cyberninja 2 Posted ... My real IP still shows in the Details at AirVPN's Member Area, even after first starting TOR Bundle browser, then conencting to AirVPN with the 9050 socks-proxy, then using the non-proxy FireFox browser. I read the forums on this issue. I'm using Linux OS with NetworkManager. I followed the instructions at airvpn/org/tor and use the downloaded OVPN file. Both the Tor Bundle browser and the Firefox (non-Tor) btrowser are working ok. The non-Tor Firefox browser shows the AirVPN IP address when using the geolocator website, while the Tor Bundle browser shows its Tor IP address of its exit node. When using the non-Tor FireFox browser I go to the AirVPN website and log in to check to see how AirVPN sees me and they indiacte my real IP address. Thus this AirVPN over TOR is not working like the instructions suggest. Am I missing something? Quote Share this post Link to post
Staff 9973 Posted ... My real IP still shows in the Details at AirVPN's Member Area, even after first starting TOR Bundle browser, then conencting to AirVPN with the 9050 socks-proxy, then using the non-proxy FireFox browser. I read the forums on this issue. I'm using Linux OS with NetworkManager.Hello!Please make sure that you have enabled the "proxy" type in your client configuration. I followed the instructions at airvpn/org/tor and use the downloaded OVPN file. Both the Tor Bundle browser and the Firefox (non-Tor) btrowser are working ok. The non-Tor Firefox browser shows the AirVPN IP address when using the geolocator website, while the Tor Bundle browser shows its Tor IP address of its exit node. When using the non-Tor FireFox browser I go to the AirVPN website and log in to check to see how AirVPN sees me and they indiacte my real IP address. Thus this AirVPN over TOR is not working like the instructions suggest. Am I missing something?To sum up, the IP you're "visible" on the Internet must be:- the Air server you're connected to exit-IP address in case you tunnel over OpenVPN;- the Air server you're connected to exit-IP address in case you tunnel over OpenVPN over TOR;- the TOR exit-node IP address in case you tunnel over TOR over OpenVPN;- the TOR exit-node IP address in case you tunnel over TOR over OpenVPN over TOR (this setup may result in very severe performance decrease)In the control panel, our server must NOT be able to see your real IP address in case you tunnel over OpenVPN over TOR. On the contrary, it can see your real-IP address if you tunnel over TOR over OpenVPN.Please send us your client connection logs at your convenience when you tunnel over OpenVPN over TOR, which seems the problematic case according to your report.Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... When you say "Please make sure that you have enabled the "proxy" type in your client configuration.", I use Network Manager applet in GNOME desktop and I don't see where that can be enabled. What do you mean by enabling this type in my client configuration. I use OpenVPN plugin within Network Manager. Also, I don't see how I'm using any of the three-way setups you listed. I'm only trying to do AirVPN over TOR the way the instructions state: I leave the TBB running, then activate AirVPN with the NetworkManager applet, then open the non-TOR Firefox browser. From within te Firefox browser I go to the AirVPN website and login and see in "Your details" of the Members area that AirVPN sees my real IP. I will get my connection logs and more details of my OVPN file that I'm using in another reply. Quote Share this post Link to post
Staff 9973 Posted ... When you say "Please make sure that you have enabled the "proxy" type in your client configuration.", I use Network Manager applet in GNOME desktop and I don't see where that can be enabled. What do you mean by enabling this type in my client configuration. I use OpenVPN plugin within Network Manager.Hello!You need to instruct OpenVPN to connect over a proxy. Our configuration generator will generate the appropriate OpenVPN configuration file according to your instructions. For detailed instructions, please see:https://airvpn.org/torKind regards Quote Share this post Link to post
