Configuring Split Tunnel with AirVPN
|
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Solved]
Dec 07, 2016, 12:52 AM
Following along the guide: http://www.htpcguides.com/force-torrent-...ntu-16-04/
I got stuck at section about the certificates. When getting openvpn files from AirVPN the certificates are embedded in the .ovpn files. Totally unsure of how to proceed.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Dec 07, 2016, 09:29 AM
Hi,
It is not a problem if the certificates are included in the ovpn file. In that case you don't need to download the certificates.
Show me the content of your ovpn, just don't copy the certificates here. We will adjust it to make Split Tunneling work, the rest of the guide is identical regardless the VPN provider.
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Solved]
Dec 07, 2016, 04:51 PM
(Dec 07, 2016, 09:29 AM)drake Wrote: Hi,
It is not a problem if the certificates are included in the ovpn file. In that case you don't need to download the certificates.
Show me the content of your ovpn, just don't copy the certificates here. We will adjust it to make Split Tunneling work, the rest of the guide is identical regardless the VPN provider.
It gave me pause when airvpn mentioned that embedded certificates can cause problems with linux, but I'd much rather trust the experts here.
This is the .opvn file
Code:
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 7th of December 2016 12:38:27 AM
# OpenVPN Client Configuration.
# AirVPN_Romania_UDP-443
# --------------------------------------------------------
client
dev tun
proto udp
remote ro.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Dec 07, 2016, 06:31 PM
I don't think it should be a problem to use embedded certs on Linux, I use it with my Asus router, and I recall others used it here as well.
Code:
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 7th of December 2016 12:38:27 AM
# OpenVPN Client Configuration.
# AirVPN_Romania_UDP-443
# --------------------------------------------------------
client
dev tun
proto udp
remote ro.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
script-security 2
route-noexec
#up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/iptables.sh
down /etc/openvpn/update-resolv-conf
I think this should work, of course, don't forget to add the certificated to the config file. The added lines are at the end (starting with script-security 2).
If you have login with AirVPN, then also add the following two lines to the script, before the up call:
Code:
auth-user-pass /etc/openvpn/login.txt
auth-nocache
Of course, you will need to create the login.txt file with your username and password, as described in the guide.
Let me know your results!
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Solved]
Dec 08, 2016, 12:43 AM
Getting this error
Code:
Dec 8 00:31:02 raspberrypi systemd[1]: Starting OpenVPN connection to openvpn...
Dec 8 00:31:02 raspberrypi ovpn-openvpn[2219]: Options error: --writepid fails with '/run/openvpn/openvpn.pid': No such file or directory
Dec 8 00:31:02 raspberrypi ovpn-openvpn[2219]: Options error: --status fails with '/run/openvpn/openvpn.status': No such file or directory
Dec 8 00:31:02 raspberrypi ovpn-openvpn[2219]: Options error: Please correct these errors.
Dec 8 00:31:02 raspberrypi ovpn-openvpn[2219]: Use --help for more information.
Dec 8 00:31:02 raspberrypi systemd[1]: openvpn@openvpn.service: control process exited, code=exited status=1
Dec 8 00:31:02 raspberrypi systemd[1]: Failed to start OpenVPN connection to openvpn.
Dec 8 00:31:02 raspberrypi systemd[1]: Unit openvpn@openvpn.service entered failed state.
Dec 8 00:31:05 raspberrypi systemd[1]: openvpn@openvpn.service holdoff time over, scheduling restart.
Dec 8 00:31:05 raspberrypi systemd[1]: Stopping OpenVPN connection to openvpn...
would creating empty files with those name alleviate this error?
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Dec 08, 2016, 08:01 AM
(This post was last modified: Dec 08, 2016, 08:10 AM by drake.)
For some reason OpenVPN is not starting on your system. Don't create any empty files. Let's look at the systemd unit content of openvpn@openvpn.service first (you followed the guide, correct? And created the systemd unit file for openvpn@openvpn.service, as described in the guide?)
