OpenVPN

ManuelBandito · May 12, 2015, 8:14pm

Hey, Is there an OpenVPN client / gui that works well in opensuse?

I’m trying to setup my VPN service with opensuse 13.2, I’m happy enough following my providers instructions for term use, but would prefer a gui for it. Any help greatly appreciated. Cheers

ManuelBandito · May 12, 2015, 8:54pm

Actually hmm … in Term it’s just freezing when connecting, any ideas?

deano_ferrari · May 12, 2015, 9:02pm

Which provider? Any particular command/script being run at the time it freezes?

There was a discussion some time back about OpenVPN providers and I added some notes about connecting via NetworkManager that may be helpful
https://forums.opensuse.org/showthread.php/504041-Advices-and-or-Beginners-script-or-guide-to-getting-started-with-openSUSE-and-a-VPN

wolfi323 · May 12, 2015, 9:03pm

NetworkManager supports OpenVPN as well.
You might have to install the package NetworkManager-openvpn though, I’m not sure whether it is installed by default, but it’s in the standard repos.

After switching from “Wicked Service” to NetworkManager in YaST->Network Devices->Network Settings->Global Options, you can just use your desktop’s network icon to connect to VPNs.

Another GUI would be kvpnc, which supports openVPN too:
https://userbase.kde.org/KVpnc
This is also available in the standard repos.

Personally, I don’t use OpenVPN at all though.

ManuelBandito · May 13, 2015, 9:22am

Thanks again wolfie, I’m gonna look at the discussion you linked me too and maybe try NetworkManager.

I will have another go this next day or two (bit under the weather atm) and will let you know how I get on. Thanks again

ManuelBandito · May 13, 2015, 12:51pm

O.K. so I’ve had another go at this and get not get anywhere. Is network manager openvpn a client program or controlled via terminal?

when using openvpn it brings up the following and then pauses indefinitely (I’m with Nordvpn btw have chatted with their tech guys but tbh they have not been very helpful beyond telling me the instructions I already have from the website).

 mark@linux-a421:/etc/openvpn> sudo openvpn es1.nordvpn.com.tcp443.ovpnWed May 13 11:44:52 2015 OpenVPN 2.3.4 i586-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May  1 2014
Wed May 13 11:44:52 2015 library versions: OpenSSL 1.0.1k-fips 8 Jan 2015, LZO 2.08
Enter Auth Username: *************
Enter Auth Password: *********
Wed May 13 11:45:00 2015 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed May 13 11:45:00 2015 NOTE: --fast-io is disabled since we are not using UDP
Wed May 13 11:45:00 2015 Control Channel Authentication: tls-auth using INLINE static key file
Wed May 13 11:45:00 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:00 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:00 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed May 13 11:45:00 2015 Attempting to establish TCP connection with [AF_INET]151.236.23.13:443 [nonblock]
Wed May 13 11:45:01 2015 TCP connection established with [AF_INET]151.236.23.13:443
Wed May 13 11:45:01 2015 TCPv4_CLIENT link local: [undef]
Wed May 13 11:45:01 2015 TCPv4_CLIENT link remote: [AF_INET]151.236.23.13:443
Wed May 13 11:45:02 2015 TLS: Initial packet from [AF_INET]151.236.23.13:443, sid=bb3d44ff 32972379
Wed May 13 11:45:02 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 13 11:45:03 2015 VERIFY OK: depth=1, C=ES, ST=ES, L=SanFrancisco, O=NordVPN, OU=ES, CN=vpn-es.nordvpn.com, name=vpn-es.nordvpn.com, emailAddress=mail@host.domain
Wed May 13 11:45:03 2015 Validating certificate key usage
Wed May 13 11:45:03 2015 ++ Certificate has key usage  00a0, expects 00a0
Wed May 13 11:45:03 2015 VERIFY KU OK
Wed May 13 11:45:03 2015 Validating certificate extended key usage
Wed May 13 11:45:03 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 13 11:45:03 2015 VERIFY EKU OK
Wed May 13 11:45:03 2015 VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=vpn-es.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Wed May 13 11:45:04 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed May 13 11:45:04 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:04 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed May 13 11:45:04 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:04 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed May 13 11:45:04 2015 [vpn-es.nordvpn.com] Peer Connection Initiated with [AF_INET]151.236.23.13:443
Wed May 13 11:45:06 2015 SENT CONTROL [vpn-es.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Wed May 13 11:45:06 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 198.7.63.141,dhcp-option DNS 78.46.223.24,route 10.7.7.1,topology net30,ping 5,ping-restart 30,ifconfig 10.7.7.146 10.7.7.145'
Wed May 13 11:45:06 2015 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 13 11:45:06 2015 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 13 11:45:06 2015 OPTIONS IMPORT: route options modified
Wed May 13 11:45:06 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed May 13 11:45:06 2015 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp9s4 HWADDR=00:0d:f0:3b:45:59
Wed May 13 11:45:07 2015 TUN/TAP device tun0 opened
Wed May 13 11:45:07 2015 TUN/TAP TX queue length set to 100
Wed May 13 11:45:07 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 13 11:45:07 2015 /bin/ip link set dev tun0 up mtu 1500
Wed May 13 11:45:07 2015 /bin/ip addr add dev tun0 local 10.7.7.146 peer 10.7.7.145
Wed May 13 11:45:07 2015 /bin/ip route add 151.236.23.13/32 via 192.168.1.254
Wed May 13 11:45:07 2015 /bin/ip route add 0.0.0.0/1 via 10.7.7.145
Wed May 13 11:45:07 2015 /bin/ip route add 128.0.0.0/1 via 10.7.7.145
Wed May 13 11:45:07 2015 /bin/ip route add 10.7.7.1/32 via 10.7.7.145
Wed May 13 11:45:07 2015 Initialization Sequence Completed

