Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 19 Sep 2019, 08:49
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
A Simple VPN Implementation
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 5 [65 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Author Message
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Sun 10 Feb 2019, 04:48    Post subject:  

@ AvidHunter

The .pet is near the bottom of the first post as an attachment, below the image attachments. It is in a rectangular box with the .pet name in the title bar and the download link on the right hand side. As I say, it is a bit out of date now.

Are you running 32bit Xenial or 64bit Xenial?

I have put together a much more complete package with updated config files, scripts, icons, .desktop files, and all executables for 32bit Xenial and I gave it a quick test. (64bit Xenial version also added).

I named these .pet packages vpn-onoff-0.1-i686-xenial and vpn-onoff-0.1-x86_64-xenial
Version vpn-onoff-0.1-i686-slack14.1 also added for Slacko 6.3.2 32bit
I will upload them to http://smokey01.com/OscarTalks
Strictly for testing

All configuration is now done in the sub-directory /etc/vpn-onoff
The .ovpn config files (renamed), the vpnconfig symlink, and the vpnpass text file containing username and password are now all in this directory along with a bit of a README.
This is more tidy than having these files among others in /etc

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Mon 11 Feb 2019, 00:45    Post subject: VPN-Activator --- On-Off  

@ OscarTalks

I found the VPN-Activator download link just where you said it would be...(that was embarrassing). However, I also grabbed the vpn-onoff-0.1-x86_64-xenial from smokey01 (I'm running the 64 bit xenial) that you just posted and installed it (sweet). I will spend tonight and see if I can get everything running. Thankyou
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Mon 11 Feb 2019, 16:20    Post subject:  

AvidHunter wrote:
BTW: my intention is to use the Free version of ProtonVPN because it has no logging and no adds (but is evidently crippled on many features.


Took a look at ProtonVPN free version and was able to get it working.

Signed up with e-mail
Logged in to their website which gives me my dashboard.
From there I can download the .ovpn config files for each of their servers.
Place this (or several of them) in /etc/vpn-onoff with the others.
Delete the symlink vpnconfig
Right click the ProtonVPN .ovpn file and select "link"
Name the link you are creating as vpnconfig (replacing what you just deleted)
From the dashboard I also obtain the long random username and password which I have to use.
Those I paste into my vpnpass file (also in /etc/vpn-onoff)
I add the path to my vpnpass file into the .ovpn config file:-
auth-user-pass /etc/vpn-onoff/vpnpass
Save and close everything.
The VPN-Start "button" in JWM menu then starts it and connects.

The FREE servers are only 2 in Japan, 2 in The Netherlands, and 2 in USA and they are all very busy, some showing 100% load and none lower than around 80% when I looked. I chose USA2 and it was performing reasonably well, although the first 7 days are trial period so speed may slow down after that.

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Tue 12 Feb 2019, 02:25    Post subject: ProtonVPN  

@ OscarTalks

I am so glad you wrote these tutorials I would be so lost.

Anyway I meticulously followed your instructions through, closed the browser and clicked on VPN-start on the network men. I got the 30 second warning pop-up followed by the browser opening to "What is my IP?" web page. I minimized the browser and again clicked on the VPN-start button, again got the 30 second warning and the browser again opened another tab to the "What is my IP?" web page. I do not see the "openVPN already running" pop-up. How do I know if I'm connected?

BTW: netherlands-01 is running at 33% right now, I just can't tell if I'm connecting.
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Tue 12 Feb 2019, 05:27    Post subject:  

If you know your IP address before you try to connect you can compare it to the IP address after you connect. Also the "What is my IP" page gives additional information such as location, which should match the VPN server location rather than your own real location. You can close the browser once you have looked at the information, whether you are successfully connected or not.

If the browser opens again or opens another tab it would suggest that openvpn is not running or VPN has not initialised, but the information in the page is supposed to indicate that for you anyway. I suspect that something is still not quite right in your configuration process.

The tray notification icon will also re-open the browser on left click.
Right click of the tray notification icon gives the option to VPN-Stop.