What is the output of
Code:
cat /etc/systemd/system/openvpn@openvpn.service
EDIT: also give me the version of OpenVPN on your system:
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Solved]
Dec 08, 2016, 03:04 PM
To the best of my knowledge I created it as per the guide. The only part I've varied from the guide were installing openvpn from source as per: http://www.htpcguides.com/compile-latest...-debian-8/
openvpn@openvpn.service :
Code:
[Unit]
# HTPC Guides - www.htpcguides.com
Description=OpenVPN connection to %i
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
After=network.target
[Service]
PrivateTmp=true
KillMode=mixed
Type=forking
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid
PIDFile=/run/openvpn/%i.pid
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
Restart=on-failure
RestartSec=3
ProtectSystem=yes
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
[Install]
WantedBy=multi-user.target
openvpn --version:
Code:
OpenVPN 2.3.13 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 6 2016
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Dec 08, 2016, 04:26 PM
(This post was last modified: Dec 08, 2016, 04:41 PM by drake.)
Good thing that you compiled the latest OpenVPN.
You have created openvpn.conf in etc/openvpn as per the guide, correct? And you have the modified content there, including the certificates?
Try
sudo systemctl daemon-reload
And then start the service
sudo systemctl start openvpn@openvpn.service
Sent from my Xperia Z3 Compact using Tapatalk
As I don't have access to Airvpn, I can't check it myself, and it is hard to provide support when no access to the service. But I see it is possible to get the key files separately, if you choose Acces without a client. Like here for Arch: https://wiki.archlinux.org/index.php/airvpn
And then you use full path to key files in the config file.
Sent from my Xperia Z3 Compact using Tapatalk
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Solved]
Dec 08, 2016, 07:05 PM
openvpn.conf looks like this
Code:
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 7th of December 2016 12:38:27 AM
# OpenVPN Client Configuration.
# AirVPN_Czech-Republic_UDP-443
# --------------------------------------------------------
client
dev tun
proto udp
remote cz.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
script-security 2
route-noexec
#up and down scripts to be executed when VPN starts or stops
auth-user-pass /etc/openvpn/login.txt
auth-nocache
up /etc/openvpn/iptables.sh
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
blah
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
blah
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
blah
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
blah
-----END OpenVPN Static key V1-----
</tls-auth>
sudo systemctl enable openvpn@openvpn.service
Code:
Job for openvpn@openvpn.service failed. See 'systemctl status openvpn@openvpn.service' and 'journalctl -xn' for details
sudo systemctl status openvpn@openvpn.service
Code:
● openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/etc/systemd/system/openvpn@openvpn.service; enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2016-12-08 19:01:15 UTC; 587ms ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 14717 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited, status=1/FAILURE)
sudo journalctl -xn
Code:
-- Subject: Unit openvpn@openvpn.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit openvpn@openvpn.service has begun starting up.
Dec 08 19:03:34 raspberrypi ovpn-openvpn[15052]: Options error: --writepid fails with '/run/openvpn/openvpn.pid':
Dec 08 19:03:34 raspberrypi ovpn-openvpn[15052]: Options error: --status fails with '/run/openvpn/openvpn.status'
Dec 08 19:03:34 raspberrypi ovpn-openvpn[15052]: Options error: Please correct these errors.
Dec 08 19:03:34 raspberrypi ovpn-openvpn[15052]: Use --help for more information.
Dec 08 19:03:34 raspberrypi systemd[1]: openvpn@openvpn.service: control process exited, code=exited status=1
Dec 08 19:03:34 raspberrypi systemd[1]: Failed to start OpenVPN connection to openvpn.
-- Subject: Unit openvpn@openvpn.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit openvpn@openvpn.service has failed.
--
-- The result is failed.
Dec 08 19:03:34 raspberrypi systemd[1]: Unit openvpn@openvpn.service entered failed state.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Dec 09, 2016, 12:39 PM
Let me think of this, as based on the outputs everything should be fine. Which OS you are using, Raspbian?
Don't worry, we will resolve this for sure, just need to find what went wrong, and it is hard to check without access to AirVPN.
|
|
Recent Posts
|
Running Plex over a Split Tunnel VPN
jonescelinaa Apr 27, 2024, 09:19 AM
|
About Swap
jonescelinaa Apr 10, 2024, 06:58 AM
|
Tracker Status: Error Connection Time Out
jonesPhedra Apr 04, 2024, 08:17 AM
|
Plex server not powerful enough, but only with s...
jonesPhedra Mar 27, 2024, 03:02 AM
|
game Geometry Dash Scratch
jonescelinaa Jan 31, 2024, 04:21 AM
|
Latest unread posts | Unanswered posts |
|