LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-16-2015, 10:35 AM   #1
thirteen_engines
Member
 
Registered: Sep 2009
Distribution: Slackware 14.1
Posts: 109

Rep: Reputation: 20
VPN connection problems


Hi all. I've just begun using a vpn service which works fine using Windows 7 but when I try with Slackware 14.1 there are problems. What I'm doing is storing the company-supplied crt file in /etc/openvpn along with the appropriate ovpn file. In a shell I type 'openvpn --config xxx.ovpn' and it appears to connect after asking for username and password. No error messages are apparent but there is no network connectivity.

The threads that I've looked all seem to involve using networkmanager or nm-applet. I've tried this but have not had any luck and in any case, I'd rather know what's going on when I connect. "Automagically" connecting is somehow not very satisfying. Any help is much appreciated.

Here's the output:

Mon Mar 16 08:10:33 2015 DEPRECATED OPTION: --tls-remote, please update your configuration
Mon Mar 16 08:10:33 2015 OpenVPN 2.3.6 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 12 2014
Mon Mar 16 08:10:33 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.03
Mon Mar 16 08:10:45 2015 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Mon Mar 16 08:10:45 2015 Deprecated TLS cipher name 'DHE-DSS-AES256-SHA', please use IANA name 'TLS-DHE-DSS-WITH-AES-256-CBC-SHA'
Mon Mar 16 08:10:45 2015 Deprecated TLS cipher name 'AES256-SHA', please use IANA name 'TLS-RSA-WITH-AES-256-CBC-SHA'
Mon Mar 16 08:10:45 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Mar 16 08:10:45 2015 Attempting to establish TCP connection with [AF_INET]xx.xx.xxx.xx:443 [nonblock]
Mon Mar 16 08:10:46 2015 TCP connection established with [AF_INET]xx.xx.xxx.xx:443
Mon Mar 16 08:10:46 2015 TCPv4_CLIENT link local: [undef]
Mon Mar 16 08:10:46 2015 TCPv4_CLIENT link remote: [AF_INET]xx.xx.xxx.xx:443
Mon Mar 16 08:10:46 2015 TLS: Initial packet from [AF_INET]xx.xx.xxx.xx:443, sid=721fd87f 7af77dae
Mon Mar 16 08:10:46 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Mar 16 08:10:47 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Mar 16 08:10:47 2015 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Mar 16 08:10:47 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Mar 16 08:10:47 2015 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Mar 16 08:10:47 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Mar 16 08:10:47 2015 [xxx-xxx.xxxxxxxx.com] Peer Connection Initiated with [AF_INET]xx.xx.xxx.xx:443
Mon Mar 16 08:10:49 2015 SENT CONTROL [yvr-c01.ipvanish.com]: 'PUSH_REQUEST' (status=1)
Mon Mar 16 08:10:50 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway xxx.xx.xx.x,topology subnet,ping 20,ping-restart 40,ifconfig xxx.xx.xx.xxx 255.255.252.0'
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: timers and/or timeouts modified
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Mar 16 08:10:50 2015 Socket Buffers: R=[131072->360448] S=[131072->131072]
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: --ifconfig/up options modified
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: route options modified
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: route-related options modified
Mon Mar 16 08:10:50 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Mar 16 08:10:50 2015 ROUTE_GATEWAY xxx.xxx.xxx.x/255.255.255.0 IFACE=eth0 HWADDR=00:50:ba:cb:0e:7c
Mon Mar 16 08:10:50 2015 TUN/TAP device tun0 opened
Mon Mar 16 08:10:50 2015 TUN/TAP TX queue length set to 100
Mon Mar 16 08:10:50 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Mar 16 08:10:50 2015 /sbin/ifconfig tun0 xxx.xx.xx.xxx netmask 255.255.252.0 mtu 1500 broadcast xxx.xx.xx.255
Mon Mar 16 08:10:50 2015 /sbin/route add -net xx.xx.xxx.xx netmask 255.255.255.255 gw 128.233.236.1
Mon Mar 16 08:10:50 2015 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.20.24.1
Mon Mar 16 08:10:50 2015 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.20.24.1
Mon Mar 16 08:10:50 2015 Initialization Sequence Completed
Attached Files
File Type: txt output.txt (3.6 KB, 14 views)
 
Old 03-16-2015, 11:35 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 7,285

Rep: Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433Reputation: 5433
If you want to use NetworkManager with OpenVPN, you will need one additional package which you can download and compile from SlackBuilds.org:

http://slackbuilds.org/repository/14...nager-openvpn/
 
Old 03-16-2015, 11:46 AM   #3
thirteen_engines
Member
 
Registered: Sep 2009
Distribution: Slackware 14.1
Posts: 109

Original Poster
Rep: Reputation: 20
Thanks Eric. I did try that but had no luck connecting.
 
