You are not logged in.

#1 2013-06-30 23:52:08

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

BlackVPN with OpenVPN

I'm having trouble setting up my BlackVPN service with OpenVPN. I've never used VPN before and I want to use CLI only.

This guide didn't help much. I moved the config file to the location they specified and tried setting up this shell script, but I don't know how to get past the symbolic link step.

Please tell me to link any error information that would be useful.

Offline

#2 2013-07-01 00:02:11

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

The wiki has the details: https://wiki.archlinux.org/index.php/Op … figuration

Essentially, once you have setup the relevant $location.conf file, enable the systemd service of the same name; eg:

systemctl enable openvpn@blackvpn_canada.service

# edit: this assumes you are running systemd, naturally. In which case, that shell script is of no use...


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#3 2013-07-01 00:09:31

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

I don't know how to setup the configuration file. hmm  This is the one BlackVPN provides:

client
dev tun
fast-io
persist-key
persist-tun
nobind
remote vpn.blackvpn.com 1194
pull
comp-lzo
tls-client
tls-remote server
ns-cert-type server
ca [inline]
tls-auth [inline] 1
<ca>
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIJAOPuri2QIDM5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
BAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQK
EwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEW
EnN0YWZmQGJsYWNrdnBuLmNvbTAeFw0wOTA1MjAwNTQ0NTBaFw0xOTA1MTgwNTQ0
NTBaMHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVy
ZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAf
BgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOIUad4+6krAixyWDPbppNlW7wDhp3zYtZu59XzazgSX
4D77ifTC11HzkpwBkARNn5Rd4MyhObIpT4F/EcDkWJXfDDt44mAVl9kgHDjJgPle
CJBm5ZEsPw9ls0gqN/ApmExueH9mXCwYiwROT2t92/GyGfB+oguBv68vuNVrDafz
fVsf/TxdQdVkM4RUj7y9QbeHdjHgo1aqkDr9BhhVYii4F7wUo6+qazbPBpXJvjpM
DeWlaTW2hvBhB4QCam9AakP3GW9Fiwvi0DEXKNI7EFjHWpmX6ICZ2MSx/LiUkMYW
ebkz8JNwbCvaFOjkB5Frb4xB87sFKNzLIdTIl5KfcfkCAwEAAaOB3zCB3DAdBgNV
HQ4EFgQUWRZFT+il66elZ6sbAdYTGmkU5q8wgawGA1UdIwSBpDCBoYAUWRZFT+il
66elZ6sbAdYTGmkU5q+hfqR8MHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDES
MBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxML
YmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbYIJ
AOPuri2QIDM5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADGNe5p8
eBGi1cC5iYXQO44tWBgKLNXcsqsCWKPvcLOh8KyX5/8TpGLioDStr/z02CIQJ3Fy
OBaP2mpwkfb4ctEL+9NUAt4JYFPUKs1U41SZYsfPYS/ptMpYqpv1HJrjkAiZ93Ee
ukjfmmXTUWOKnWPoEpLmDamAfJcf9Am9jCUp0Z1ft7D9hQAoZsSjijhjjPjebTsL
p17Y1bEumDxatos59QITIxGfce2uagZwYxjEhQfABpgOogWC4EBViKaBgnHMbIuq
RexZ82khzythObj8PrNhfDlmRzP3L5u+MMAoF+S9woPEpZmqQBlXMw+VRJQefuCB
ZI3/zBiITVi3tx4=
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
8710f3bba39e8411858d66615f77a4b1
42a6c573bfadd4b5dcb212ca420ef0d7
212bba9693f0ddcdca129c661e44b9e8
4749ad5929c030b68cfd7fd1a345ac52
26b66b356aefd21b102ade0a9c75b0e5
0093b1ec012d27c2cb53b166086c844b
686c42a8c81dbbe07a0982e16c0ee8d0
782d3999cc6d7fc6063ec53860fe6f71
72db9f5db85d892aa676e8b5410d0143
77f62582eb90204395d02003181933db
7346978c2cf7c1a8b5031aa890199600
4d70ea6bc915ed555d351c1beafc1cfc
e4fa675fa67569ac3179c77ba8a113db
7153a8ac59d82aa03249376be059bb3a
a14e9ad19abaadf089463bcf2d0e16e1
cb3a5bbe98152ddd95437f47bd044ba6
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-256-CBC
verb 3
mute 10
auth-user-pass 

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

I'm confused by parts of that guide. I'm not sure what's relevant to me and what is not. I belive I may need to make ca, cert, key, and dh files, but I'm not sure what information goes in which.