Hope someone can help me out with this as I’m running out of things to try (have been trawling google but cannot find anything that helps). Oh I know it kind of looks like it’s connected, but it has not as my ip address does not change. Cheers

wolfi323 · May 13, 2015, 12:59pm

Neither.
NetworkManager-openvpn is a plugin for NetworkManager. If it’s installed, you should be able to add and connect to openvpn VPN connections with any NetworkManager frontend, e.g. the desktop’s networkmanagement icon in the system tray.

when using openvpn it brings up the following and then pauses indefinitely (I’m with Nordvpn btw have chatted with their tech guys but tbh they have not been very helpful beyond telling me the instructions I already have from the website).

You should rather create a config for the vpn connection in /etc/openvpn/ and start/stop it with “systemctl start openvpn@myconfig” and similar, I think.
But as I said, I don’t have any experience with openvpn.

ManuelBandito · May 13, 2015, 1:18pm

Hi Wolfie,

I did figure out the network manager thing - DOH! lol I have added it and given it the corresponding ca file (nord provides ca files and tls keys, am assuming network manager just wants the ca file). I do however get the same issue, only with network manager I get the circle around the wi-fi (on sys tray) as it’s trying to connect, then it just drops out.

Not sure about creating config files. Tbh I’m starting to wonder about going back to Astrill as they provide a standalone client for linux (have used it in past) just a shame as still have sub left to NordVpn. I really hoped this would be easier to figure out lol. Oh before I go Nord asked me to make sure certain ports were open, do I check that via the firewall?

Cheers for your assistance

wolfi323 · May 13, 2015, 2:08pm

Might be related to OpenVPN does not work under opensuse 13.2 - Network/Internet - openSUSE Forums ?
You might try this workaround in the bug report:
https://bugzilla.opensuse.org/show_bug.cgi?id=904511#c10

ManuelBandito · May 13, 2015, 3:56pm

Sorry but none of those workarounds seem to help I did find an openvpn gui in OAST, but that hangs at step 4 of the install … this is seriously getting annoying now, I thank you for your help Wolfie and i’m just getting a little frustrated with the difficulty setting this up lol
.

hendersj · May 13, 2015, 6:08pm

On Tue, 12 May 2015 18:16:01 +0000, ManuelBandito wrote:

> Hey, Is there an OpenVPN client / gui that works well in opensuse?

I’ve had good success with NetworkManager, actually.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

lorenzodes · May 13, 2015, 6:39pm

ManuelBandito:

O.K. so I’ve had another go at this and get not get anywhere. Is network manager openvpn a client program or controlled via terminal?

when using openvpn it brings up the following and then pauses indefinitely (I’m with Nordvpn btw have chatted with their tech guys but tbh they have not been very helpful beyond telling me the instructions I already have from the website).

