Active Topics
-
Maemo repository (5)
to Community by dredlok706 - 1 day, 16 hrs ago -
Re-commissioning N9 in 2018 (127)
to MeeGo / Harmattan by smatkovi - 1 day, 18 hrs ago -
Porting apps to Leste (41)
to Maemo 7 / Leste by Arno_11 - 2 days, 12 hrs ago -
List of well performing apps on Leste (33)
to Maemo 7 / Leste by teroyk - 2 days, 20 hrs ago -
N900 is not recognizable on any of my devices (windows 10,7, xp) What can I do? (1)
to Nokia N900 by nieldk - 4 days ago - more...
icbolsh |
2009-10-18
, 00:53
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#31
|
YESSSSS!!!! Thank yoooouuuuu!!!!!!! we are on! I am set. Thank you for being so patient with me. I seriously love this site. Everybody is so helpful...even for noobs like me.
| The Following User Says Thank You to icbolsh For This Useful Post: | ||
|
|
2009-10-18
, 10:29
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#32
|
Okay, Openvpn stopped working. I tethered to my cell phone while out and about (which uses a GPRS). I tried using my vpn through it and it wouldn't work. In fact when I got to a wifi spot it wouldn't work there either. It hasn't worked all afternoon. Did I break it? Do I have to redo all the vpn setting? I will try reloading all the settings.
For the future, in theory is it supposed be able to work through GPRS?
For the future, in theory is it supposed be able to work through GPRS?
|
|
2009-10-19
, 01:03
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#33
|
After trying so many different things, it seems as though the VPN is sort of working. I am not sure what is going on. So When I login to my vpn Jaiku works but Twitter fails to load(both are block normally) via Mauku. But I can't go to Twitter's website either via Tear. So it is kind of working because I can go to Jaiku.
Here is my current configuration:
client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
redirect-gateway def1
ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.ke
Let me know if I did something wrong of could have done better.
And here is my current test log:
Mon Oct 19 08:41:46 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 08:41:46 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 08:41:46 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 08:41:46 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 08:41:46 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 08:41:46 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 08:41:46 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 LZO compression initialized
Mon Oct 19 08:41:46 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 08:41:46 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 08:41:46 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 08:41:46 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 08:41:46 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 08:41:46 2009 UDPv4 link local: [undef]
Mon Oct 19 08:41:46 2009 UDPv4 link remote: 85.249.223.27:1194
Mon Oct 19 08:41:47 2009 TLS: Initial packet from 85.249.223.27:1194, sid=6eefe230 458ca1eb
Mon Oct 19 08:41:47 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:50 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 08:41:57 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Mon Oct 19 08:41:59 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 08:41:59 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.110 255.255.255.0'
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 08:41:59 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 08:41:59 2009 TUN/TAP device tun0 opened
Mon Oct 19 08:41:59 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 08:41:59 2009 /sbin/ifconfig tun0 1.2.124.110 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Mon Oct 19 08:41:59 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 Initialization Sequence Completed
Here is my current configuration:
client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
redirect-gateway def1
ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.ke
Let me know if I did something wrong of could have done better.
And here is my current test log:
Mon Oct 19 08:41:46 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 08:41:46 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 08:41:46 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 08:41:46 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 08:41:46 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 08:41:46 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 08:41:46 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 LZO compression initialized
Mon Oct 19 08:41:46 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 08:41:46 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 08:41:46 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 08:41:46 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 08:41:46 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 08:41:46 2009 UDPv4 link local: [undef]
Mon Oct 19 08:41:46 2009 UDPv4 link remote: 85.249.223.27:1194
Mon Oct 19 08:41:47 2009 TLS: Initial packet from 85.249.223.27:1194, sid=6eefe230 458ca1eb
Mon Oct 19 08:41:47 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:50 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 08:41:57 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Mon Oct 19 08:41:59 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 08:41:59 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.110 255.255.255.0'
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 08:41:59 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 08:41:59 2009 TUN/TAP device tun0 opened
Mon Oct 19 08:41:59 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 08:41:59 2009 /sbin/ifconfig tun0 1.2.124.110 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Mon Oct 19 08:41:59 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 Initialization Sequence Completed
 |
|
2009-10-19
, 01:29
|
|
Posts: 3,397 |
Thanked: 1,212 times |
Joined on Jul 2008
@ Netherlands
|
#34
|
Originally Posted by icbolsh
I see some double entries. I've made them fat. Comment entries you do not wish to use out by putting a # before them, or simply remove the entries you do not wish to use. Remove the first redirect-gateway so def1 stays. Don't know about your ca/cert/key/tls-auth entries. The last tls-auth entry is incomplete. Perhaps your paste is incomplete though.
