Jump to content
Not connected, Your IP: 3.135.216.196
3Ds3Ps

ANSWERED Certain Websites Will Not Load When Connecting from School Wifi

Recommended Posts

Posted ... (edited)

I have been having this issue since I installed Arch about a month ago.* When I am connected to my school's wifi and Air, and am browsing Firefox, websites like Reddit, Tumblr, and the AirVPN site itself will fail to load with the heading "Did Not Connect: Potential Security Issue" and the error "sec_error_unknown_issuer." A few other sites, the ones I've encountered being maia.crimew.gay and bandcamp.com, will fail to connect with an insecure connection and after clicking "continue to HTTP site" a few times open into Cisco Umbrella's blocked website page. I recently discovered that I can bypass all of this temporarily by turning on Firefox's DNS over HTTPS at the Increased Protection level.** However, I also experience the connection issue when attempting to open the Discord application, so the DoH on Firefox is only a partial solution.

When I am connected to wifi and Air at home, or at another person's house, I do not experience any of these issues, but I have not had the opportunity to test on other public wifi connections so I do not know if it is specific to my school's wifi. When I run Eddie, the option to Connect to Recommended Server gets me stuck on the latency tests, so I have temporarily disabled them, but typically I can bypass that issue by selecting a specific server from the list of those available. At this point, everything in the connection process appears to go smoothly until the attempt to Check DNS. Occasionally it will go through on its first try or after the 4° try***, but usually it gets stuck in a loop of failing to connect and I have to disable DNS Check in order to connect to any server. I have attached eddie-system-report.txt and pasted my current logs, I hope they are useful.
 

