Active Topics
-
Maemo repository (5)
to Community by dredlok706 - 1 day, 16 hrs ago -
Re-commissioning N9 in 2018 (127)
to MeeGo / Harmattan by smatkovi - 1 day, 19 hrs ago -
Porting apps to Leste (41)
to Maemo 7 / Leste by Arno_11 - 2 days, 12 hrs ago -
List of well performing apps on Leste (33)
to Maemo 7 / Leste by teroyk - 2 days, 21 hrs ago -
N900 is not recognizable on any of my devices (windows 10,7, xp) What can I do? (1)
to Nokia N900 by nieldk - 4 days ago - more...
|
2009-10-17
, 17:23
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#22
|
Originally Posted by mikkov
Okay sorry it took so long to get this step done. I got the file moved into the right directory. I don't get an error when I test....the light turns green when I start the client. The only problem is nothing has changed on the internet. Some sights are still blocked and Mauku still cannot connect with Twitter. I can't go to it through the browser either. I am missing something? An obvious step? Do I need to change something else?
it seems that ivacy-tls.key wasn't imported. Apparently there is still problems in openvpn-applet (I am the author).
Easiest is to copy the file manually. Install rootsh, open X terminal, type sudo gainroot, copy with cp ivacy-tls.key /etc/openvpn
Again thank you for all your help.
Here is the current log when I run a test:
"Sun Oct 18 01:23:08 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Sun Oct 18 01:23:08 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Oct 18 01:23:08 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Sun Oct 18 01:23:08 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Sun Oct 18 01:23:08 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Oct 18 01:23:08 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Oct 18 01:23:08 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 LZO compression initialized
Sun Oct 18 01:23:08 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Oct 18 01:23:08 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Sun Oct 18 01:23:08 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 18 01:23:08 2009 Local Options hash (VER=V4): '504e774e'
Sun Oct 18 01:23:08 2009 Expected Remote Options hash (VER=V4): '14168603'
Sun Oct 18 01:23:08 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Sun Oct 18 01:23:08 2009 UDPv4 link local: [undef]
Sun Oct 18 01:23:08 2009 UDPv4 link remote: 85.249.223.27:1194
Sun Oct 18 01:23:13 2009 TLS: Initial packet from 85.249.223.27:1194, sid=a20c53ca dcb26178
Sun Oct 18 01:23:13 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 18 01:23:25 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:26 2009 VERIFY OK: nsCertType=SERVER
Sun Oct 18 01:23:26 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:38 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Oct 18 01:23:38 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Sun Oct 18 01:23:39 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 18 01:23:41 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.106 255.255.255.0'
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route-related options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 18 01:23:41 2009 ROUTE default_gateway=192.168.15.1
Sun Oct 18 01:23:41 2009 TUN/TAP device tun0 opened
Sun Oct 18 01:23:41 2009 TUN/TAP TX queue length set to 100
Sun Oct 18 01:23:41 2009 /sbin/ifconfig tun0 1.2.124.106 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Sun Oct 18 01:23:41 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Sun Oct 18 01:23:42 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Sun Oct 18 01:23:42 2009 Initialization Sequence Completed"
Hope that helps.
Last edited by icbolsh; 2009-10-17 at 17:30.
|
|
2009-10-17
, 17:25
|
|
Posts: 1,208 |
Thanked: 1,028 times |
Joined on Oct 2007
|
#23
|
Post the openvpn log.
|
|
2009-10-17
, 17:39
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#24
|
I put it above
is it something on my NIT that I needed to do?
is it something on my NIT that I needed to do?
 |
|
2009-10-17
, 17:49
|
|
Posts: 3,397 |
Thanked: 1,212 times |
Joined on Jul 2008
@ Netherlands
|
#25
|
Originally Posted by icbolsh
Hmm, I don't see redirect-gateway being pushed. If you want to have all traffic routed over the VPN you're gonna need the option --redirect-gateway def1 although the VPN may sent this by default, it usually doesn't. So try to execute OpenVPN with --redirect-gateway def1
Okay sorry it took so long to get this step done. I got the file moved into the right directory. I don't get an error when I test....the light turns green when I start the client. The only problem is nothing has changed on the internet. Some sights are still blocked and Mauku still cannot connect with Twitter. I can't go to it through the browser either. I am missing something? An obvious step? Do I need to change something else?
Again thank you for all your help.