cyberninja 2 Posted ... You reponded with "You need to instruct OpenVPN to connect over a proxy. Our configuration generator will generate the appropriate OpenVPN configuration file according to your instructions. For detailed instructions, please see: airvpn.org/tor" I followed the instructions on airvpn.org/tor, used the configuration generator and downloaded the OpenVPN configuration file (I provided a copy of it in a previous post. But, it doesn't work for me. OpenVPN acts as though that socks-proxy line doesn't exist in the configuration file. The line is "socks-proxy 127.0.0.1 9050" as instructed by the airvpn.org/tor. Am I doing soemthing wrong? Here again is the configuration file: ############################################## ## Air VPN | https://airvpn.org | OpenVPN Client Configuration ## Generated: Thursday 27th of September 2012 02:22:48 AM ############################################## client dev tun proto tcp remote 178.248.30.131 443 resolv-retry infinite nobind ca /etc/openvpn/keys/airvpnca.crt cert /etc/openvpn/keys/airvpnuser.crt key /etc/openvpn/keys/airvpnuser.key ns-cert-type server cipher AES-256-CBC comp-lzo verb 3 socks-proxy 127.0.0.1 9050 THIS FILE WAS MADE BY THE CONFIGURATION GENERATOR. WHAT ELSE NEEDS TO BE DONE??? Quote Share this post Link to post
Staff 9973 Posted ... You reponded with "You need to instruct OpenVPN to connect over a proxy. Our configuration generator will generate the appropriate OpenVPN configuration file according to your instructions. For detailed instructions, please see:airvpn.org/tor"I followed the instructions on airvpn.org/tor, used the configuration generator and downloaded the OpenVPN configuration file (I provided a copy of it in a previous post. But, it doesn't work for me. OpenVPN acts as though that socks-proxy line doesn't exist in the configuration file. The line is "socks-proxy 127.0.0.1 9050" as instructed by the airvpn.org/tor. Am I doing soemthing wrong?Hello!The configuration file is fine. Chances are that OpenVPN is reading a different configuration file. Please make sure to launch OpenVPN with the configuration file which has the line "socks-proxy". You can consider to bypass entirely the network-manager and establish a connection by invoking directly openvpn with the correct configuration file.Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... Your response is "The configuration file is fine. Chances are that OpenVPN is reading a different configuration file. Please make sure to launch OpenVPN with the configuration file which has the line "socks-proxy". You can consider to bypass entirely the network-manager and establish a connection by invoking directly openvpn with the correct configuration file." I am sure the NetworkManager is using the correct configuration file. I went over this many times, rechecking. I'll try the direct invocation as you suggest and see what happens. Did anybody look at my connection logs I sent within this thread? Maybe something is in there you can tell me about? Quote Share this post Link to post
cyberninja 2 Posted ... I tried all suggestions you have but none work for me. I'm not sure you are able go to the depth of problem solving I need and I am unable to attch pictures showing all config setups regarding connection setting in TOR and FireFox - so one problem with being able to load any png images (all less than 150kb) is making it impossible for you to see where the problem may be. This thread is way too long now and I'm not getting anywhere. Thank you for trying to help me. Quote Share this post Link to post
Staff 9973 Posted ... I tried all suggestions you have but none work for me. I'm not sure you are able go to the depth of problem solving I need and I am unable to attch pictures showing all config setups regarding connection setting in TOR and FireFox - so one problem with being able to load any png images (all less than 150kb) is making it impossible for you to see where the problem may be. This thread is way too long now and I'm not getting anywhere. Thank you for trying to help me.Hello!File attachments and image attachments work fine for every user, maybe it is just a problem on your side. Anyway, the OpenVPN logs are text files, so even if you can't manage to upload pictures, please just copy the logs and paste them here. They may be very useful for troubleshooting.Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... I sent this before but it seems to have gotten lost in the communication, but here it is again (maybe all these issues are at my end only???): Sep 27 11:05:25 ihome NetworkManager[4009]: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Sep 27 11:05:25 ihome NetworkManager[4009]: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 9170 Sep 27 11:05:25 ihome NetworkManager[4009]: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' appeared, activating connections Sep 27 11:05:25 ihome NetworkManager[4009]: <info> VPN plugin state changed: 3 Sep 27 11:05:25 ihome NetworkManager[4009]: <info> VPN connection 'AirVPN9050 SE Serpentis - TCP 443' (Connect) reply received. Sep 27 11:05:25 ihome nm-openvpn[9174]: OpenVPN 2.2.2 x86_64-unknown-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012 Sep 27 11:05:26 ihome nm-openvpn[9174]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sep 27 11:05:26 ihome nm-openvpn[9174]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 27 11:05:26 ihome nm-openvpn[9174]: WARNING: file '/etc/openvpn/keys/airvpnuser.key' is group or others accessible Sep 27 11:05:26 ihome nm-openvpn[9174]: LZO compression initialized Sep 27 11:05:26 ihome nm-openvpn[9174]: Attempting to establish TCP connection with 178.248.30.131:443 [nonblock] Sep 27 11:05:27 ihome nm-openvpn[9174]: TCP connection established with 178.248.30.131:443 Sep 27 11:05:27 ihome nm-openvpn[9174]: TCPv4_CLIENT link local: [undef] Sep 27 11:05:27 ihome nm-openvpn[9174]: TCPv4_CLIENT link remote: 178.248.30.131:443 Sep 27 11:05:34 ihome nm-openvpn[9174]: [server] Peer Connection Initiated with 178.248.30.131:443 Sep 27 11:05:36 ihome nm-openvpn[9174]: TUN/TAP device tun0 opened Sep 27 11:05:36 ihome nm-openvpn[9174]: /sbin/ip link set dev tun0 up mtu 1500 Sep 27 11:05:36 ihome kernel: tun0: Disabled Privacy Extensions Sep 27 11:05:37 ihome nm-openvpn[9174]: /sbin/ip addr add dev tun0 local 10.5.2.30 peer 10.5.2.29 Sep 27 11:05:37 ihome nm-openvpn[9174]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1560 10.5.2.30 10.5.2.29 init Sep 27 11:05:37 ihome NetworkManager[4009]: <info> VPN connection 'AirVPN9050 SE Serpentis - TCP 443' (IP Config Get) reply received. Sep 27 11:05:37 ihome NetworkManager[4009]: <info> VPN Gateway: 178.248.30.131 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Internal Gateway: 10.5.2.29 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Tunnel Device: tun0 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Internal IP4 Address: 10.5.2.30 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Internal IP4 Prefix: 32 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Internal IP4 Point-to-Point Address: 10.5.2.29 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Maximum Segment Size (MSS): 0 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Static Route: 10.5.0.1/32 Next Hop: 10.5.0.1 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> Internal IP4 DNS: 10.5.0.1 Sep 27 11:05:37 ihome NetworkManager[4009]: <info> DNS Domain: '(none)' Sep 27 11:05:37 ihome nm-openvpn[9174]: Initialization Sequence Completed Sep 27 11:05:38 ihome NetworkManager[4009]: <info> VPN connection 'AirVPN9050 SE Serpentis - TCP 443' (IP Config Get) complete. Sep 27 11:05:38 ihome NetworkManager[4009]: <info> Policy set 'AirVPN9050 SE Serpentis - TCP 443' (tun0) as default for IPv4 routing and DNS. Sep 27 11:05:38 ihome NetworkManager[4009]: <info> VPN plugin state changed: 4 Sep 27 11:05:38 ihome ntpd[4258]: Listening on interface #10 tun0, 10.5.2.30#123 Enabled Sep 27 11:07:47 ihome NetworkManager[4009]: <info> (wlan0): supplicant connection state: completed -> group handshake Sep 27 11:07:47 ihome NetworkManager[4009]: <info> (wlan0): supplicant connection state: group handshake -> completed Sep 27 11:13:53 ihome nm-openvpn[9174]: /sbin/ip addr del dev tun0 local 10.5.2.30 peer 10.5.2.29 Quote Share this post Link to post
