Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    May 2019
    Posts
    7

    Default Problems Setting up Tunnel

    Howdy all! Running into some issues setting up a tunnel vpn, might be something easy I'm over looking.

    So I'm using Proton VPN, I downloaded the .ovpn & have added the tunnel with username/password, it seems to verify & accept the file. However the status always shows disconnected, when I check the log tab it's completely empty.

    Here's a snippet of the .ovpn file (keys omitted):

    Code:
    client
    dev tun
    proto udp
    
    remote 104.254.92.61 80
    remote 104.254.92.61 443
    remote 104.254.92.61 4569
    remote 104.254.92.61 1194
    remote 104.254.92.61 5060
    
    remote-random
    resolv-retry infinite
    nobind
    cipher AES-256-CBC
    auth SHA512
    comp-lzo no
    verb 3
    
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    
    reneg-sec 0
    
    remote-cert-tls server
    auth-user-pass
    pull
    fast-io
    
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
    
    <ca>
    -----BEGIN CERTIFICATE-----
    
    -----END CERTIFICATE-----
    </ca>
    
    key-direction 1
    <tls-auth>
    # 2048 bit OpenVPN static key
    -----BEGIN OpenVPN Static key V1-----
    
    -----END OpenVPN Static key V1-----
    </tls-auth>
    I have edited the .ovpn file to only have 1 remote line.

    As another test, I downloaded a PIA .ovpn file and modified as instructed then uploaded. The account is no longer active, but I figure it oughta try to connect and throw a user/pass error. But still nothing in the logs. It's as if the service isn't running or its not triggering the connection.

    Any help would be appreciated!

  2. #2
    Newbie
    Join Date
    May 2019
    Posts
    7

    Default

    Okay so I was able to resolve this issue, for anyone who's interested the culprit was:

    Code:
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
    Untangle does not have these scripts.

    I was able to source them from a GitHub repo (can't post links yet, repo is: alfredopalhares). Untangle uses systemd, so the script necessary is the update-systemd-network.sh.

    SSH into the router and create the script /etc/openvpn/update-systemd-network with

    Code:
    #!/bin/bash
    #
    # Parses DHCP options from OpenVPN and creates a temporary systemd.network
    # configuration file with DNS settings, so they will be used by
    # systemd-resolved.
    #
    # To use set as 'up' and 'down' script in your openvpn *.conf:
    # up /etc/openvpn/update-systemd-network
    # down /etc/openvpn/update-systemd-network
    #
    # Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
    # and Chris Hanson
    # Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
    # 02/2016 wgh@torlan.ru modified script to include systemd-resolved support
    # 07/2013 colin@daedrum.net Fixed intet name
    # 05/2006 chlauber@bnc.ch
    
    SYSTEMD_PREFIX=/run/systemd
    
    if [ ! -d "$SYSTEMD_PREFIX" ]; then
        echo "$SYSTEMD_PREFIX doesn't exist" >&2
        exit 1
    fi
    
    mkdir -p "${SYSTEMD_PREFIX}/network"
    
    IFNAME=$1
    
    NETWORK_FILE="${SYSTEMD_PREFIX}/network/openvpn_${IFNAME}.network"
    
    case $script_type in
    up)
      for optionname in ${!foreign_option_*} ; do
        option="${!optionname}"
        echo $option >&2
        part1=$(echo "$option" | cut -d " " -f 1)
        if [ "$part1" == "dhcp-option" ] ; then
          part2=$(echo "$option" | cut -d " " -f 2)
          part3=$(echo "$option" | cut -d " " -f 3)
          if [ "$part2" == "DNS" ] ; then
            IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
          fi
          if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
            IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
          fi
        fi
      done
    
      echo "IF_DNS_NAMESERVERS=$IF_DNS_NAMESERVERS" >&2
      echo "IF_DNS_SEARCH=$IF_DNS_SEARCH" >&2
    
      rm -f $NETWORK_FILE
    
      (
        echo '[Match]'
        echo "Name=$IFNAME"
        echo '[Network]'
        for dns in "$IF_DNS_NAMESERVERS"; do
          echo "DNS=$dns"
        done
        if [[ "$IF_DNS_SEARCH" ]]; then
          echo "Domains=$IF_DNS_SEARCH"
        fi
      ) > $NETWORK_FILE
    
      systemctl restart systemd-networkd
      ;;
    down)
      rm -f $NETWORK_FILE
      systemctl restart systemd-networkd
      ;;
    esac
    Then chmod +x update-systemd-network and modify the .ovpn file to call the correct file

