Jump to content
Not connected, Your IP: 35.170.81.210
bluvisnu

VPN with config generator showing my real address on Linux

Recommended Posts

10 hours ago, bluvisnu said:

to Giganerd: which logfiles, how to get them ?


The OpenVPN logs. If you use OpenVPN (via terminal) they are posted in the same window.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

$ nmcli con up id AirVPN_All-servers_UDP-443     (10-23 22:23)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10)

no log there...

Share this post


Link to post

Wait, did you also connect with nmcli when I asked to try "OpenVPN from the terminal"? I meant vanilla:

sudo openvpn the-ovpn-config-file.ovpn
Of course the results of nmcli will be the same as with GUI.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Thank you for your time, here it is, it works flawlessly, i checked my IP and there is no leak using the CLI, so why do i get a leak with the network manager GUI ?


Thu Oct 24 09:25:12 2019 OpenVPN 2.4.7 [git:makepkg/2b8aec62d5db2c17+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Thu Oct 24 09:25:12 2019 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Oct 24 09:25:12 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 24 09:25:12 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 24 09:25:12 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161.210:443
Thu Oct 24 09:25:12 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 24 09:25:12 2019 UDP link local: (not bound)
Thu Oct 24 09:25:12 2019 UDP link remote: [AF_INET]213.152.161.210:443
Thu Oct 24 09:25:12 2019 TLS: Initial packet from [AF_INET]213.152.161.210:443, sid=f10be1f3 67e2ea9f
Thu Oct 24 09:25:13 2019 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Thu Oct 24 09:25:13 2019 VERIFY KU OK
Thu Oct 24 09:25:13 2019 Validating certificate extended key usage
Thu Oct 24 09:25:13 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Oct 24 09:25:13 2019 VERIFY EKU OK
Thu Oct 24 09:25:13 2019 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Edasich, emailAddress=info@airvpn.org
Thu Oct 24 09:25:14 2019 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Oct 24 09:25:14 2019 [Edasich] Peer Connection Initiated with [AF_INET]213.152.161.210:443
Thu Oct 24 09:25:15 2019 SENT CONTROL [Edasich]: 'PUSH_REQUEST' (status=1)
Thu Oct 24 09:25:15 2019 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.16.4.1,dhcp-option DNS6 fde6:7a:7d20:c04::1,tun-ipv6,route-gateway 10.16.4.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:c04::10a5/64 fde6:7a:7d20:c04::1,ifconfig 10.16.4.167 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: compression parms modified
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: route options modified
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: route-related options modified
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: peer-id set
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Oct 24 09:25:15 2019 OPTIONS IMPORT: data channel crypto options modified
Thu Oct 24 09:25:15 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Oct 24 09:25:15 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Oct 24 09:25:15 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Oct 24 09:25:15 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp3s0 HWADDR=64:6e:69:ba:4a:a3
Thu Oct 24 09:25:15 2019 GDG6: remote_host_ipv6=n/a
Thu Oct 24 09:25:15 2019 ROUTE6_GATEWAY fe80::769d:79ff:fe9f:ee60 IFACE=wlp3s0
Thu Oct 24 09:25:15 2019 TUN/TAP device tun0 opened
Thu Oct 24 09:25:15 2019 TUN/TAP TX queue length set to 100
Thu Oct 24 09:25:15 2019 /usr/bin/ip link set dev tun0 up mtu 1500
Thu Oct 24 09:25:15 2019 /usr/bin/ip addr add dev tun0 10.16.4.167/24 broadcast 10.16.4.255
Thu Oct 24 09:25:15 2019 /usr/bin/ip -6 addr add fde6:7a:7d20:c04::10a5/64 dev tun0
Thu Oct 24 09:25:20 2019 /usr/bin/ip route add 213.152.161.210/32 via 192.168.1.1
Thu Oct 24 09:25:20 2019 /usr/bin/ip route add 0.0.0.0/1 via 10.16.4.1
Thu Oct 24 09:25:20 2019 /usr/bin/ip route add 128.0.0.0/1 via 10.16.4.1
Thu Oct 24 09:25:20 2019 add_route_ipv6(::/3 -> fde6:7a:7d20:c04::1 metric -1) dev tun0
Thu Oct 24 09:25:20 2019 /usr/bin/ip -6 route add ::/3 dev tun0
Thu Oct 24 09:25:20 2019 add_route_ipv6(2000::/4 -> fde6:7a:7d20:c04::1 metric -1) dev tun0
Thu Oct 24 09:25:20 2019 /usr/bin/ip -6 route add 2000::/4 dev tun0
Thu Oct 24 09:25:20 2019 add_route_ipv6(3000::/4 -> fde6:7a:7d20:c04::1 metric -1) dev tun0
Thu Oct 24 09:25:20 2019 /usr/bin/ip -6 route add 3000::/4 dev tun0
Thu Oct 24 09:25:20 2019 add_route_ipv6(fc00::/7 -> fde6:7a:7d20:c04::1 metric -1) dev tun0
Thu Oct 24 09:25:20 2019 /usr/bin/ip -6 route add fc00::/7 dev tun0
Thu Oct 24 09:25:20 2019 Initialization Sequence Completed

 

Share this post


Link to post

I still believe that it's an issue with how you configured IPv6 or the OpenVPN profile.
Can you additionally paste the contents of /etc/NetworkManager/system-connection/(the profile name you are using).nmconnection as well as the OpenVPN profile (also a .nmconnection file) in here?