Staff 9973 Posted ... I sent this before but it seems to have gotten lost in the communication, but here it is again (maybe all these issues are at my end only???):Hello!It's highly likely. We don't detect any problem with the forum. As you can see, network-manager is not using the configuration you mean:Sep 27 11:05:27 ihome nm-openvpn[9174]: TCP connection established with 178.248.30.131:443If configured properly to connect over your proxy, OpenVPN would connect to 127.0.0.1:9050. The fact that network-manager is misconfigured is further confirmed by:Sep 27 11:05:26 ihome nm-openvpn[9174]: WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.Please note that all the configuration files generated by our system have the "ns-cert-type server" directive in it (this is important for additional authentication security).First of all, please perform a connection directly with OpenVPN and send us the logs (just copy and paste the output or simply tell OpenVPN to log where you wish). cd to the directory where the configuration file is stored and issue the command ("[sudo] openvpn "), using the configuration file prepared for connections over OpenVPN over TOR, in order to ascertain that your proxy is running properly and listening to the correct port.We're looking forward to hearing from you.Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... Thanks for staying with me on this. It's puzzling that there is a warning in network-manager about no certificate verification method because I am using the configuration files from AirVPN and they do indeed have the "ns-cert-type" server directive. I am alos using all the crt and key files by AirVPN. I sent you the OVPN file before so you can see that it's included, and you said the file was all correct. Here it is again: ############################################## ## Air VPN | https://airvpn.org | OpenVPN Client Configuration ## Generated: Thursday 27th of September 2012 02:22:48 AM ############################################## client dev tun proto tcp remote 178.248.30.131 443 resolv-retry infinite nobind ca /etc/openvpn/keys/airvpnca.crt cert /etc/openvpn/keys/airvpnuser.crt key /etc/openvpn/keys/airvpnuser.key ns-cert-type server cipher AES-256-CBC comp-lzo verb 3 socks-proxy 127.0.0.1 9050 I'll try the sudo cammand line activation of OpenVPN next and see if that works, and send you the logs too. Quote Share this post Link to post
cyberninja 2 Posted ... I ran openvpn with sudo and here is the log showing a failure to connect to 127.0.0.1:9050 and a warning about local and remote hashes being in conflict (none of this shows up in the log at /var/log/messages): Thu Sep 27 13:09:29 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012 Thu Sep 27 13:09:29 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Sep 27 13:09:29 2012 WARNING: file '/etc/openvpn/keys/airvpnuser.key' is group or others accessible Thu Sep 27 13:09:29 2012 LZO compression initialized Thu Sep 27 13:09:29 2012 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu Sep 27 13:09:29 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu Sep 27 13:09:29 2012 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ] Thu Sep 27 13:09:29 2012 Local Options hash (VER=V4): '958c5492' Thu Sep 27 13:09:29 2012 Expected Remote Options hash (VER=V4): '79ef4284' Thu Sep 27 13:09:29 2012 Attempting to establish TCP connection with 127.0.0.1:9050 [nonblock] Thu Sep 27 13:09:29 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:09:34 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:09:39 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:09:44 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:09:49 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:09:54 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:09:59 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:10:04 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused Thu Sep 27 13:10:09 2012 TCP: connect to 127.0.0.1:9050 failed, will try again in 5 seconds: Connection refused ^CThu Sep 27 13:10:11 2012 SIGINT[hard,init_instance] received, process exiting Quote Share this post Link to post
