VPNbook usage

redflag237

Hi,

I'm trying to open a openvpn tunnel to provider vpnbook.com. This is the default config, provided on the peer's internetsite:

client
dev tun0
proto udp
remote 93.115.84.198 53 # - Server1
remote 93.114.44.253 53 # - Server2
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpnbook.crt
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
remote-random
route-delay 2
redirect-gateway

Unfortunately i didn't get it running. Can anyone help me out with configuring an interface based on this defaults?
I already entered the user-auth-pass to a text file on local filesys. That's running so far ;-)
An Interface is also already bount to the tunnel process. which config do i need to bring the tunnel up?

My current config for openvpn has the following advanced settings (lower box):

nobind
persist-key
persist-tun
ca /root/vpnbook.crt
auth-user-pass /root/vpnbook.txt
verb 3
fast-io
pull
remote-random
route-delay 2
redirect-gateway

which is failing. The Systen logs tell that the tunnel got closed directly after up-try. Can anyone help me, please?

thx in advantage

redflag237

currently i'm running the openvpn tunnel with following config from webinterface:

Server Mode: Peer To Peer (SSL/TLS)
Protocol:       UDP
Device Mode: tun
Interface:      WAN
local port:      empty
Server host:   93.115.84.198
Server port:   53
Proxy             host/port empty
Infinitely resolve Server: true

TLS Auth:      false
Peer CA:        Imported and Selected
Encrypt Alg.    AES-128-CBC(128-bit)
Hardware Crypto     BSD cryptodev engine

Tunnel Network       empty
Remote Network      empty
Limit BW                empty
Compression LZO     true
Type-of-Service      false

Advanced Config:
auth-user-pass /root/user_pass2.txt
ca /root/vpnbook.crt
verb 5;

My Outbound NAT is configured as follows (part):

Interface: VPN1
Source:    any
Destinat.: any
Static:     NO

My Tunnel is shown up, but no traffic goes over. Ping from Diagnostics menu on this interface times out.

Status: OpenVPN is as follows:
VPNbook WAN1 UDP up Tue Apr 9 3:00:36 2013 10.8.2.102 93.115.84.198 642756 663358

Edit:
This is the required Routing Table entry:
10.8.0.22 link#22 UHS 0 0 16384 lo0 =>
10.8.0.22/32 link#22 U 0 0 1500 ovpnc2

This is a push sequence from openvpn log:
openvpn[26923]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 195.60.76.114,dhcp-option DNS 195.60.76.115,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.22 10.8.0.21'

Idea, anybody?

thermo

You also need an allow firewall rule on the lan, for example, with the gateway explicitly set to your vpn gateway.
Unless this is what you want, all you traffic will be routed through the vpn, rather than selected IP's. Look into route-nopull option once you get it working.

redflag237

@thermo:

You also need an allow firewall rule on the lan, for example, with the gateway explicitly set to your vpn gateway.
Unless this is what you want, all you traffic will be routed through the vpn, rather than selected IP's. Look into route-nopull option once you get it working.

Thanks for this hint. I added it.

I'm stilll having this issues - here is a log:

Apr 13 14:37:13	openvpn[27464]: MANAGEMENT: Client disconnected
Apr 13 14:37:13	openvpn[27464]: MANAGEMENT: CMD 'status 2'
Apr 13 14:37:13	openvpn[27464]: MANAGEMENT: CMD 'state 1'
Apr 13 14:37:13	openvpn[27464]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Apr 13 14:36:33	openvpn[27464]: MANAGEMENT: Client disconnected
Apr 13 14:36:33	openvpn[27464]: MANAGEMENT: CMD 'status 2'
Apr 13 14:36:33	openvpn[27464]: MANAGEMENT: CMD 'state 1'
Apr 13 14:36:33	openvpn[27464]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Apr 13 14:36:10	openvpn[27464]: Initialization Sequence Completed
Apr 13 14:36:10	openvpn[27464]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Apr 13 14:36:10	openvpn[27464]: /sbin/route add -net 10.8.0.1 10.8.1.177 255.255.255.255
Apr 13 14:36:10	openvpn[27464]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Apr 13 14:36:10	openvpn[27464]: /sbin/route add -net 128.0.0.0 10.8.1.177 128.0.0.0
Apr 13 14:36:10	openvpn[27464]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Apr 13 14:36:10	openvpn[27464]: /sbin/route add -net 0.0.0.0 10.8.1.177 128.0.0.0
Apr 13 14:36:10	openvpn[27464]: /sbin/route add -net 93.115.84.198 217.0.116.139 255.255.255.255
Apr 13 14:36:10	openvpn[27464]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1558 10.8.1.178 10.8.1.177 init
Apr 13 14:36:10	openvpn[27464]: /sbin/ifconfig ovpnc2 10.8.1.178 10.8.1.177 mtu 1500 netmask 255.255.255.255 up
Apr 13 14:36:10	openvpn[27464]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 13 14:36:10	openvpn[27464]: TUN/TAP device /dev/tun2 opened
Apr 13 14:36:10	openvpn[27464]: OpenVPN ROUTE: failed to parse/resolve route for host/network: no-pull
Apr 13 14:36:10	openvpn[27464]: RESOLVE: Cannot resolve host address: no-pull: [HOST_NOT_FOUND] The specified host is unknown.
Apr 13 14:36:10	openvpn[27464]: ROUTE default_gateway=217.0.116.139
Apr 13 14:36:10	openvpn[27464]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 13 14:36:10	openvpn[27464]: OPTIONS IMPORT: route options modified
Apr 13 14:36:10	openvpn[27464]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 13 14:36:10	openvpn[27464]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 13 14:36:10	openvpn[27464]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 195.60.76.114,dhcp-option DNS 195.60.76.115,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.1.178 10.8.1.177'
Apr 13 14:36:10	openvpn[27464]: SENT CONTROL [ns.vpnbook.com]: 'PUSH_REQUEST' (status=1)
Apr 13 14:36:07	openvpn[27464]: [ns.vpnbook.com] Peer Connection Initiated with [AF_INET]93.115.84.198:53
Apr 13 14:36:07	openvpn[27464]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Apr 13 14:36:07	openvpn[27464]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 13 14:36:07	openvpn[27464]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 13 14:36:07	openvpn[27464]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 13 14:36:07	openvpn[27464]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 13 14:36:07	openvpn[27464]: VERIFY OK: depth=0, /C=EU/ST=RO/L=Bucharest/O=VPNBook.com/OU=changeme/CN=ns.vpnbook.com/name=changeme/emailAddress=contact@vpnbook.com
Apr 13 14:36:07	openvpn[27464]: VERIFY OK: depth=1, /C=EU/ST=RO/L=Bucharest/O=VPNBook.com/OU=changeme/CN=ns.vpnbook.com/name=changeme/emailAddress=contact@vpnbook.com
Apr 13 14:36:06	openvpn[27464]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 13 14:36:06	openvpn[27464]: TLS: Initial packet from [AF_INET]93.115.84.198:53, sid=1f4379da 6191693b
Apr 13 14:36:05	openvpn[27464]: UDPv4 link remote: [AF_INET]93.115.84.198:53
Apr 13 14:36:05	openvpn[27464]: UDPv4 link local (bound): [AF_INET]80.141.14.116
Apr 13 14:36:10	openvpn[27464]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1558 10.8.1.178 10.8.1.177 init

Could anybody help me to identify the Problem that exists here?
Would be so happy to see it running ;-)

thermo

check your config again or paste it here again, there are errors in the logs which need resolving:

Apr 13 14:36:10 openvpn[27464]: OpenVPN ROUTE: failed to parse/resolve route for host/network: no-pull
Apr 13 14:36:10 openvpn[27464]: RESOLVE: Cannot resolve host address: no-pull: [HOST_NOT_FOUND] The specified host is unknown.