Here is the current log when I run a test:
"Sun Oct 18 01:23:08 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Sun Oct 18 01:23:08 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Oct 18 01:23:08 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Sun Oct 18 01:23:08 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Sun Oct 18 01:23:08 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Oct 18 01:23:08 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Oct 18 01:23:08 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 LZO compression initialized
Sun Oct 18 01:23:08 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Oct 18 01:23:08 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Sun Oct 18 01:23:08 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 18 01:23:08 2009 Local Options hash (VER=V4): '504e774e'
Sun Oct 18 01:23:08 2009 Expected Remote Options hash (VER=V4): '14168603'
Sun Oct 18 01:23:08 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Sun Oct 18 01:23:08 2009 UDPv4 link local: [undef]
Sun Oct 18 01:23:08 2009 UDPv4 link remote: 85.249.223.27:1194
Sun Oct 18 01:23:13 2009 TLS: Initial packet from 85.249.223.27:1194, sid=a20c53ca dcb26178
Sun Oct 18 01:23:13 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 18 01:23:25 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:26 2009 VERIFY OK: nsCertType=SERVER
Sun Oct 18 01:23:26 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:38 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Oct 18 01:23:38 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Sun Oct 18 01:23:39 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 18 01:23:41 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.106 255.255.255.0'
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route-related options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 18 01:23:41 2009 ROUTE default_gateway=192.168.15.1
Sun Oct 18 01:23:41 2009 TUN/TAP device tun0 opened
Sun Oct 18 01:23:41 2009 TUN/TAP TX queue length set to 100
Sun Oct 18 01:23:41 2009 /sbin/ifconfig tun0 1.2.124.106 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Sun Oct 18 01:23:41 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Sun Oct 18 01:23:42 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Sun Oct 18 01:23:42 2009 Initialization Sequence Completed"
Hope that helps.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
|
|
2009-10-17
, 17:54
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#26
|
not to have you do all the work for me, but what would that code look like in the terminal?
|
|
2009-10-17
, 18:08
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#27
|
I got to go to bed...It's like 2am here. Thanks for every ones help. I'll be up in 5 hours with a coffee in my hand going right to this thread. I am so close to getting this going I can taste it.
|
|
2009-10-17
, 18:08
|
|
Posts: 3,397 |
Thanked: 1,212 times |
Joined on Jul 2008
@ Netherlands
|
#28
|
Originally Posted by icbolsh
Its ok. I could help better if had N8x0/N900 device cause maybe the applet allows this.
not to have you do all the work for me, but what would that code look like in the terminal?
The command would look like something like this:
sudo openvpn --config /etc/openvpn/config/Ivacy-client.ovpn --redirect-gateway def1
Two notes:
1) Might instead execute rootsh and ditch sudo
2) I don't know where your config file resides
After this authentication, going to http://ip.help.me.uk will say probably 85.249.223.27 (your VPN endpoint). If it does, it works. If not, I suggest running a tracepath.
PS: Instead of using --redirect-gateway you can also set up routing manually!!
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
| The Following User Says Thank You to allnameswereout For This Useful Post: | ||
|
|
2009-10-17
, 18:30
|
|
Posts: 1,208 |
Thanked: 1,028 times |
Joined on Oct 2007
|
#29
|
Originally Posted by allnameswereout
Do that or add "redirect-gateway def1" to your .ovpn file (remember to reimport it)
Its ok. I could help better if had N8x0/N900 device cause maybe the applet allows this.
The command would look like something like this:
sudo openvpn --config /etc/openvpn/config/Ivacy-client.ovpn --redirect-gateway def1
Two notes:
1) Might instead execute rootsh and ditch sudo
2) I don't know where your config file resides
After this authentication, going to http://ip.help.me.uk will say probably 85.249.223.27 (your VPN endpoint). If it does, it works. If not, I suggest running a tracepath.
PS: Instead of using --redirect-gateway you can also set up routing manually!!
| The Following 2 Users Say Thank You to mikkov For This Useful Post: | ||
|
|
2009-10-17
, 18:40
|
|
Posts: 3,397 |
Thanked: 1,212 times |
Joined on Jul 2008
@ Netherlands
|
#30
|
Originally Posted by mikkov
Ah yes, follow this advice, and use OpenVPN applet... convenient
Add "redirect-gateway def1" to your .ovpn file (remember to reimport it)
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!