    Code:
    up /etc/openvpn/update-systemd-network
    down /etc/openvpn/update-systemd-network

  3. #3
    Master Untangler
    Join Date
    May 2008
    Posts
    908

    Default

    I am using proton vpn without having to do that? It was installed on an older version but works threw to the latest version, including the 14.2 beta.

  4. #4
    Newbie
    Join Date
    May 2019
    Posts
    7

    Default

    Which ovpn file are you using? Does it have the up & down lines?

  5. #5
    Master Untangler
    Join Date
    May 2008
    Posts
    908

    Default

    I used the 2 free us servers. I am not sure how to see what exactly is stored in Untangle.

    Seems the free servers may be overloaded at time because it drops from time to time. But I guess I can't complain. Anybody got recommendation for a better free vpn?

  6. #6
    Newbie
    Join Date
    May 2019
    Posts
    7

    Default

    Ah so I'm gonna guess that you used the router ovpn file which does not have those 2 lines. I actually totally overlooked that file while setting this up. It would have made life easier, but I believe that file is vulnerable to dns leaking.

    You can check your config file by ssh'ing into the tunnel and either cat or nano
    /usr/share/untangle/settings/tunnel-vpn/tunnel-***/tunnel.conf (replace *** with your tunnel number)

  7. #7
    Master Untangler
    Join Date
    May 2008
    Posts
    908

    Default

    Don't remember but I probably did download the router version. Untangle is a router more or less.

    nano /usr/share/untangle/settings/tunnel-vpn/tunnel-200/tunnel.conf
    14.2 beta
    Code:
    # ==============================================================================
    # Copyright (c) 2016-2017 ProtonVPN A.G. (Switzerland)
    # Email: contact@protonvpn.com
    #
    # The MIT License (MIT)
    #
    # Permission is hereby granted, free of charge, to any person obtaining a copy
    # of this software and associated documentation files (the "Software"), to deal
    # in the Software without restriction, including without limitation the rights
    # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    # copies of the Software, and to permit persons to whom the Software is
    # furnished to do so, subject to the following conditions:
    #
    # The above copyright notice and this permission notice shall be included in all
    # copies or substantial portions of the Software.
    #
    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
    # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
    # IN THE SOFTWARE.
    # ==============================================================================
    
    client
    dev tun
    proto udp
    
    remote us-free-02.protonvpn.com 1194
    
    remote-random
    resolv-retry infinite
    nobind
    cipher AES-256-CBC
    auth SHA512
    comp-lzo
    verb 3
    
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    
    ping 15
    ping-restart 0
    ping-timer-rem
    reneg-sec 0
    
    remote-cert-tls server
    auth-user-pass
    pull
    fast-io
    
    
    <ca>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    </ca>
    
    key-direction 1
    <tls-auth>
    # 2048 bit OpenVPN static key
    -----BEGIN OpenVPN Static key V1-----
    ...
    -----END OpenVPN Static key V1-----
    </tls-auth>#
    FYI
    Last edited by donhwyo; 05-17-2019 at 01:57 PM.

  8. #8
    Newbie
    Join Date
    May 2019
    Posts
    7

    Default

    Ah yup, thats the router config not the linux one... You're right it is a router, that runs linux

  9. #9
    Master Untangler
    Join Date
    May 2008
    Posts
    908

    Default

    Maybe the powers that be should have a wiki and link it from the "TunnelVPN" pages?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2