You are not logged in.
Pages: 1
I'm having trouble setting up my BlackVPN service with OpenVPN. I've never used VPN before and I want to use CLI only.
This guide didn't help much. I moved the config file to the location they specified and tried setting up this shell script, but I don't know how to get past the symbolic link step.
Please tell me to link any error information that would be useful.
Offline
The wiki has the details: https://wiki.archlinux.org/index.php/Op … figuration
Essentially, once you have setup the relevant $location.conf file, enable the systemd service of the same name; eg:
systemctl enable openvpn@blackvpn_canada.service
# edit: this assumes you are running systemd, naturally. In which case, that shell script is of no use...
Offline
I don't know how to setup the configuration file. This is the one BlackVPN provides:
client
dev tun
fast-io
persist-key
persist-tun
nobind
remote vpn.blackvpn.com 1194
pull
comp-lzo
tls-client
tls-remote server
ns-cert-type server
ca [inline]
tls-auth [inline] 1
<ca>
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIJAOPuri2QIDM5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
BAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQK
EwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEW
EnN0YWZmQGJsYWNrdnBuLmNvbTAeFw0wOTA1MjAwNTQ0NTBaFw0xOTA1MTgwNTQ0
NTBaMHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVy
ZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAf
BgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOIUad4+6krAixyWDPbppNlW7wDhp3zYtZu59XzazgSX
4D77ifTC11HzkpwBkARNn5Rd4MyhObIpT4F/EcDkWJXfDDt44mAVl9kgHDjJgPle
CJBm5ZEsPw9ls0gqN/ApmExueH9mXCwYiwROT2t92/GyGfB+oguBv68vuNVrDafz
fVsf/TxdQdVkM4RUj7y9QbeHdjHgo1aqkDr9BhhVYii4F7wUo6+qazbPBpXJvjpM
DeWlaTW2hvBhB4QCam9AakP3GW9Fiwvi0DEXKNI7EFjHWpmX6ICZ2MSx/LiUkMYW
ebkz8JNwbCvaFOjkB5Frb4xB87sFKNzLIdTIl5KfcfkCAwEAAaOB3zCB3DAdBgNV
HQ4EFgQUWRZFT+il66elZ6sbAdYTGmkU5q8wgawGA1UdIwSBpDCBoYAUWRZFT+il
66elZ6sbAdYTGmkU5q+hfqR8MHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDES
MBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxML
YmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbYIJ
AOPuri2QIDM5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADGNe5p8
eBGi1cC5iYXQO44tWBgKLNXcsqsCWKPvcLOh8KyX5/8TpGLioDStr/z02CIQJ3Fy
OBaP2mpwkfb4ctEL+9NUAt4JYFPUKs1U41SZYsfPYS/ptMpYqpv1HJrjkAiZ93Ee
ukjfmmXTUWOKnWPoEpLmDamAfJcf9Am9jCUp0Z1ft7D9hQAoZsSjijhjjPjebTsL
p17Y1bEumDxatos59QITIxGfce2uagZwYxjEhQfABpgOogWC4EBViKaBgnHMbIuq
RexZ82khzythObj8PrNhfDlmRzP3L5u+MMAoF+S9woPEpZmqQBlXMw+VRJQefuCB
ZI3/zBiITVi3tx4=
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
8710f3bba39e8411858d66615f77a4b1
42a6c573bfadd4b5dcb212ca420ef0d7
212bba9693f0ddcdca129c661e44b9e8
4749ad5929c030b68cfd7fd1a345ac52
26b66b356aefd21b102ade0a9c75b0e5
0093b1ec012d27c2cb53b166086c844b
686c42a8c81dbbe07a0982e16c0ee8d0
782d3999cc6d7fc6063ec53860fe6f71
72db9f5db85d892aa676e8b5410d0143
77f62582eb90204395d02003181933db
7346978c2cf7c1a8b5031aa890199600
4d70ea6bc915ed555d351c1beafc1cfc
e4fa675fa67569ac3179c77ba8a113db
7153a8ac59d82aa03249376be059bb3a
a14e9ad19abaadf089463bcf2d0e16e1
cb3a5bbe98152ddd95437f47bd044ba6
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-256-CBC
verb 3
mute 10
auth-user-pass
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
I'm confused by parts of that guide. I'm not sure what's relevant to me and what is not. I belive I may need to make ca, cert, key, and dh files, but I'm not sure what information goes in which.
Last edited by thewisenoob (2013-07-01 00:19:19)
Offline
The wiki has a section on it: https://wiki.archlinux.org/index.php/Op … ation_file
Please read through that rather than ask for handholding here.
Have you tried using the default provided by BlackVPN? FWIW: it looks good to go.
If you don't want to be prompted for a password at start, you can add a field:
auth-user-pass /etc/openvpn/yourpassfile
Make sure it has the appropriate permissions on it.