Old 03-16-2015, 12:34 PM   #4
BratPit
Member
 
Registered: Jan 2011
Posts: 236

Rep: Reputation: 84
Initialization Sequence Completed
Sounds OK.

You masked this IP-s?
xxx.xx.xx.xxx

There is no output for verification ca ...crt file.

PLease copy and paste the output from syslog too not only from console.
 
Old 03-16-2015, 01:24 PM   #5
thirteen_engines
Member
 
Registered: Sep 2009
Distribution: Slackware 14.1
Posts: 109

Original Poster
Rep: Reputation: 20
There is no pertinent output in the syslog file. I watched it as openvpn was starting up.

Yes, I masked out the ip's. Guess I'm really paranoid about that kind of stuff after seeing the Edward Snowden documentary, Citizen Four. For the same reason, I cut out the verification lines but they all indicated OK. We live in interesting times.
 
Old 03-16-2015, 01:54 PM   #6
BratPit
Member
 
Registered: Jan 2011
Posts: 236

Rep: Reputation: 84
So it should work?
Check everything twice, maybe something blocking connection /firewall,router,dns/

For me works both from pure openvpn and NerworkManager, but this is from different provider.


PS.
I see a leak "[yvr-c01.ipvanish.com" :-)
 
Old 03-17-2015, 01:53 AM   #7
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,068

Rep: Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453
Are you using raw IP addresses to connect or are you using DNS?

I'm not certain that /etc/resolv.conf will be updated with the entries mentioned in your output (198.18.0.1 and 198.18.0.2).
 
Old 03-17-2015, 10:49 AM   #8
thirteen_engines
Member
 
Registered: Sep 2009
Distribution: Slackware 14.1
Posts: 109

Original Poster
Rep: Reputation: 20
Thanks Richard. I think that's the source of the problem. I'm now going through the vpn as I type this. Next problem is how to get resolve.conf updated whenever I connect. Does anyone know if there's an option for this in openvpn?

Cheers all. Happy St. Patrick's day!
 
Old 03-17-2015, 12:25 PM   #9
thirteen_engines
Member
 
Registered: Sep 2009
Distribution: Slackware 14.1
Posts: 109

Original Poster
Rep: Reputation: 20
Ok. Got it working. Here's what I did:

1. Downloaded Openresolv from Slackbuilds
2. Compiled and installed openresolv
3. Downloaded update-resolv-conf.sh from https://wiki.archlinux.org/index.php/OpenVPN (it's towards the end of the page ... search for 'openresolv' and you'll find it) and put it in /etc/openvpn and made it executable (chmod +x update-resolv-conf.sh)
4. The Slackbuilds install puts resolvconf in /usr/sbin but the downloaded update-resolv-conf.sh file looks in /usr/bin so I edited it to point to /usr/sbin
5. In the openvpn config file for my vpn I added:
script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.sh
6. Start vpn'ing.

Hope this helps anyone having trouble in the future

Edit: Had some trouble with resolve.conf when exiting openvpn. Fixed by editing /etc/rc.d/rc.inet1.conf. Uncommented IFNAME[4] and changed to "tun0" and uncommented DHCP_KEEPRESOLV[4] and set to "yes".

Last edited by thirteen_engines; 03-17-2015 at 01:24 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
script to change vpn connection if slow vpn connection andrew44 Linux - General 2 02-23-2014 12:25 PM
VPN Connection - Not able to browse other sites when connecting to VPN arindom Linux - Networking 25 07-02-2012 02:43 PM
Cisco VPN connection problems. stelmate Linux - Networking 1 04-15-2008 06:58 PM
Problems with the VPN internet connection Deadw Slackware 1 04-01-2008 05:03 PM
VPN - is there a way to use VPN & normal connection at the same time? natv Linux - Networking 4 09-05-2007 09:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration