Re: OpenVPN

To: "debian-user" <debian-user@lists.debian.org>
Subject: Re: OpenVPN
From: cletusjenkins <cletusjenkins@zoho.com>
Date: Thu, 30 Aug 2012 14:16:07 -0700
Message-id: <[🔎] 704043732.1389.1346361667460.JavaMail.sas@172.29.254.227>
In-reply-to: <[🔎] CAP4bfpyXvg_HL1S+z-uFC5AgacO_RNyg045cvhED99FTExcgSQ@mail.gmail.com>
References: <[🔎] 532754373.125.1346317823183.JavaMail.sas@172.29.251.230> <[🔎] 20120830113047.GE17161@darac.org.uk> <[🔎] 1421832127.847.1346334557006.JavaMail.sas@172.29.244.248> <[🔎] CAP4bfpyXvg_HL1S+z-uFC5AgacO_RNyg045cvhED99FTExcgSQ@mail.gmail.com>

>Whether you are acting as a server or a client you need to have a 
>config file (.conf) in the /etc/openvpn directory (wich is the default 
>location where the openvpn service will look for .conf files and will 
>try to start those connections automatically when the service is 
>started). Check if there is one. In case there is one, you can open a 
>console and try to start the connection manually so you could see if 
>it throws any errors with the following command: 
> 
># openvpn /etc/openvpn/.conf 
> 
>If there is no .conf file, you need to set one up. Check for examples 
>at the openvpn.net site 
>(http://openvpn.net/index.php/open-source.html). 
> 
>Cheers! 
>Fred. 

thanks for the reply. I've built a *.conf file, 99% of it is the example file for a client from the link, my changes were to make it:
use tcp (told to by the VPN company)
the hostname to connect and port (from the company)
to use tun (when I tried it with tap it acted like it connected, but it totally shutdown my internet connectivity, can't find any advice on this from the company)
then I appended the following:

log-append /tmp/openvpn.log

auth-user-pass

ca      /etc/openvpn/<companyname>.ca.crt

The last line above is the ca the company told me to download and save.

I can now start openvpn as you suggest, I can still browse, but I am not going through the VPN (sites that tell you your IP address, show my actual IP not the VPN's)

Here is the output in the openvpn.log:

Thu Aug 30 17:03:00 2012 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 20 2012
Thu Aug 30 17:03:08 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 30 17:03:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 30 17:03:08 2012 LZO compression initialized
Thu Aug 30 17:03:08 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug 30 17:03:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Aug 30 17:03:09 2012 RESOLVE: NOTE: vpn.<companyname>.com resolves to 10 addresses
Thu Aug 30 17:03:09 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 30 17:03:09 2012 Local Options hash (VER=V4): '31fdf004'
Thu Aug 30 17:03:09 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Aug 30 17:03:09 2012 Attempting to establish TCP connection with [AF_INET]95.211.149.152:1194 [nonblock]
Thu Aug 30 17:03:10 2012 TCP connection established with [AF_INET]95.211.149.152:1194
Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link local: [undef]
Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link remote: [AF_INET]95.211.149.152:1194
Thu Aug 30 17:03:10 2012 TLS: Initial packet from [AF_INET]95.211.149.152:1194, sid=9c3a1f31 9ecb2837
Thu Aug 30 17:03:10 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 30 17:03:12 2012 VERIFY OK: depth=1, /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=BTGuard_CA/emailAddress=support@btguard.com
Thu Aug 30 17:03:12 2012 VERIFY OK: depth=0, /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=server/emailAddress=support@btguard.com
Thu Aug 30 17:03:13 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Aug 30 17:03:13 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1576', remote='link-mtu 1543'
Thu Aug 30 17:03:13 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Aug 30 17:03:13 2012 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 30 17:03:13 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 30 17:03:13 2012 [server] Peer Connection Initiated with [AF_INET]95.211.149.152:1194
Thu Aug 30 17:03:16 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Aug 30 17:03:16 2012 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway,route 10.10.0.1,topology net30,ping 20,ping-restart 240,ifconfig 10.10.0.170 10.10.0.169'
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: route options modified
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 30 17:03:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Aug 30 17:03:16 2012 ROUTE default_gateway=192.168.1.254
Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.10.0.1
Thu Aug 30 17:03:16 2012 TUN/TAP device tap0 opened
Thu Aug 30 17:03:16 2012 TUN/TAP TX queue length set to 100
Thu Aug 30 17:03:16 2012 /sbin/ifconfig tap0 10.10.0.170 netmask 10.10.0.169 mtu 1500 broadcast 255.255.255.254
SIOCSIFNETMASK: Invalid argument
Thu Aug 30 17:03:16 2012 Linux ifconfig failed: external program exited with error status: 1
Thu Aug 30 17:03:16 2012 Exiting

I can post the entire *.conf file if that would be better, the only reason I didn't is because of its length.

What I don't get is the contents of this file are the same settings I entered into the network-manager-openvpn-gnome gui. Shouldn't that gui set up such a file or some gconf or some other equivalent? Does using the gui normally work?

Reply to:

Follow-Ups:
- Re: OpenVPN
  - From: Joe <joe@jretrading.com>
- Re: OpenVPN
  - From: Registros Web <registros.web@gmail.com>

References:
- OpenVPN
  - From: cletusjenkins <cletusjenkins@zoho.com>
- Re: OpenVPN
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: OpenVPN
  - From: cletusjenkins <cletusjenkins@zoho.com>
- Re: OpenVPN
  - From: Registros Web <registros.web@gmail.com>

Prev by Date: Re: e2fsck errror: Error reading block (Attempt to read block from filesystem resulted in short read)
Next by Date: Re: e2fsck errror: Error reading block (Attempt to read block from filesystem resulted in short read)
Previous by thread: Re: OpenVPN
Next by thread: Re: OpenVPN
Index(es):
- Date
- Thread