 mark@linux-a421:/etc/openvpn> sudo openvpn es1.nordvpn.com.tcp443.ovpnWed May 13 11:44:52 2015 OpenVPN 2.3.4 i586-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May  1 2014
Wed May 13 11:44:52 2015 library versions: OpenSSL 1.0.1k-fips 8 Jan 2015, LZO 2.08
Enter Auth Username: *************
Enter Auth Password: *********
Wed May 13 11:45:00 2015 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed May 13 11:45:00 2015 NOTE: --fast-io is disabled since we are not using UDP
Wed May 13 11:45:00 2015 Control Channel Authentication: tls-auth using INLINE static key file
Wed May 13 11:45:00 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:00 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:00 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed May 13 11:45:00 2015 Attempting to establish TCP connection with [AF_INET]151.236.23.13:443 [nonblock]
Wed May 13 11:45:01 2015 TCP connection established with [AF_INET]151.236.23.13:443
Wed May 13 11:45:01 2015 TCPv4_CLIENT link local: [undef]
Wed May 13 11:45:01 2015 TCPv4_CLIENT link remote: [AF_INET]151.236.23.13:443
Wed May 13 11:45:02 2015 TLS: Initial packet from [AF_INET]151.236.23.13:443, sid=bb3d44ff 32972379
Wed May 13 11:45:02 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 13 11:45:03 2015 VERIFY OK: depth=1, C=ES, ST=ES, L=SanFrancisco, O=NordVPN, OU=ES, CN=vpn-es.nordvpn.com, name=vpn-es.nordvpn.com, emailAddress=mail@host.domain
Wed May 13 11:45:03 2015 Validating certificate key usage
Wed May 13 11:45:03 2015 ++ Certificate has key usage  00a0, expects 00a0
Wed May 13 11:45:03 2015 VERIFY KU OK
Wed May 13 11:45:03 2015 Validating certificate extended key usage
Wed May 13 11:45:03 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 13 11:45:03 2015 VERIFY EKU OK
Wed May 13 11:45:03 2015 VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=vpn-es.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Wed May 13 11:45:04 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed May 13 11:45:04 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:04 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed May 13 11:45:04 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 11:45:04 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed May 13 11:45:04 2015 [vpn-es.nordvpn.com] Peer Connection Initiated with [AF_INET]151.236.23.13:443
Wed May 13 11:45:06 2015 SENT CONTROL [vpn-es.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Wed May 13 11:45:06 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 198.7.63.141,dhcp-option DNS 78.46.223.24,route 10.7.7.1,topology net30,ping 5,ping-restart 30,ifconfig 10.7.7.146 10.7.7.145'
Wed May 13 11:45:06 2015 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 13 11:45:06 2015 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 13 11:45:06 2015 OPTIONS IMPORT: route options modified
Wed May 13 11:45:06 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed May 13 11:45:06 2015 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp9s4 HWADDR=00:0d:f0:3b:45:59
Wed May 13 11:45:07 2015 TUN/TAP device tun0 opened
Wed May 13 11:45:07 2015 TUN/TAP TX queue length set to 100
Wed May 13 11:45:07 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 13 11:45:07 2015 /bin/ip link set dev tun0 up mtu 1500
Wed May 13 11:45:07 2015 /bin/ip addr add dev tun0 local 10.7.7.146 peer 10.7.7.145
Wed May 13 11:45:07 2015 /bin/ip route add 151.236.23.13/32 via 192.168.1.254
Wed May 13 11:45:07 2015 /bin/ip route add 0.0.0.0/1 via 10.7.7.145
Wed May 13 11:45:07 2015 /bin/ip route add 128.0.0.0/1 via 10.7.7.145
Wed May 13 11:45:07 2015 /bin/ip route add 10.7.7.1/32 via 10.7.7.145
Wed May 13 11:45:07 2015 Initialization Sequence Completed

Hope someone can help me out with this as I’m running out of things to try (have been trawling google but cannot find anything that helps). Oh I know it kind of looks like it’s connected, but it has not as my ip address does not change. Cheers

I can’t see anything wrong in the logs above, of course it hangs, the --daemon directive is missing, thus it never never becomes a daemon.

Try with:


sudo openvpn --daemon --config es1.nordvpn.com.tcp443.ovpn

ManuelBandito · May 13, 2015, 10:12pm

Re lorenzodes

I can’t see anything wrong in the logs above, of course it hangs, the --daemon directive is missing, thus it never never becomes a daemon.

Try with:
Code:
sudo openvpn --daemon --config es1.nordvpn.com.tcp443.ovpn

This seemed to do something as tun0 appeared in the network tray however this just froze my entire connection and had to restart opensuse just to get it working again, even though it reported my wireless connection and tun0 as connected … hmm. Any further ideas?

Many thanks and Jim, I’m pleased you’ve managed it with NM however it does not seem to do a great deal for me :(, thanks though

lorenzodes · May 14, 2015, 1:11am

a routing problem, perhaps.

When the connection hangs, what does “route -n” return?

user · May 14, 2015, 3:15pm

Цитата=ManuelBandito;2709599]Эй, есть клиент openvpn в / графический интерфейс, который хорошо работает в в openSUSE?

Я пытаюсь настроить мой сервис по VPN в openSUSE 13.2 или нет, я вполне счастлива, что после моих провайдеров инструкции по срок использование, но предпочел бы ГУЙ для него. Любая помощь с благодарностью. Ура/Цитата]

Whoer.net – сервис проверки передаваемой компьютером информации
в Интернете.

рекомендую полезный сервис http://whoer.net/

Он идеально подходит для проверки прокси серверов и носки, поговорим о вашем ВПН-сервера
проверьте его IP-адрес, чтобы найти в черные простыни, указать,
если включен флеш и Ява на вашем компьютере, каковы его
язык и параметры системы
какая установлена ОС и браузер, определит DNS И и т. д.

видео-обзор: https://youtu.be/d74cM178saI

lorenzodes · May 14, 2015, 3:26pm

In English, please

hendersj · May 14, 2015, 8:36pm

On Wed, 13 May 2015 20:16:01 +0000, ManuelBandito wrote:

> Many thanks and Jim, I’m pleased you’ve managed it with NM however it
> does not seem to do a great deal for me :(, thanks though

If it doesn’t work for you, that’s something we can troubleshoot with
some information about what didn’t work and contents of log files.
Rather than throw out what’s in there by default, maybe spending some
time getting it working would be a better approach.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

ManuelBandito · May 15, 2015, 1:51pm

Hi just spotted your reply sorry … I will try this today or tomorrow and get back to you, cheers

karlheinrich · May 20, 2015, 3:29pm

I agree it may be a routing problem. It may be a firewall problem as well.
Output of the command ‘iptables -L -nv’ might help to assess that possibility.