How to setup VPN?

Hello,

I have followed the guide at VPN Tunnel Setup Examples and concluded that I want a GUI, since I’ll have to use it everyday.

I’m pretty proud of myself that I got the network-manager-KDE to work with VPN as shown in this screenshot:

However, I have no idea how to connect to the VPN itself… I can’t find a “connect” button or anything else…

Clicking on the VPN server under “connections” doesn’t do anything…:

Can somebody help me out?

Thanks in advance!

There is no connect button. It automatically connects. Consider asking in general Linux or KDE support channels if you need more help.

I guess you’re better off using command line and autostarting VPN and/or having small scripts as shortcuts to start/stop VPN.

Thanks for your answer, Patrick. I tried using the command line, but it won’t connect… Here is the log:

user@host:~/vpn$ sudo openvpn /home/user/vpn/vpn.ovpn Tue May 13 19:58:26 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013 Enter Auth Username:user Enter Auth Password: Tue May 13 19:58:30 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue May 13 19:58:30 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue May 13 19:58:30 2014 LZO compression initialized Tue May 13 19:58:30 2014 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue May 13 19:58:30 2014 Socket Buffers: R=[163840->131072] S=[163840->131072] Tue May 13 19:58:31 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue May 13 19:58:31 2014 Local Options hash (VER=V4): '41690919' Tue May 13 19:58:31 2014 Expected Remote Options hash (VER=V4): '530fdded' Tue May 13 19:58:31 2014 UDPv4 link local: [undef] Tue May 13 19:58:31 2014 UDPv4 link remote: [AF_INET]212.7.***.***:1194 Tue May 13 19:59:31 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue May 13 19:59:31 2014 TLS Error: TLS handshake failed Tue May 13 19:59:31 2014 TCP/UDP: Closing socket Tue May 13 19:59:31 2014 SIGUSR1[soft,tls-error] received, process restarting Tue May 13 19:59:31 2014 Restart pause, 2 second(s)

Can anyone see what the problem is?..

UDP is not supported by the Tor network. You have to configure it to use TCP. Hopefully your VPN provider supports it.

I’m sorry to ask this but why do you want to install a VPN on your Workstation and not upstream on your physical machine ?

Regards,

@thelasttime

Because I want a fixed exit node…

@Patrick,

I tried connecting to a demo vpn from usaip.eu, and I think I connected successfully, but the IP stays the same…
Here is the log:

Type: "whonix" for help. user@host:~$ cd /home/user/usaip user@host:~/usaip$ sudo openvpn /home/user/usaip/Netherlands.ovpn [sudo] password for user: Wed May 14 17:29:28 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013 Enter Auth Username:demo Enter Auth Password: Wed May 14 17:29:30 2014 WARNING: --ping should normally be used with --ping-restart or --ping-exit Wed May 14 17:29:30 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed May 14 17:29:30 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Wed May 14 17:29:30 2014 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ] Wed May 14 17:29:30 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Wed May 14 17:29:30 2014 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ] Wed May 14 17:29:30 2014 Local Options hash (VER=V4): '10f35004' Wed May 14 17:29:30 2014 Expected Remote Options hash (VER=V4): 'a917298a' Wed May 14 17:29:30 2014 Attempting to establish TCP connection with [AF_INET]37.59.206.88:993 [nonblock] Wed May 14 17:29:31 2014 TCP connection established with [AF_INET]37.59.206.88:993 Wed May 14 17:29:31 2014 TCPv4_CLIENT link local: [undef] Wed May 14 17:29:31 2014 TCPv4_CLIENT link remote: [AF_INET]37.59.206.88:993 Wed May 14 17:29:31 2014 TLS: Initial packet from [AF_INET]37.59.206.88:993, sid=52695376 059b0f87 Wed May 14 17:29:31 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed May 14 17:29:31 2014 VERIFY OK: depth=1, /C=US/ST=NA/L=USAIP/O=USAIP/emailAddress=info@usaip.eu Wed May 14 17:29:31 2014 VERIFY OK: depth=0, /C=US/ST=NA/O=USAIP/OU=usaip/CN=usaip/emailAddress=info@usaip.eu Wed May 14 17:29:32 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed May 14 17:29:32 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 14 17:29:32 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed May 14 17:29:32 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 14 17:29:32 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed May 14 17:29:32 2014 [usaip] Peer Connection Initiated with [AF_INET]37.59.206.88:993 Wed May 14 17:29:34 2014 SENT CONTROL [usaip]: 'PUSH_REQUEST' (status=1) Wed May 14 17:29:39 2014 SENT CONTROL [usaip]: 'PUSH_REQUEST' (status=1) Wed May 14 17:29:44 2014 SENT CONTROL [usaip]: 'PUSH_REQUEST' (status=1) Wed May 14 17:29:44 2014 PUSH: Received control message: 'PUSH_REPLY,ping 20,ping-restart 60,route-gateway 172.31.255.254,ifconfig 172.31.156.5 255.255.0.0' Wed May 14 17:29:44 2014 OPTIONS IMPORT: timers and/or timeouts modified Wed May 14 17:29:44 2014 OPTIONS IMPORT: --ifconfig/up options modified Wed May 14 17:29:44 2014 OPTIONS IMPORT: route-related options modified Wed May 14 17:29:44 2014 ROUTE default_gateway=192.168.0.10 Wed May 14 17:29:44 2014 TUN/TAP device tap0 opened Wed May 14 17:29:44 2014 TUN/TAP TX queue length set to 100 Wed May 14 17:29:44 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed May 14 17:29:44 2014 /sbin/ifconfig tap0 172.31.156.5 netmask 255.255.0.0 mtu 1500 broadcast 172.31.255.255 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.0 netmask 255.255.255.192 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.64 netmask 255.255.255.240 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.80 netmask 255.255.255.248 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.0.0 netmask 255.255.128.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.128.0 netmask 255.255.192.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.192.0 netmask 255.255.248.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.200.0 netmask 255.255.252.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.204.0 netmask 255.255.254.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.0.0.0 netmask 255.224.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.32.0.0 netmask 255.240.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.48.0.0 netmask 255.248.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.56.0.0 netmask 255.254.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.58.0.0 netmask 255.255.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 0.0.0.0 netmask 224.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 32.0.0.0 netmask 252.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 36.0.0.0 netmask 255.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.89 netmask 255.255.255.255 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.90 netmask 255.255.255.254 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.92 netmask 255.255.255.252 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.96 netmask 255.255.255.224 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.206.128 netmask 255.255.255.128 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.207.0 netmask 255.255.255.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.208.0 netmask 255.255.240.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.59.224.0 netmask 255.255.224.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.60.0.0 netmask 255.252.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.64.0.0 netmask 255.192.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 37.128.0.0 netmask 255.128.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 38.0.0.0 netmask 254.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 40.0.0.0 netmask 248.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 48.0.0.0 netmask 240.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 /sbin/route add -net 64.0.0.0 netmask 192.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [128.0.0.0/128.0.0.0] Wed May 14 17:30:04 2014 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.31.255.254 Wed May 14 17:30:04 2014 Initialization Sequence Completed