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
Posted ... (edited)

<<<<<<<My WIfi Connection>>>>>>



[connection]
id=Livebox-EE60_5GHz
uuid=651c5a6a-14ae-4abb-88e4-7795a0826887
type=wifi
interface-name=wlp3s0
permissions=user:xxxxx:;
timestamp=1571721707

[wifi]
mac-address-blacklist=
mode=infrastructure
seen-bssids=74:9D:79:9F:EE:65;
ssid=Livebox-EE60_5GHz

[wifi-security]
key-mgmt=wpa-psk
psk=xxxxxxxx

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto

[proxy]




<<<<<<<<<<<<<<<<<   OpenVPN Profile starts here >>>>>>>>>>>>>>




[connection]
id=AirVPN_All-servers_UDP-443
uuid=77388e8f-c28e-4e7b-ba48-db3d6de40645
type=vpn
permissions=

[vpn]
ca=/home/xxxxx/.cert/nm-openvpn/AirVPN_All-servers_UDP-443-ca.pem
cert=/home/xxxxx/.cert/nm-openvpn/AirVPN_All-servers_UDP-443-cert.pem
cert-pass-flags=0
cipher=AES-256-CBC
comp-lzo=no-by-default
connection-type=tls
dev=tun
key=/home/xxxxx/.cert/nm-openvpn/AirVPN_All-servers_UDP-443-key.pem
remote=earth.vpn.airdns.org:443
remote-cert-tls=server
ta=/home/xxxxx/.cert/nm-openvpn/AirVPN_All-servers_UDP-443-tls-auth.pem
ta-dir=1
service-type=org.freedesktop.NetworkManager.openvpn

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

[proxy]

 

Edited ... by giganerd
Edited out usernames and passwords

Share this post


Link to post

Huh, okay...

Okay, I found out how to pull NetworkManager's OpenVPN logs in a good way. Connect, then post the output once again:

sudo grep vpn-connection /var/log/syslog

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Huh. Then try this, also after connection:

sudo journalctl -t nm-openvpn

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

-- Logs begin at Mon 2019-10-21 08:20:11 +04, end at Sun 2019-10-27 18:33:49 +0>
Oct 21 18:41:00 A114 nm-openvpn[10489]: OpenVPN 2.4.7 [git:makepkg/2b8aec62d5db>
Oct 21 18:41:00 A114 nm-openvpn[10489]: library versions: OpenSSL 1.1.1d  10 Se>
Oct 21 18:41:00 A114 nm-openvpn[10489]: NOTE: the current --script-security set>
Oct 21 18:41:01 A114 nm-openvpn[10489]: TCP/UDP: Preserving recently used remot>
Oct 21 18:41:01 A114 nm-openvpn[10489]: Attempting to establish TCP connection >
Oct 21 18:41:02 A114 nm-openvpn[10489]: TCP connection established with [AF_INE>
Oct 21 18:41:02 A114 nm-openvpn[10489]: TCP_CLIENT link local: (not bound)
Oct 21 18:41:02 A114 nm-openvpn[10489]: TCP_CLIENT link remote: [AF_INET]134.19>
Oct 21 18:41:02 A114 nm-openvpn[10489]: NOTE: UID/GID downgrade will be delayed>
Oct 21 18:41:04 A114 nm-openvpn[10489]: [Aljanah] Peer Connection Initiated wit>
Oct 21 18:41:06 A114 nm-openvpn[10489]: TUN/TAP device tun0 opened
Oct 21 18:41:06 A114 nm-openvpn[10489]: /usr/lib/nm-openvpn-service-openvpn-hel>
Oct 21 18:41:06 A114 nm-openvpn[10489]: GID set to nm-openvpn
Oct 21 18:41:06 A114 nm-openvpn[10489]: UID set to nm-openvpn
Oct 21 18:41:06 A114 nm-openvpn[10489]: Initialization Sequence Completed
Oct 21 19:14:23 A114 nm-openvpn[10489]: SIGTERM[hard,] received, process exiting
Oct 21 19:14:46 A114 nm-openvpn[13012]: OpenVPN 2.4.7 [git:makepkg/2b8aec62d5db>
Oct 21 19:14:46 A114 nm-openvpn[13012]: library versions: OpenSSL 1.1.1d  10 Se>
Oct 21 19:14:46 A114 nm-openvpn[13012]: NOTE: the current --script-security set>
Oct 21 19:14:47 A114 nm-openvpn[13012]: TCP/UDP: Preserving recently used remot>
Oct 21 19:14:47 A114 nm-openvpn[13012]: Attempting to establish TCP connection >
Oct 21 19:14:48 A114 nm-openvpn[13012]: TCP connection established with [AF_INE>
lines 1-23
 

Share this post


Link to post

Your logs are cut for some reason, most information is missing, especially when the routes are set.
You could execute the same command but write it to a file. Then upload the file here.

cd ~/Desktop && sudo journalctl -t nm-openvpn -o short > nm-openvpn.log && sudo chmod 777 nm-openvpn.log
I myself am currently debugging a problem with nm-openvpn. My issue is that I can't stop it from pushing a new default route (0.0.0.0/0). The better approach is to set 0.0.0.0/1 and 128.0.0.0/1 like Eddie and the vanilla OpenVPN are doing. That means I can't reach any of my local devices when nm-openvpn is used.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

i am using Qomui to connect to the VPN and it feels more integrated than Eddie, i noticed a DNS leak when using the default Airvpn DNS with Qomui but when i change the DNS to Cloudflare's DNS for example the leak is no more.
i am not going to post another log because it looks more buggy everyday, it becomes harder to reproduce the same thing, to connect to openVPN through the CLI i sometimes have to reboot 3 times because it doesn't want to connect anymore this way, so as it is working fine with my actual config as long as i stop playing with it, i am not going to dig deeper this time. you will also have more time to fix your own issues.
thank you very much for your help

Share this post


Link to post

Okay. Thank you for your time and patience as well and I hope neither Eddie nor Qomui nor vanilla OpenVPN will give you a hard time in the future.
Enjoy AirVPN. :)


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...