# edit the conf file is telling you that the ca.cert is [inline], you don't have to break it out unless you want to.
Offline
When I Test the OpenVPN configuration with this:
sudo openvpn /etc/openvpn/server.conf
I get this error:
Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory
Options error: Please correct this error.
I never saw anything about making update-resolv-conf or where to get it or what it even is. I'm sorry I'm asking for handholding. I tried figuring it out how to configure OpenVPN via the Wiki, but I wasn't able to.
Last edited by thewisenoob (2013-07-01 00:39:27)
Offline
Remove those lines from the conf file and try again (they probably are only relevant for debian-based distributions).
And shouldn't you be running something like:
sudo openvpn /etc/openvpn/blackvpn_canada.conf
Offline
I commented out those lines, saved and then ran
sudo openvpn /etc/openvpn/server.conf
which prompted me for my username and password. After entering them, I got this output:
Sun Jun 30 20:50:17 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jun 30 20:50:17 2013 Control Channel Authentication: tls-auth using INLINE static key file
Sun Jun 30 20:50:17 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:17 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:17 2013 Socket Buffers: R=[126976->131072] S=[126976->131072]
Sun Jun 30 20:50:18 2013 UDPv4 link local: [undef]
Sun Jun 30 20:50:18 2013 UDPv4 link remote: [AF_INET]199.180.113.130:1194
Sun Jun 30 20:50:18 2013 TLS: Initial packet from [AF_INET]199.180.113.130:1194, sid=aad0b035 5c78ce98
Sun Jun 30 20:50:18 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jun 30 20:50:18 2013 VERIFY OK: depth=1, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=blackVPN CA, emailAddress=staff@blackvpn.com
Sun Jun 30 20:50:18 2013 VERIFY OK: nsCertType=SERVER
Sun Jun 30 20:50:18 2013 VERIFY OK: depth=0, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=server, emailAddress=staff@blackvpn.com
Sun Jun 30 20:50:20 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 20:50:20 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:20 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 20:50:20 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:20 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jun 30 20:50:20 2013 [server] Peer Connection Initiated with [AF_INET]199.180.113.130:1194
Sun Jun 30 20:50:22 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jun 30 20:50:22 2013 AUTH: Received control message: AUTH_FAILED
Sun Jun 30 20:50:22 2013 SIGTERM[soft,auth-failure] received, process exiting
I don't know what most of that means, but it seems to be failing in some way.
Last edited by thewisenoob (2013-07-01 00:56:42)
Offline
Sun Jun 30 20:50:22 2013 AUTH: Received control message: AUTH_FAILED
Offline
Does that mean my login information isn't working? I entered my username and password multiple times. I know I'm entering them correctly.
Offline
It means that the login/username is incorrect for that conf file. As I said in post #6, you seem to be trying to run the wrong conf...
I downloaded the blackvpn.zip and there is no server.conf there. Pick a location you want to connect to and use that:
https://wiki.archlinux.org/index.php/Op … al_startup
Offline
I had renamed blackvpn_usa.conf to server.conf. I added the auth-user-pass field to the configuration file and set the login information file permission to 400. Does that seem like a good choice? Then, I enabled the systemd service of the same name. How do I know it's working?
Offline
The output of `ip addr` should show a tun interface. Your external IP should also have changed.
Offline
No tun interface appears. Just lo and enp2s0. I'm sorry I'm so incompetent. I really appreciate the help.
Offline
Make sure it works manually before enabling the service file.
What errors did it print. Did you set up your auth file correctly?
