You are not logged in.
- Topics: Active | Unanswered
#1 2018-02-07 12:43:37
- SmegmaDong
- Member
- Registered: 2018-02-07
- Posts: 12
OpenVPN connection issues.
This is my first installation of Arch linux and I'm having a problem establishing an internet connection via OpenVPN. When I start the VPN from the command line
sudo openvpn us873.nordvpn.com.udp.ovpnit ends saying I'm connected, but I have no internet. To my knowledge I'm not behind a firewall. The output from the command line after starting OpenVPN is:
Wed Feb 7 07:40:46 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed Feb 7 07:40:46 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 7 07:40:46 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 7 07:40:46 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]181.215.110.243:1194
Wed Feb 7 07:40:46 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 7 07:40:46 2018 UDP link local: (not bound)
Wed Feb 7 07:40:46 2018 UDP link remote: [AF_INET]181.215.110.243:1194
Wed Feb 7 07:40:46 2018 TLS: Initial packet from [AF_INET]181.215.110.243:1194, sid=9dd86900 fa426d97
Wed Feb 7 07:40:46 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb 7 07:40:47 2018 VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us873.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Wed Feb 7 07:40:47 2018 VERIFY KU OK
Wed Feb 7 07:40:47 2018 Validating certificate extended key usage
Wed Feb 7 07:40:47 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Feb 7 07:40:47 2018 VERIFY EKU OK
Wed Feb 7 07:40:47 2018 VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us873.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Wed Feb 7 07:40:47 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Feb 7 07:40:47 2018 [us873.nordvpn.com] Peer Connection Initiated with [AF_INET]181.215.110.243:1194
Wed Feb 7 07:40:48 2018 SENT CONTROL [us873.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Wed Feb 7 07:40:49 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.146 255.255.255.0,peer-id 29,cipher AES-256-GCM'
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Wed Feb 7 07:40:49 2018 Socket Buffers: R=[212992->425984] S=[212992->425984]
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: route options modified
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: route-related options modified
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: peer-id set
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: adjusting link_mtu to 1657
Wed Feb 7 07:40:49 2018 OPTIONS IMPORT: data channel crypto options modified
Wed Feb 7 07:40:49 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Feb 7 07:40:49 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb 7 07:40:49 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb 7 07:40:49 2018 ROUTE_GATEWAY 10.223.0.1/255.255.248.0 IFACE=wlp3s0 HWADDR=70:1a:04:31:84:37
Wed Feb 7 07:40:49 2018 TUN/TAP device tun0 opened
Wed Feb 7 07:40:49 2018 TUN/TAP TX queue length set to 100
Wed Feb 7 07:40:49 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Feb 7 07:40:49 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Wed Feb 7 07:40:49 2018 /usr/bin/ip addr add dev tun0 10.8.8.146/24 broadcast 10.8.8.255
Wed Feb 7 07:40:49 2018 /usr/bin/ip route add 181.215.110.243/32 via 10.223.0.1
Wed Feb 7 07:40:49 2018 /usr/bin/ip route add 0.0.0.0/1 via 10.8.8.1
Wed Feb 7 07:40:49 2018 /usr/bin/ip route add 128.0.0.0/1 via 10.8.8.1
Wed Feb 7 07:40:49 2018 Initialization Sequence CompletedOffline
#2 2018-02-07 15:13:55
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,770
Re: OpenVPN connection issues.
You are connected. What are the contents of /etc/resolve.conf ?
Edit: Oh, BTW, Welcome to the Arch Linux forums.
Last edited by ewaller (2018-02-07 15:14:36)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#3 2018-02-07 15:27:59
- SmegmaDong
- Member
- Registered: 2018-02-07
- Posts: 12
Re: OpenVPN connection issues.
Here's what resolv.conf says:
# Generated by resolvconf
nameserver 63.159.209.244
nameserver 65.125.181.244Offline
#4 2018-02-07 15:53:16
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,770
Re: OpenVPN connection issues.
It looks like you don't own the machine that is providing the VPN service.
My guess is that us873.nordvpn.com cannot see the nameservers at Quest communications.
Can you ping 138.201.81.199 ? (an Arch server)
What if you edit /etc/resolv.conf and point your nameserver at 8.8.8.8 ?
Last edited by ewaller (2018-02-07 15:53:35)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#5 2018-02-07 16:08:38
- SmegmaDong
- Member
- Registered: 2018-02-07
- Posts: 12
Re: OpenVPN connection issues.
Interesting. Now it's working. I added nameserver 8.8.8.8 to my resolv.conf file. Can you explain why it's working after I did that?
Offline
#6 2018-02-07 16:19:57
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,770
Re: OpenVPN connection issues.
Your ISP (it appears to be Quest) may not route requests to their DNS name servers that do not originate within their network. This is not uncommon; ISPs provide those servers for their customers. Your /etc/resolv.conf is configured to look at Quests servers, but once you VPN to nordvpn.com, your packets no longer appear to originate from inside of Quest's network -- they appear to be from nordvpn.com, so they are blocked. 8.8.8.8 is a publicly available server provided by Google.
To make this permanent, you can either configure it to use Google (or other public servers) when connected to VPN, or use a nameserver provided by nordvpn.com. In my case, I VPN into my machine at home. I configure my client to use the DNS server of my router -- 192.168.1.1. That router reaches out to my ISP (Charter) to use thier servers.
You may want to look at https://wiki.archlinux.org/index.php/OpenVPN#DNS
Last edited by ewaller (2018-02-07 16:20:32)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#7 2018-02-07 16:24:53
- SmegmaDong
- Member
- Registered: 2018-02-07
- Posts: 12
Re: OpenVPN connection issues.
Great. Thanks a lot.
Offline