How to setup openvpn? and route all traffic trought vpn?

Issues related to configuring your network
CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

How to setup openvpn? and route all traffic trought vpn?

Post by CNoob » 2018/03/27 10:56:45

i am new on linux.
How to setup openvpn? and route all traffic trought vpn?

i have installed centos 7 and kde plasma. i use it as desktop system.
I have downloaded a zip with many .ovpn files from hidemy.name, a key file an two .crt files.

In the kde network manager i click on "manage connections" -> "vpn" -> "import" and select a .ovpn file from \etc\openvpn

Then i click on the desired vpn connection. i see "connected" but when i try to ping or start my webbrowser then nothing happens.
When i stop firewalld, the same problem happens.

I have to configure something else? What is wrong? Thank you for help.
Last edited by CNoob on 2018/03/27 15:23:04, edited 1 time in total.

User avatar
fdisk
Posts: 42
Joined: 2017/11/04 00:59:56

Re: How to send all traffic throught VPN?

Post by fdisk » 2018/03/27 14:57:13

Technically this is done by pointing the defaultroute to the virtual interface.
Configuration depends on the specific vpn implementation.

Openvpn providers usually providing correct configuration to route all traffic.
It would be helpful to show openvpn logfile and output of
route -n
after "connected" message.

CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

Re: How to setup openvpn? and route all traffic trought vpn?

Post by CNoob » 2018/03/27 16:48:20

where can i find the openvpn logs?

route -n shows:

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     50     0        0 tap0
0.0.0.0         10.0.2.2        0.0.0.0         UG    100    0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     100    0        0 enp0s3
10.0.2.2        0.0.0.0         255.255.255.255 UH    100    0        0 enp0s3
10.96.0.0       0.0.0.0         255.224.0.0     U     50     0        0 tap0
77.81.109.171   10.0.2.2        255.255.255.255 UGH   100    0        0 enp0s3
185.65.134.145  10.0.2.2        255.255.255.255 UGH   100    0        0 enp0s3
i come from windows and do not understand this :(

wp.rauchholz
Posts: 133
Joined: 2016/11/20 11:58:45

Re: How to setup openvpn? and route all traffic trought vpn?

Post by wp.rauchholz » 2018/03/27 17:50:41

That won't be easy to explain in a post. You will have to do some reading. I took me a good week to figure ut out.
Here some link I gelt were helpfu:

https://github.com/Angristan/OpenVPN-install; a scrip that supposingly install it all. I di not use/test it
https://www.sys-dev.cat/blog/3/; SETTING UP OPENVPN 2.4 WITH EASYRSA 3
https://pastebin.com/93aRXgwL; update-resolv-conf on RHEL 7 / CentOS 7 / Fedora 23-25 / Sci - Pastebin.com
https://github.com/piotr-dobrogost/open ... esolv-conf ; script to update your /etc/resolv.conf with DNS settings that come from the received push dhcp-options
I hope that helps

Wolfgang

CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

Re: How to setup openvpn? and route all traffic trought vpn?

Post by CNoob » 2018/03/27 18:09:07

the links does not work :(

I have tried the vpn service from mullvad. this works. but it is different from other services.
i tired vpnbook and https://hidemy.name/en/vpn/
both not work.
I can connect to a server but i can't use the internet an can not ping. I don't understand why.

