most elegant way I think is to pass it along with route-up and route-pre-down directives in your ovpn config file.

# route-up.sh

#!/bin/bash
sudo mv /etc/resolv.conf /etc/resolv.conf.bak
sudo echo nameserver 10.4.0.1 > /etc/resolv.conf
# route-pre-down.sh

#!/bin/bash
sudo mv -f /etc/resolv.conf.bak /etc/resolv.conf

Save them where your ovpn file is. In the ovpn config you would add

...
key-direction 1
route-up ./route-up.sh
route-pre-down ./route-pre-down.sh
<ca>
...

Edit: I just realized, you don't even need scripts.

...
key-direction 1
route-up "mv /etc/resolv.conf /etc/resolv.conf.bak;echo nameserver 10.4.0.1 > /etc/resolv.conf"
route-pre-down "mv -f /etc/resolv.conf.bak /etc/resolv.conf"
<ca>
...

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...