OpenVPN with FrootVPN

    • OMV 1.0
    • Resolved

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • OpenVPN with FrootVPN

      I'm not a big expert in networking, but my ultimate goal is to get Transmission to tunnel through a VPN connection. To do this, I'm trying to get OpenVPN working with FrootVPN by following their instructions here:
      frootvpn.com/guides/linuxdebian-19.html

      I installed openvpn from "apt-get install openvpn", not as the OMV plugin. I have managed to download and setup the configuration file, and have redirected the ports to the OMV machine. However, when I run the openvpn command from SSH, I get the following output:

      Source Code

      1. root@hippo:~# openvpn /etc/openvpn/frootvpn.ovpn
      2. Fri Nov 14 12:41:50 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
      3. Enter Auth Username:Nibb31
      4. Enter Auth Password:
      5. Fri Nov 14 12:42:01 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
      6. Fri Nov 14 12:42:01 2014 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
      7. Fri Nov 14 12:42:01 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
      8. Fri Nov 14 12:42:01 2014 RESOLVE: NOTE: se-openvpn.frootvpn.com resolves to 8 addresses
      9. Fri Nov 14 12:42:01 2014 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
      10. Fri Nov 14 12:42:01 2014 Local Options hash (VER=V4): '3514370b'
      11. Fri Nov 14 12:42:01 2014 Expected Remote Options hash (VER=V4): '239669a8'
      12. Fri Nov 14 12:42:01 2014 UDPv4 link local: [undef]
      13. Fri Nov 14 12:42:01 2014 UDPv4 link remote: [AF_INET]178.73.212.198:1204
      14. Fri Nov 14 12:42:01 2014 TLS: Initial packet from [AF_INET]178.73.212.198:1204, sid=027bf01b 844efb16
      15. Fri Nov 14 12:42:01 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      16. Fri Nov 14 12:42:02 2014 VERIFY OK: depth=1, /C=SE/ST=QQ/L=FrootTown/O=FrootOrg/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
      17. Fri Nov 14 12:42:02 2014 VERIFY OK: nsCertType=SERVER
      18. Fri Nov 14 12:42:02 2014 VERIFY OK: depth=0, /C=SE/ST=QQ/L=FrootTown/O=FrootOrg/OU=changeme/CN=server/name=changeme/emailAddress=mail@host.domain
      19. Fri Nov 14 12:42:02 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      20. Fri Nov 14 12:42:02 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      21. Fri Nov 14 12:42:02 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
      22. Fri Nov 14 12:42:02 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      23. Fri Nov 14 12:42:02 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      24. Fri Nov 14 12:42:02 2014 [server] Peer Connection Initiated with [AF_INET]178.73.212.198:1204
      25. Fri Nov 14 12:42:05 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      26. Fri Nov 14 12:42:05 2014 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1164:a::1008/64 2a00:1a28:1164:a::1,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route-ipv6 2000::/3,tun-ipv6,route-gateway 46.246.73.65,topology subnet,ping 10,ping-restart 160,ifconfig 46.246.73.74 255.255.255.224'
      27. Fri Nov 14 12:42:05 2014 OPTIONS IMPORT: timers and/or timeouts modified
      28. Fri Nov 14 12:42:05 2014 OPTIONS IMPORT: --ifconfig/up options modified
      29. Fri Nov 14 12:42:05 2014 OPTIONS IMPORT: route options modified
      30. Fri Nov 14 12:42:05 2014 OPTIONS IMPORT: route-related options modified
      31. Fri Nov 14 12:42:05 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      32. Fri Nov 14 12:42:05 2014 ROUTE default_gateway=192.168.1.254
      33. Fri Nov 14 12:42:05 2014 ROUTE6: default_gateway=UNDEF
      34. Fri Nov 14 12:42:05 2014 TUN/TAP device tun0 opened
      35. Fri Nov 14 12:42:05 2014 TUN/TAP TX queue length set to 100
      36. Fri Nov 14 12:42:05 2014 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
      37. Fri Nov 14 12:42:05 2014 /sbin/ifconfig tun0 46.246.73.74 netmask 255.255.255.224 mtu 1500 broadcast 46.246.73.95
      38. Fri Nov 14 12:42:05 2014 /sbin/ifconfig tun0 inet6 add 2a00:1a28:1164:a::1008/64
      39. SIOCSIFADDR: Permission denied
      40. Fri Nov 14 12:42:05 2014 Linux ifconfig inet6 failed: external program exited with error status: 1
      41. Fri Nov 14 12:42:05 2014 Exiting
      Display All


      It seems to be failing on an ifconfig command. I don't understand why I'm getting "SIOCSIFADDR: Permission denied" when executing the command as root.