Last edited by thewisenoob (2013-07-01 00:19:19)

Offline

#4 2013-07-01 00:19:51

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

The wiki has a section on it: https://wiki.archlinux.org/index.php/Op … ation_file
Please read through that rather than ask for handholding here.

Have you tried using the default provided by BlackVPN? FWIW: it looks good to go.

If you don't want to be prompted for a password at start, you can add a field:

auth-user-pass /etc/openvpn/yourpassfile

Make sure it has the appropriate permissions on it.


# edit the conf file is telling you that the ca.cert is [inline], you don't have to break it out unless you want to.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#5 2013-07-01 00:38:36

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

When I Test the OpenVPN configuration with this:

sudo openvpn /etc/openvpn/server.conf

I get this error:

Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory
Options error: Please correct this error.

I never saw anything about making update-resolv-conf or where to get it or what it even is. I'm sorry I'm asking for handholding. I tried figuring it out how to configure OpenVPN via the Wiki, but I wasn't able to.

Last edited by thewisenoob (2013-07-01 00:39:27)

Offline

#6 2013-07-01 00:47:06

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

Remove those lines from the conf file and try again (they probably are only relevant for debian-based distributions).

And shouldn't you be running something like:

sudo openvpn /etc/openvpn/blackvpn_canada.conf

Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#7 2013-07-01 00:55:21

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

I commented out those lines, saved and then ran

sudo openvpn /etc/openvpn/server.conf

which prompted me for my username and password. After entering them, I got this output:

Sun Jun 30 20:50:17 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jun 30 20:50:17 2013 Control Channel Authentication: tls-auth using INLINE static key file
Sun Jun 30 20:50:17 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:17 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:17 2013 Socket Buffers: R=[126976->131072] S=[126976->131072]
Sun Jun 30 20:50:18 2013 UDPv4 link local: [undef]
Sun Jun 30 20:50:18 2013 UDPv4 link remote: [AF_INET]199.180.113.130:1194
Sun Jun 30 20:50:18 2013 TLS: Initial packet from [AF_INET]199.180.113.130:1194, sid=aad0b035 5c78ce98
Sun Jun 30 20:50:18 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jun 30 20:50:18 2013 VERIFY OK: depth=1, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=blackVPN CA, emailAddress=staff@blackvpn.com
Sun Jun 30 20:50:18 2013 VERIFY OK: nsCertType=SERVER
Sun Jun 30 20:50:18 2013 VERIFY OK: depth=0, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=server, emailAddress=staff@blackvpn.com
Sun Jun 30 20:50:20 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 20:50:20 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:20 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 20:50:20 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 20:50:20 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jun 30 20:50:20 2013 [server] Peer Connection Initiated with [AF_INET]199.180.113.130:1194
Sun Jun 30 20:50:22 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jun 30 20:50:22 2013 AUTH: Received control message: AUTH_FAILED
Sun Jun 30 20:50:22 2013 SIGTERM[soft,auth-failure] received, process exiting

I don't know what most of that means, but it seems to be failing in some way.

Last edited by thewisenoob (2013-07-01 00:56:42)

Offline

#8 2013-07-01 01:00:40

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

Sun Jun 30 20:50:22 2013 AUTH: Received control message: AUTH_FAILED


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#9 2013-07-01 01:05:40

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

Does that mean my login information isn't working? I entered my username and password multiple times. I know I'm entering them correctly.

Offline

#10 2013-07-01 01:14:17

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

It means that the login/username is incorrect for that conf file. As I said in post #6, you seem to be trying to run the wrong conf...