. 2023.12.05 11:09:48 - Eddie version: 2.21.8 / linux_x64, System: Linux, Name: Arch Linux, Version: Linux LAPTOP-WHEE-LINUX 6.6.3-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 29 Nov 2023 00:37:40 +0000 x86_64 GNU/Linux, Mono/.Net: 6.12.0 (makepkg/d9a6e8710b3 Thu Aug 31 10:53:20 UTC 2023); Framework: v4.0.30319
. 2023.12.05 11:09:48 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2023.12.05 11:09:48 - Raise system privileges
. 2023.12.05 11:09:57 - Reading options from /home/fin/.config/eddie/default.profile
. 2023.12.05 11:09:58 - OpenVPN - Version: 2.6.8 - OpenSSL 3.1.4 24 Oct 2023, LZO 2.10 (/usr/bin/openvpn)
. 2023.12.05 11:09:58 - SSH - Version: OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023 (/usr/bin/ssh)
I 2023.12.05 11:09:58 - SSL - Not available
. 2023.12.05 11:09:58 - curl - Version: 8.4.0 (/usr/bin/curl)
I 2023.12.05 11:09:59 - Ready
. 2023.12.05 11:10:00 - Collect information about AirVPN completed
I 2023.12.05 11:10:14 - Session starting.
I 2023.12.05 11:10:14 - Checking authorization ...
! 2023.12.05 11:10:15 - Connecting to Chort (Canada, Toronto, Ontario)
. 2023.12.05 11:10:15 - Routes, add 104.254.90.237/32 for interface "wlan0".
. 2023.12.05 11:10:15 - Routes, add 104.254.90.237/32 for interface "wlan0", already exists.
. 2023.12.05 11:10:15 - OpenVPN > Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
. 2023.12.05 11:10:15 - OpenVPN > OpenVPN 2.6.8 [git:makepkg/3b0d9489cc423da3+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Nov 17 2023
. 2023.12.05 11:10:15 - OpenVPN > library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
. 2023.12.05 11:10:15 - OpenVPN > DCO version: N/A
. 2023.12.05 11:10:15 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.237:443
. 2023.12.05 11:10:15 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992]
. 2023.12.05 11:10:15 - OpenVPN > UDPv4 link local: (not bound)
. 2023.12.05 11:10:15 - OpenVPN > UDPv4 link remote: [AF_INET]104.254.90.237:443
. 2023.12.05 11:10:15 - OpenVPN > TLS: Initial packet from [AF_INET]104.254.90.237:443, sid=d431c521 be37d7ea
. 2023.12.05 11:10:15 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2023.12.05 11:10:15 - OpenVPN > VERIFY KU OK
. 2023.12.05 11:10:15 - OpenVPN > Validating certificate extended key usage
. 2023.12.05 11:10:15 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2023.12.05 11:10:15 - OpenVPN > VERIFY EKU OK
. 2023.12.05 11:10:15 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Chort, emailAddress=info@airvpn.org
. 2023.12.05 11:10:16 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
. 2023.12.05 11:10:16 - OpenVPN > [Chort] Peer Connection Initiated with [AF_INET]104.254.90.237:443
. 2023.12.05 11:10:16 - OpenVPN > TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
. 2023.12.05 11:10:16 - OpenVPN > TLS: tls_multi_process: initial untrusted session promoted to trusted
. 2023.12.05 11:10:16 - OpenVPN > SENT CONTROL [Chort]: 'PUSH_REQUEST' (status=1)
. 2023.12.05 11:10:16 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.14.54.1,dhcp-option DNS6 fde6:7a:7d20:a36::1,tun-ipv6,route-gateway 10.14.54.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:a36::1036/64 fde6:7a:7d20:a36::1,ifconfig 10.14.54.56 255.255.255.0,peer-id 2,cipher AES-256-GCM'
. 2023.12.05 11:10:16 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2023.12.05 11:10:16 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.14.54.1'
. 2023.12.05 11:10:16 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:a36::1'
. 2023.12.05 11:10:16 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2023.12.05 11:10:16 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2023.12.05 11:10:16 - OpenVPN > TUN/TAP device tun0 opened
. 2023.12.05 11:10:16 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:10:16 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:10:16 - OpenVPN > net_addr_v4_add: 10.14.54.56/24 dev tun0
. 2023.12.05 11:10:16 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:10:16 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:10:16 - OpenVPN > net_addr_v6_add: fde6:7a:7d20:a36::1036/64 dev tun0
. 2023.12.05 11:10:16 - OpenVPN > Data Channel: cipher 'AES-256-GCM', peer-id: 2, compression: 'stub'
. 2023.12.05 11:10:16 - OpenVPN > Timers: ping 10, ping-restart 60
. 2023.12.05 11:10:16 - OpenVPN > Protocol options: explicit-exit-notify 5
. 2023.12.05 11:10:22 - OpenVPN > Initialization Sequence Completed
. 2023.12.05 11:10:22 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
. 2023.12.05 11:10:22 - Routes, add 0.0.0.0/1 for interface "tun0".
. 2023.12.05 11:10:22 - Routes, add 128.0.0.0/1 for interface "tun0".
. 2023.12.05 11:10:22 - Routes, add ::/1 for interface "tun0".
. 2023.12.05 11:10:22 - Routes, add 8000::/1 for interface "tun0".