      Any ideas?
    • Source Code

      1. root@hippo:~# curl -s http://ifconfig.me
      2. <correct WAN IP>
      3. root@hippo:~# /etc/init.d/openvpn start
      4. Starting virtual private network daemon:.
      5. root@hippo:~# curl -s http://ifconfig.me
      6. <same WAN IP>


      No login prompts. I don't think it's taking the .ovpn config file when it's started like this.

      There doesn't seem to be an openvpn user. Should there be one?

      The post was edited 2 times, last by Nibb31 ().

    • Here it is:

      Source Code

      1. root@hippo:~# cat /etc/init.d/openvpn
      2. #!/bin/sh -e
      3. ### BEGIN INIT INFO
      4. # Provides: openvpn
      5. # Required-Start: $network $remote_fs $syslog
      6. # Required-Stop: $network $remote_fs $syslog
      7. # Should-Start: network-manager
      8. # Should-Stop: network-manager
      9. # X-Start-Before: $x-display-manager gdm kdm xdm wdm ldm sdm nodm
      10. # X-Interactive: true
      11. # Default-Start: 2 3 4 5
      12. # Default-Stop: 0 1 6
      13. # Short-Description: Openvpn VPN service
      14. # Description: This script will start OpenVPN tunnels as specified
      15. # in /etc/default/openvpn and /etc/openvpn/*.conf
      16. ### END INIT INFO
      17. # Original version by Robert Leslie
      18. # <rob@mars.org>, edited by iwj and cs
      19. # Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org>
      20. # Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net>
      21. . /lib/lsb/init-functions
      22. test $DEBIAN_SCRIPT_DEBUG && set -v -x
      23. DAEMON=/usr/sbin/openvpn
      24. DESC="virtual private network daemon"
      25. CONFIG_DIR=/etc/openvpn
      26. test -x $DAEMON || exit 0
      27. test -d $CONFIG_DIR || exit 0
      28. # Source defaults file; edit that file to configure this script.
      29. AUTOSTART="all"
      30. STATUSREFRESH=10
      31. OMIT_SENDSIGS=0
      32. if test -e /etc/default/openvpn ; then
      33. . /etc/default/openvpn
      34. fi
      35. start_vpn () {
      36. if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
      37. # daemon already given in config file
      38. DAEMONARG=
      39. else
      40. # need to daemonize
      41. DAEMONARG="--daemon ovpn-$NAME"
      42. fi
      43. if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
      44. # status file already given in config file
      45. STATUSARG=""
      46. elif test $STATUSREFRESH -eq 0 ; then
      47. # default status file disabled in /etc/default/openvpn
      48. STATUSARG=""
      49. else
      50. # prepare default status file
      51. STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH"
      52. fi
      53. # tun using the "subnet" topology confuses the routing code that wrongly
      54. # emits ICMP redirects for client to client communications
      55. SAVED_DEFAULT_SEND_REDIRECTS=0
      56. if grep -q '^[[:space:]]*dev[[:space:]]*tun' $CONFIG_DIR/$NAME.conf && \
      57. grep -q '^[[:space:]]*topology[[:space:]]*subnet' $CONFIG_DIR/$NAME.conf ; then
      58. # When using "client-to-client", OpenVPN routes the traffic itself without
      59. # involving the TUN/TAP interface so no ICMP redirects are sent
      60. if ! grep -q '^[[:space:]]*client-to-client' $CONFIG_DIR/$NAME.conf ; then
      61. sysctl -w net.ipv4.conf.all.send_redirects=0 > /dev/null
      62. # Save the default value for send_redirects before disabling it
      63. # to make sure the tun device is created with send_redirects disabled
      64. SAVED_DEFAULT_SEND_REDIRECTS=$(sysctl -n net.ipv4.conf.default.send_redirects)
      65. if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then
      66. sysctl -w net.ipv4.conf.default.send_redirects=0 > /dev/null
      67. fi
      68. fi
      69. fi
      70. log_progress_msg "$NAME"
      71. STATUS=0
      72. start-stop-daemon --start --quiet --oknodo \
      73. --pidfile /var/run/openvpn.$NAME.pid \
      74. --exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
      75. $DAEMONARG $STATUSARG --cd $CONFIG_DIR \
      76. --config $CONFIG_DIR/$NAME.conf || STATUS=1
      77. [ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /var/run/openvpn.$NAME.pid /run/sendsigs.omit.d/openvpn.$NAME.pid
      78. # Set the back the original default value of send_redirects if it was changed
      79. if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then
      80. sysctl -w net.ipv4.conf.default.send_redirects=$SAVED_DEFAULT_SEND_REDIRECTS > /dev/null
      81. fi
      82. }
      83. stop_vpn () {
      84. kill `cat $PIDFILE` || true
      85. rm -f $PIDFILE
      86. [ "$OMIT_SENDSIGS" -ne 1 ] || rm -f /run/sendsigs.omit.d/openvpn.$NAME.pid
      87. rm -f /var/run/openvpn.$NAME.status 2> /dev/null
      88. }
      89. case "$1" in
      90. start)
      91. log_daemon_msg "Starting $DESC"
      92. # autostart VPNs
      93. if test -z "$2" ; then
      94. # check if automatic startup is disabled by AUTOSTART=none
      95. if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
      96. log_warning_msg " Autostart disabled."
      97. exit 0
      98. fi
      99. if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
      100. # all VPNs shall be started automatically
      101. for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
      102. NAME=${CONFIG%%.conf}
      103. start_vpn
      104. done
      105. else
      106. # start only specified VPNs
      107. for NAME in $AUTOSTART ; do
      108. if test -e $CONFIG_DIR/$NAME.conf ; then
