Thread: VPN suggestions
View Single Post
allnameswereout's Avatar
allnameswereout is offline allnameswereout
2009-10-19 , 01:29
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#34
Originally Posted by icbolsh View Post
After trying so many different things, it seems as though the VPN is sort of working. I am not sure what is going on. So When I login to my vpn Jaiku works but Twitter fails to load(both are block normally) via Mauku. But I can't go to Twitter's website either via Tear. So it is kind of working because I can go to Jaiku.
Here is my current configuration:

client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
redirect-gateway def1

ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.ke
I see some double entries. I've made them fat. Comment entries you do not wish to use out by putting a # before them, or simply remove the entries you do not wish to use. Remove the first redirect-gateway so def1 stays. Don't know about your ca/cert/key/tls-auth entries. The last tls-auth entry is incomplete. Perhaps your paste is incomplete though.

Can you post your /etc/resolv.conf after OpenVPN client is running and got the DNS servers pushed? It seems only 1 DNS server is pushed by the OpenVPN server. In any case, I'd remove any Chinese DNS servers, but without OpenVPN client running you may have to readd them.

After OpenVPN client runs, can you try to ping (may require root access) www.twitter.com and see if it resolves, and you get replies?

One problem with OpenVPN may be that it quickly gets a timeout and goes poof. This doesn't combine well with GPRS. Maybe don't abuse the connection with too much bandwidth, and use a caching HTTP proxy which serves low quality JPEG. Also keep in mind your N8x0 is using cryptography _and_ a browser. It eats resources.

Sidenote: Using range 1.0.0.0/8 for private networking is currently not allowed. I don't understand why they do that... oh well.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Last edited by allnameswereout; 2009-10-19 at 02:06.