. 2023.12.05 11:10:22 - Routes, add 104.254.90.235/32 for interface "tun0".
. 2023.12.05 11:10:22 - Routes, add 2606:6080:2001:8:df6a:e365:26ff:7f06/128 for interface "tun0".
. 2023.12.05 11:10:22 - Flushing DNS
I 2023.12.05 11:10:22 - Checking route IPv4
I 2023.12.05 11:10:22 - Checking route IPv6
I 2023.12.05 11:10:23 - Checking DNS
. 2023.12.05 11:10:30 - Checking DNS (4° try)
. 2023.12.05 11:10:34 - Checking DNS (5° try)
E 2023.12.05 11:10:34 - Checking DNS failed, last reason: Checking DNS failed:
! 2023.12.05 11:10:34 - Disconnecting
. 2023.12.05 11:10:34 - Sending soft termination signal
. 2023.12.05 11:10:34 - OpenVPN > event_wait : Interrupted system call (fd=-1,code=4)
. 2023.12.05 11:10:34 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2023.12.05 11:10:39 - OpenVPN > Closing TUN/TAP interface
. 2023.12.05 11:10:39 - OpenVPN > net_addr_v4_del: 10.14.54.56 dev tun0
. 2023.12.05 11:10:39 - OpenVPN > net_addr_v6_del: fde6:7a:7d20:a36::1036/64 dev tun0
. 2023.12.05 11:10:39 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
. 2023.12.05 11:10:39 - Routes, delete 0.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:10:39 - Routes, delete 128.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:10:39 - Routes, delete ::/1 for interface "tun0", not exists.
. 2023.12.05 11:10:39 - Routes, delete 8000::/1 for interface "tun0", not exists.
. 2023.12.05 11:10:39 - Routes, delete 104.254.90.237/32 for interface "wlan0".
. 2023.12.05 11:10:39 - Routes, delete 104.254.90.235/32 for interface "tun0", not exists.
. 2023.12.05 11:10:39 - Routes, delete 2606:6080:2001:8:df6a:e365:26ff:7f06/128 for interface "tun0", not exists.
. 2023.12.05 11:10:39 - Routes, delete 104.254.90.237/32 for interface "wlan0", not exists.
. 2023.12.05 11:10:39 - DNS of the system restored to original settings (Rename method)
. 2023.12.05 11:10:39 - Connection terminated.
. 2023.12.05 11:10:43 - Waiting for latency tests (18 to go)
I 2023.12.05 11:11:02 - Cancel requested.
! 2023.12.05 11:11:02 - Session terminated.
I 2023.12.05 11:11:07 - Session starting.
I 2023.12.05 11:11:07 - Checking authorization ...
! 2023.12.05 11:11:08 - Connecting to Regulus (Canada, Toronto, Ontario)
. 2023.12.05 11:11:08 - Routes, add 184.75.221.37/32 for interface "wlan0".
. 2023.12.05 11:11:08 - Routes, add 184.75.221.37/32 for interface "wlan0", already exists.
. 2023.12.05 11:11:08 - OpenVPN > Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
. 2023.12.05 11:11:08 - OpenVPN > OpenVPN 2.6.8 [git:makepkg/3b0d9489cc423da3+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Nov 17 2023
. 2023.12.05 11:11:08 - OpenVPN > library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
. 2023.12.05 11:11:08 - OpenVPN > DCO version: N/A
. 2023.12.05 11:11:08 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.37:443
. 2023.12.05 11:11:08 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992]
. 2023.12.05 11:11:08 - OpenVPN > UDPv4 link local: (not bound)
. 2023.12.05 11:11:08 - OpenVPN > UDPv4 link remote: [AF_INET]184.75.221.37:443
. 2023.12.05 11:11:08 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.37:443, sid=731b8854 25ebc26d
. 2023.12.05 11:11:08 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2023.12.05 11:11:08 - OpenVPN > VERIFY KU OK
. 2023.12.05 11:11:08 - OpenVPN > Validating certificate extended key usage
. 2023.12.05 11:11:08 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2023.12.05 11:11:08 - OpenVPN > VERIFY EKU OK
. 2023.12.05 11:11:08 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Regulus, emailAddress=info@airvpn.org
. 2023.12.05 11:11:08 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
. 2023.12.05 11:11:08 - OpenVPN > [Regulus] Peer Connection Initiated with [AF_INET]184.75.221.37:443
. 2023.12.05 11:11:08 - OpenVPN > TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
. 2023.12.05 11:11:08 - OpenVPN > TLS: tls_multi_process: initial untrusted session promoted to trusted
. 2023.12.05 11:11:09 - OpenVPN > SENT CONTROL [Regulus]: 'PUSH_REQUEST' (status=1)
. 2023.12.05 11:11:09 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.28.22.1,dhcp-option DNS6 fde6:7a:7d20:1816::1,tun-ipv6,route-gateway 10.28.22.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1816::1040/64 fde6:7a:7d20:1816::1,ifconfig 10.28.22.66 255.255.255.0,peer-id 5,cipher AES-256-GCM'
. 2023.12.05 11:11:09 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2023.12.05 11:11:09 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.28.22.1'
. 2023.12.05 11:11:09 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:1816::1'
. 2023.12.05 11:11:09 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2023.12.05 11:11:09 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2023.12.05 11:11:09 - OpenVPN > TUN/TAP device tun0 opened
