VPN suggestions [Archive] - maemo.org

icbolsh

2009-10-14, 04:04

I have a VPN question. I am currently travelling through China and I just want to be able to use twitter via Mauka. Twitter along with facebook, blogger and youtube are blocked. Here's my question:

What is a good VPN service(preferably free) so I can browse the internet sites that are blocked. And which client is easiest to set up. Openvpn, vpnc...?
I got a vpn working on my laptop but I want to use my NIT while on the go.

Note: Some VPNs are blocked also. When setting up my laptop, I went through 3 VPNs before I found one that was not blocked. So as many suggestions as possible please.

ruskie

2009-10-14, 06:14

How about using TOR ?

icbolsh

2009-10-14, 08:08

How about using TOR ?
Blocked. Can't even see their website

schnebeck

2009-10-14, 09:11

Hmmm,

http://www.linux-magazine.com/Online/Features/OpenVPN-counters-censorship

HTH

Thorsten

TA-t3

2009-10-14, 11:25

What I did when travelling there was to have an ssh server at home, and then I set up a simple SSH tunnel from my computer in China: ssh -C -L8080:localhost:8118 my-computer-at-home

That computer would run an ssh server and a Privoxy proxy (at port 8118). With the above I just set the browser to use http://localhost:8080 as proxy.

Worked fine, I could go to any site.

deter3

2009-10-14, 12:13

Here is a website you can check many VPN services .
http://myvpnreviews.com/

Yes , there're many VPNs service has been blocked , so free VPN service is not easy to find nowadays . The question is what kind of VPN are you using now ( openVPN , PPTP or ipsec etc ) . Got a free SwissVPN account (PPTP ) for testing for couple of days and it worked out without problem on my E90 . I am using cisco ipsec VPN on NIT now .

allnameswereout

2009-10-14, 12:15

I'd pick my options in this way:

-1) Post all the intended tweets to myself over SMTPS and post them later.
0) Be aware you are planning to do something the local authorities do not like; possibly a crime. It might get you in trouble, so take into account suspicious activity might raise eyebrows and/or investigation. Including posting about this here. It may also lower your chances of being allowed to return to China again, or if you decide to make your next stay less pleasant. All these circumventions are easy to detect and/or block. Just saying.

Now, your options...

1) You can use SSHd to run VPN over. Google for 'SSH VPN howto'.
a) Run it on default port.
b) Run it on non-default port (e.g. 143 TCP).
2) Configure OpenVPN (after SSHd easiest VPN to set up)
a) Run it on default port.
b) Run it on non-default port (e.g. port 53 UDP).
3) Use a legal protocol to tunnel trafic over. E.g. TCP/IP over ICMP, TCP/IP over DNS, TCP over HTTP, and so on. This will be slowest. Optionally, you can encrypt this traffic, but doing so may be in your disadvantage when caught.
4) Hamachi is also a very easy VPN to set up, but its probably blocked.

I'm using 2b over 3G, but I'm pretty sure my 3G provider does not see me as their favourite customer ;)

icbolsh

2009-10-15, 06:46

Well, I've gotten much further, but still at a dead end. First let me say, that I cannot set up a VPN through my home PC because I am not at it. Whenever I am at home again I will definitely set it up.

I installed OpenVPN and am trying to find a VPN that I can figure out to use with it. I am not experienced in this obviously. I configured UltraVPN but I don't know if I did it wrong or can't connect because it is blocked already.
I tried Ivacy, but I am pretty sure I have that configured wrong since it works on my Linux box okay.
I also tried alonweb which had its own .tar files which I put in, but I think it needs something else. It connects and even turns green, but I still can't go to the restricted sights and most importantly Twitter via Mauku doesn't work.
I think my best shot at doing this is with Ivacy, but I really need the pre-made files for OpenVPN to set it up and I can't find them on the web. I need the
.config
.cert
.ca
for Ivacy if anyone has them.

