How to setup VPN?

Nederland · May 12, 2014, 6:20pm

Hello,

I have followed the guide at https://www.whonix.org/wiki/TestVPN and concluded that I want a GUI, since I’ll have to use it everyday.

I’m pretty proud of myself that I got the network-manager-KDE to work with VPN as shown in this screenshot:

However, I have no idea how to connect to the VPN itself… I can’t find a “connect” button or anything else…

Clicking on the VPN server under “connections” doesn’t do anything…:

Can somebody help me out?

Thanks in advance!

Patrick · May 13, 2014, 5:31pm

There is no connect button. It automatically connects. Consider asking in general Linux or KDE support channels if you need more help.

I guess you’re better off using command line and autostarting VPN and/or having small scripts as shortcuts to start/stop VPN.

Nederland · May 13, 2014, 6:08pm

Thanks for your answer, Patrick. I tried using the command line, but it won’t connect… Here is the log:

user@host:~/vpn$ sudo openvpn /home/user/vpn/vpn.ovpn Tue May 13 19:58:26 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013 Enter Auth Username:user Enter Auth Password: Tue May 13 19:58:30 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue May 13 19:58:30 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue May 13 19:58:30 2014 LZO compression initialized Tue May 13 19:58:30 2014 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue May 13 19:58:30 2014 Socket Buffers: R=[163840->131072] S=[163840->131072] Tue May 13 19:58:31 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue May 13 19:58:31 2014 Local Options hash (VER=V4): '41690919' Tue May 13 19:58:31 2014 Expected Remote Options hash (VER=V4): '530fdded' Tue May 13 19:58:31 2014 UDPv4 link local: [undef] Tue May 13 19:58:31 2014 UDPv4 link remote: [AF_INET]212.7.***.***:1194 Tue May 13 19:59:31 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue May 13 19:59:31 2014 TLS Error: TLS handshake failed Tue May 13 19:59:31 2014 TCP/UDP: Closing socket Tue May 13 19:59:31 2014 SIGUSR1[soft,tls-error] received, process restarting Tue May 13 19:59:31 2014 Restart pause, 2 second(s)

Can anyone see what the problem is?..

Patrick · May 13, 2014, 10:12pm

UDP is not supported by the Tor network. You have to configure it to use TCP. Hopefully your VPN provider supports it.

thelasttime · May 14, 2014, 12:36pm

I’m sorry to ask this but why do you want to install a VPN on your Workstation and not upstream on your physical machine ?

Regards,

Nederland · May 14, 2014, 3:33pm

@thelasttime

Because I want a fixed exit node…

@Patrick,

I tried connecting to a demo vpn from usaip.eu, and I think I connected successfully, but the IP stays the same…
Here is the log:

Type: "whonix" for help. user@host:~$ cd /home/user/usaip user@host:~/usaip$ sudo openvpn /home/user/usaip/Netherlands.ovpn [sudo] password for user: Wed May 14 17:29:28 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013 Enter Auth Username:demo Enter Auth Password: Wed May 14 17:29:30 2014 WARNING: --ping should normally be used with --ping-restart or --ping-exit Wed May 14 17:29:30 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed May 14 17:29:30 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Wed May 14 17:29:30 2014 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ] Wed May 14 17:29:30 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed May 14 17:29:30 2014 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ] Wed May 14 17:29:30 2014 Local Options hash (VER=V4): '10f35004' Wed May 14 17:29:30 2014 Expected Remote Options hash (VER=V4): 'a917298a' Wed May 14 17:29:30 2014 Attempting to establish TCP connection with [AF_INET]37.59.206.88:993 [nonblock] Wed May 14 17:29:31 2014 TCP connection established with [AF_INET]37.59.206.88:993 Wed May 14 17:29:31 2014 TCPv4_CLIENT link local: [undef] Wed May 14 17:29:31 2014 TCPv4_CLIENT link remote: [AF_INET]37.59.206.88:993 Wed May 14 17:29:31 2014 TLS: Initial packet from [AF_INET]37.59.206.88:993, sid=52695376 059b0f87 Wed May 14 17:29:31 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed May 14 17:29:31 2014 VERIFY OK: depth=1, /C=US/ST=NA/L=USAIP/O=USAIP/emailAddress=info@usaip.eu Wed May 14 17:29:31 2014 VERIFY OK: depth=0, /C=US/ST=NA/O=USAIP/OU=usaip/CN=usaip/emailAddress=info@usaip.eu Wed May 14 17:29:32 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed May 14 17:29:32 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 14 17:29:32 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed May 14 17:29:32 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 14 17:29:32 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed May 14 17:29:32 2014 [usaip] Peer Connection Initiated with [AF_INET]37.59.206.88:993 Wed May 14 17:29:34 2014 SENT CONTROL [usaip]: 'PUSH_REQUEST' (status=1) Wed May 14 17:29:39 2014 SENT CONTROL [usaip]: 'PUSH_REQUEST' (status=1) Wed May 14 17:29:44 2014 SENT CONTROL [usaip]: 'PUSH_REQUEST' (status=1) Wed May 14 17:29:44 2014 PUSH: Received control message: 'PUSH_REPLY,ping 20,ping-restart 60,route-gateway 172.31.255.254,ifconfig 172.31.156.5 255.255.0.0' Wed May 14 17:29:44 2014 OPTIONS IMPORT: timers and/or timeouts modified Wed May 14 17:29:44 2014 OPTIONS IMPORT: --ifconfig/up options modified Wed May 14 17:29:44 2014 OPTIONS IMPORT: route-related options modified Wed May 14 17:29:44 2014 ROUTE default_gateway=192.168.0.10 Wed May 14 17:29:44 2014 TUN/TAP device tap0 opened Wed May 14 17:29:44 2014 TUN/TAP TX queue length set to 100 Wed May 14 17:29:44 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed May 14 17:29:44 2014 /sbin/ifconfig tap0 172.31.156.5 netmask 255.255.0.0 mtu 1500 broadcast 172.31.255.255 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.0 netmask 255.255.255.192 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.64 netmask 255.255.255.240 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.80 netmask 255.255.255.248 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.0.0 netmask 255.255.128.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.128.0 netmask 255.255.192.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.192.0 netmask 255.255.248.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.200.0 netmask 255.255.252.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.204.0 netmask 255.255.254.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.0.0.0 netmask 255.224.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.32.0.0 netmask 255.240.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.48.0.0 netmask 255.248.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.56.0.0 netmask 255.254.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.58.0.0 netmask 255.255.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 0.0.0.0 netmask 224.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 32.0.0.0 netmask 252.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 36.0.0.0 netmask 255.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.89 netmask 255.255.255.255 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.90 netmask 255.255.255.254 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.92 netmask 255.255.255.252 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.96 netmask 255.255.255.224 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.128 netmask 255.255.255.128 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.207.0 netmask 255.255.255.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.208.0 netmask 255.255.240.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.224.0 netmask 255.255.224.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.60.0.0 netmask 255.252.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.64.0.0 netmask 255.192.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.128.0.0 netmask 255.128.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 38.0.0.0 netmask 254.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 40.0.0.0 netmask 248.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 48.0.0.0 netmask 240.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 64.0.0.0 netmask 192.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [128.0.0.0/128.0.0.0] Wed May 14 17:30:04 2014 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 Initialization Sequence Completed

