You are not logged in.

#1 2016-09-30 21:26:42

mschewe
Member
Registered: 2016-09-22
Posts: 4

OpenVPN & Giganews VyprVpn

I am having some problems connecting with Giganews VyprVPN service.
The connection seems to work:

sudo openvpn /etc/openvpn/client.conf
Fri Sep 30 22:06:25 2016 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
Fri Sep 30 22:06:25 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Enter Auth Username: ******
Enter Auth Password: *********
Fri Sep 30 22:06:31 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Sep 30 22:06:32 2016 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Sep 30 22:06:32 2016 UDPv4 link local: [undef]
Fri Sep 30 22:06:32 2016 UDPv4 link remote: [AF_INET]209.99.109.41:443
Fri Sep 30 22:06:32 2016 TLS: Initial packet from [AF_INET]209.99.109.41:443, sid=0b4a313f 0165764a
Fri Sep 30 22:06:32 2016 VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=admin@goldenfrog.com
Fri Sep 30 22:06:32 2016 Validating certificate key usage
Fri Sep 30 22:06:32 2016 ++ Certificate has key usage  00a0, expects 00a0
Fri Sep 30 22:06:32 2016 VERIFY KU OK
Fri Sep 30 22:06:32 2016 Validating certificate extended key usage
Fri Sep 30 22:06:32 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Sep 30 22:06:32 2016 VERIFY EKU OK
Fri Sep 30 22:06:32 2016 VERIFY OK: depth=0, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=pa1.vpn.giganews.com, emailAddress=admin@goldenfrog.com
Fri Sep 30 22:06:33 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Sep 30 22:06:33 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Sep 30 22:06:33 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Sep 30 22:06:33 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Sep 30 22:06:33 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 30 22:06:33 2016 [pa1.vpn.giganews.com] Peer Connection Initiated with [AF_INET]209.99.109.41:443
Fri Sep 30 22:06:35 2016 SENT CONTROL [pa1.vpn.giganews.com]: 'PUSH_REQUEST' (status=1)
Fri Sep 30 22:06:36 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.3.41.1,explicit-exit-notify 5,rcvbuf 524288,route-gateway 10.3.41.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.3.41.76 255.255.255.0'
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Sep 30 22:06:36 2016 Socket Buffers: R=[212992->425984] S=[212992->212992]
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: route options modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: route-related options modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Sep 30 22:06:36 2016 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=enp0s31f6 HWADDR=c8:5b:76:37:8d:6a
Fri Sep 30 22:06:36 2016 TUN/TAP device tun0 opened
Fri Sep 30 22:06:36 2016 TUN/TAP TX queue length set to 100
Fri Sep 30 22:06:36 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 30 22:06:36 2016 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Sep 30 22:06:36 2016 /usr/bin/ip addr add dev tun0 10.3.41.76/24 broadcast 10.3.41.255
Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 209.99.109.41/32 via 192.168.178.1
Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 0.0.0.0/1 via 10.3.41.1
Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 128.0.0.0/1 via 10.3.41.1
Fri Sep 30 22:06:36 2016 GID set to nobody
Fri Sep 30 22:06:36 2016 UID set to nobody
Fri Sep 30 22:06:36 2016 Initialization Sequence Completed

Some services like speedtest.net use the correct VPN location.
Others like Google Analaystics can still detect my real location.

I believe this have something to do with my setup:

ArchLinux - 4.7.5-1-ARCH
openvpn --version                                                                                                                                                                                           1 ↵
OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
library vexplenationersions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no```
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun

# Use udp
proto udp

# Server connecting to
remote pa1.vpn.giganews.com 443

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# SSL/TLS parms
ca /etc/openvpn/ca.vyprvpn.com.crt

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
link-mtu 1570
auth SHA256

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3

# Ask for username and password
auth-user-pass

# Don't cache the password
auth-nocache
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.178.30  netmask 255.255.255.0  broadcast 192.168.178.255
        inet6 2001:XXXX:4044:dc01:XXXX:76ff:fe37:XXXX  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::XXXX:XXXX:fe37:XXXX  prefixlen 64  scopeid 0x20<link>
        ether c8:5b:76:37:XX:XX  txqueuelen 1000  (Ethernet)
        RX packets 15575  bytes 18449143 (17.5 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 11316  bytes 1595784 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xe1300000-e1320000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 245  bytes 81360 (79.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 245  bytes 81360 (79.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.3.41.76  netmask 255.255.255.0  destination 10.3.41.76
        inet6 fe80::db16:c86c:2293:1a64  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 298  bytes 176361 (172.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 721  bytes 79038 (77.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

In the router the internet provider gives me an IPv4 and IPv6 address.
I have tried to set the client.conf to the udp6 protocoll that should provide both but it failed resolving the vpn gateway. 

Does anybody have a working setup with dual stack and vyprvpn?

Last edited by mschewe (2016-09-30 21:27:10)

Offline

#2 2016-09-30 21:40:18

mschewe
Member
Registered: 2016-09-22
Posts: 4

Re: OpenVPN & Giganews VyprVpn

There seems to be a binary client https://support.goldenfrog.com/hc/en-us … -for-Linux but I don't want a closed source program since it is security relevant sad

Offline

Board footer

Powered by FluxBB