I downloaded the blackvpn.zip and there is no server.conf there. Pick a location you want to connect to and use that:
https://wiki.archlinux.org/index.php/Op … al_startup


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#11 2013-07-01 01:52:39

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

I had renamed blackvpn_usa.conf to server.conf. I added the auth-user-pass field to the configuration file and set the login information file permission to 400. Does that seem like a good choice? Then, I enabled the systemd service of the same name. How do I know it's working?

Offline

#12 2013-07-01 02:04:02

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

The output of `ip addr` should show a tun interface. Your external IP should also have changed.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#13 2013-07-01 02:13:13

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

No tun interface appears. Just lo and enp2s0. I'm sorry I'm so incompetent. I really appreciate the help.

Offline

#14 2013-07-01 02:23:03

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

Make sure it works manually before enabling the service file.

What errors did it print. Did you set up your auth file correctly?
https://wiki.archlinux.org/index.php/Op … the_client


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#15 2013-07-01 02:31:44

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

This is my blackvpn_usa.conf file now:

client
dev tun
fast-io
persist-key
persist-tun
nobind
remote vpn.blackvpn.com 1194
pull
comp-lzo
tls-client
#tls-remote server
ns-cert-type server
auth-user-pass login_info
ca [inline]
tls-auth [inline] 1
<ca>
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIJAOPuri2QIDM5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
BAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQK
EwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEW
EnN0YWZmQGJsYWNrdnBuLmNvbTAeFw0wOTA1MjAwNTQ0NTBaFw0xOTA1MTgwNTQ0
NTBaMHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDESMBAGA1UEBxMJQW1zdGVy
ZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxMLYmxhY2tWUE4gQ0ExITAf
BgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOIUad4+6krAixyWDPbppNlW7wDhp3zYtZu59XzazgSX
4D77ifTC11HzkpwBkARNn5Rd4MyhObIpT4F/EcDkWJXfDDt44mAVl9kgHDjJgPle
CJBm5ZEsPw9ls0gqN/ApmExueH9mXCwYiwROT2t92/GyGfB+oguBv68vuNVrDafz
fVsf/TxdQdVkM4RUj7y9QbeHdjHgo1aqkDr9BhhVYii4F7wUo6+qazbPBpXJvjpM
DeWlaTW2hvBhB4QCam9AakP3GW9Fiwvi0DEXKNI7EFjHWpmX6ICZ2MSx/LiUkMYW
ebkz8JNwbCvaFOjkB5Frb4xB87sFKNzLIdTIl5KfcfkCAwEAAaOB3zCB3DAdBgNV
HQ4EFgQUWRZFT+il66elZ6sbAdYTGmkU5q8wgawGA1UdIwSBpDCBoYAUWRZFT+il
66elZ6sbAdYTGmkU5q+hfqR8MHoxCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJOTDES
MBAGA1UEBxMJQW1zdGVyZGFtMREwDwYDVQQKEwhibGFja1ZQTjEUMBIGA1UEAxML
YmxhY2tWUE4gQ0ExITAfBgkqhkiG9w0BCQEWEnN0YWZmQGJsYWNrdnBuLmNvbYIJ
AOPuri2QIDM5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADGNe5p8
eBGi1cC5iYXQO44tWBgKLNXcsqsCWKPvcLOh8KyX5/8TpGLioDStr/z02CIQJ3Fy
OBaP2mpwkfb4ctEL+9NUAt4JYFPUKs1U41SZYsfPYS/ptMpYqpv1HJrjkAiZ93Ee
ukjfmmXTUWOKnWPoEpLmDamAfJcf9Am9jCUp0Z1ft7D9hQAoZsSjijhjjPjebTsL
p17Y1bEumDxatos59QITIxGfce2uagZwYxjEhQfABpgOogWC4EBViKaBgnHMbIuq
RexZ82khzythObj8PrNhfDlmRzP3L5u+MMAoF+S9woPEpZmqQBlXMw+VRJQefuCB
ZI3/zBiITVi3tx4=
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
8710f3bba39e8411858d66615f77a4b1
42a6c573bfadd4b5dcb212ca420ef0d7
212bba9693f0ddcdca129c661e44b9e8
4749ad5929c030b68cfd7fd1a345ac52
26b66b356aefd21b102ade0a9c75b0e5
0093b1ec012d27c2cb53b166086c844b
686c42a8c81dbbe07a0982e16c0ee8d0
782d3999cc6d7fc6063ec53860fe6f71
72db9f5db85d892aa676e8b5410d0143
77f62582eb90204395d02003181933db
7346978c2cf7c1a8b5031aa890199600
4d70ea6bc915ed555d351c1beafc1cfc
e4fa675fa67569ac3179c77ba8a113db
7153a8ac59d82aa03249376be059bb3a
a14e9ad19abaadf089463bcf2d0e16e1
cb3a5bbe98152ddd95437f47bd044ba6
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-256-CBC
verb 3
mute 10
auth-user-pass 