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Tue 12 Feb 2019, 05:56    Post subject: ProtonVPN Config  

@ OscarTalks

The tray actually has two of the blue globes with the gold locks. At the moment a left click opens a none accessible web page (I suspect the web site is down) and a right click closes both globes. Prior to loosing access to the "What is my IP?" I mapped my IP address to a building in downtown Seattle (not the Netherlands). This sounds more and more like I've messed it up somehow so I'll start over and try again. In the mean time you are 8 or 9 hour ahead of me so I am going to bed and will return in 10 - 15 hrs.
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Tue 12 Feb 2019, 06:48    Post subject:  

@ AvidHunter

(This is specific to using ProtonVPN in my vpn-onoff thing)

Doing a bit more testing just now and discovered something.
In the ProtonVPN .ovpn config file, you will need to look for the 2 lines:-
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


These are causing it to error out.

Delete them completely or comment them out:-
#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf


I didn't notice this yesterday when testing, because I had previously been experimenting with Proton's own application and that had installed the /etc/openvpn/update-resolv-conf script automatically. My vpn-onoff thing does not use this.

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Tue 12 Feb 2019, 20:06    Post subject: ProtonVPN - Connection Issue  

@ OscarTalks

I commented out the lines mentioned, that changed things. When selecting VPN-start I no-longer get the blue orb with the gold lock in the tray nor does the "What is my IP?" web page pop open. However, when I do select the VPN-start button a second time I do get the pop-up that openVPN is already running, but no blue orb. Also when opening the "What is my IP?" web page manually I still get my local ISP IP address here in Seattle.
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Tue 12 Feb 2019, 21:10    Post subject:  

@ AvidHunter

I still think this is a configuration issue which is not quite right yet.

One hint, if you have tried to do VPN-Start and it seems not to have worked, always a good idea to click VPN-Stop before trying VPN-Start again. Otherwise open a terminal and enter killall openvpn to kill any openvpn process which is running but not completed initialisation.

To run a diagnostic, open a terminal and enter openvpn --config /etc/vpn-onoff/vpnconfig
This will not open any browsers or tray icons, but might help show what is wrong.
To kill it, open another terminal and enter killall openvpn (otherwise sometimes the process continues running even if you close the first terminal).

Make sure you have the correct username and password in /etc/vpn-onoff/vpnpass
It should be the long, randomly generated ones from your Proton dashboard, not the ones you use to log in to Proton.
The long username goes on the first line, replacing the word "vpnbook"
The long password goes on the second line, replacing the word "password"

In your .ovpn config file, make sure that the line which was originally auth-user-pass now has the path to /etc/vpn-onoff/vpnpass added after a space. It should now read
auth-user-pass /etc/vpn-onoff/vpnpass
That is telling openvpn where to look for the stored username and password.

Hover your mouse cursor over /etc/vpn-onoff/vpnconfig to confirm that it is a symlink to the correct file (your Proton .ovpn file).

I can't think of much else at the moment. Once configured it should be easy to click in and out of VPN and presumably with no need to update passwords as is the case with the other free providers like VPNbook and Freevpn.me

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Wed 13 Feb 2019, 07:23    Post subject: VPN-OnOff  

@ OscarTalks

[quote]One hint, if you have tried to do VPN-Start and it seems not to have worked, always a good idea to click VPN-Stop before trying VPN-Start again. Otherwise open a terminal and enter killall openvpn to kill any openvpn process which is running but not completed initialisation. [/quote/

Killed everything

Quote:
Make sure you have the correct username and password in /etc/vpn-onoff/vpnpass
It should be the long, randomly generated ones from your Proton dashboard, not the ones you use to log in to Proton.
The long username goes on the first line, replacing the word "vpnbook"
The long password goes on the second line, replacing the word "password"


Verified
Verified
Verified

Quote:
In your .ovpn config file, make sure that the line which was originally auth-user-pass now has the path to /etc/vpn-onoff/vpnpass added after a space. It should now read
auth-user-pass /etc/vpn-onoff/vpnpass


Verified

Quote:
In your .ovpn config file, make sure that the line which was originally auth-user-pass now has the path to /etc/vpn-onoff/vpnpass added after a space. It should now read
auth-user-pass /etc/vpn-onoff/vpnpass


Verified

Quote:
To run a diagnostic, open a terminal and enter openvpn --config /etc/vpn-onoff/vpnconfig
This will not open any browsers or tray icons, but might help show what is wrong.