After trying so many different things, it seems as though the VPN is sort of working. I am not sure what is going on. So When I login to my vpn Jaiku works but Twitter fails to load(both are block normally) via Mauku. But I can't go to Twitter's website either via Tear. So it is kind of working because I can go to Jaiku.
Here is my current configuration:
client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
redirect-gateway def1
ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.ke
Can you post your /etc/resolv.conf after OpenVPN client is running and got the DNS servers pushed? It seems only 1 DNS server is pushed by the OpenVPN server. In any case, I'd remove any Chinese DNS servers, but without OpenVPN client running you may have to readd them.
After OpenVPN client runs, can you try to ping (may require root access) www.twitter.com and see if it resolves, and you get replies?
One problem with OpenVPN may be that it quickly gets a timeout and goes poof. This doesn't combine well with GPRS. Maybe don't abuse the connection with too much bandwidth, and use a caching HTTP proxy which serves low quality JPEG. Also keep in mind your N8x0 is using cryptography _and_ a browser. It eats resources.
Sidenote: Using range 1.0.0.0/8 for private networking is currently not allowed. I don't understand why they do that... oh well.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Last edited by allnameswereout; 2009-10-19 at 02:06.
|
|
2009-10-19
, 02:51
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#35
|
thanks for your help allnameswereout,
okay I took out the repeats on the config and still same issue Jaiku but no twitter.
How do I remove chinese DNS ...I have Openvpn running? Then what? also how do I ping twitter? Don't I need their IP address to send a ping? Will a domain name work?
And yes, the incomplete line was my copy job.
okay I took out the repeats on the config and still same issue Jaiku but no twitter.
How do I remove chinese DNS ...I have Openvpn running? Then what? also how do I ping twitter? Don't I need their IP address to send a ping? Will a domain name work?
And yes, the incomplete line was my copy job.
|
|
2009-10-19
, 03:22
|
|
Posts: 3,397 |
Thanked: 1,212 times |
Joined on Jul 2008
@ Netherlands
|
#36
|
Instructions are incomplete see post below!!!
After changes you must re-import your OpenVPN client config again with the OpenVPN applet.
To remove Chinese DNS servers one normally edits /etc/resolv.conf and put # before all nameserver entries _except_ the ones pushed by OpenVPN server. According to your log that is 1.254.2.2 and 1.254.2.3
However because Maemo uses resolvconf together with dnsmasq you should make sure OpenVPN client works together with resolvconf because else resolvconf overwrites /etc/resolv.conf the whole time! To work together with resolvconf make sure OpenVPN client is shutdown and then add in your OpenVPN client config the following:
And, again you must re-import your OpenVPN client config again with the OpenVPN applet.
To test DNS, fire up OpenVPN client then
$ host -v -t a www.twitter.com
On bottom it should say
Received ? bytes from 1.254.2.2#53 in ? ms where ? are variable numbers, what matters is the IP address listed. It should be either 1.254.2.2 or 1.254.2.3
To ping
$ rootsh
# ping www.twitter.com
Ping command resolves www.twitter.com to an IP address. That is, assuming the DNS servers work and allow you to resolve it. If Twitter is blocked by Great Firewall of China, you can assume the DNS servers block resolving domains from Twitter as well. Also, the DNS requests are tunneled and therefore come from your VPN endpoint, not from within China. For one, this looks suspicious and leaves trace. Second, some ISPs only allow DNS access from clients within their network.
Last edited by allnameswereout; 2009-10-19 at 04:33.
After changes you must re-import your OpenVPN client config again with the OpenVPN applet.