      109. start_vpn
      110. else
      111. log_failure_msg "No such VPN: $NAME"
      112. STATUS=1
      113. fi
      114. done
      115. fi
      116. #start VPNs from command line
      117. else
      118. while shift ; do
      119. [ -z "$1" ] && break
      120. if test -e $CONFIG_DIR/$1.conf ; then
      121. NAME=$1
      122. start_vpn
      123. else
      124. log_failure_msg " No such VPN: $1"
      125. STATUS=1
      126. fi
      127. done
      128. fi
      129. log_end_msg ${STATUS:-0}
      130. ;;
      131. stop)
      132. log_daemon_msg "Stopping $DESC"
      133. if test -z "$2" ; then
      134. for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
      135. NAME=`echo $PIDFILE | cut -c18-`
      136. NAME=${NAME%%.pid}
      137. stop_vpn
      138. log_progress_msg "$NAME"
      139. done
      140. else
      141. while shift ; do
      142. [ -z "$1" ] && break
      143. if test -e /var/run/openvpn.$1.pid ; then
      144. PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null`
      145. NAME=`echo $PIDFILE | cut -c18-`
      146. NAME=${NAME%%.pid}
      147. stop_vpn
      148. log_progress_msg "$NAME"
      149. else
      150. log_failure_msg " (failure: No such VPN is running: $1)"
      151. fi
      152. done
      153. fi
      154. log_end_msg 0
      155. ;;
      156. # Only 'reload' running VPNs. New ones will only start with 'start' or 'restart'.
      157. reload|force-reload)
      158. log_daemon_msg "Reloading $DESC"
      159. for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
      160. NAME=`echo $PIDFILE | cut -c18-`
      161. NAME=${NAME%%.pid}
      162. # If openvpn if running under a different user than root we'll need to restart
      163. if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
      164. stop_vpn
      165. sleep 1
      166. start_vpn
      167. log_progress_msg "(restarted)"
      168. else
      169. kill -HUP `cat $PIDFILE` || true
      170. log_progress_msg "$NAME"
      171. fi
      172. done
      173. log_end_msg 0
      174. ;;
      175. # Only 'soft-restart' running VPNs. New ones will only start with 'start' or 'restart'.
      176. soft-restart)
      177. log_daemon_msg "$DESC sending SIGUSR1"
      178. for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
      179. NAME=`echo $PIDFILE | cut -c18-`
      180. NAME=${NAME%%.pid}
      181. kill -USR1 `cat $PIDFILE` || true
      182. log_progress_msg "$NAME"
      183. done
      184. log_end_msg 0
      185. ;;
      186. restart)
      187. shift
      188. $0 stop ${@}
      189. sleep 1
      190. $0 start ${@}
      191. ;;
      192. cond-restart)
      193. log_daemon_msg "Restarting $DESC."
      194. for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
      195. NAME=`echo $PIDFILE | cut -c18-`
      196. NAME=${NAME%%.pid}
      197. stop_vpn
      198. sleep 1
      199. start_vpn
      200. done
      201. log_end_msg 0
      202. ;;
      203. status)
      204. GLOBAL_STATUS=0
      205. if test -z "$2" ; then
      206. # We want status for all defined VPNs.
      207. # Returns success if all autostarted VPNs are defined and running
      208. if test "x$AUTOSTART" = "xnone" ; then
      209. # Consider it a failure if AUTOSTART=none
      210. log_warning_msg "No VPN autostarted"
      211. GLOBAL_STATUS=1
      212. else
      213. if ! test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
      214. # Consider it a failure if one of the autostarted VPN is not defined
      215. for VPN in $AUTOSTART ; do
      216. if ! test -f $CONFIG_DIR/$VPN.conf ; then
      217. log_warning_msg "VPN '$VPN' is in AUTOSTART but is not defined"
      218. GLOBAL_STATUS=1
      219. fi
      220. done
      221. fi
      222. fi
      223. for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
      224. NAME=${CONFIG%%.conf}
      225. # Is it an autostarted VPN ?
      226. if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
      227. AUTOVPN=1
      228. else
      229. if test "x$AUTOSTART" = "xnone" ; then
      230. AUTOVPN=0
      231. else
      232. AUTOVPN=0
      233. for VPN in $AUTOSTART; do
      234. if test "x$VPN" = "x$NAME" ; then
      235. AUTOVPN=1
      236. fi
      237. done
      238. fi
      239. fi
      240. if test "x$AUTOVPN" = "x1" ; then
      241. # If it is autostarted, then it contributes to global status
      242. status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1
      243. else
      244. status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true
      245. fi
      246. done
      247. else
      248. # We just want status for specified VPNs.
      249. # Returns success if all specified VPNs are defined and running
      250. while shift ; do
      251. [ -z "$1" ] && break
      252. NAME=$1
      253. if test -e $CONFIG_DIR/$NAME.conf ; then
      254. # Config exists
      255. status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1
      256. else
      257. # Config does not exist
      258. log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !"
      259. GLOBAL_STATUS=1
      260. fi
      261. done
      262. fi
      263. exit $GLOBAL_STATUS
      264. ;;
      265. *)
      266. echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart|soft-restart|status}" >&2
      267. exit 1
      268. ;;
      269. esac
      270. exit 0
      271. # vim:set ai sts=2 sw=2 tw=0:
      Display All
    • Thanks for your help tekkb, it is appreciated!