Running this had an interesting effect, it changed my radio icon in the tray to something I didn't recognize and killed all access to the web. I ran the VPMstop to recover my access. The diagnotic output is below but I do not know what it is telling me. I do not know if this means anything but when I run VPNstart I do get the pink popup letting me know that openvpn is already running, but I do not get the blue orb with the gold lock in the tray nore do I get the "What is my IP?" browser popup. I do get the "What is my IP?" browser popup when I run VPNstop...this seems backwards.

root# openvpn --config /etc/vpn-onoff/vpnconfig
Wed Feb 13 02:44:07 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 10 2019
Wed Feb 13 02:44:07 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Feb 13 02:44:07 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 13 02:44:07 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 13 02:44:07 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]89.39.107.199:443
Wed Feb 13 02:44:07 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 13 02:44:07 2019 UDP link local: (not bound)
Wed Feb 13 02:44:07 2019 UDP link remote: [AF_INET]89.39.107.199:443
Wed Feb 13 02:44:07 2019 TLS: Initial packet from [AF_INET]89.39.107.199:443, sid=874ca90c 7b32ffcc
Wed Feb 13 02:44:07 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb 13 02:44:07 2019 VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Wed Feb 13 02:44:07 2019 VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Wed Feb 13 02:44:07 2019 VERIFY KU OK
Wed Feb 13 02:44:07 2019 Validating certificate extended key usage
Wed Feb 13 02:44:07 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Feb 13 02:44:07 2019 VERIFY EKU OK
Wed Feb 13 02:44:07 2019 VERIFY OK: depth=0, CN=nl-110.protonvpn.com
Wed Feb 13 02:44:08 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Wed Feb 13 02:44:08 2019 [nl-110.protonvpn.com] Peer Connection Initiated with [AF_INET]89.39.107.199:443
Wed Feb 13 02:44:09 2019 SENT CONTROL [nl-110.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Wed Feb 13 02:44:09 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.1.5 255.255.255.0,peer-id 3,cipher AES-256-GCM'
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: compression parms modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Wed Feb 13 02:44:09 2019 Socket Buffers: R=[212992->425984] S=[212992->425984]
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: route options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: route-related options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: peer-id set
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: adjusting link_mtu to 1657
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Feb 13 02:44:09 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Feb 13 02:44:09 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb 13 02:44:09 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb 13 02:44:09 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=00:14:a5:b5:0d:f5
Wed Feb 13 02:44:09 2019 TUN/TAP device tun0 opened
Wed Feb 13 02:44:09 2019 TUN/TAP TX queue length set to 100
Wed Feb 13 02:44:09 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Feb 13 02:44:09 2019 /sbin/ifconfig tun0 10.8.1.5 netmask 255.255.255.0 mtu 1500 broadcast 10.8.1.255
Wed Feb 13 02:44:09 2019 /sbin/route add -net 89.39.107.199 netmask 255.255.255.255 gw 192.168.0.1
Wed Feb 13 02:44:09 2019 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Wed Feb 13 02:44:09 2019 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Wed Feb 13 02:44:09 2019 Initialization Sequence Completed
Wed Feb 13 02:55:23 2019 event_wait : Interrupted system call (code=4)
Wed Feb 13 02:55:23 2019 SIGTERM received, sending exit notification to peer
Wed Feb 13 02:55:24 2019 /sbin/route del -net 89.39.107.199 netmask 255.255.255.255
route: SIOCDELRT: No such process
Wed Feb 13 02:55:24 2019 ERROR: Linux route delete command failed: external program exited with error status: 1
Wed Feb 13 02:55:24 2019 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Wed Feb 13 02:55:24 2019 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Wed Feb 13 02:55:24 2019 Closing TUN/TAP interface
Wed Feb 13 02:55:24 2019 /sbin/ifconfig tun0 0.0.0.0
Wed Feb 13 02:55:24 2019 SIGTERM[soft,exit-with-notification] received, process exiting
Quote:
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Wed 13 Feb 2019, 08:56    Post subject:  

@ AvidHunter

The VPN-Stop is supposed to open the browser (again) to confirm that you have exited VPN and returned to your normal ISP IP address. It also ensures that the tray notification "blue orb" icon is removed. These 2 functions are in addition to stopping the openvpn process.

If you click VPN-Stop when it is already stopped (or hasn't been started), you should get the pink notification. When you click "OK" in that pink notification, it will kill any "phantom" blue orb tray notification icons.

The change in your (wireless?) network icon may not, in itself, be a problem. Entering VPN can cause this sometimes, because the connection "looks" different to your system. Obviously though, if you then have no connectivity, that is a problem.

Your diagnostic output does indicate that you are connecting to the VPN.
See the line Initialization Sequence Completed towards the bottom?
The stuff below is a few minutes later, so I assume that is when you ran killall openvpn to shut it down.

