Trisquel & OpenVPN Not Getting Along

28 replies [Last post]
TheGoodFight
Offline
Joined: 10/07/2019

Hello,
I'm having a bit of a issue and hoping someone could shed light on this. I can't get OpenVPN to work. Says its connected but not connecting to the internet. I have set OpenVPN up before, but I've never had this issue.
1. Download my VPN Config files / unzip files
2. Install OpenVPN sudo apt-get install openvpn
3.Edit connections /add / openvpn / create / Type : password / CA Cert ( grab from unzipped folder / Enter UN & PW / .conf grab the gateway / save / VPN connections / and connected
Now, all this might be completely simplistic to everyone but I'm a very very new linux user so this a learner curve for me. Any help would be greatly appreciated. I've attempted to search but honestly I'm not even sure how to word what I'm looking to do. I don't know if this is important, but I'm using a think X60 / librebooted / Think Penguin external wifi antenna / I have removed the wifi card that was inside the computer.
Any help is greatly appreciated !! Thank You Everyone !!

rinakra
Offline
Joined: 11/20/2019

Which vpn are you using? I use NordVPN

I had a hard time configuring it as well. For some reason, it worked fine using network manager with my other computer which runs Parabola (libre arch).

What I ended up doing was copying the settings from my Parabola network manager to the one on my Trisquel computer. This has worked fine except for one problem: I cannot get rid of DNS leaks whenever I connect to a VPN outside of the US. For my purposes it hasn't mattered. Anyway I will attach a file showing my settings. I would suggest opening network manager and trying to just check all the boxes I have checked and uncheck the ones I don't.

Click on the nm-applet, click on edit connections, select your vpn, and go to advanced settings. You will see a screen like this. I don't know why this works for me but it does. Good luck.

By the way, this issue is somewhat common. The problem might depend on the specific vpn you're using. So it might be a good idea to search for people with similar issues on Ubuntu in general. Usually the solutions for Ubuntu work for Trisquel as well. It's almost certainly just a matter of choosing the right settings either via nm-applet or in some file somewhere.

openvpn_settings.png
TheGoodFight
Offline
Joined: 10/07/2019

Thank You !! I use Mullvad and didn't have any issues using Mullvad with OpenVpn on Debian 10 They even have a page for specifically installing it on Ubuntu and Debian.

https://mullvad.net/en/download/

https://mullvad.net/en/help/linux-openvpn-installation/

I'll copy and use your settings as a guide line. I really appreciate you commenting. I really want to get this VPN up and running and then, if I can figure it out either install the Mullvad app or somehow figure out how to make a kill switch.
Again thannks for your comment and have yourself a Happy New Year !!!!

I just tried and matched what you had clicked and no go. I will mix and match and hope for the best.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Thank You !! I use Mullvad and didn't have any issues using Mullvad with
> OpenVpn on Debian 10 They even have a page for specifically installing it
> on Ubuntu and Debian.

I also use Mullvad, and on Trisquel I just use their app. It's nice to
be able to switch servers when I run into geoblocking issues, to see how
much time I have left on my account, etc.

On Hyperbola I set up OpenVPN, but that is only because I could not get
the app to work on Hyperbola. If you have the option of using the app,
that's what I recommend. It's simpler to set up and has some additional
features.

TheGoodFight
Offline
Joined: 10/07/2019

Happy New Year !!!
I've only used Mullvad with OpenVPN. I'm VERY new to Linux and honestly could never figure out how to install the app. I would give it a try if I knew how to install it.
Do you have any suggestions or theory as to why I'm unable to get Mullvad with OpenVPN to work ??
Any help is appreciated !!

Ignore my app installation comment. I just remembered I'm 32bit not 64bit, so its OpenVPN or nothing on this machine.
Also, just tried with ethernet and still not working.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I've only used Mullvad with OpenVPN. I'm VERY new to Linux and honestly
> could never figure out how to install the app. I would give it a try if I
> knew how to install it.

https://github.com/mullvad/mullvadvpn-app/releases/download/2018.6/MullvadVPN-2018.6_amd64.deb

I have found that newer versions don't work with Trisquel's default
kernel, but this version should work. If you have Gdebi installed, then
clicking this link in Abrowser should launch Gdebi and offer to install
the package. If for some reason you don't have gdebi installed, you can
install the package from a terminal like this:

$ wget https://github.com/mullvad/mullvadvpn-app/releases/download/2018.6/MullvadVPN-2018.6_amd64.deb
$ sudo dpkg -i MullvadVPN-2018.6_amd64.deb

TheGoodFight
Offline
Joined: 10/07/2019

Thanks for that, but I forgot this machine is 32bit. You like that could factor in why Mullvad won't work ? I'm really at my wits end with this. I got this perfect X60 ready to rock and I won't use it without my vpn.