To remove Chinese DNS servers one normally edits /etc/resolv.conf and put # before all nameserver entries _except_ the ones pushed by OpenVPN server. According to your log that is 1.254.2.2 and 1.254.2.3
However because Maemo uses resolvconf together with dnsmasq you should make sure OpenVPN client works together with resolvconf because else resolvconf overwrites /etc/resolv.conf the whole time! To work together with resolvconf make sure OpenVPN client is shutdown and then add in your OpenVPN client config the following:
Code:
up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-confforeign_option_1='dhcp-option DNS 1.254.2.2' foreign_option_2='dhcp-option DNS 1.254.2.3' foreign_option_3='dhcp-option DOMAIN vpn'
To test DNS, fire up OpenVPN client then
$ host -v -t a www.twitter.com
On bottom it should say
Received ? bytes from 1.254.2.2#53 in ? ms where ? are variable numbers, what matters is the IP address listed. It should be either 1.254.2.2 or 1.254.2.3
To ping
$ rootsh
# ping www.twitter.com
Ping command resolves www.twitter.com to an IP address. That is, assuming the DNS servers work and allow you to resolve it. If Twitter is blocked by Great Firewall of China, you can assume the DNS servers block resolving domains from Twitter as well. Also, the DNS requests are tunneled and therefore come from your VPN endpoint, not from within China. For one, this looks suspicious and leaves trace. Second, some ISPs only allow DNS access from clients within their network.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Last edited by allnameswereout; 2009-10-19 at 04:33.
| The Following User Says Thank You to allnameswereout For This Useful Post: | ||
|
|
2009-10-19
, 03:46
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#37
|
So I copied resolv.conf and moved it so I can open it and just see (since I don't know how to open it within XTerm), and all it says is "nameserver 127.0.0.1". It doesn't list a bunch of different ones. Should I change it to list 1.254.2.2 and 1.254.2.3?
|
|
2009-10-19
, 04:22
|
|
Posts: 3,397 |
Thanked: 1,212 times |
Joined on Jul 2008
@ Netherlands
|
#38
|
Originally Posted by icbolsh
No, because it will be overwritten by resolvconf the whole time. It lists 127.0.0.1 because you're running dnsmasq.
So I copied resolv.conf and moved it so I can open it and just see (since I don't know how to open it within XTerm), and all it says is "nameserver 127.0.0.1". It doesn't list a bunch of different ones. Should I change it to list 1.254.2.2 and 1.254.2.3?
This is why you must use /sbin/resolvconf which is utilized by the script /etc/openvpn/update-resolv-conf
In your OpenVPN client config add
Code:
up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf
Code:
script-security 2
If you don't have update-resolv-conf then here is a copy of mine
Code:
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
[ -x /sbin/resolvconf ] || exit 0
case $script_type in
up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$part3"
fi
fi
done
R=""
if [ "$IF_DNS_SEARCH" ] ; then
R="${R}search $IF_DNS_SEARCH
"
fi
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
;;
down)
/sbin/resolvconf -d "${dev}.inet"
;;
esac
And to make it executable by root # chmod 755 /etc/openvpn/update-resolv-conf
Really sucks I don't have a N8x0 to test...
..but it works for me. My /etc/resolv.conf becomes
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 194.109.6.66
nameserver 194.109.9.99
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
|
|
2009-10-19
, 05:08
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#39
|
okay I did everything you said to do. I hope I didn't do it wrong. Here is the log when I test it.