. 2023.12.05 11:11:09 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:11:09 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:11:09 - OpenVPN > net_addr_v4_add: 10.28.22.66/24 dev tun0
. 2023.12.05 11:11:09 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:11:09 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:11:09 - OpenVPN > net_addr_v6_add: fde6:7a:7d20:1816::1040/64 dev tun0
. 2023.12.05 11:11:09 - OpenVPN > Data Channel: cipher 'AES-256-GCM', peer-id: 5, compression: 'stub'
. 2023.12.05 11:11:09 - OpenVPN > Timers: ping 10, ping-restart 60
. 2023.12.05 11:11:09 - OpenVPN > Protocol options: explicit-exit-notify 5
. 2023.12.05 11:11:15 - OpenVPN > Initialization Sequence Completed
. 2023.12.05 11:11:15 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
. 2023.12.05 11:11:15 - Routes, add 0.0.0.0/1 for interface "tun0".
. 2023.12.05 11:11:15 - Routes, add 128.0.0.0/1 for interface "tun0".
. 2023.12.05 11:11:15 - Routes, add ::/1 for interface "tun0".
. 2023.12.05 11:11:15 - Routes, add 8000::/1 for interface "tun0".
. 2023.12.05 11:11:15 - Routes, add 184.75.221.35/32 for interface "tun0".
. 2023.12.05 11:11:15 - Routes, add 2606:6080:1001:e:2e9c:bad5:dbdd:84ea/128 for interface "tun0".
. 2023.12.05 11:11:15 - Flushing DNS
I 2023.12.05 11:11:15 - Checking route IPv4
I 2023.12.05 11:11:15 - Checking route IPv6
I 2023.12.05 11:11:16 - Checking DNS
. 2023.12.05 11:11:23 - Checking DNS (4° try)
. 2023.12.05 11:11:27 - Checking DNS (5° try)
E 2023.12.05 11:11:27 - Checking DNS failed, last reason: Checking DNS failed:
! 2023.12.05 11:11:27 - Disconnecting
. 2023.12.05 11:11:27 - Sending soft termination signal
. 2023.12.05 11:11:27 - OpenVPN > event_wait : Interrupted system call (fd=-1,code=4)
. 2023.12.05 11:11:27 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2023.12.05 11:11:32 - OpenVPN > Closing TUN/TAP interface
. 2023.12.05 11:11:32 - OpenVPN > net_addr_v4_del: 10.28.22.66 dev tun0
. 2023.12.05 11:11:32 - OpenVPN > net_addr_v6_del: fde6:7a:7d20:1816::1040/64 dev tun0
. 2023.12.05 11:11:32 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
. 2023.12.05 11:11:32 - Routes, delete 0.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:11:32 - Routes, delete 128.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:11:32 - Routes, delete ::/1 for interface "tun0", not exists.
. 2023.12.05 11:11:33 - Routes, delete 8000::/1 for interface "tun0", not exists.
. 2023.12.05 11:11:33 - Routes, delete 184.75.221.37/32 for interface "wlan0".
. 2023.12.05 11:11:33 - Routes, delete 184.75.221.35/32 for interface "tun0", not exists.
. 2023.12.05 11:11:33 - Routes, delete 2606:6080:1001:e:2e9c:bad5:dbdd:84ea/128 for interface "tun0", not exists.
. 2023.12.05 11:11:33 - Routes, delete 184.75.221.37/32 for interface "wlan0", not exists.
. 2023.12.05 11:11:33 - DNS of the system restored to original settings (Rename method)
. 2023.12.05 11:11:33 - Connection terminated.
I 2023.12.05 11:11:36 - Checking authorization ...
! 2023.12.05 11:11:37 - Connecting to Lesath (Canada, Toronto, Ontario)
. 2023.12.05 11:11:37 - Routes, add 184.75.221.5/32 for interface "wlan0".
. 2023.12.05 11:11:37 - Routes, add 184.75.221.5/32 for interface "wlan0", already exists.
. 2023.12.05 11:11:37 - OpenVPN > Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
. 2023.12.05 11:11:37 - OpenVPN > OpenVPN 2.6.8 [git:makepkg/3b0d9489cc423da3+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Nov 17 2023
. 2023.12.05 11:11:37 - OpenVPN > library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
. 2023.12.05 11:11:37 - OpenVPN > DCO version: N/A
. 2023.12.05 11:11:37 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.5:443
. 2023.12.05 11:11:37 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992]
. 2023.12.05 11:11:37 - OpenVPN > UDPv4 link local: (not bound)
. 2023.12.05 11:11:37 - OpenVPN > UDPv4 link remote: [AF_INET]184.75.221.5:443
. 2023.12.05 11:11:37 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.5:443, sid=dd0a6bbd ed6eb272
. 2023.12.05 11:11:37 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2023.12.05 11:11:37 - OpenVPN > VERIFY KU OK
. 2023.12.05 11:11:37 - OpenVPN > Validating certificate extended key usage
. 2023.12.05 11:11:37 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2023.12.05 11:11:37 - OpenVPN > VERIFY EKU OK
. 2023.12.05 11:11:37 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Lesath, emailAddress=info@airvpn.org
. 2023.12.05 11:11:37 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
. 2023.12.05 11:11:37 - OpenVPN > [Lesath] Peer Connection Initiated with [AF_INET]184.75.221.5:443
. 2023.12.05 11:11:37 - OpenVPN > TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