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

The login info is in a file called login_info in /etc/openvpn. When I start it manually with

 sudo openvpn /etc/openvpn/blackvpn_usa.conf

I'm still promoted for the username and password and I still get the same authorization failure as last time.

Offline

#16 2013-07-01 02:36:52

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

You need to change the auth line

auth-user-pass

should read

auth-user-pass /etc/openvpn/login_info

I'd also comment out/remove the last two lines.

# edit and why have you commented out tls-remote? That does ship with the blackvpn files.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#17 2013-07-01 02:47:16

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

I made those changes, but it doesn't seem to affect the output. It's still:

Sun Jun 30 22:38:39 2013 Control Channel Authentication: tls-auth using INLINE static key file
Sun Jun 30 22:38:39 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:39 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:39 2013 Socket Buffers: R=[126976->131072] S=[126976->131072]
Sun Jun 30 22:38:39 2013 UDPv4 link local: [undef]
Sun Jun 30 22:38:39 2013 UDPv4 link remote: [AF_INET]67.202.65.156:1194
Sun Jun 30 22:38:39 2013 TLS: Initial packet from [AF_INET]67.202.65.156:1194, sid=aa25978a fae68fb2
Sun Jun 30 22:38:39 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jun 30 22:38:39 2013 VERIFY OK: depth=1, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=blackVPN CA, emailAddress=staff@blackvpn.com
Sun Jun 30 22:38:39 2013 VERIFY OK: nsCertType=SERVER
Sun Jun 30 22:38:39 2013 VERIFY OK: depth=0, C=NL, ST=NL, L=Amsterdam, O=blackVPN, CN=server, emailAddress=staff@blackvpn.com
Sun Jun 30 22:38:41 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 22:38:41 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:41 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 30 22:38:41 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 30 22:38:41 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jun 30 22:38:41 2013 [server] Peer Connection Initiated with [AF_INET]67.202.65.156:1194
Sun Jun 30 22:38:43 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jun 30 22:38:43 2013 AUTH: Received control message: AUTH_FAILED
Sun Jun 30 22:38:43 2013 SIGTERM[soft,auth-failure] received, process exiting

Last edited by thewisenoob (2013-07-01 02:47:34)

Offline

#18 2013-07-01 02:50:44

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

Paste your login_info file - and obfuscate the username and password.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#19 2013-07-01 02:57:57

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

The first line is the username and the second line is the password. I don't know how to obfuscate it.

Offline

#20 2013-07-01 04:28:00

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,019
Website

Re: BlackVPN with OpenVPN

Assuming that you have set it up correctly, you might want to talk to BlackVPN and see why auth is failing...

# edit: you could loosen (temporarily) the restrictions on the passwd file to see if that makes a difference.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#21 2013-07-01 05:00:14

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

It still prompts for a username and password after changing the login info file's permissions. I already opened a Support Ticket with BlackVPN. I'll (hopefully) post back with solution to my problem soon. Thanks for all your help, dude. :3

Offline

#22 2013-07-01 17:34:08

thewisenoob
Member
Registered: 2013-05-16
Posts: 20

Re: BlackVPN with OpenVPN

BlackVPN's support wasn't able to resolve my problem. hmm

Offline

Board footer

Powered by FluxBB