Beko
Offline
Joined: 08/31/2019

I also use Mullvad and it does require a newer kernel than the one provided by Trisquel. The solution is easy, you can find libre kernels on Jxself's website (jxself.org/linux-libre) to update your kernel. Simply follow the instructions and Mullvad should work, if you have Libreboot you should remember that there is a tiny step at the end after installation to adjust GRUB.

Edit:
Taken from Mullvad.net
Linux distributions such as Debian, Ubuntu, and Fedora running kernels 4.8.0 or newer

I don't remember what kernel Trisquel ships with but you can check by typing "uname -r" into terminal and it should tell your version.

TheGoodFight
Offline
Joined: 10/07/2019

Beko-
Thanks !! So, that's the fix the updated kernel.I was just about to see about installing WireGuard. Do you know if WireGuard requires a new kernel and tweaks in GRUB. I'm very new to all of this and hate to break anything or get in above my head. Please let me know your thoughts on WireGuard.
Thanks !!

Beko
Offline
Joined: 08/31/2019

Did updating the kernel fix the problem you were having? I am currently not using Mullvad so I may not be super helpful, but I do remember OpenVPN and Wireguard both working after updating my kernel. In any case I personally got my Librebooted computer in September so I am also new. I don't think that you should need to mess with GRUB at all besides the instructions at the end of the link I gave you.

TheGoodFight
Offline
Joined: 10/07/2019

I'm going to now see about using wireguard and HOPE I don't have to mess with the kernel. Someone said that wireguard in the near future will be apart of the kernel. Sorry, I'm sure there's a more specific way of saying what I'm trying to get across. I just don't know the terminology.

kete
Offline
Joined: 08/11/2012

I tried the newer kernel, too, and although it let me connect to the Internet while connected to ProtonVPN, https://ipleak.net/ still detected my IPv6 address. When using openvpn through the command line, my IPv4 address is masked, but my IPv6 address reveals my location. ProtonVPN suggested disabling my IPv6 addresses, but the browser still detected my IPv6 address. I tried RiseupVPN, too, but Riseup does not advise using their old service, which is the only one available through OpenVPN. I had the same results anyway.

PS – It looks like ProtonVPN leaking IPv6 addresses is a known fault: https://en.wikipedia.org/wiki/Comparison_of_virtual_private_network_services#Technical_features. In fact, all of the services that have good privacy options (https://en.wikipedia.org/wiki/Comparison_of_virtual_private_network_services#Privacy blackVPN, IVPN, and NordVPN) have this same leak. :-/

TheGoodFight
Offline
Joined: 10/07/2019

Thanks for that. Not sure if you've seen my other post, but I must have done something so that I can't even get on the Mullad.net site, for some reason.

TheGoodFight
Offline
Joined: 10/07/2019

Beko-
That's way over my head, if it were as simple as copy and paste commands then I could possibly do it. Why does Trisquel use such or what looks to be such a old kernel ? They don't make for common users (the masses) to get on board with freedom related software. I don't expect it to be as easy as apple or windows but it doesn't allow the people who want to care about these causes really care, if that makes sense. Things make people feel their not welcome because its difficult.

Beko
Offline
Joined: 08/31/2019

I am not a part of the Trisquel dev team, so I do not know why that old kernel is being used. Until three months ago I didn't know what a kernel was, but I asked here and I was given the link I gave you that had Libre kernels. Having never used gnulinux before I can tell you that somethings are definitely easier than mac or windows.

If you don't want to use the website I gave you for installing kernels, you can run the single command "sudo apt install linux-generic-hwe-8.0" however it may not be enough because it will update kernel from 4.4 to 4.15, but I believe you need 4.18 at least for Mullvad.

Ultimately Trisquel is run by volunteers and will have problems that multi-million dollar companies like Apple and Microsoft do not have.

calher

I am a member!

Offline
Joined: 06/19/2015

On 01/05/2020 01:33 AM, name at domain wrote:
> I am not a part of the Trisquel dev team, so I do not know why that old
> kernel is being used.

Because LTS.

TheGoodFight
Offline
Joined: 10/07/2019

Any idea what kernel will be in Trisquel 9 ?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Any idea what kernel will be in Trisquel 9 ?

4.15 is the default.

