OpenVPN - iproute problem

tifej91713 · October 29, 2021, 7:47am

Hi.
I’m trying to setup OpenVPN in Whonix Gateway using this guide:
/wiki/Tunnels/Connecting_to_a_VPN_before_Tor

I’m supposed to add:
iproute /usr/bin/ip_unpriv
to openvpn.conf but it seems “iproute” option is missing in OpenVPN.

I get this error when debugging:

user@host:/etc/openvpn$ sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/openvpn.conf:26: iproute (2.5.1)
Use --help for more information.

I’m using Whonix 16, I did apt update and upgrade.

OpenVPN details:

user@host:/etc/openvpn$ sudo openvpn --version
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

How can I enable iproute2 in OpenVPN?

torjunkie · October 29, 2021, 10:20am

This section looks relevant; Patrick will know if the Whonix wiki constructions have all the relevant settings.

https://community.openvpn.net/openvpn/wiki/HOWTO#UnprivilegedmodeLinuxonly

Arch users were complaining of the same error in recent times.

The user states something about the package needs to be rebuilt with --enable-iproute2 option. Beyond my pay grade.

pwndepot · December 8, 2021, 4:11am

I am having the exact same issue. The VPN firewall will not work at all with this issue I tried compiling and installing the latest version of openvpn with the --enable-iproute2 option but openvpn is now giving me this error: “ERROR: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)”
And yes dev is set to tun0 not tun in my openvpn conf file. Maybe i’m doing something wrong as this is the first time i’ve tried whonix using debian, but i’ve installed whonix with the vpn firewall many many times in the past. I do have openvpn installed on my host OS too.

I hope this gets fixed as ive used the vpn firewall with every previous version of whonix since I started using whonix i’m no linux expert so i’m afraid to mess around with it anymore as I might screw something up or make myself vulnerable. Already had to install some openssl libraries just to compile openvpn so maybe I should just reinstall whonix-gateway…

Karasiq · February 9, 2022, 7:41am

Issue still persists.