How to Test if the vpn in the route?

WhoZero · November 21, 2018, 9:19pm

i am followed this instructions: Connecting to a VPN before Tor
The vpn is in the gateway. i can connect in the workstation also.

But how to test the route user->vpn->tor ?
i have tried to get the vpn ip from the chapter Leak Tests. but there are only ip s displayed but no ip from my vpn.

Her is the status:
openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/lib/systemd/system/openvpn@openvpn.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/openvpn@openvpn.service.d
└─50_unpriv.conf
Active: active (running) since Wed 2018-11-21 20:53:29 UTC; 5s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 13223 ExecStopPost=/usr/bin/sudo --non-interactive /usr/sbin/openvpn --rmtun --dev tun0 (code=exited, status=0/SUCCESS)
Process: 13257 ExecStart=/usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --config /etc/openvpn/openvpn.conf --wri
Process: 13254 ExecStartPre=/usr/bin/sudo --non-interactive /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel (code=exited, status=0
Process: 13246 ExecStartPre=/usr/bin/sudo --non-interactive /usr/sbin/openvpn --rmtun --dev tun0 (code=exited, status=0/SUCCESS)
Main PID: 13260 (openvpn)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/system-openvpn.slice/openvpn@openvpn.service
└─13260 /usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --config /etc/openvpn/openvpn.conf --writepid /r

Nov 21 20:53:32 host ovpn-openvpn[13260]: /usr/bin/ip_unpriv route add 0.0.0.0/1 via 10.211.1.102
Nov 21 20:53:32 host sudo[13277]: tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 0.0.0.0/1 via 10.211.1.102
Nov 21 20:53:32 host sudo[13277]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 21 20:53:32 host sudo[13277]: pam_unix(sudo:session): session closed for user root
Nov 21 20:53:32 host ovpn-openvpn[13260]: /usr/bin/ip_unpriv route add 128.0.0.0/1 via 10.211.1.102
Nov 21 20:53:32 host sudo[13279]: tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 128.0.0.0/1 via 10.211.1.102
Nov 21 20:53:32 host sudo[13279]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 21 20:53:32 host sudo[13279]: pam_unix(sudo:session): session closed for user root
Nov 21 20:53:32 host ovpn-openvpn[13260]: UID set to tunnel
Nov 21 20:53:32 host ovpn-openvpn[13260]: Initialization Sequence Completed
lines 17-27/27 (END)

my whonix runs in a virtual box.

is there any way to check that the route is user->vpn-> tor ?

0brand · November 22, 2018, 3:00am

Hi WhoZero

In Whonix-Gateway konsole,run.

sudo route

You might have to wait 30 seconds or so the get the route to your providers server.

WhoZero · November 22, 2018, 3:01pm

Thank you for your answer. Here is the output of sudo route in the gateway:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.211.1.106    128.0.0.0       UG    0      0        0 tun0
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.152.128.0    0.0.0.0         255.255.192.0   U     0      0        0 eth1
10.211.1.106    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.211.1.106    128.0.0.0       UG    0      0        0 tun0

i can’t see the ip from the vpn.

Here is the output when i check openvpn status with: sudo systemctl status openvpn@openvpn

sudo[972]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add     218.50.250.210/32 via 10.0.2.2
Nov 22 24:42:28 host sudo[972]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 22 24:42:28 host ovpn-openvpn[905]: /usr/bin/ip_unpriv route add 0.0.0.0/1 via 10.211.1.106
Nov 22 24:42:28 host sudo[974]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 0.0.0.0/1 via 10.211.1.106
Nov 22 24:42:28 host sudo[974]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 22 24:42:28 host ovpn-openvpn[905]: /usr/bin/ip_unpriv route add 128.0.0.0/1 via 10.211.1.106
Nov 22 24:42:28 host sudo[976]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 128.0.0.0/1 via 10.211.1.106
Nov 22 24:42:28 host sudo[976]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 22 24:42:28 host ovpn-openvpn[905]: UID set to tunnel
Nov 22 24:42:28 host ovpn-openvpn[905]: Initialization Sequence Completed

This is the ip from my vpn: 218.50.250.210 i see this is in the first line. But what means /32 ?
Is this correct configured?

0brand · November 22, 2018, 10:44pm

Hi WhoZero

When I ran sudo route the VPN IP was listed. This command run in Whonix-Gateway will only show the interfaces and route to the VPN server. It wouldn’t show your Tor traffic.

Yes. The output shows the VPN connected.YOu should be good if you followed the instructions as written and both VPN and Tor connect.

After VPN and Tor connects you can shutdown your VPN to see if the Tor connection also drops. You should loose Tor connection if its tunneled through the tun0 (VPN) interface.

In Whonix-Gateway konsole, start the ARM Tor controller.

arm

In Whonix-Gateway konsole, stop the openvpn service.

sudo systemctl stop openvpn@openvpn

Does arm show Tor connection drop?