. 2023.12.05 11:11:37 - OpenVPN > TLS: tls_multi_process: initial untrusted session promoted to trusted
. 2023.12.05 11:11:38 - OpenVPN > SENT CONTROL [Lesath]: 'PUSH_REQUEST' (status=1)
. 2023.12.05 11:11:38 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.20.246.1,dhcp-option DNS6 fde6:7a:7d20:10f6::1,tun-ipv6,route-gateway 10.20.246.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:10f6::100e/64 fde6:7a:7d20:10f6::1,ifconfig 10.20.246.16 255.255.255.0,peer-id 10,cipher AES-256-GCM'
. 2023.12.05 11:11:38 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2023.12.05 11:11:38 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.20.246.1'
. 2023.12.05 11:11:38 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:10f6::1'
. 2023.12.05 11:11:38 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2023.12.05 11:11:38 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2023.12.05 11:11:38 - OpenVPN > TUN/TAP device tun0 opened
. 2023.12.05 11:11:38 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:11:38 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:11:38 - OpenVPN > net_addr_v4_add: 10.20.246.16/24 dev tun0
. 2023.12.05 11:11:38 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:11:38 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:11:38 - OpenVPN > net_addr_v6_add: fde6:7a:7d20:10f6::100e/64 dev tun0
. 2023.12.05 11:11:38 - OpenVPN > Data Channel: cipher 'AES-256-GCM', peer-id: 10, compression: 'stub'
. 2023.12.05 11:11:38 - OpenVPN > Timers: ping 10, ping-restart 60
. 2023.12.05 11:11:38 - OpenVPN > Protocol options: explicit-exit-notify 5
. 2023.12.05 11:11:43 - OpenVPN > Initialization Sequence Completed
. 2023.12.05 11:11:43 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
. 2023.12.05 11:11:43 - Routes, add 0.0.0.0/1 for interface "tun0".
. 2023.12.05 11:11:43 - Routes, add 128.0.0.0/1 for interface "tun0".
. 2023.12.05 11:11:43 - Routes, add ::/1 for interface "tun0".
. 2023.12.05 11:11:43 - Routes, add 8000::/1 for interface "tun0".
. 2023.12.05 11:11:43 - Routes, add 184.75.221.3/32 for interface "tun0".
. 2023.12.05 11:11:43 - Routes, add 2606:6080:1001:d:c59c:6e9a:3115:6f2f/128 for interface "tun0".
. 2023.12.05 11:11:43 - Flushing DNS
I 2023.12.05 11:11:43 - Checking route IPv4
I 2023.12.05 11:11:44 - Checking route IPv6
I 2023.12.05 11:11:45 - Checking DNS
. 2023.12.05 11:11:52 - Checking DNS (4° try)
. 2023.12.05 11:11:57 - Checking DNS (5° try)
E 2023.12.05 11:11:57 - Checking DNS failed, last reason: Checking DNS failed:
! 2023.12.05 11:11:57 - Disconnecting
. 2023.12.05 11:11:57 - Sending soft termination signal
. 2023.12.05 11:11:58 - OpenVPN > event_wait : Interrupted system call (fd=-1,code=4)
. 2023.12.05 11:11:58 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2023.12.05 11:12:02 - OpenVPN > Closing TUN/TAP interface
. 2023.12.05 11:12:02 - OpenVPN > net_addr_v4_del: 10.20.246.16 dev tun0
. 2023.12.05 11:12:02 - OpenVPN > net_addr_v6_del: fde6:7a:7d20:10f6::100e/64 dev tun0
. 2023.12.05 11:12:02 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
. 2023.12.05 11:12:02 - Routes, delete 0.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:12:02 - Routes, delete 128.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:12:02 - Routes, delete ::/1 for interface "tun0", not exists.
. 2023.12.05 11:12:02 - Routes, delete 8000::/1 for interface "tun0", not exists.
. 2023.12.05 11:12:03 - Routes, delete 184.75.221.5/32 for interface "wlan0".
. 2023.12.05 11:12:03 - Routes, delete 184.75.221.3/32 for interface "tun0", not exists.
. 2023.12.05 11:12:03 - Routes, delete 2606:6080:1001:d:c59c:6e9a:3115:6f2f/128 for interface "tun0", not exists.
. 2023.12.05 11:12:03 - Routes, delete 184.75.221.5/32 for interface "wlan0", not exists.
. 2023.12.05 11:12:03 - DNS of the system restored to original settings (Rename method)
. 2023.12.05 11:12:03 - Connection terminated.
I 2023.12.05 11:12:06 - Checking authorization ...
! 2023.12.05 11:12:07 - Connecting to Sargas (Canada, Toronto, Ontario)
. 2023.12.05 11:12:07 - Routes, add 184.75.223.197/32 for interface "wlan0".
. 2023.12.05 11:12:07 - Routes, add 184.75.223.197/32 for interface "wlan0", already exists.
. 2023.12.05 11:12:07 - OpenVPN > Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
. 2023.12.05 11:12:07 - OpenVPN > OpenVPN 2.6.8 [git:makepkg/3b0d9489cc423da3+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Nov 17 2023
. 2023.12.05 11:12:07 - OpenVPN > library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
. 2023.12.05 11:12:07 - OpenVPN > DCO version: N/A
. 2023.12.05 11:12:07 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.197:443
. 2023.12.05 11:12:07 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992]