TheGoodFight
Offline
Joined: 10/07/2019

Is there another link you know of to update the kernel ?? I said, I wasn't going to in another thread, but I might give it a go, after reading through everything if I feel confident not to break my machine. This one isn't working : jxself.org/linux-libre)

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I don't know if this is important, but I'm using a think X60 /
> librebooted / Think Penguin external wifi antenna / I have removed the
> wifi card that was inside the computer.

If it is librebooted, then you have the option of replacing the WiFi
card, and since you removed the original WiFi card you are clearly
comfortable taking apart your computer. I highly recommend getting an
Atheros PCI card and installing it where you old WiFi card was. In my
experience, the USB dongles are not very reliable. The PCI cards go for
around $7 and work better.

rinakra
Offline
Joined: 11/20/2019

Where do you get those PCI cards? Do they have Bluetooth also? I was always confused about this. I have installed a "Wireless N M.2 NGFF Card v2 (TPE-M2NCRD2)" which I got from ThinkPenguin but honestly it was *way* too expensive. I have some older laptops that have a separate PCI slot... I don't really understand the difference between "PCI" and "wifi cards"

As for whether or not it's important: for the basic setup I don't think so. I was using a dongle on my parabola computer (also a thinkpad but a newer one) and the vpn setup didn't seem to be any different.

That being said, the dongle was indeed really unreliable especially with weaker wifi signals and every time it disconnects, your vpn also disconnects, so it can be a real pain. I thought I wouldn't mind it, but it really is worth it to get a proper wifi card installed especially since you're lucky enough to have a computer that will accept a proper wifi card unlike newer Thinkpads...

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Where do you get those PCI cards?

I got mine on Ebay.

> Do they have Bluetooth also?

I think that with the Atheros ath9k cards only WiFi works without
non-free software, not Bluetooth.

> I have some older laptops that have a separate PCI slot... I don't
> really understand the difference between "PCI" and "wifi cards"

The difference is between PCI WiFi cards and USB WiFi cards. The PCI
ones are more convenient because they don't take up a USB slot and stick
out of the computer, and I also find them to be more reliable, although
I don't know whether that is because of a difference between PCI and
USB, or just because the WiFi cards in the USB dongles are worse
themselves.

rinakra
Offline
Joined: 11/20/2019

Ah I see. I guess what I have is PCI already then since I installed it where my other wifi card used to be. I suppose I just need to figure out the specific type to get them on eBay not that i need one anymore. thanks!

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Ah I see. I guess what I have is PCI already then since I installed it
> where my other wifi card used to be. I suppose I just need to figure out
> the specific type to get them on eBay not that i need one anymore.

Sorry, I misunderstood. I thought you meant you had one of these.

https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb

TheGoodFight
Offline
Joined: 10/07/2019

I just bought this little dongle and works fine for me :

https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb

As far as bluetooth, I'm not sure. I don't use bluetooth so its something I look out for.
I bought one of those Atheros cards from ebay but it got hot, ( the wifi card is installed right under the palm rest on the X60 ) noticeably hot to the touch. So, I went with the think penguin dongle. I'd like to think also for privacy purposes once the dongle is unplugged there aren't any radio frequencies being broadcast.

PCIe (desktop) : https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-pci-card-v5-w-full-low-profile-brackets-tpe-npciv5lpfl

Wifi card (laptop) : https://www.thinkpenguin.com/gnu-linux/wireless-n-pci-express-dual-band-mini-half-height-card-w-full-height-bracket-option-tpe-nh

Laptops don't have PCIe slots from my understanding, but I had a 2012 MacBook for the last 7.5 years and just made the switch to Linux on a X60.

apitsch (not verified)
apitsch

If I understand you correctly, you can connect to the Internet (without the VPN) but once the VPN connection is established, you can't access any website anymore. Am I reading you correctly? Also, have you tried connecting to the VPN via the network manager GUI or the openvpn CLI?

TheGoodFight
Offline
Joined: 10/07/2019

I can connect to the internet over wifi and ethernet without the VPN. Once connected to the VPN no internet connection. Yes, I've tried to connect through the GUI and through the terminal. I connect but no internet connection. as soon as I connect to the VPN all internet traffic gone.

apitsch (not verified)
apitsch

Ok, thanks for the clarification.

So, in my case I also lost all internet connectivity once I have connected to my VPN via the network manager GUI.

The same VPN however did work (i.e. I had internet connectivity) when I used the command line to connect to the VPN like so

$ sudo openvpn /path/to/ovpn-config-file

and provided all the stuff (super user password, VPN user, VPN user password) I got prompted for.

If you did the same on the CLI and your internet connection still gets dropped, I am afraid that I can't help you. Sorry.

TheGoodFight
Offline
Joined: 10/07/2019

***