Idiomas

Iniciar sesión
Crear nova conta

Navegación

Doazóns recentes

PublicLewdness
doou CAD 5.00

Dietmar Nowak
doou € 20.00

Tre Brocklesby
doou $ 0.01

knife
doou € 23.00

khanh_duong
doou € 93.00

Doar agora!

bc1q3t3vxjhd3dmvg3cfn24k4l7n4mf750utpp75hn

Enviado por diego96 o Mér, 07/26/2017 - 07:17

OpenVPN configuration problems (with NordVPN)

Por favor lea e siga as Regras da Comunidade.

Inicie sesión ou rexístrese para enviar comentarios

7 respostas [Última entrada]

Mér, 07/26/2017 - 07:17

diego96

Desconectado

Joined: 07/25/2017

I subscribe to NordVPN and I'd like to use it. There seems to be a Long-standing bug in the gnome network manager (I found posts dating back to '12) where it does not always parse OpenVPN config files (i.e.: .ovpn extension files). A work-around that seems effective for some people is to dissect the config file manually, and then point network-manager to where the certificates and config files are located. I've tired this with no luck.

Strangely, I can start an OpenVPN session with the standard (un-parsed) config file by simply: "sudo openvpn --config name.of.nord.config.ovpn".
After I start a vpn session from the command line, everything connects but DNS does not work. I can ping outside addresses, like 8.8.8.8, but DNS lookups don't work.

So here's what I think the problem is, but I don't have a clue about how to fix it:
1) I think there is some kind of permissions problem trying to start openvpn with the gnome network-manager. I checked the "allow all users to use this connection", but find it odd that I can make all these modifications without every sudo-ing...

2) Regarding command line openvpn, DNS doesn't work. I the problem may reside in dhcp somehow, but I don't know how to go about fixing it. It seems like DHCP "should" accept and update-resolv from the openvpn configuration files.

Thanks for any help!

Mér, 07/26/2017 - 10:20

Mangy Dog

I am a member!

I am a translator!

Desconectado

Joined: 03/15/2015

Diego96

Gnome System Log will give you realtime information as to why and how your VPN connection is failing.

Personnaly i have never had any issues with OpenVPN Network Manager on all editions of Trisquel 7, it simply works out of the box and ask's for your root password the first time you "import a saved OpenVPN configuration" wich is : ca.crt, ta.key, user.cert, user.key and the config file(OpenVPN Client Configuration)

I found this
https://nordvpn.com/tutorials/linux/openvpn/

Xov, 07/27/2017 - 00:01

diego96

Desconectado

Joined: 07/25/2017

Thanks for the info, I'll look at the system log and report back. I did follow the NordVPN tutorial, as well as a few others I scraped up from Googling around.
Something "ain't quite right" because I had it running on stock Ubuntu (albeit on a different machine).
I'll post back with what I find. Who knows, maybe the troubleshooting info will help someone else.

Xov, 07/27/2017 - 00:42

diego96

Desconectado

Joined: 07/25/2017

Got it fixed, kinda.

It was my ROUTER. Yes, my home router between me and the internet was blocking the port or something. Not really sure, because I tried both TCP and UDP connections. I had made some changes a bit ago due to address some security issues, and I seem to have screwed something up.

Out of pure serendipity, I had to reset the default config just now. After router reset, vpn works again.

At any rate, the gnome-network manager still does NOT work but I can start the vpn with "sudo openvpn --config my.vpn.config.ovpn". I'll keep tinkering with the gnome tool.

Mangy Dog, when you "import the saved configuration", are you manually parsing out the CA, pasting/saving into a new file, and then pointing the network-manager to that CA file? Or is yours working by just directing it to the config.ovpn file?

Thanks!

Xov, 07/27/2017 - 06:50

Mangy Dog

I am a member!

I am a translator!

Desconectado

Joined: 03/15/2015

when you "import the saved configuration", are you manually parsing out the CA, pasting/saving into a new file, and then pointing the network-manager to that CA file? Or is yours working by just directing it to the config.ovpn file?

I import a folder containing : ca.crt, ta.key, user.cert, user.key and the config file(OpenVPN Client Configuration)
the authentification is by certificates (not by password as NordVPN).

Making a test from the https://nordvpn.com/tutorials/linux/openvpn/ ,one has to create the CA.cert file and point Network Manager to it (see screenshot below).

Again Gnome system log will tell you what is failing (Network Manager, configuration, DNS, closed ports, firewall ..)

Xov, 07/27/2017 - 21:19

diego96

Desconectado

Joined: 07/25/2017

Nah, there is Definitely something wrong with network manager and ovpn.

I got ONE of the NordVPN servers to connect using network manager consistently. I'm not sure How or Why, but I can consistently connect to one of the servers using the applet.

I cannot connect to the other ones I've tried through the network manager applet, but I CAN connect to them via terminal (as stated, via "sudo openvpn --config your.config.file.ovpn").

I will post the logs from an unsuccessful attempt to connect via the gnome network manager applet, and the log from successful connection to the Same server from the command line.

Xov, 07/27/2017 - 21:39

diego96

Desconectado

Joined: 07/25/2017

Well shoots. As it turns out, starting from command line doesn't really put messages into the gnome-system-log. I'll post it anyway.

Here's what the Unsuccessful attempt to the NordVPN site "US365" in Chicago looks like using the network manager applet (correctly configured, exactly as it is on the other vpn site (us_82) that works consistently):
......

Jul 27 12:19:40 trisquet NetworkManager[902]: Starting VPN service 'openvpn'...
Jul 27 12:19:40 trisquet NetworkManager[902]: VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 5816
Jul 27 12:19:40 trisquet NetworkManager[902]: VPN service 'openvpn' appeared; activating connections
Jul 27 12:19:40 trisquet NetworkManager[902]: VPN plugin state changed: starting (3)
Jul 27 12:19:40 trisquet NetworkManager[902]: VPN connection 'us365.nordvpn.com.udp1194' (Connect) reply received.
Jul 27 12:19:40 trisquet nm-openvpn[5821]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
Jul 27 12:19:40 trisquet nm-openvpn[5821]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 27 12:19:40 trisquet nm-openvpn[5821]: UDPv4 link local: [undef]
Jul 27 12:19:40 trisquet nm-openvpn[5821]: UDPv4 link remote: [AF_INET]173.234.62.163:1194
Jul 27 12:20:20 trisquet NetworkManager[902]: VPN connection 'us365.nordvpn.com.udp1194' (IP Config Get) timeout exceeded.
Jul 27 12:20:20 trisquet NetworkManager[902]: Policy set 'HomeNetwork' (wlan0) as default for IPv4 routing and DNS.
Jul 27 12:20:20 trisquet nm-openvpn[5821]: SIGTERM[hard,] received, process exiting
Jul 27 12:20:25 trisquet NetworkManager[902]: VPN service 'openvpn' disappeared

........
As you can see, the connection times out and then hangs up.
After failing to connect with network manager, I connected from the terminal without any problem. In fact, I'm on that VPN connection right now.

Ideas?

Xov, 07/27/2017 - 22:20

diego96

Desconectado

Joined: 07/25/2017

SOLVED. Posting a new thread called "Using Gnome Network Manager with NordVPN" just in case anyone else needs this in the future.

Inicie sesión ou rexístrese para enviar comentarios