This is expected.

Explanation:

• Combining Tunnels with Tor
• Stream Isolation

How to use Tor Browser while using TransPort (and therefore the VPN):

• Tor Browser Essentials

Thanks for your response, I now understand how it works Only problem is that I can only connect to usaip’s Netherlands.ovpn with the demo account, no other country works… This is the log:

user@host:~/usaip$ sudo openvpn Canada.ovpn Thu May 15 18:05:32 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013 Enter Auth Username:demo Enter Auth Password: Thu May 15 18:05:35 2014 WARNING: --ping should normally be used with --ping-restart or --ping-exit Thu May 15 18:05:35 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu May 15 18:05:35 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu May 15 18:05:35 2014 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu May 15 18:05:35 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu May 15 18:05:35 2014 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ] Thu May 15 18:05:35 2014 Local Options hash (VER=V4): '10f35004' Thu May 15 18:05:35 2014 Expected Remote Options hash (VER=V4): 'a917298a' Thu May 15 18:05:35 2014 Attempting to establish TCP connection with [AF_INET]192.95.20.223:993 [nonblock] Thu May 15 18:05:36 2014 TCP connection established with [AF_INET]192.95.20.223:993 Thu May 15 18:05:36 2014 TCPv4_CLIENT link local: [undef] Thu May 15 18:05:36 2014 TCPv4_CLIENT link remote: [AF_INET]192.95.20.223:993 Thu May 15 18:05:36 2014 TLS: Initial packet from [AF_INET]192.95.20.223:993, sid=a6f17a49 680b0044 Thu May 15 18:05:36 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu May 15 18:05:36 2014 VERIFY OK: depth=1, /C=US/ST=NA/L=USAIP/O=USAIP/emailAddress=info@usaip.eu Thu May 15 18:05:36 2014 VERIFY OK: depth=0, /C=US/ST=NA/O=USAIP/OU=usaip/CN=usaip/emailAddress=info@usaip.eu Thu May 15 18:05:37 2014 Connection reset, restarting [0] Thu May 15 18:05:37 2014 TCP/UDP: Closing socket Thu May 15 18:05:37 2014 SIGUSR1[soft,connection-reset] received, process restarting Thu May 15 18:05:37 2014 Restart pause, 5 second(s) ^CThu May 15 18:05:40 2014 SIGINT[hard,init_instance] received, process exiting

I changed the VPN that I want to connect to in the first place from UDP to TCP, but it gives me the same error… Can you help me?

Maybe that server isn’t accepting connections from the Tor network or has other issues. I don’t think you get far with usaip demo, because connections are interrupted every few minutes last time I checked.