. 2023.12.05 11:12:07 - OpenVPN > UDPv4 link local: (not bound)
. 2023.12.05 11:12:07 - OpenVPN > UDPv4 link remote: [AF_INET]184.75.223.197:443
. 2023.12.05 11:12:07 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.223.197:443, sid=3b54906a 5613b08f
. 2023.12.05 11:12:07 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2023.12.05 11:12:07 - OpenVPN > VERIFY KU OK
. 2023.12.05 11:12:07 - OpenVPN > Validating certificate extended key usage
. 2023.12.05 11:12:07 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2023.12.05 11:12:07 - OpenVPN > VERIFY EKU OK
. 2023.12.05 11:12:07 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Sargas, emailAddress=info@airvpn.org
. 2023.12.05 11:12:07 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
. 2023.12.05 11:12:07 - OpenVPN > [Sargas] Peer Connection Initiated with [AF_INET]184.75.223.197:443
. 2023.12.05 11:12:07 - OpenVPN > TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
. 2023.12.05 11:12:07 - OpenVPN > TLS: tls_multi_process: initial untrusted session promoted to trusted
. 2023.12.05 11:12:08 - OpenVPN > SENT CONTROL [Sargas]: 'PUSH_REQUEST' (status=1)
. 2023.12.05 11:12:08 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.29.54.1,dhcp-option DNS6 fde6:7a:7d20:1936::1,tun-ipv6,route-gateway 10.29.54.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1936::1065/64 fde6:7a:7d20:1936::1,ifconfig 10.29.54.103 255.255.255.0,peer-id 3,cipher AES-256-GCM'
. 2023.12.05 11:12:08 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2023.12.05 11:12:08 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.29.54.1'
. 2023.12.05 11:12:08 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:1936::1'
. 2023.12.05 11:12:08 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2023.12.05 11:12:08 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2023.12.05 11:12:08 - OpenVPN > TUN/TAP device tun0 opened
. 2023.12.05 11:12:08 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:12:08 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:12:08 - OpenVPN > net_addr_v4_add: 10.29.54.103/24 dev tun0
. 2023.12.05 11:12:08 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:12:08 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:12:08 - OpenVPN > net_addr_v6_add: fde6:7a:7d20:1936::1065/64 dev tun0
. 2023.12.05 11:12:08 - OpenVPN > Data Channel: cipher 'AES-256-GCM', peer-id: 3, compression: 'stub'
. 2023.12.05 11:12:08 - OpenVPN > Timers: ping 10, ping-restart 60
. 2023.12.05 11:12:08 - OpenVPN > Protocol options: explicit-exit-notify 5
. 2023.12.05 11:12:13 - OpenVPN > Initialization Sequence Completed
. 2023.12.05 11:12:13 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
. 2023.12.05 11:12:13 - Routes, add 0.0.0.0/1 for interface "tun0".
. 2023.12.05 11:12:13 - Routes, add 128.0.0.0/1 for interface "tun0".
. 2023.12.05 11:12:13 - Routes, add ::/1 for interface "tun0".
. 2023.12.05 11:12:13 - Routes, add 8000::/1 for interface "tun0".
. 2023.12.05 11:12:14 - Routes, add 184.75.223.195/32 for interface "tun0".
. 2023.12.05 11:12:14 - Routes, add 2606:6080:1002:4:88e7:e893:3692:25d2/128 for interface "tun0".
. 2023.12.05 11:12:14 - Flushing DNS
I 2023.12.05 11:12:14 - Checking route IPv4
I 2023.12.05 11:12:14 - Checking route IPv6
I 2023.12.05 11:12:14 - Checking DNS
. 2023.12.05 11:12:21 - Checking DNS (4° try)
. 2023.12.05 11:12:26 - Checking DNS (5° try)
E 2023.12.05 11:12:26 - Checking DNS failed, last reason: Checking DNS failed:
! 2023.12.05 11:12:26 - Disconnecting
. 2023.12.05 11:12:26 - Sending soft termination signal
. 2023.12.05 11:12:26 - OpenVPN > event_wait : Interrupted system call (fd=-1,code=4)
. 2023.12.05 11:12:26 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2023.12.05 11:12:32 - OpenVPN > Closing TUN/TAP interface
. 2023.12.05 11:12:32 - OpenVPN > net_addr_v4_del: 10.29.54.103 dev tun0
. 2023.12.05 11:12:32 - OpenVPN > net_addr_v6_del: fde6:7a:7d20:1936::1065/64 dev tun0
. 2023.12.05 11:12:32 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
. 2023.12.05 11:12:32 - Routes, delete 0.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:12:32 - Routes, delete 128.0.0.0/1 for interface "tun0", not exists.
. 2023.12.05 11:12:32 - Routes, delete ::/1 for interface "tun0", not exists.
. 2023.12.05 11:12:32 - Routes, delete 8000::/1 for interface "tun0", not exists.
. 2023.12.05 11:12:32 - Routes, delete 184.75.223.197/32 for interface "wlan0".
. 2023.12.05 11:12:32 - Routes, delete 184.75.223.195/32 for interface "tun0", not exists.
. 2023.12.05 11:12:32 - Routes, delete 2606:6080:1002:4:88e7:e893:3692:25d2/128 for interface "tun0", not exists.
. 2023.12.05 11:12:32 - Routes, delete 184.75.223.197/32 for interface "wlan0", not exists.
. 2023.12.05 11:12:32 - DNS of the system restored to original settings (Rename method)