I like Ivacy because they have a $.74 per GB price. Seeing how I would only use it for Twitter, it is perfect for me. Thanks for all your help.

mikkov

2009-10-15, 11:19

icbolsh

2009-10-15, 16:38

Ivacy seems to be using pptp so you cannot use Openvpn client for it.

Ultravpn is using Openvpn but apparently there is currently some problems using it from China http://www.ultravpn.fr/forum/index.php?&topic=246.0

Ooooooh,,,thanks. What vpn client should I use with Ivacy? I saw that there was Vpnc, What Maemo app. can run a pptp. Sorry for being such a newbie.

And yes I saw that there was an issue with Ultravpn right now. An administrator gave an attachment file with a temporary fix but the whole thing is over my head.

I am sorry for the need to do this but I will be here for 9 more months and want to get it up and running soon.

allnameswereout

2009-10-15, 16:55

Maybe the thread about PPTP VPN (http://talk.maemo.org/showthread.php?p=122042) helps. Also see PPTP security concerns (http://en.wikipedia.org/wiki/PPTP#PPTP_security_concerns).

icbolsh

2009-10-15, 17:19

Ivacy seems to be using pptp so you cannot use Openvpn client for it.

Now wait a minute...I was just looking at the Ivacy website and they have a page on configuring OpenVPN on Win XP.
http://ivacy.com/en/doc/user/setup/winxp_openvpn
Doesn't that mean it should work for OpenVPN on Maemo?

icbolsh

2009-10-15, 17:20

Maybe the thread about PPTP VPN (http://talk.maemo.org/showthread.php?p=122042) helps. Also see PPTP security concerns (http://en.wikipedia.org/wiki/PPTP#PPTP_security_concerns).
Thanks this helps a lot. I'll see what I can learn before asking for help.

allnameswereout

2009-10-15, 17:38

Now wait a minute...I was just looking at the Ivacy website and they have a page on configuring OpenVPN on Win XP.
http://ivacy.com/en/doc/user/setup/winxp_openvpn
Doesn't that mean it should work for OpenVPN on Maemo?Yes, it should. Ivacy supports PPTP, IPsec, and OpenVPN. They have howtos for various operating systems, too.

icbolsh

2009-10-16, 06:59

Seeing how I am an extreme newbie to VPNs and their settings...I was wondering if someone could kindly help me maybe point me in the right direction.
I have Openvpn installed and am using the the front end applet to configure everything. I put these config files(from Ivacy) (http://ivacy.com/en/doc/user/setup/winxp_openvpn) into the required firelds but I think I'm doing something wrong. When testing it, this error message comes up.

Fri Oct 16 13:56:14 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Fri Oct 16 13:56:14 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Oct 16 13:56:14 2009 Cannot load certificate file ivacy-keys/ivacy-client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Fri Oct 16 13:56:14 2009 Exiting

Any ideas what I'm doing wrong?

frals

2009-10-16, 08:17

Cannot load certificate file ivacy-keys/ivacy-client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002

is the .crt in the right folder?

icbolsh

2009-10-16, 09:05

Cannot load certificate file ivacy-keys/ivacy-client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002

is the .crt in the right folder?

Maybe.
Here is what I got:
Openvpn applet asks for...

Configuration file:
Key file:
Cert File:
Ca file:
Secret File:
PKCS12 file:

What I get from the Ivacy website is:

Ivacy-client.ovpn
Ivacy-ca.crt
Ivacy-client.crt
Ivacy-client.key
Ivacy-tls.key

Maybe I'm putting some of the files in the wrong fields. This is what I'm assuming.

Configuration file: Ivacy-client.ovpn
Key file: Ivacy-client.key
Cert File: Ivacy-client.crt
Ca file: Ivacy-ca.crt
Secret File: ? don't know maybe Ivacy-tls.key
PKCS12 file: ?

Sorry if there is some obvious stupidity going on here. Can show me what I did wrong?

mikkov

2009-10-16, 10:32

Sorry didn't notice the openvpn support

Try to modify Ivacy-client.ovpn so that all files are in same directory.

ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.key 1

Modify .ovpn, place all file in the same directory and then try to import them. Make sure that all files are imported, put ivacy-tls.key for example to PKCS12 field (or secret field, doesn't matter), because I don't think that applet has autodetection support for that.

icbolsh

2009-10-16, 15:33

Okay I modified .ovpn and when importing it put them all in except for ivacy-tls.key. So I put it in the PKCS12 field manually. When running a test now is says something different.

Fri Oct 16 23:24:40 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Fri Oct 16 23:24:40 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Oct 16 23:24:40 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Fri Oct 16 23:24:40 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Fri Oct 16 23:24:40 2009 Cannot open file key file 'ivacy-tls.key': No such file or directory (errno=2)
Fri Oct 16 23:24:40 2009 Exiting

So what is my next step? And I just want to say thank you for all this help.

mikkov

2009-10-16, 15:55

allnameswereout

2009-10-16, 23:01

For future reference: Really good SSH tunneling howto on Undeadly.org (OpenBSD Journal) (http://undeadly.org/cgi?action=article&sid=20090903183235). I know, TS picked OpenVPN and almost has it running, just found it of good quality that its worth to share. Maybe sth for wiki, or wiki entry for VPN solutions in general.

icbolsh

2009-10-17, 17:23

it seems that ivacy-tls.key wasn't imported. Apparently there is still problems in openvpn-applet (I am the author).

Easiest is to copy the file manually. Install rootsh, open X terminal, type sudo gainroot, copy with cp ivacy-tls.key /etc/openvpn

Okay sorry it took so long to get this step done. I got the file moved into the right directory. I don't get an error when I test....the light turns green when I start the client. The only problem is nothing has changed on the internet. Some sights are still blocked and Mauku still cannot connect with Twitter. I can't go to it through the browser either. I am missing something? An obvious step? Do I need to change something else?
Again thank you for all your help.

Here is the current log when I run a test:
"Sun Oct 18 01:23:08 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Sun Oct 18 01:23:08 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Oct 18 01:23:08 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Sun Oct 18 01:23:08 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Sun Oct 18 01:23:08 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Oct 18 01:23:08 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Oct 18 01:23:08 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 LZO compression initialized
Sun Oct 18 01:23:08 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Oct 18 01:23:08 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Sun Oct 18 01:23:08 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 18 01:23:08 2009 Local Options hash (VER=V4): '504e774e'
Sun Oct 18 01:23:08 2009 Expected Remote Options hash (VER=V4): '14168603'
Sun Oct 18 01:23:08 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Sun Oct 18 01:23:08 2009 UDPv4 link local: [undef]
Sun Oct 18 01:23:08 2009 UDPv4 link remote: 85.249.223.27:1194
Sun Oct 18 01:23:13 2009 TLS: Initial packet from 85.249.223.27:1194, sid=a20c53ca dcb26178
Sun Oct 18 01:23:13 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 18 01:23:25 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:26 2009 VERIFY OK: nsCertType=SERVER
Sun Oct 18 01:23:26 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:38 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Oct 18 01:23:38 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Sun Oct 18 01:23:39 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 18 01:23:41 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.106 255.255.255.0'
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route-related options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 18 01:23:41 2009 ROUTE default_gateway=192.168.15.1
Sun Oct 18 01:23:41 2009 TUN/TAP device tun0 opened
Sun Oct 18 01:23:41 2009 TUN/TAP TX queue length set to 100
Sun Oct 18 01:23:41 2009 /sbin/ifconfig tun0 1.2.124.106 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Sun Oct 18 01:23:41 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Sun Oct 18 01:23:42 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Sun Oct 18 01:23:42 2009 Initialization Sequence Completed"

Hope that helps.

mikkov

2009-10-17, 17:25

Post the openvpn log.

icbolsh

2009-10-17, 17:39

I put it above

is it something on my NIT that I needed to do?

allnameswereout

2009-10-17, 17:49

Okay sorry it took so long to get this step done. I got the file moved into the right directory. I don't get an error when I test....the light turns green when I start the client. The only problem is nothing has changed on the internet. Some sights are still blocked and Mauku still cannot connect with Twitter. I can't go to it through the browser either. I am missing something? An obvious step? Do I need to change something else?
Again thank you for all your help.

