Problem with OpenVPN on whonix gateway

anoncat · December 25, 2015, 9:57pm

I am trying to setup a VPN on the whonix gateway in order to use VPN > TOR

In the installation guide it tells me to do all the steps before activating the tor in the whonix setup wizard, so I just closed the whonix setup wizard.

But this way I don’t have any internet connection inside the gateway which means that I can’t install and connect to the VPN.

Does anyone know how to resolve this problem?

p.s I tried executing all the steps while tor was already enabled (which gave me internet access) and it threw the error “socket bind failed on local address” naming port 1194

Patrick · December 26, 2015, 8:38pm

anoncat:

I am trying to setup a VPN on the whonix gateway in order to use VPN > TOR

In the installation guide it tells me to do all the steps before activating the tor in the whonix setup wizard, so I just closed the whonix setup wizard.

But this way I don’t have any internet connection inside the gateway which means that I can’t install and connect to the VPN.

Does anyone know how to resolve this problem?

OpenVPN (the Debian openvpn package) is installed by default. So you
don’t need to install anything usually.

If you want to use other VPN software, then the simplest way would be to
download it over Tor indeed.

[Or over clearnet, but this requires quite some configuration and might
not be well documented yet.]

p.s I tried executing all the steps while tor was already enabled (which gave me internet access) and it threw the error “socket bind failed on local address” naming port 1194

Requires for output.

anoncat · December 26, 2015, 10:20pm

I am using OpenVPN and the riseup VPN server for the sake of testing, following the documentation (Connecting to a VPN before Tor) + (VPN Tunnel Setup Examples)

How to add the VPN in Whonix-Gateway

After installing Whonix-Gateway, do the following steps before activating Tor in Whonix Setup Wizard.

However I don’t have any internet connection if I don’t follow the Whonix Setup Wizard, which won’t allow me to connect to the VPN server.

When I however follow the Whonix Setup Wizard in order to get a valid internet connection and run this command to connect to the VPN

sudo openvpn --client --dev tun --auth-user-pass --remote seattle.vpn.riseup.net 1194 --ca RiseupCA.pem

It throws the following error.

TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Exiting due to fatal error

I can’t find any additional information in the system log

Patrick · December 26, 2015, 10:30pm

anoncat:

I am using OpenVPN and the riseup VPN server for the sake of testing, following the documentation (Connecting to a VPN before Tor) + (VPN Tunnel Setup Examples)

How to add the VPN in Whonix-Gateway

After installing Whonix-Gateway, do the following steps before activating Tor in Whonix Setup Wizard.

However I don’t have any internet connection if I don’t follow the Whonix Setup Wizard, which won’t allow me to connect to the VPN server.

Whonix Setup Wizard really only removes the # in front of
DisableNetwork 0 in /etc/tor/torrc. No other magic. So this
causality is very unlikely.

[The idea is, you set up the VPN first without Tor trying any
connections, and once that works, you enable Tor. Then Tor goes through
the VPN.]

When I however follow the Whonix Setup Wizard in order to get a valid internet connection and run this command to connect to the VPN

sudo openvpn --client --dev tun --auth-user-pass --remote seattle.vpn.riseup.net 1194 --ca RiseupCA.pem

It throws the following error.

TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Exiting due to fatal error

I can’t find any additional information in the system log

That openvpn command line doesn’t output more than that?

seattle.vpn.riseup.net

Can’t use DNS names on the gateway. Can’t use seattle.vpn.riseup.net as
DNS name. You need to resolve to an IP an use that.

Does that riseup test VPN still work from a workstation? Please test and
report back. We need to rule out that’s still working at all before we
try using it on the gateway.

anoncat · December 26, 2015, 11:35pm

The problem was me using hostnames instead of IP addresses, the connection is now succesful according to openvpn.

Thanks for your help on resolving this matter

However when I login as clearnet to check if the VPN is actually working and executing the following command to check my IP it display a TOR exit node instead of my VPN

curl checkip.dyndns

It seems like the clearnet option is not working for me