Patrick · May 14, 2014, 10:04pm

This is expected.

Explanation:

How to use Tor Browser while using TransPort (and therefore the VPN):

https://www.whonix.org/wiki/Tor_Browser#Change.2FRemove_Proxy_Settings

Nederland · May 15, 2014, 4:10pm

Thanks for your response, I now understand how it works Only problem is that I can only connect to usaip’s Netherlands.ovpn with the demo account, no other country works… This is the log:

user@host:~/usaip$ sudo openvpn Canada.ovpn Thu May 15 18:05:32 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013 Enter Auth Username:demo Enter Auth Password: Thu May 15 18:05:35 2014 WARNING: --ping should normally be used with --ping-restart or --ping-exit Thu May 15 18:05:35 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu May 15 18:05:35 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu May 15 18:05:35 2014 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu May 15 18:05:35 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu May 15 18:05:35 2014 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ] Thu May 15 18:05:35 2014 Local Options hash (VER=V4): '10f35004' Thu May 15 18:05:35 2014 Expected Remote Options hash (VER=V4): 'a917298a' Thu May 15 18:05:35 2014 Attempting to establish TCP connection with [AF_INET]192.95.20.223:993 [nonblock] Thu May 15 18:05:36 2014 TCP connection established with [AF_INET]192.95.20.223:993 Thu May 15 18:05:36 2014 TCPv4_CLIENT link local: [undef] Thu May 15 18:05:36 2014 TCPv4_CLIENT link remote: [AF_INET]192.95.20.223:993 Thu May 15 18:05:36 2014 TLS: Initial packet from [AF_INET]192.95.20.223:993, sid=a6f17a49 680b0044 Thu May 15 18:05:36 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu May 15 18:05:36 2014 VERIFY OK: depth=1, /C=US/ST=NA/L=USAIP/O=USAIP/emailAddress=info@usaip.eu Thu May 15 18:05:36 2014 VERIFY OK: depth=0, /C=US/ST=NA/O=USAIP/OU=usaip/CN=usaip/emailAddress=info@usaip.eu Thu May 15 18:05:37 2014 Connection reset, restarting [0] Thu May 15 18:05:37 2014 TCP/UDP: Closing socket Thu May 15 18:05:37 2014 SIGUSR1[soft,connection-reset] received, process restarting Thu May 15 18:05:37 2014 Restart pause, 5 second(s) ^CThu May 15 18:05:40 2014 SIGINT[hard,init_instance] received, process exiting

I changed the VPN that I want to connect to in the first place from UDP to TCP, but it gives me the same error… Can you help me?

Patrick · May 15, 2014, 4:30pm

Maybe that server isn’t accepting connections from the Tor network or has other issues. I don’t think you get far with usaip demo, because connections are interrupted every few minutes last time I checked.