. 2023.12.05 11:12:32 - Connection terminated.
I 2023.12.05 11:12:35 - Checking authorization ...
! 2023.12.05 11:12:36 - Connecting to Alwaid (Canada, Toronto, Ontario)
. 2023.12.05 11:12:36 - Routes, add 184.75.221.109/32 for interface "wlan0".
. 2023.12.05 11:12:36 - Routes, add 184.75.221.109/32 for interface "wlan0", already exists.
. 2023.12.05 11:12:37 - OpenVPN > Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
. 2023.12.05 11:12:37 - OpenVPN > OpenVPN 2.6.8 [git:makepkg/3b0d9489cc423da3+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Nov 17 2023
. 2023.12.05 11:12:37 - OpenVPN > library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
. 2023.12.05 11:12:37 - OpenVPN > DCO version: N/A
. 2023.12.05 11:12:37 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.109:443
. 2023.12.05 11:12:37 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992]
. 2023.12.05 11:12:37 - OpenVPN > UDPv4 link local: (not bound)
. 2023.12.05 11:12:37 - OpenVPN > UDPv4 link remote: [AF_INET]184.75.221.109:443
. 2023.12.05 11:12:37 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.109:443, sid=11a2f4a0 5d4c0177
. 2023.12.05 11:12:37 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2023.12.05 11:12:37 - OpenVPN > VERIFY KU OK
. 2023.12.05 11:12:37 - OpenVPN > Validating certificate extended key usage
. 2023.12.05 11:12:37 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2023.12.05 11:12:37 - OpenVPN > VERIFY EKU OK
. 2023.12.05 11:12:37 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Alwaid, emailAddress=info@airvpn.org
. 2023.12.05 11:12:37 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
. 2023.12.05 11:12:37 - OpenVPN > [Alwaid] Peer Connection Initiated with [AF_INET]184.75.221.109:443
. 2023.12.05 11:12:37 - OpenVPN > TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
. 2023.12.05 11:12:37 - OpenVPN > TLS: tls_multi_process: initial untrusted session promoted to trusted
. 2023.12.05 11:12:37 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.8.150.1,dhcp-option DNS6 fde6:7a:7d20:496::1,tun-ipv6,route-gateway 10.8.150.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:496::106f/64 fde6:7a:7d20:496::1,ifconfig 10.8.150.113 255.255.255.0,peer-id 0,cipher AES-256-GCM'
. 2023.12.05 11:12:37 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2023.12.05 11:12:37 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.8.150.1'
. 2023.12.05 11:12:37 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:496::1'
. 2023.12.05 11:12:37 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2023.12.05 11:12:37 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2023.12.05 11:12:37 - OpenVPN > TUN/TAP device tun0 opened
. 2023.12.05 11:12:37 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:12:37 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:12:37 - OpenVPN > net_addr_v4_add: 10.8.150.113/24 dev tun0
. 2023.12.05 11:12:37 - OpenVPN > net_iface_mtu_set: mtu 1500 for tun0
. 2023.12.05 11:12:37 - OpenVPN > net_iface_up: set tun0 up
. 2023.12.05 11:12:37 - OpenVPN > net_addr_v6_add: fde6:7a:7d20:496::106f/64 dev tun0
. 2023.12.05 11:12:37 - OpenVPN > Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'stub'
. 2023.12.05 11:12:37 - OpenVPN > Timers: ping 10, ping-restart 60
. 2023.12.05 11:12:37 - OpenVPN > Protocol options: explicit-exit-notify 5
. 2023.12.05 11:12:42 - OpenVPN > Initialization Sequence Completed
. 2023.12.05 11:12:42 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
. 2023.12.05 11:12:42 - Routes, add 0.0.0.0/1 for interface "tun0".
. 2023.12.05 11:12:43 - Routes, add 128.0.0.0/1 for interface "tun0".
. 2023.12.05 11:12:43 - Routes, add ::/1 for interface "tun0".
. 2023.12.05 11:12:43 - Routes, add 8000::/1 for interface "tun0".
. 2023.12.05 11:12:43 - Routes, add 184.75.221.107/32 for interface "tun0".
. 2023.12.05 11:12:43 - Routes, add 2606:6080:1001:30:5f94:f242:c829:1017/128 for interface "tun0".
. 2023.12.05 11:12:43 - Flushing DNS
I 2023.12.05 11:12:43 - Checking route IPv4
I 2023.12.05 11:12:43 - Checking route IPv6
! 2023.12.05 11:12:44 - Connected.
. 2023.12.05 11:40:05 - Collect information about AirVPN completed
. 2023.12.05 12:10:11 - Collect information about AirVPN completed
. 2023.12.05 12:12:10 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2023.12.05 12:12:10 - OpenVPN > VERIFY KU OK
. 2023.12.05 12:12:10 - OpenVPN > Validating certificate extended key usage
. 2023.12.05 12:12:10 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2023.12.05 12:12:10 - OpenVPN > VERIFY EKU OK
. 2023.12.05 12:12:10 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Alwaid, emailAddress=info@airvpn.org
. 2023.12.05 12:12:10 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519