Here is the current log when I run a test:
"Sun Oct 18 01:23:08 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Sun Oct 18 01:23:08 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Oct 18 01:23:08 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Sun Oct 18 01:23:08 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Sun Oct 18 01:23:08 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Oct 18 01:23:08 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Oct 18 01:23:08 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 LZO compression initialized
Sun Oct 18 01:23:08 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Oct 18 01:23:08 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Sun Oct 18 01:23:08 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 18 01:23:08 2009 Local Options hash (VER=V4): '504e774e'
Sun Oct 18 01:23:08 2009 Expected Remote Options hash (VER=V4): '14168603'
Sun Oct 18 01:23:08 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Sun Oct 18 01:23:08 2009 UDPv4 link local: [undef]
Sun Oct 18 01:23:08 2009 UDPv4 link remote: 85.249.223.27:1194
Sun Oct 18 01:23:13 2009 TLS: Initial packet from 85.249.223.27:1194, sid=a20c53ca dcb26178
Sun Oct 18 01:23:13 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 18 01:23:25 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:26 2009 VERIFY OK: nsCertType=SERVER
Sun Oct 18 01:23:26 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:38 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Oct 18 01:23:38 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Sun Oct 18 01:23:39 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 18 01:23:41 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.106 255.255.255.0'
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route-related options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 18 01:23:41 2009 ROUTE default_gateway=192.168.15.1
Sun Oct 18 01:23:41 2009 TUN/TAP device tun0 opened
Sun Oct 18 01:23:41 2009 TUN/TAP TX queue length set to 100
Sun Oct 18 01:23:41 2009 /sbin/ifconfig tun0 1.2.124.106 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Sun Oct 18 01:23:41 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Sun Oct 18 01:23:42 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Sun Oct 18 01:23:42 2009 Initialization Sequence Completed"

Hope that helps.Hmm, I don't see redirect-gateway being pushed. If you want to have all traffic routed over the VPN you're gonna need the option --redirect-gateway def1 although the VPN may sent this by default, it usually doesn't. So try to execute OpenVPN with --redirect-gateway def1

icbolsh

2009-10-17, 17:54

not to have you do all the work for me, but what would that code look like in the terminal?

icbolsh

2009-10-17, 18:08

I got to go to bed...It's like 2am here. Thanks for every ones help. I'll be up in 5 hours with a coffee in my hand going right to this thread. I am so close to getting this going I can taste it.

allnameswereout

2009-10-17, 18:08

not to have you do all the work for me, but what would that code look like in the terminal?Its ok. I could help better if had N8x0/N900 device cause maybe the applet allows this.

The command would look like something like this:

sudo openvpn --config /etc/openvpn/config/Ivacy-client.ovpn --redirect-gateway def1

Two notes:

1) Might instead execute rootsh and ditch sudo
2) I don't know where your config file resides

After this authentication, going to http://ip.help.me.uk will say probably 85.249.223.27 (your VPN endpoint). If it does, it works. If not, I suggest running a tracepath.

PS: Instead of using --redirect-gateway you can also set up routing manually!!

mikkov

2009-10-17, 18:30

Its ok. I could help better if had N8x0/N900 device cause maybe the applet allows this.

The command would look like something like this:

sudo openvpn --config /etc/openvpn/config/Ivacy-client.ovpn --redirect-gateway def1

Two notes:

1) Might instead execute rootsh and ditch sudo
2) I don't know where your config file resides

After this authentication, going to http://ip.help.me.uk will say probably 85.249.223.27 (your VPN endpoint). If it does, it works. If not, I suggest running a tracepath.