To restart openvpn, run.

sudo systemctl start openvpn@openvpn

If necessary you can restart Tor.

sudo systemctl restart tor@default

subnet mask

WhoZero · November 23, 2018, 4:03pm

Thanks again for your help.

When i stop the VPN in the Gateway. In arm all the same before. but no more bars are shown. And if i try to go to a website in the Workstation, it does not work.
ARM in the Gateway shows this:

12:22:04 [NOTICE] Tor has not observed any network activity for the past 76 seconds. Disabling circuit build timeout recording.
12:22:04 [NOTICE] We tried for 15 seconds to connect to '[scrubbed]' using exit $C593AA33365DAD3C9E111F15C9B9D8C7EF964999~ori at 80.200.200.100. Retrying on a new circuit.
12:22:04 [ARM_NOTICE] Unable to prepopulate bandwidth information (insufficient uptime)

Do i restart the VPN and Tor, all works fine in the Workstation.

in the Gateway: sudo route shows now the VPN at the end with eth0:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.211.1.34     128.0.0.0       UG    0      0        0 tun0
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.152.128.0    0.0.0.0         255.255.192.0   U     0      0        0 eth1
10.211.1.34     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.211.1.34     128.0.0.0       UG    0      0        0 tun0
218.50.250.210  10.0.2.2        255.255.255.255 UGH   0      0        0 eth0

and the openvpn status output is:

Nov 23 12:49:40 host sudo[18665]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 218.50.250.210/32 via 10.0.2.2
Nov 23 12:49:40 host sudo[18665]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 23 12:49:40 host ovpn-openvpn[18657]: /usr/bin/ip_unpriv route add 0.0.0.0/1 via 10.211.1.34
Nov 23 12:49:40 host sudo[18667]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 0.0.0.0/1 via 10.211.1.34
Nov 23 12:40:48 host sudo[18667]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 23 12:40:48 host ovpn-openvpn[18657]: /usr/bin/ip_unpriv route add 128.0.0.0/1 via 10.211.1.34

This is the ip from my vpn: 218.50.250.210

I think now all is ok. But sorry that i ask again, it is very important for me that this setup is correct. Is this correct configured?

0brand · November 23, 2018, 10:16pm

Hi WhoZero

Based on the information provided:

Configured VPN as per wiki instructions.
VPN and Tor connect successfully
When the VPN is shutdown - no Tor network connection.

Tor has not observed any network activity for the past 76 seconds

Yes, your Tor traffic is tunneled through VPN as expected. It looks like its configured correctly.

Be careful when posting logs, configuration files, IP addresses etc.

https://whonix.org/wiki/DoNot#Post_Full_System_Logs_or_Configuration_Files

WhoZero · November 24, 2018, 2:35pm

Many thanks for your help 0brand!

Be careful when posting logs, configuration files, IP addresses etc.

I know about this, the Ip’s are changed before i post here. And this is only a test configuration for learning not for real using.

WhoZero · November 26, 2018, 12:26pm

Sorry i must ask again. i use another vpn and now the route has changed

Nov 25 10:23:42 host sudo[8657]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 110.125.120.19/32 via 10.0.2.2
Nov 25 10:23:42 host sudo[8657]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 25 10:23:42 host ovpn-openvpn[8652]: /usr/bin/ip_unpriv route add 0.0.0.0/1 via 172.16.30.1
Nov 25 10:23:42 host sudo[8659]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ;  COMMAND=/bin/ip route add 0.0.0.0/1 via 172.16.30.1
Nov 25 10:23:42 host sudo[8659]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 25 10:23:42 host ovpn-openvpn[8652]: /usr/bin/ip_unpriv route add 128.0.0.0/1 via 172.16.30.1
Nov 25 10:23:42 host sudo[8661]:   tunnel : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/bin/ip route add 128.0.0.0/1 via 172.16.30.1
Nov 25 10:23:42 host sudo[8661]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 25 10:23:42 host ovpn-openvpn[8652]: UID set to tunnel
Nov 25 10:23:42 host ovpn-openvpn[8652]: Initialization Sequence Completed

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.30.1     128.0.0.0       UG    0      0        0 tun0
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.152.128.0    0.0.0.0         255.255.192.0   U     0      0        0 eth1
128.0.0.0       172.16.32.1     128.0.0.0       UG    0      0        0 tun0
172.16.30.0     0.0.0.0         255.255.240.0   U     0      0        0 tun0
110.115.120.20  10.0.2.2        255.255.255.255 UGH   0      0        0 eth0

110.115.120.20 is the vpn

why is this route different from my last one (except the vpn)? 172.16.30.0 instead of 10.211.1.34
I have problems to understand the route table. do you know a place where is it good explained to learn?