Code: Select all

[root@localhost openvpn]# openvpn --config vpnbook-fr1-tcp80.ovpn
Tue Mar 27 20:07:16 2018 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
Tue Mar 27 20:07:16 2018 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Enter Auth Username: vpnbook
Enter Auth Password: *******
Tue Mar 27 20:07:33 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Mar 27 20:07:33 2018 NOTE: --fast-io is disabled since we are not using UDP
Tue Mar 27 20:07:33 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]37.187.158.97:80
Tue Mar 27 20:07:33 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Mar 27 20:07:33 2018 Attempting to establish TCP connection with [AF_INET]37.187.158.97:80 [nonblock]
Tue Mar 27 20:07:34 2018 TCP connection established with [AF_INET]37.187.158.97:80
Tue Mar 27 20:07:34 2018 TCP_CLIENT link local: (not bound)
Tue Mar 27 20:07:34 2018 TCP_CLIENT link remote: [AF_INET]37.187.158.97:80
Tue Mar 27 20:07:34 2018 TLS: Initial packet from [AF_INET]37.187.158.97:80, sid=b5aeda5a 8cfdbdef
Tue Mar 27 20:07:34 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 27 20:07:34 2018 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Tue Mar 27 20:07:34 2018 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Tue Mar 27 20:07:34 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Mar 27 20:07:34 2018 [vpnbook.com] Peer Connection Initiated with [AF_INET]37.187.158.97:80
Tue Mar 27 20:07:35 2018 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
Tue Mar 27 20:07:36 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS  213.186.33.99,dhcp-option DNS  91.239.100.100,route 10.12.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.12.0.14 10.12.0.13,peer-id 0,cipher AES-256-GCM'
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: route options modified
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: peer-id set
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Mar 27 20:07:36 2018 OPTIONS IMPORT: data channel crypto options modified
Tue Mar 27 20:07:36 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Mar 27 20:07:36 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar 27 20:07:36 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar 27 20:07:36 2018 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:17:27:09:20:00
Tue Mar 27 20:07:36 2018 TUN/TAP device tun3 opened
Tue Mar 27 20:07:36 2018 TUN/TAP TX queue length set to 100
Tue Mar 27 20:07:36 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Mar 27 20:07:36 2018 /sbin/ip link set dev tun3 up mtu 1500
Tue Mar 27 20:07:36 2018 /sbin/ip addr add dev tun3 local 10.12.0.14 peer 10.12.0.13
Tue Mar 27 20:07:38 2018 /sbin/ip route add 37.187.158.97/32 via 10.0.2.2
Tue Mar 27 20:07:38 2018 /sbin/ip route add 0.0.0.0/1 via 10.12.0.13
Tue Mar 27 20:07:38 2018 /sbin/ip route add 128.0.0.0/1 via 10.12.0.13
Tue Mar 27 20:07:38 2018 /sbin/ip route add 10.12.0.1/32 via 10.12.0.13
Tue Mar 27 20:07:38 2018 Initialization Sequence Completed

It seems to be ok. But why no internet possible?

User avatar
fdisk
Posts: 42
Joined: 2017/11/04 00:59:56

Re: How to setup openvpn? and route all traffic trought vpn?

Post by fdisk » 2018/03/27 18:29:21

openvpn is running on tun3 device which could mean that two other instances are already running. Make sure only instance is running.
What is this tap0 device for?

CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

Re: How to setup openvpn? and route all traffic trought vpn?

Post by CNoob » 2018/03/27 19:03:19

tap0 was automatically created from an server config file .ovpn

why use some server config files tun and others tap? i see the entrys in den config files:
dev tun
or
dev tap

how can i delete tun/tap devices?

what is the difference? is this the resolution for my problem?

User avatar
fdisk
Posts: 42
Joined: 2017/11/04 00:59:56

Re: How to setup openvpn? and route all traffic trought vpn?

Post by fdisk » 2018/03/27 19:46:38

In most cases you'll go with tun interface. To anonymize your network you must stick with the configuration provided from your vpn provider.
tun/tap differences are described here: https://community.openvpn.net/openvpn/w ... AndRouting
tap0 was automatically created from an server config file .ovpn
tun/tap devices are created/deleted by starting/stopping an openvpn instance. Looking at your routing table this seems your server is running and setting a defaultroute (which looks wrong)

Make sure, all openvpn instances are stopped. Check with

Code: Select all

ps ax |grep openvpn
In general I recommend to always check openvpn configuration via terminal. Only (and I mean it: ONLY) if everything works fine from here you may proceed to integrate configuration into your preferred GUI

CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

Re: How to setup openvpn? and route all traffic trought vpn?

Post by CNoob » 2018/03/28 10:35:18

Thanks for your help. i understand this now a little bit better.

The Problem was VirtualBox. The settings for the Network must be bridged and not NAT.


If i connect to the vpn is then absolutely all traffic routet over vpn?
How can i prevent DNS Leaks?

User avatar
fdisk
Posts: 42
Joined: 2017/11/04 00:59:56

Re: How to setup openvpn? and route all traffic trought vpn?

Post by fdisk » 2018/03/28 12:13:48

I'm afraid not. So far many vpn providers are not supporting ipv6. This means ipv6 will ignore any ipv4 tunnel setups.
The easiest way would be to just disable ipv6. Maybe someone has a better idea.

For DNS leaks you need to make sure *NOT* to use your local dns (most likely your router). So you can either:
- take any public dns outside you network (i.e. 8.8.8.8 for google)
or
- use dns server from your vpn provider: https://github.com/masterkorp/openvpn-u ... esolv-conf

Post Reply