PS: Instead of using --redirect-gateway you can also set up routing manually!!

Do that or add "redirect-gateway def1" to your .ovpn file (remember to reimport it)

allnameswereout

2009-10-17, 18:40

Add "redirect-gateway def1" to your .ovpn file (remember to reimport it)Ah yes, follow this advice, and use OpenVPN applet... convenient :)

icbolsh

2009-10-18, 00:53

YESSSSS!!!! Thank yoooouuuuu!!!!!!! we are on! I am set. Thank you for being so patient with me. I seriously love this site. Everybody is so helpful...even for noobs like me.

icbolsh

2009-10-18, 10:29

Okay, Openvpn stopped working. I tethered to my cell phone while out and about (which uses a GPRS). I tried using my vpn through it and it wouldn't work. In fact when I got to a wifi spot it wouldn't work there either. It hasn't worked all afternoon. Did I break it? Do I have to redo all the vpn setting? I will try reloading all the settings.
For the future, in theory is it supposed be able to work through GPRS?

icbolsh

2009-10-19, 01:03

After trying so many different things, it seems as though the VPN is sort of working. I am not sure what is going on. So When I login to my vpn Jaiku works but Twitter fails to load(both are block normally) via Mauku. But I can't go to Twitter's website either via Tear. So it is kind of working because I can go to Jaiku.
Here is my current configuration:

client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
redirect-gateway def1

ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.ke

Let me know if I did something wrong of could have done better.
And here is my current test log:

Mon Oct 19 08:41:46 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 08:41:46 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 08:41:46 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 08:41:46 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 08:41:46 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 08:41:46 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 08:41:46 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 LZO compression initialized
Mon Oct 19 08:41:46 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 08:41:46 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 08:41:46 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 08:41:46 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 08:41:46 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 08:41:46 2009 UDPv4 link local: [undef]
Mon Oct 19 08:41:46 2009 UDPv4 link remote: 85.249.223.27:1194
Mon Oct 19 08:41:47 2009 TLS: Initial packet from 85.249.223.27:1194, sid=6eefe230 458ca1eb
Mon Oct 19 08:41:47 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:50 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 08:41:57 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Mon Oct 19 08:41:59 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 08:41:59 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.110 255.255.255.0'
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 08:41:59 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 08:41:59 2009 TUN/TAP device tun0 opened
Mon Oct 19 08:41:59 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 08:41:59 2009 /sbin/ifconfig tun0 1.2.124.110 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Mon Oct 19 08:41:59 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 Initialization Sequence Completed

allnameswereout

2009-10-19, 01:29

icbolsh

2009-10-19, 02:51

thanks for your help allnameswereout,
okay I took out the repeats on the config and still same issue Jaiku but no twitter.
How do I remove chinese DNS ...I have Openvpn running? Then what? also how do I ping twitter? Don't I need their IP address to send a ping? Will a domain name work?

And yes, the incomplete line was my copy job.

allnameswereout

2009-10-19, 03:22

Instructions are incomplete see post below!!!

After changes you must re-import your OpenVPN client config again with the OpenVPN applet.

To remove Chinese DNS servers one normally edits /etc/resolv.conf and put # before all nameserver entries _except_ the ones pushed by OpenVPN server. According to your log that is 1.254.2.2 and 1.254.2.3

However because Maemo uses resolvconf together with dnsmasq you should make sure OpenVPN client works together with resolvconf because else resolvconf overwrites /etc/resolv.conf the whole time! To work together with resolvconf make sure OpenVPN client is shutdown and then add in your OpenVPN client config the following:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

foreign_option_1='dhcp-option DNS 1.254.2.2'
foreign_option_2='dhcp-option DNS 1.254.2.3'
foreign_option_3='dhcp-option DOMAIN vpn'

And, again you must re-import your OpenVPN client config again with the OpenVPN applet.

To test DNS, fire up OpenVPN client then
$ host -v -t a www.twitter.com

On bottom it should say

Received ? bytes from 1.254.2.2#53 in ? ms where ? are variable numbers, what matters is the IP address listed. It should be either 1.254.2.2 or 1.254.2.3

To ping

$ rootsh
# ping www.twitter.com

Ping command resolves www.twitter.com to an IP address. That is, assuming the DNS servers work and allow you to resolve it. If Twitter is blocked by Great Firewall of China, you can assume the DNS servers block resolving domains from Twitter as well. Also, the DNS requests are tunneled and therefore come from your VPN endpoint, not from within China. For one, this looks suspicious and leaves trace. Second, some ISPs only allow DNS access from clients within their network.

icbolsh

2009-10-19, 03:46

allnameswereout

2009-10-19, 04:22

So I copied resolv.conf and moved it so I can open it and just see (since I don't know how to open it within XTerm), and all it says is "nameserver 127.0.0.1". It doesn't list a bunch of different ones. Should I change it to list 1.254.2.2 and 1.254.2.3?No, because it will be overwritten by resolvconf the whole time. It lists 127.0.0.1 because you're running dnsmasq.

This is why you must use /sbin/resolvconf which is utilized by the script /etc/openvpn/update-resolv-conf

In your OpenVPN client config add

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

and script-security value from whatever it is to

script-security 2

Don't worry, this is because you're going to execute external script.

If you don't have update-resolv-conf then here is a copy of mine

#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

[ -x /sbin/resolvconf ] || exit 0

case $script_type in

up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$part3"
fi
fi
done
R=""
if [ "$IF_DNS_SEARCH" ] ; then
R="${R}search $IF_DNS_SEARCH
"
fi
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
;;
down)
/sbin/resolvconf -d "${dev}.inet"
;;
esacSave it to /etc/openvpn/update-resolv-conf
And to make it executable by root # chmod 755 /etc/openvpn/update-resolv-conf

Really sucks I don't have a N8x0 to test... :o

..but it works for me. My /etc/resolv.conf becomes

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 194.109.6.66
nameserver 194.109.9.99

icbolsh

2009-10-19, 05:08

okay I did everything you said to do. I hope I didn't do it wrong. Here is the log when I test it.

Mon Oct 19 12:58:59 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 12:58:59 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 12:59:00 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 12:59:00 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 12:59:00 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 12:59:00 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 12:59:00 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 LZO compression initialized
Mon Oct 19 12:59:00 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 12:59:00 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Mon Oct 19 12:59:00 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 12:59:00 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 12:59:00 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 12:59:00 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 12:59:00 2009 UDPv4 link local: [undef]
Mon Oct 19 12:59:00 2009 UDPv4 link remote: 85.249.223.29:1194
Mon Oct 19 12:59:03 2009 TLS: Initial packet from 85.249.223.29:1194, sid=ec891e77 4c37fc96
Mon Oct 19 12:59:03 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 12:59:04 2009 Replay-window backtrack occurred [1]
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:07 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 12:59:14 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Mon Oct 19 12:59:15 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 12:59:16 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.122 255.255.252.0'
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 12:59:16 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 12:59:16 2009 TUN/TAP device tun0 opened
Mon Oct 19 12:59:16 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 12:59:16 2009 /sbin/ifconfig tun0 1.2.116.122 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255
Mon Oct 19 12:59:16 2009 /etc/openvpn/update-resolv-conf tun0 1500 1542 1.2.116.122 255.255.252.0 init
Mon Oct 19 12:59:16 2009 script failed: could not execute external program
Mon Oct 19 12:59:16 2009 Exiting

icbolsh

2009-10-19, 05:26

I ran a ping to twitter , doesn't it look like it is working?

~ $ host -v-t a www.twitter.com

Query about www.twitter.com for record types A

Trying www.twitter.com ...

Query done, 1 answer, status: no error

The following answer is not authoritative:

www.twitter.com 12866 IN A 211.94.66.147

Authority information:

twitter.com 31211 IN NS ns4.p26.dynect.net

twitter.com 31211 IN NS ns1.p26.dynect.net

twitter.com 31211 IN NS ns2.p26.dynect.net

twitter.com 31211 IN NS ns3.p26.dynect.net

Additional information:

ns1.p26.dynect.net 71098 IN A 208.78.70.26

ns2.p26.dynect.net 71098 IN A 204.13.250.26

ns3.p26.dynect.net 71098 IN A 208.78.71.26
"
ns4.p26.dynect.net 71098 IN A 204.13.251.26

~ $

But I can't get it to load in Mauku, or go to it in my browser.

allnameswereout

2009-10-19, 05:29

Hmm, I think you get this error because you don't have Bash installed which the script requires, and Busybox /bin/sh is not compatible with Bash scripts.

Therefore you must install Bash from Application Manager.

After installed, from x-term execute:

$ whereis bash

Now you know where bash is located (probably either /bin/bash or /usr/bin/bash ...) now edit /etc/openvpn/update-resolv-conf and make sure on top to replace whatever it says to

#!/path/to/bash

Where /path/to/bash is what whereis told you.

PS: Whatever was the result of the host and ping commands?

icbolsh

2009-10-19, 06:06

allnameswereout

2009-10-19, 06:13

I installed bash, but the the whereis command comes up empty. I even went into root and did whereis bash. They both say "not found"Try this

$ ls -l /bin/bash* /usr/bin/bash* /usr/local/bin/bash*

or

$ dpkg -L bash | grep bin/

icbolsh

2009-10-19, 06:27

using "$ dpkg -L bash | grep bin/ " it listed /usr/bin/bash-setup. So is /usr/bin the path. I cd to the location then did "ls bash" and it still said "no such file or directory".

TA-t3

2009-10-19, 09:28

bash-setup is probably a post-installation script. Sounds like a strange way to set up a debian package. Someone who is familiar with this package will have to tell you how to fix that. It could be as simple as entering /usr/bin/bash-setup and see what it does. But on your own risk.

icbolsh

2009-10-20, 00:15

Hey mikkov,
Any chance you might know why I can view Jaiku but not twitter in my Ivacy config in openvpn? It was working, but then I tethered to my cell and it stopped working. Now I'm back on wifi and it still won't work but Jaiku does.

mikkov

2009-10-20, 11:22

Well, it's really hard to say. But it seems that the twitter ip you had is in Beijing so, so it's probably a dns issue as others have said.

Latest openvpn package for maemo comes with it's own update-resolv-conf. You could try the following config. Note that I have no idea if it works or not.

client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
script-security 3
reneg-sec 0
redirect-gateway def1
up /etc/openvpn/maemo-update-resolvconf
plugin /usr/lib/openvpn/openvpn-down-root.so "script_type=down /etc/openvpn/maemo-update-resolvconf"
ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.key 1

icbolsh

2009-10-21, 00:07

when importing the config file it says "Files not found: /etc/openvpn/maemo-update-resolvconf" . Am I missing that file? Do I just need to get that file and upload it?

