hi,
Since I updated whonx 13, the vpn is not working. So I take a new virtual image for the gateway (virtual box) and I followed the tutorial “https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor”
And I receive an error message in debug mode( as described in the documentation)
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
user@host:/etc/openvpn$ sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
Sat Jun 4 14:21:28 2016 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Sat Jun 4 14:21:28 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Enter Auth Username: ****
Enter Auth Password: ********
Sat Jun 4 14:21:32 2016 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sat Jun 4 14:21:32 2016 Attempting to establish TCP connection with [AF_INET]185.7.33.21:80 [nonblock]
Sat Jun 4 14:21:33 2016 TCP connection established with [AF_INET]185.7.33.21:80
Sat Jun 4 14:21:33 2016 TCPv4_CLIENT link local: [undef]
Sat Jun 4 14:21:33 2016 TCPv4_CLIENT link remote: [AF_INET]185.7.33.21:80
Sat Jun 4 14:21:33 2016 TLS: Initial packet from [AF_INET]185.7.33.21:80, sid=8510eb3c 52b05311
Sat Jun 4 14:21:33 2016 VERIFY OK: depth=2, C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Sat Jun 4 14:21:33 2016 VERIFY OK: depth=1, O=AlphaSSL, CN=AlphaSSL CA - G2
Sat Jun 4 14:21:33 2016 Validating certificate key usage
Sat Jun 4 14:21:33 2016 ++ Certificate has key usage 00a0, expects 00a0
Sat Jun 4 14:21:33 2016 VERIFY KU OK
Sat Jun 4 14:21:33 2016 Validating certificate extended key usage
Sat Jun 4 14:21:33 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jun 4 14:21:33 2016 VERIFY EKU OK
Sat Jun 4 14:21:33 2016 VERIFY OK: depth=0, OU=Domain Control Validated, CN=.earthvpn.com
Sat Jun 4 14:21:33 2016 Data Channel Encrypt: Cipher ‘AES-256-CBC’ initialized with 256 bit key
Sat Jun 4 14:21:33 2016 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Sat Jun 4 14:21:33 2016 Data Channel Decrypt: Cipher ‘AES-256-CBC’ initialized with 256 bit key
Sat Jun 4 14:21:33 2016 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Sat Jun 4 14:21:33 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Jun 4 14:21:33 2016 [.earthvpn.com] Peer Connection Initiated with [AF_INET]185.7.33.21:80
Sat Jun 4 14:21:35 2016 SENT CONTROL [*.earthvpn.com]: ‘PUSH_REQUEST’ (status=1)
Sat Jun 4 14:21:37 2016 PUSH: Received control message: ‘PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.179.29 192.168.179.30,dhcp-option DOMAIN earthvpn.com,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 192.168.179.30,redirect-gateway def1’
Sat Jun 4 14:21:37 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 4 14:21:37 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 4 14:21:37 2016 OPTIONS IMPORT: route options modified
Sat Jun 4 14:21:37 2016 OPTIONS IMPORT: route-related options modified
Sat Jun 4 14:21:37 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jun 4 14:21:37 2016 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:b7:49:35
Sat Jun 4 14:21:37 2016 TUN/TAP device tun0 opened
Sat Jun 4 14:21:37 2016 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Sat Jun 4 14:21:37 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jun 4 14:21:37 2016 /sbin/ip link set dev tun0 up mtu 1500
RTNETLINK answers: Operation not permitted
Sat Jun 4 14:21:37 2016 Linux ip link set failed: external program exited with error status: 2
Sat Jun 4 14:21:37 2016 Exiting due to fatal error
In troubleshooting, the documentation said “Use ip_unpriv as documented above”. But I don’t understand, it’s not clear for me. what should I do with this instruction
ip_unpriv vs ip-unpriv[edit]
Note:
Whonix TUNNEL_FIREWALL uses ip_unpriv (underscore)
Standalone VPN-FIREWALL uses ip-unpriv (hyphen)
Do you have more instruction or détails?
Thank you for your help.
details openvpn.conf
client
dev tun0
proto tcp
remote 185.7.33.21 80
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/earthvpn.crt
auth-user-pass
auth-nocache
remote-cert-tls server
reneg-sec 0
verb 3
auth SHA1
cipher AES-256-CBC
50_user.conf
###########################
## VPN-Firewall Settings ##
`###########################
## Make sure Tor always connects through the VPN.
## Enable: 1
## Disable: 0
## DISABELD BY DEFAULT, because it requires a VPN provider.`
VPN_FIREWALL=1
## For OpenVPN.
#VPN_INTERFACE=tun0
## Destinations you don not want routed through the VPN.
## 10.0.2.2-10.0.2.24: VirtualBox DHCP
# LOCAL_NET="\
# 127.0.0.0-127.0.0.24
# 192.168.0.0-192.168.0.24 \
# 192.168.1.0-192.168.1.24
# 10.152.152.0-10.152.152.24 \
# 10.0.2.2-10.0.2.24
`# "
/etc/sudoers.d/tunnel_unpriv
## This file is part of Whonix.
## Copyright (C) 2012 - 2014 Patrick Schleizer adrelanos@riseup.net
`## See the file COPYING for copying conditions.
tunnel ALL=(ALL) NOPASSWD: /bin/ip
tunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *
Defaults:tunnel !requiretty
~
~
~