Johnny 5 Bronson 0 Posted ... Ubuntu 20.04.3 running on Virtualbox 6.1 Installed the AirVPN CLI Suite, configured /etc/airvpn/bluetit.rc as below. It connected to the VPN fine the first time, then after rebooting I could not resolve DNS or ping an external IP. I can ping local (192.168.1.x) no problem. I have flushed iptables and disabled ufw. Stopping the bluetit service allows me to ping external IPs, but still will not resolve DNS. # airconnectatboot <off|quick|server|country> airconnectatboot country # networklockpersist <on|iptables|nftables|pf|off> networklockpersist on # airusername <airvpn_username> airusername #### # airpassword <aivpn_password> airpassword #### # airkey <airvpn_user_key> # airserver <airvpn_server_name> # aircountry <airvpn_country_name> aircountry Canada # airproto <udp|tcp> # airport <port> # aircipher <cipher_name> # airipv6 <on|off> # air6to4 <on|off> # manifestupdateinterval <minutes> # airwhiteserverlist <server list> # airblackserverlist <server list> # airwhitecountrylist <server list> # airblackcountrylist <server list> # country <ISO code> country US # remote <ip|url list> # proto <udp|tcp> # port <port> # tunpersist <yes|no> # cipher <cipher_names> # maxconnretries <number> # tcpqueuelimit <value> # ncpdisable <yes|no> # networklock <on|iptables|nftables|pf|off> # ignorednspush <yes|no> # timeout <seconds> # compress <yes|no|asym> # tlsversionmin <disabled|default|tls_1_x> # proxyhost <ip|url> # proxyport <port> # proxyusername <username> # proxypassword <password> # proxybasic <yes|no> $ sudo goldcrest --bluetit-stats 2021-09-25 06:04:18 Reading run control directives from file /root/.goldcrest.rc Goldcrest 1.1.0 - 4 June 2021 2021-09-25 06:04:18 Bluetit - AirVPN OpenVPN 3 Service 1.1.0 - 4 June 2021 2021-09-25 06:04:18 OpenVPN core 3.7 AirVPN linux x86_64 64-bit 2021-09-25 06:04:19 Bluetit is connected to VPN 2021-09-25 06:04:19 ---------------------- 2021-09-25 06:04:19 Connected to OpenVPN server 2021-09-25 06:04:19 Connection time: 00:16:03 2021-09-25 06:04:19 Transferred data: In 0 bytes, Out 0 bytes 2021-09-25 06:04:19 Current rate: In 0 bit/s, Out 0 bit/s 2021-09-25 06:04:19 Maximum rate: In 0 bit/s, Out 0 bit/s $ sudo ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.28 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::a00:27ff:fe05:5df9 prefixlen 64 scopeid 0x20<link> ether 08:00:27:05:5d:f9 txqueuelen 1000 (Ethernet) RX packets 4610 bytes 1059500 (1.0 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4240 bytes 583080 (583.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 28 bytes 3521 (3.5 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28 bytes 3521 (3.5 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 $ ping google.com ping: google.com: Temporary failure in name resolution $ ping 142.250.189.14 PING 142.250.189.14 (142.250.189.14) 56(84) bytes of data. ping: sendmsg: Operation not permitted ^C --- 142.250.189.14 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms Quote Hide Johnny 5 Bronson's signature Hide all signatures J5Bronson Share this post Link to post
Staff 9973 Posted ... @JBronson Hello! Can you please check your system DNS settings while Bluetit is not running and while it is running? ICMP packets for IP addresses outside the local network are correctly blocked by persistent Network Lock enforced by networklockpersist. An option to consider is that Bluetit fails the connection during the bootstrap. Although Bluetit answers to bluetit-stats with "Bluetit is connected to VPN", it is clearly belied by ifconfig output which does not show any tun interface in your system. Please make sure that VM kernel tun support is available, check Bluetit log and feel free to send it to us: sudo journalctl | grep bluetit Kind regards Quote Share this post Link to post
Johnny 5 Bronson 0 Posted ... $ cat /etc/resolv.conf # # Created by AirVPN. Do not edit. # # Your resolv.conf file is temporarily backed up in /etc/airvpn/resolv.conf.airvpnbackup # To restore your resolv.conf file you need to log in as root # and execute the below command from the shell: # # mv /etc/airvpn/resolv.conf.airvpnbackup /etc/resolv.conf # nameserver 10.7.58.1 /etc/airvpn/resolv.conf.airvpnbackup is an empty file. Turning bluetit on & off doesn't result in any change to /etc/resolve.conf $ sudo cat /etc/netplan/00-installer-config.yaml # This is the network config written by 'subiquity' network: ethernets: enp0s3: dhcp4: true version: 2 The output of "sudo journalctl | grep bluetit" is attached. Regarding VM kernel support for tun: /dev/net/tun exists. $ grep tun /var/log/kern.log Sep 25 03:32:46 mostfantasticfox kernel: [ 1.052297] tun: Universal TUN/TAP device driver, 1.6 Sep 25 04:53:29 mostfantasticfox kernel: [ 0.931561] tun: Universal TUN/TAP device driver, 1.6 Sep 25 05:22:13 mostfantasticfox kernel: [ 0.907906] tun: Universal TUN/TAP device driver, 1.6 Sep 25 05:30:39 mostfantasticfox kernel: [ 0.930226] tun: Universal TUN/TAP device driver, 1.6 Not sure if there's a better way to check. Thanks! journalctl-bluetit.log Quote Hide Johnny 5 Bronson's signature Hide all signatures J5Bronson Share this post Link to post
Staff 9973 Posted ... @JBronson Hello! The 1st problem was here: Sep 25 05:19:21 mostfantasticfox bluetit[2260]: Bluetit is already running or did not exit gracefully on its last run or has been killed. Exiting Sep 25 05:20:23 mostfantasticfox bluetit[2164]: Requested method "bluetit_status -> Bluetit is connected to VPN" Bluetit was in a dirty status and refused to proceed. However, when queried about the status it replied with the wrong message "connected to VPN". This is a bug we need to fix, thank you for having found it out, which explains why no tun interface was up when Bluetit misleadingly reported it was connected to the VPN. Later on, Bluetit does not detect anymore a dirty status but the nameserver remained set to a VPN DNS address, which is inaccessible from outside the VPN. Maybe you have tried to recover the network settings manually and you forgot to restore DNS? We ask because suddenly Bluetit does not detect anymore a dirty status and refuses to perform a network recovery: Sep 25 05:33:09 mostfantasticfox bluetit[1648]: Requested method "recover_network -> " Sep 25 05:33:09 mostfantasticfox bluetit[1648]: Requested method "Bluetit does not need a network recovery." Therefore, the subsequent connection attempts are doomed: Sep 25 05:28:21 mostfantasticfox bluetit[1441]: Allowing system DNS 10.7.58.1 to pass through the network filter Sep 25 05:28:31 mostfantasticfox bluetit[1441]: WARNING: Cannot resolve ca3.vpn.airdns.org (Temporary failure in name resolution) and Bluetit enters an infinite loop of re-connection attempts which don't succeed for the same reason. In order to resolve the issue, please make sure that Bluetit has exited cleanly and is not running, then manually modify DNS settings. Pick your favorite, publicly accessible, nameservers. Kind regards Quote Share this post Link to post