      The script seems to look for a *.conf file and not an *.ovpn file. So I tried renaming frootvpn.ovpn to frootvpn.conf.
      Then I ran "/etc/init.d/openvpn start" again. This time it prompted for a login and password, but ended with a "." and I still have the usual WAN IP from my ISP.

      So not working either.
    • I downloaded the ovpn file from their debian instruction guide (linked in my first post), so it should be correct. I tried renaming it to *.conf with exactly the same result. I don't thing the problem is with the configuration file because the authentication seems to work properly.

      The "SIOCSIFADDR: Permission denied" error seems to point to a user/permission problem, Anyway, thanks for your help :)

      IPv6 isn't enabled in my OMV network settings.

      The post was edited 2 times, last by Nibb31 ().

    • try sysctl -w net.ipv6.conf.default.disable_ipv6=0

      this is a temp solution, somehow after the client starts, I cannot start another ssh session but the vpn gets connected, and it only let me connect after the vpn session is terminated. Someone else can help in this?
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • The DNS doesn't get pulled, also it doesn't work if I add the DNS manually in the client config. Gonna try the backports version is 2.3

      edit:

      add this 3 directives in .ovpn file

      Source Code

      1. script-security 2
      2. up /etc/openvpn/update-resolv-conf
      3. down /etc/openvpn/update-resolv-conf
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server

      The post was edited 1 time, last by subzero79 ().