Mon Oct 19 12:58:59 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 12:58:59 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 12:59:00 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 12:59:00 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 12:59:00 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 12:59:00 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 12:59:00 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 LZO compression initialized
Mon Oct 19 12:59:00 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 12:59:00 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Mon Oct 19 12:59:00 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 12:59:00 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 12:59:00 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 12:59:00 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 12:59:00 2009 UDPv4 link local: [undef]
Mon Oct 19 12:59:00 2009 UDPv4 link remote: 85.249.223.29:1194
Mon Oct 19 12:59:03 2009 TLS: Initial packet from 85.249.223.29:1194, sid=ec891e77 4c37fc96
Mon Oct 19 12:59:03 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 12:59:04 2009 Replay-window backtrack occurred [1]
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:07 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 12:59:14 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Mon Oct 19 12:59:15 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 12:59:16 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.122 255.255.252.0'
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 12:59:16 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 12:59:16 2009 TUN/TAP device tun0 opened
Mon Oct 19 12:59:16 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 12:59:16 2009 /sbin/ifconfig tun0 1.2.116.122 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255
Mon Oct 19 12:59:16 2009 /etc/openvpn/update-resolv-conf tun0 1500 1542 1.2.116.122 255.255.252.0 init
Mon Oct 19 12:59:16 2009 script failed: could not execute external program
Mon Oct 19 12:59:16 2009 Exiting
Mon Oct 19 12:58:59 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 12:58:59 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 12:59:00 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 12:59:00 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 12:59:00 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 12:59:00 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 12:59:00 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 LZO compression initialized
Mon Oct 19 12:59:00 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 12:59:00 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Mon Oct 19 12:59:00 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 12:59:00 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 12:59:00 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 12:59:00 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 12:59:00 2009 UDPv4 link local: [undef]
Mon Oct 19 12:59:00 2009 UDPv4 link remote: 85.249.223.29:1194
Mon Oct 19 12:59:03 2009 TLS: Initial packet from 85.249.223.29:1194, sid=ec891e77 4c37fc96
Mon Oct 19 12:59:03 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 12:59:04 2009 Replay-window backtrack occurred [1]
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:07 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 12:59:14 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Mon Oct 19 12:59:15 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 12:59:16 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.122 255.255.252.0'
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 12:59:16 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 12:59:16 2009 TUN/TAP device tun0 opened
Mon Oct 19 12:59:16 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 12:59:16 2009 /sbin/ifconfig tun0 1.2.116.122 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255
Mon Oct 19 12:59:16 2009 /etc/openvpn/update-resolv-conf tun0 1500 1542 1.2.116.122 255.255.252.0 init
Mon Oct 19 12:59:16 2009 script failed: could not execute external program
Mon Oct 19 12:59:16 2009 Exiting
|
|
2009-10-19
, 05:26
|
|
Posts: 194 |
Thanked: 39 times |
Joined on Sep 2008
|
#40
|
I ran a ping to twitter , doesn't it look like it is working?
~ $ host -v-t a www.twitter.com
Query about www.twitter.com for record types A
Trying www.twitter.com ...
Query done, 1 answer, status: no error
The following answer is not authoritative:
www.twitter.com 12866 IN A 211.94.66.147
Authority information:
twitter.com 31211 IN NS ns4.p26.dynect.net
twitter.com 31211 IN NS ns1.p26.dynect.net
twitter.com 31211 IN NS ns2.p26.dynect.net
twitter.com 31211 IN NS ns3.p26.dynect.net
Additional information:
ns1.p26.dynect.net 71098 IN A 208.78.70.26
ns2.p26.dynect.net 71098 IN A 204.13.250.26
ns3.p26.dynect.net 71098 IN A 208.78.71.26
"
ns4.p26.dynect.net 71098 IN A 204.13.251.26
~ $
But I can't get it to load in Mauku, or go to it in my browser.
~ $ host -v-t a www.twitter.com
Query about www.twitter.com for record types A
Trying www.twitter.com ...
Query done, 1 answer, status: no error
The following answer is not authoritative:
www.twitter.com 12866 IN A 211.94.66.147
Authority information:
twitter.com 31211 IN NS ns4.p26.dynect.net
twitter.com 31211 IN NS ns1.p26.dynect.net
twitter.com 31211 IN NS ns2.p26.dynect.net
twitter.com 31211 IN NS ns3.p26.dynect.net
Additional information:
ns1.p26.dynect.net 71098 IN A 208.78.70.26
ns2.p26.dynect.net 71098 IN A 204.13.250.26
ns3.p26.dynect.net 71098 IN A 208.78.71.26
"
ns4.p26.dynect.net 71098 IN A 204.13.251.26
~ $
But I can't get it to load in Mauku, or go to it in my browser.