It 's not working. here is the test log:
Wed Oct 21 08:00:26 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Wed Oct 21 08:00:26 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 21 08:00:26 2009 PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-down-root.so '[/usr/lib/openvpn/openvpn-down-root.so] [script_type=down] [/etc/openvpn/maemo-update-resolvconf]' intercepted=PLUGIN_UP|PLUGIN_DOWN
Wed Oct 21 08:00:26 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Wed Oct 21 08:00:26 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Wed Oct 21 08:00:26 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Wed Oct 21 08:00:26 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Wed Oct 21 08:00:26 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 21 08:00:26 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 21 08:00:26 2009 LZO compression initialized
Wed Oct 21 08:00:26 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Oct 21 08:00:27 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Wed Oct 21 08:00:27 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Oct 21 08:00:27 2009 Local Options hash (VER=V4): '504e774e'
Wed Oct 21 08:00:27 2009 Expected Remote Options hash (VER=V4): '14168603'
Wed Oct 21 08:00:27 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Wed Oct 21 08:00:27 2009 UDPv4 link local: [undef]
Wed Oct 21 08:00:27 2009 UDPv4 link remote: 85.249.223.29:1194
Wed Oct 21 08:00:27 2009 TLS: Initial packet from 85.249.223.29:1194, sid=787482eb 0030aab8
Wed Oct 21 08:00:27 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 21 08:00:32 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Wed Oct 21 08:00:32 2009 VERIFY OK: nsCertType=SERVER
Wed Oct 21 08:00:32 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Wed Oct 21 08:00:39 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Oct 21 08:00:39 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 21 08:00:39 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Oct 21 08:00:39 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 21 08:00:39 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Oct 21 08:00:39 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Wed Oct 21 08:00:40 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Wed Oct 21 08:00:40 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.119 255.255.252.0'
Wed Oct 21 08:00:40 2009 OPTIONS IMPORT: timers and/or timeouts modified
Wed Oct 21 08:00:40 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Oct 21 08:00:40 2009 OPTIONS IMPORT: --ifconfig/up options modified
Wed Oct 21 08:00:40 2009 OPTIONS IMPORT: route options modified
Wed Oct 21 08:00:40 2009 OPTIONS IMPORT: route-related options modified
Wed Oct 21 08:00:40 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Oct 21 08:00:40 2009 ROUTE default_gateway=192.168.15.1
Wed Oct 21 08:00:40 2009 TUN/TAP device tun0 opened
Wed Oct 21 08:00:40 2009 TUN/TAP TX queue length set to 100
Wed Oct 21 08:00:40 2009 /sbin/ifconfig tun0 1.2.116.119 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255
Wed Oct 21 08:00:41 2009 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-down-root.so/PLUGIN_UP status=0
Wed Oct 21 08:00:41 2009 /etc/openvpn/maemo-update-resolvconf tun0 1500 1542 1.2.116.119 255.255.252.0 init
Wed Oct 21 08:00:41 2009 script failed: could not execute external program
Wed Oct 21 08:00:41 2009 Exiting

kot2adm

2009-10-21, 06:06

HI all!
I think it's necessary to post wiki page about openvpn setup.
I have the same problems with openvpn setup.
My question Is it necessary to use option "auth-user-pass" with openvpn desktop applet?

kot2adm

2009-10-21, 09:36

Forget my previous post. Option "askpass" works well for me.

icbolsh

2009-10-22, 03:33

where can I get the "maemo-update-resolvconf" file? Anybody?

allnameswereout

2009-10-22, 03:56

where can I get the "maemo-update-resolvconf" file? Anybody?According to mike it comes with latest openvpn package for maemo

icbolsh

2009-10-22, 14:49

According to mike it comes with latest openvpn package for maemo
Well it says that it is missing when import the config file. When I search for it, it can't be found.
You know what, you guys have already done so much for me. Thank you. I'm just going to put the last config file in. I can at least use Jaiku. I set up a "twitter Feed" to import my Jaiku updates to Twitter. So I can still post on Twitter that way. I just wish I could view what was being posted on Twitter. But I am okay with what I got. Thanks for everything.

sanjeevani

2009-12-08, 07:33

Can I use VPN even if I am using shared internet connection? There are 4 other computers sharing my internet connection. I want to use VPN for my computer only. Can that be possible?
__________________
yahoo keyword tool (http://www.keywordspy.com/overview/keyword.aspx?q=yahoo%20keyword%20tool) ~ overture (http://www.keywordspy.com/overview/keyword.aspx?q=overture) ~ traffic estimator (http://www.keywordspy.com/overview/keyword.aspx?q=traffic%20estimator) ~ adwords traffic estimator (http://www.keywordspy.com/overview/keyword.aspx?q=adwords%20traffic%20estimator)