https://wiki.archlinux.org/index.php/Op … the_client
Offline
This is my blackvpn_usa.conf file now:
client
dev tun
fast-io
persist-key
persist-tun
nobind
remote vpn.blackvpn.com 1194
pull
comp-lzo
tls-client
#tls-remote server
ns-cert-type server
auth-user-pass login_info
ca [inline]
tls-auth [inline] 1
<ca>
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIJAOPuri2QIDM5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
BAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQK
EwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEW
EnN0YWZmQGJsYWNrdnBuLmNvbTAeFw0wOTA1MjAwNTQ0NTBaFw0xOTA1MTgwNTQ0
NTBaMHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVy
ZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAf
BgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOIUad4+6krAixyWDPbppNlW7wDhp3zYtZu59XzazgSX
4D77ifTC11HzkpwBkARNn5Rd4MyhObIpT4F/EcDkWJXfDDt44mAVl9kgHDjJgPle
CJBm5ZEsPw9ls0gqN/ApmExueH9mXCwYiwROT2t92/GyGfB+oguBv68vuNVrDafz
fVsf/TxdQdVkM4RUj7y9QbeHdjHgo1aqkDr9BhhVYii4F7wUo6+qazbPBpXJvjpM
DeWlaTW2hvBhB4QCam9AakP3GW9Fiwvi0DEXKNI7EFjHWpmX6ICZ2MSx/LiUkMYW
ebkz8JNwbCvaFOjkB5Frb4xB87sFKNzLIdTIl5KfcfkCAwEAAaOB3zCB3DAdBgNV
HQ4EFgQUWRZFT+il66elZ6sbAdYTGmkU5q8wgawGA1UdIwSBpDCBoYAUWRZFT+il
66elZ6sbAdYTGmkU5q+hfqR8MHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDES
MBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxML
YmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbYIJ
AOPuri2QIDM5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADGNe5p8
eBGi1cC5iYXQO44tWBgKLNXcsqsCWKPvcLOh8KyX5/8TpGLioDStr/z02CIQJ3Fy
OBaP2mpwkfb4ctEL+9NUAt4JYFPUKs1U41SZYsfPYS/ptMpYqpv1HJrjkAiZ93Ee
ukjfmmXTUWOKnWPoEpLmDamAfJcf9Am9jCUp0Z1ft7D9hQAoZsSjijhjjPjebTsL
p17Y1bEumDxatos59QITIxGfce2uagZwYxjEhQfABpgOogWC4EBViKaBgnHMbIuq
RexZ82khzythObj8PrNhfDlmRzP3L5u+MMAoF+S9woPEpZmqQBlXMw+VRJQefuCB
ZI3/zBiITVi3tx4=
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
8710f3bba39e8411858d66615f77a4b1
42a6c573bfadd4b5dcb212ca420ef0d7
212bba9693f0ddcdca129c661e44b9e8
4749ad5929c030b68cfd7fd1a345ac52
26b66b356aefd21b102ade0a9c75b0e5
0093b1ec012d27c2cb53b166086c844b
686c42a8c81dbbe07a0982e16c0ee8d0
782d3999cc6d7fc6063ec53860fe6f71
72db9f5db85d892aa676e8b5410d0143
77f62582eb90204395d02003181933db
7346978c2cf7c1a8b5031aa890199600
4d70ea6bc915ed555d351c1beafc1cfc
e4fa675fa67569ac3179c77ba8a113db
7153a8ac59d82aa03249376be059bb3a
a14e9ad19abaadf089463bcf2d0e16e1
cb3a5bbe98152ddd95437f47bd044ba6
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-256-CBC
verb 3
mute 10
auth-user-pass
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
The login info is in a file called login_info in /etc/openvpn. When I start it manually with
sudo openvpn /etc/openvpn/blackvpn_usa.conf
I'm still promoted for the username and password and I still get the same authorization failure as last time.
Offline
You need to change the auth line
auth-user-pass
should read
auth-user-pass /etc/openvpn/login_info
I'd also comment out/remove the last two lines.
# edit and why have you commented out tls-remote? That does ship with the blackvpn files.
Offline
I made those changes, but it doesn't seem to affect the output. It's still:
Sun Jun 30 22:38:39 2013 Control Channel Authentication: tls-auth using INLINE static key file
Sun Jun 30 22:38:39 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:39 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:39 2013 Socket Buffers: R=[126976->131072] S=[126976->131072]
Sun Jun 30 22:38:39 2013 UDPv4 link local: [undef]
Sun Jun 30 22:38:39 2013 UDPv4 link remote: [AF_INET]67.202.65.156:1194
Sun Jun 30 22:38:39 2013 TLS: Initial packet from [AF_INET]67.202.65.156:1194, sid=aa25978a fae68fb2
Sun Jun 30 22:38:39 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jun 30 22:38:39 2013 VERIFY OK: depth=1, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=blackVPN CA, emailAddress=staff@blackvpn.com
Sun Jun 30 22:38:39 2013 VERIFY OK: nsCertType=SERVER
Sun Jun 30 22:38:39 2013 VERIFY OK: depth=0, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=server, emailAddress=staff@blackvpn.com
Sun Jun 30 22:38:41 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 22:38:41 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:41 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 22:38:41 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:41 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jun 30 22:38:41 2013 [server] Peer Connection Initiated with [AF_INET]67.202.65.156:1194
Sun Jun 30 22:38:43 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jun 30 22:38:43 2013 AUTH: Received control message: AUTH_FAILED
Sun Jun 30 22:38:43 2013 SIGTERM[soft,auth-failure] received, process exiting
Last edited by thewisenoob (2013-07-01 02:47:34)
Offline
Paste your login_info file - and obfuscate the username and password.
Offline
The first line is the username and the second line is the password. I don't know how to obfuscate it.
Offline
Assuming that you have set it up correctly, you might want to talk to BlackVPN and see why auth is failing...
# edit: you could loosen (temporarily) the restrictions on the passwd file to see if that makes a difference.
Offline
It still prompts for a username and password after changing the login info file's permissions. I already opened a Support Ticket with BlackVPN. I'll (hopefully) post back with solution to my problem soon. Thanks for all your help, dude. :3
Offline
BlackVPN's support wasn't able to resolve my problem.
Offline
Pages: 1