That diagnostic command is just running openvpn from command line.
If you enter that and it gives you Initialization Sequence Completed, you should be able to leave the terminal open (minimized) and then surf normally in VPN. Test by bringing up the page manually (or some other test page). One problem here might be that if the VPN server is full to capacity it might appear that you have no connectivity, even though all the connections are OK.

Maybe try all of the 6 free servers if you have not already done so, remembering to edit each of the .ovpn files. If you have used the default UDP ones, try the TCP ones instead (option is in Proton dashboard - downloads a different .ovpn file for you). I actually used TCP from the beginning.

Otherwise I confess to being a little baffled about what is happening.
If testing this again, remember to killall openvpn at the end of the test.

I am also a little mystified as to why the browser and tray icon are not appearing with VPN-Start, especially since the openvpn part does appear to be configured correctly.
If clicking VPN-Start while the diagnostic is running, this is not surprising because openvpn is already running within the diagnostic.

One thing you may wish to try is configuring for one of the VPNbook servers with their username and password and re-creating the symlink. This should show you how my vpn-onoff thing is supposed to operate, but other than that I am stumped. I have tested it here with Proton in fresh boots of Puppy a couple of times and it all worked, but VPN is not always straight forward as there are lots of variables in networking.

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Thu 14 Feb 2019, 05:38    Post subject: diagnostic help  

@ OscarTalks

No success today, will try again tomorrow.

Questions;

What are the visual signs that are supposed to happen;

a) After a clean boot and VPNstart is selected for the first time.

b) After running VPNstop and then VPNstart
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Thu 14 Feb 2019, 09:06    Post subject:  

@ AvidHunter

Once it has been configured correctly:-

VPN-Start gives you the splash telling you to wait up to 30 seconds, followed by the browser to tell you your IP address (which you can close after you have read it), plus the tray notification icon appears.

VPN-Stop will open the browser again to tell you your IP address has returned to normal (and again you can close it after reading it), plus the tray notification icon is removed.
There is no splash with Stop, because Stop happens more quickly than Start.

If you then click VPN-Start again, the visual events will be as above.

VPN-Start when it is already started, or VPN-Stop when it is already stopped, will give only a pink notification to tell you that.

Perhaps I should mention one of the limitations or shortcomings of the visual indicators. The tray notification icon being present in the tray really only tells you that VPN-Start has been run. It does NOT prove that connection to the VPN server was successful. For that reason, the user should study the information in the browser to determine this. Left Click of the tray icon at any time opens the browser to check IP address again. This is on my list of things to look at in future, but this was always intended as a simple system that allows me to set up and then click in and out of VPN whenever I want.

_________________
Oscar in England

Back to top
View user's profile Send private message 
AvidHunter

Joined: 09 Feb 2019
Posts: 12

PostPosted: Fri 15 Feb 2019, 05:41    Post subject: ProtonVPN Games  

@ OscarTalks

Reboot and rebuilt everything after downloading all 12 Proton config files then built several VPNconfig files to play with.

Results;

select VPN-start; the 30 second warning runs followed by the blue orb with the gold lock followed by the wireless icon changing into a blue globe with a monitor plugged into it at the approximate latitude and longitude of Switzerland (go figure) followed by the browser popping open to the "What is my IP?" tab but with no web access.

Opening the browser before selecting VPN-start gives the same results.

Deactivating the firewall before initiating VPN-start produces the same results.

I'm stumped! Any suggestion on what to try next?
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2000
Location: London, England

PostPosted: Fri 15 Feb 2019, 10:35    Post subject:  

@ AvidHunter,

From what you have described over recent posts it sounds like the VPN connection is being established, but then traffic over it is blocked or not flowing for some reason. I am wondering if something in your hardware or your ISP is causing this block.

If you configure for VPNbook instead of ProtonVPN and then Start it, it would be interesting to know if you find that the VPNbook IP details display and if you have any web connectivity over VPNbook. This would be a test for some kind of blanket block on VPN traffic as well as proving that the core of the program does actually work.

The only other idea is to try the ProtonVPN command-line tool for Linux.
I tested that yesterday in 2 different Puppies, following the steps on their website, and I was able to connect with it and surf the web. Slightly less user-friendly than my thing to connect and disconnect VPN, but if it works for you it presents a viable option.

_________________
Oscar in England

Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 3 of 5 [65 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 1.0887s ][ Queries: 13 (0.3216s) ][ GZIP on ]