Staff 9973 Posted ... I ran openvpn with sudo and here is the log showing a failure to connect to 127.0.0.1:9050 and a warning about local and remote hashes being in conflict (none of this shows up in the log at /var/log/messages):Hello!Good, now OpenVPN is using the correct configuration file and tries to connect to the proxy as you wish. The problem now is that the proxy is not responding on that port. Assuming that the proxy is running and it is a socks proxy, it does not appear to be listening to port 9050. Perhaps you're using a TBB with an experimental feature: "TBB on OSX and Linux has an experimental feature where Tor listens on random unused ports rather than a fixed port each time. The goal is to avoid conflicting with a "system" Tor install, so you can run a system Tor and TBB at the same time". If it's the case, please check here to solve the problem and predict/set which port the proxy will be listening to:https://www.torproject.org/docs/faq.html.en#TBBSocksPortIf it's not the case, please make sure that the proxy is running, its type matches the type specified in the OpenVPN configuration file (socks or http) and that no firewall is blocking packets to and from 127.0.0.1.Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... I get two ports from the Vidalia log, one is the socks listening port 38006, the other is control listening port 57922. In the TBB network connectios settings in Preferences the Socks host is 127.0.0.1 and the Port is 38006, so it looks like the port would be 38006 that I need to connect thrugh, right? Can you help me with this or do I need to go to the TOR website as you suggest? Here is the log from TOR Vidalia: Sep 27 12:48:11.141 [Notice] Tor v0.2.2.39 (git-bec76476efb71549). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux x86_64) Sep 27 12:48:11.141 [Notice] Initialized libevent version 2.0.20-stable using method epoll. Good. Sep 27 12:48:11.141 [Notice] Opening Socks listener on 127.0.0.1:0 Sep 27 12:48:11.141 [Notice] Socks listener listening on port 38006. Sep 27 12:48:11.141 [Notice] Opening Control listener on 127.0.0.1:0 Sep 27 12:48:11.141 [Notice] Control listener listening on port 57922. Sep 27 12:48:11.141 [Notice] Parsing GEOIP file ./Data/Tor/geoip. Sep 27 12:48:12.181 [Notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation Sep 27 12:48:12.181 [Notice] We now have enough directory information to build circuits. Sep 27 12:48:12.181 [Notice] Bootstrapped 80%: Connecting to the Tor network. Sep 27 12:48:12.182 [Notice] New control connection opened. Sep 27 12:48:13.015 [Notice] Bootstrapped 85%: Finishing handshake with first hop. Sep 27 12:48:13.524 [Notice] Bootstrapped 90%: Establishing a Tor circuit. Sep 27 12:48:22.763 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Sep 27 12:48:22.763 [Notice] Bootstrapped 100%: Done. Sep 27 12:58:36.710 [Notice] Our IP address has changed. Rotating keys... Sep 27 13:29:06.130 [Notice] Our IP address has changed. Rotating keys... Sep 27 13:50:13.735 [Notice] Our IP address has changed. Rotating keys... Quote Share this post Link to post
Staff 9973 Posted ... I get two ports from the Vidalia log, one is the socks listening port 38006, the other is control listening port 57922. In the TBB network connectios settings in Preferences the Socks host is 127.0.0.1 and the Port is 38006, so it looks like the port would be 38006 that I need to connect thrugh, right?Hello!Right, change the port in socks-proxy directive accordingly and then re-launch OpenVPN and check the connection (please send us the logs if there are still issues).Can you help me with this or do I need to go to the TOR website as you suggest?You should check anyway, because if your proxy changes port at each startup you are forced to discover the port and change accordingly the configuration file each time you wish to re-connect over OpenVPN over TOR, which is very uncomfortable. Once you have set one listening port once and for all, you won't need to change configuration at each TOR startup.Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... GETTING CLOSER TO THE SOLUTION: I changed the socks-proxy listening directive in the OVPN file to match the actual socks port used by the TOR and now get the following log when using sudo ovpn )notice all seems ok except for the hash conflicts and the soft auth failure): Thu Sep 27 14:24:58 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012 Thu Sep 27 14:24:58 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Sep 27 14:24:58 2012 WARNING: file '/etc/openvpn/keys/airvpntoruser.key' is group or others accessible Thu Sep 27 14:24:58 2012 LZO compression initialized Thu Sep 27 14:24:58 2012 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu Sep 27 14:24:58 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu Sep 27 14:24:58 2012 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ] Thu Sep 27 14:24:58 2012 Local Options hash (VER=V4): '958c5492' Thu Sep 27 14:24:58 2012 Expected Remote Options hash (VER=V4): '79ef4284' Thu Sep 27 14:24:58 2012 Attempting to establish TCP connection with 127.0.0.1:38160 [nonblock] Thu Sep 27 14:24:58 2012 TCP connection established with 127.0.0.1:38160 Thu Sep 27 14:24:59 2012 TCPv4_CLIENT link local: [undef] Thu Sep 27 14:24:59 2012 TCPv4_CLIENT link remote: 127.0.0.1:38160 Thu Sep 27 14:25:01 2012 TLS: Initial packet from 127.0.0.1:38160, sid=e3a53d4f a1234fe0 Thu Sep 27 14:25:10 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org Thu Sep 27 14:25:10 2012 VERIFY OK: nsCertType=SERVER Thu Sep 27 14:25:10 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org Thu Sep 27 14:25:33 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 27 14:25:33 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 27 14:25:33 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 27 14:25:33 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 27 14:25:33 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Thu Sep 27 14:25:33 2012 [server] Peer Connection Initiated with 127.0.0.1:38160 Thu Sep 27 14:25:35 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Sep 27 14:25:37 2012 AUTH: Received AUTH_FAILED control message Thu Sep 27 14:25:37 2012 TCP/UDP: Closing socket Thu Sep 27 14:25:37 2012 SIGTERM[soft,auth-failure] received, process exiting Quote Share this post Link to post
Staff 9973 Posted ... GETTING CLOSER TO THE SOLUTION: I changed the socks-proxy listening directive in the OVPN file to match the actual socks port used by the TOR and now get the following log when using sudo ovpn )notice all seems ok except for the hash conflicts and the soft auth failure):Hello!Actually account "cyberninja" is currently (at the time this admin is writing) connected and exchanging data. This is the cause of the AUTH_FAILED. The first thing that comes to mind is that you have some other OpenVPN instance still running and connected (or maybe some other computer connected with the same account?). Please make sure that you stop any other openvpn connection and try again. In order to safely kill OpenVPN and restore the previous routing table, just press CTRL-C from the console you started it, or issue a kill command (a normal kill, not a kill -9 of course) to the OpenVPN PID, or even try "[sudo] killall openvpn".Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... I'll try as you suggest next. Although, is the reason for the auth failure because I don't have any means to enter username and password when using sudo ovpn on the configuration file? Recall that I got the folowing log message prior to openvpn quitting: Thu Sep 27 14:25:37 2012 AUTH: Received AUTH_FAILED control message Thu Sep 27 14:25:37 2012 TCP/UDP: Closing socket Thu Sep 27 14:25:37 2012 SIGTERM[soft,auth-failure] received, process exiting IS THERE A WAY I CAN ADD THE LOGIN CREDENTIALS TO THE OVPN FILE? THEN MAYBE IT FAIL ON AUTH? Quote Share this post Link to post
cyberninja 2 Posted ... I was able to use the TOR information on using Vidalia Settings Advanced tab to remove the check in the box for Configure Control Port Automatically, and it reset the Socks Port to a fixed 9050 (TBB Socks Network settings) and the listening Contraol port to 9051 (Vidalia settings). BUT, eventhough I did that and changed the directive in the OVPN file back to 9050, still same problem when using Network Manager. Quote Share this post Link to post