 

* I have never experienced it before so I have been assuming that somewhere it has something to do with necessary programs and processes I may have been unaware of or installed incorrectly when I started with Arch.
** This only works if I select NextDNS as the provider, Cloudflare fails with the error "(NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, SEC_ERROR_UNKNOWN_ISSUER))."
*** Even if it does go through with the DNS Check enabled, the websites still fail to connect without the Firefox DoH. I do not know how to get Eddie to go through with the connection with the DNS Check enabled, so I can't test and check logs at the moment, but earlier when it worked out like that I believe an error saying something like "UHOST_UNREACHABLE" appeared (in relation to Eddie's attempts at further checking the DNS?).

eddie-system-report.txt

Edited ... by 3Ds3Ps

Share this post


Link to post

Hello!

It might be an unfortunate combination of events: Eddie 2.21.8 is unable to manage properly DNS changes when systemd-resolved runs in on-link mode or anyway any mode which bypasses resolv.conf, therefore your system DNS are not changed properly and you keep querying the usual system DNS most times. Then, one of your system DNS seems poisoned, and your school network administrators may try to act as a man in the middle to monitor your traffic (not so unusual in schools, although it is an abhorrent practice which will expose students to various tremendous attacks, and not only by the school personnel). However, if you have not installed their root certificates, the browsers can't get fooled and you will get those security errors you noticed.

You might like to upgrade to Eddie 2.23.2:
https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/

This new beta version added full support with proper DNS management for every systemd-resolved working mode. Then, please do not disable route check and DNS check. You must be absolutely sure that you bypass your school DNS and you must also be sure that the tunnel is established. Enable Network Lock as well (before you start a connection) from Eddie's main window.

When you start using Eddie 2.23.2 feel free to report again to re-check the whole situation.

Some more documentation about possible man in the middle attacks performed by corporate and school networks through the installation and acceptance of root certificates and monitoring proxies:
https://security.stackexchange.com/questions/104576/my-college-is-forcing-me-to-install-their-ssl-certificate-how-to-protect-my-pri

Note how a VPN will protect you against those attacks and therefore the network administrators might try to block VPN usage.

Kind regards
 

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...