I have been wrestling with this for the past few days.
So, my host OS uses a VPN.
On that host I have a fully configured and functional KVM VM Whonix Gateway that I would like to install a VPN on. (It is better to install the VPN on the gateway rather than the Workstation correct? )
I have followed the documentation strictly, mainly using this as a guide/troubleshooter. I was able to set up this VPN on a different system(non Whonix) without issue. My .crt is updated, login info correct, firewall configured, and my config files seem spot on with what my VPN provider recommends, but alas there is something I am missing because whenever I try to start my VPN with:
“sudo service openvpn@vpnname start”
I get
“write UDPv4: Operation not permitted (code=1)”
“TLS Error: TLS key negotiation failed to occur within…ty”
“TLS Error: TLS handshake failed”
Any help at all would be appreciated.
Thanks in advance.
user → vpn → tor → internet: install on host or gateway
user → vpn1 → vpn2 → tor → internet: install on host and gateway
user → tor → vpn → internet: install on workstation
Ok that fix was able to get rid of the UDP code 1 error, but not the:
“TLS Error: TLS key negotiation failed to occur within…ty”
“TLS Error: TLS handshake failed”
openvpn.conf:
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
user tunnel
iproute /usr/bin/ip-unpriv
comp-lzo
verb 3
tun-mtu 1500
fragment 0
mssfix 1400
cipher AES-256-CBC
remote-random
remote xxx.xxx.xxx.xxx port
route-delay
reneg-sec 0
auth-user-pass /etc/openvpn/vpnname.login
ca /etc/openvpn/ca.crt
Changed it to dev tun0 in the .conf because I have the VPN_FIREWALL enabled in 50_user.conf as well as VPN_INTERFACE set to tun0. Also ip-unpriv is now ip_unpriv because I am not using the Standalone VPN_FIREWALL. I am using the firewall preinstalled with Whonix. I am still getting the same error.
EDIT* HOLD THE PHONE - It works, OMG it works! I just needed to do these above things and edit the remote IP in the conf. Thank you so much for your help entr0py.