cyberninja 2 Posted ... I followed what you suggested about making sure all processed were ended with Ctrl-C and I reran the sudo openvpn command in terminal. I got the following log which suggests to me I need to have a way to include the means for login credentials in the OVPN configuration file, i.e., username and password. CAN YOU HELP WITH THIS? Here's a copy of the log file when running sudo (NetworkManager still doesn't work). Thu Sep 27 15:21:19 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012 Thu Sep 27 15:21:19 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Sep 27 15:21:19 2012 WARNING: file '/etc/openvpn/keys/airvpntoruser.key' is group or others accessible Thu Sep 27 15:21:19 2012 LZO compression initialized Thu Sep 27 15:21:19 2012 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu Sep 27 15:21:19 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu Sep 27 15:21:19 2012 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ] Thu Sep 27 15:21:19 2012 Local Options hash (VER=V4): '958c5492' Thu Sep 27 15:21:19 2012 Expected Remote Options hash (VER=V4): '79ef4284' Thu Sep 27 15:21:19 2012 Attempting to establish TCP connection with 127.0.0.1:9050 [nonblock] Thu Sep 27 15:21:19 2012 TCP connection established with 127.0.0.1:9050 Thu Sep 27 15:21:20 2012 TCPv4_CLIENT link local: [undef] Thu Sep 27 15:21:20 2012 TCPv4_CLIENT link remote: 127.0.0.1:9050 Thu Sep 27 15:21:22 2012 TLS: Initial packet from 127.0.0.1:9050, sid=9df0dd6a b1f55316 Thu Sep 27 15:21:27 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org Thu Sep 27 15:21:27 2012 VERIFY OK: nsCertType=SERVER Thu Sep 27 15:21:27 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org Thu Sep 27 15:21:45 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 27 15:21:45 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 27 15:21:45 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 27 15:21:45 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 27 15:21:45 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Thu Sep 27 15:21:45 2012 [server] Peer Connection Initiated with 127.0.0.1:9050 Thu Sep 27 15:21:47 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Sep 27 15:21:49 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.5.2.30 10.5.2.29' Thu Sep 27 15:21:49 2012 OPTIONS IMPORT: timers and/or timeouts modified Thu Sep 27 15:21:49 2012 OPTIONS IMPORT: LZO parms modified Thu Sep 27 15:21:49 2012 OPTIONS IMPORT: --ifconfig/up options modified Thu Sep 27 15:21:49 2012 OPTIONS IMPORT: route options modified Thu Sep 27 15:21:49 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Sep 27 15:21:49 2012 ROUTE default_gateway=192.168.1.1 Thu Sep 27 15:21:49 2012 TUN/TAP device tun0 opened Thu Sep 27 15:21:49 2012 TUN/TAP TX queue length set to 100 Thu Sep 27 15:21:49 2012 /sbin/ip link set dev tun0 up mtu 1500 Thu Sep 27 15:21:49 2012 /sbin/ip addr add dev tun0 local 10.5.2.30 peer 10.5.2.29 Thu Sep 27 15:21:49 2012 /sbin/ip route add 127.0.0.1/32 via 192.168.1.1 Thu Sep 27 15:21:49 2012 /sbin/ip route add 0.0.0.0/1 via 10.5.2.29 Thu Sep 27 15:21:49 2012 /sbin/ip route add 128.0.0.0/1 via 10.5.2.29 Thu Sep 27 15:21:49 2012 /sbin/ip route add 10.5.0.1/32 via 10.5.2.29 Thu Sep 27 15:21:49 2012 Initialization Sequence Completed Thu Sep 27 15:23:49 2012 [server] Inactivity timeout (--ping-restart), restarting Thu Sep 27 15:23:49 2012 TCP/UDP: Closing socket Thu Sep 27 15:23:49 2012 /sbin/ip route del 10.5.0.1/32 Thu Sep 27 15:23:49 2012 /sbin/ip route del 127.0.0.1/32 Thu Sep 27 15:23:49 2012 /sbin/ip route del 0.0.0.0/1 Thu Sep 27 15:23:49 2012 /sbin/ip route del 128.0.0.0/1 Thu Sep 27 15:23:49 2012 Closing TUN/TAP interface Thu Sep 27 15:23:49 2012 /sbin/ip addr del dev tun0 local 10.5.2.30 peer 10.5.2.29 Thu Sep 27 15:23:49 2012 SIGUSR1[soft,ping-restart] received, process restarting Thu Sep 27 15:23:49 2012 Restart pause, 5 second(s) Thu Sep 27 15:23:54 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Sep 27 15:23:54 2012 WARNING: file '/etc/openvpn/keys/airvpntoruser.key' is group or others accessible Thu Sep 27 15:23:54 2012 LZO compression initialized Thu Sep 27 15:23:54 2012 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu Sep 27 15:23:54 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu Sep 27 15:23:54 2012 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ] Thu Sep 27 15:23:54 2012 Local Options hash (VER=V4): '958c5492' Thu Sep 27 15:23:54 2012 Expected Remote Options hash (VER=V4): '79ef4284' Thu Sep 27 15:23:54 2012 Attempting to establish TCP connection with 127.0.0.1:9050 [nonblock] Thu Sep 27 15:23:54 2012 TCP connection established with 127.0.0.1:9050 Thu Sep 27 15:23:59 2012 recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=115) Thu Sep 27 15:23:59 2012 TCP/UDP: Closing socket Thu Sep 27 15:23:59 2012 SIGTERM[soft,init_instance] received, process exiting Quote Share this post Link to post
Staff 9973 Posted ... I'll try as you suggest next. Although, is the reason for the auth failure because I don't have any means to enter username and password when using sudo ovpn on the configuration file? Recall that I got the folowing log message prior to openvpn quitting:Thu Sep 27 14:25:37 2012 AUTH: Received AUTH_FAILED control message Thu Sep 27 14:25:37 2012 TCP/UDP: Closing socket Thu Sep 27 14:25:37 2012 SIGTERM[soft,auth-failure] received, process exiting IS THERE A WAY I CAN ADD THE LOGIN CREDENTIALS TO THE OVPN FILE? THEN MAYBE IT FAIL ON AUTH?Hello!For security reasons our servers authenticate users through double-certificate and key. The credentials are all there, you don't need to enter any login or password. From the logs, the double certificates are fine, and also the user.key is accessible by openvpn. Just please make sure that you don't have any other openvpn instance running and connected.Kind regards Quote Share this post Link to post
Staff 9973 Posted ... I was able to use the TOR information on using Vidalia Settings Advanced tab to remove the check in the box for Configure Control Port Automatically, and it reset the Socks Port to a fixed 9050 (TBB Socks Network settings) and the listening Contraol port to 9051 (Vidalia settings). BUT, eventhough I did that and changed the directive in the OVPN file back to 9050, still same problem when using Network Manager.Hello!You managed to establish a connection over OpenVPN over TOR. Unfortunately, in that case, the connection was reset after 2 minuts (inactivity timeout), probably due to latency problems between some TOR node and the VPN server. You can safely retry with the very same settings, you should be able to have a stable connection unless some unfortunate cases.About NetworkManager, it is probably misconfigured, can we see the settings?Kind regards Quote Share this post Link to post
cyberninja 2 Posted ... I don't have any other instances of OpenVPN running when I use sudo openvpn. The log is not ok because as you can see at the end it shows timeout sometimes and other times auth failure. Here's a copy of the timeout failure ending (this comes from the log I previously gave you): Thu Sep 27 15:23:59 2012 recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=115) Thu Sep 27 15:23:59 2012 TCP/UDP: Closing socket Thu Sep 27 15:23:59 2012 SIGTERM[soft,init_instance] received, process exiting YOU SAY USERNAME AND PASSWORD ARE NOT NEEDED WHEN USING KEY and CERTIFICATES? Quote Share this post Link to post
Staff 9973 Posted ... I don't have any other instances of OpenVPN running when I use sudo openvpn.The log is not ok because as you can see at the end it shows timeout sometimes and other times auth failure. Here's a copy of the timeout failure ending (this comes from the log I previously gave you):Thu Sep 27 15:23:59 2012 recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=115)Thu Sep 27 15:23:59 2012 TCP/UDP: Closing socketThu Sep 27 15:23:59 2012 SIGTERM[soft,init_instance] received, process exitingHello!Please see previous message https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=4382&limit=6&limitstart=18&Itemid=142#4429 YOU SAY USERNAME AND PASSWORD ARE NOT NEEDED WHEN USING KEY and CERTIFICATES?Of course. Actually, they are never required by OpenVPN (hardened security setup). You just can't login with any password, you need both certificates and your own key.Kind regards Quote Share this post Link to post