A Simple VPN Implementation

How to do things, solutions, recipes, tutorials
Message
Author
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#21 Post by OscarTalks »

Thanks for letting me know about the stretch .pet
I have removed it from my Smokey01.com repo, at least for now.
Maybe some library version (such as OpenSSL or something) has been updated in Radky's build, but this is now the main version of Dpup Stretch so packages should be compatible with it. Compiling from source is always a good move, or folks can use your openvpn build since it has been tested.

UPDATE
I have compiled openvpn-2.4.6 in Radky's Dpup Stretch so hopefully that will work OK.
Uploaded to http://smokey01.com/OscarTalks
Last edited by OscarTalks on Mon 11 Feb 2019, 01:46, edited 1 time in total.
Oscar in England
Image
foxpup
Posts: 1132
Joined: Fri 29 Jul 2016, 21:08

#22 Post by foxpup »

OscarTalks wrote:Maybe some library version (such as OpenSSL or something) has been updated in Radky's build, but this is now the main version of Dpup Stretch so packages should be compatible with it.

Code: Select all

openvpn --config /etc/vpnconfig
gave some error with 'ifconfig failed' which leeds to busybox and the version of busybox in radky's RC3 is much newer.

BTW, I found the freeVPN servers a lot better than VPNbook. I use it to go on IRC chat sometimes. It could be that VPNbook is better for other uses.
User avatar
bacteriax
Posts: 3
Joined: Wed 06 Feb 2019, 21:10

Need help getting openvpn working please.

#23 Post by bacteriax »

Hi,
My 1st post. Long time linux user.
Previously, used puppy on compaq laptop 12 years ago.
I love this OS, and for the most everything is going great.
Running Xenial 32 booting from usb with 4gb .sfs file.
Followed steps 1-5 in OscarTalks initial post, but when
the default browser opens it reveals my default ip address.
Any ideas as to why or what I can do to correct my
openvpn connection would be appreciated.
Thank you
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#24 Post by OscarTalks »

Hello bacteriax,

Sorry that this thread is something which you have to use as a guide and figure out a few specifics on your Puppy and your system, rather than a simple install-and-go solution.

I can tell you that it is working for me on various Puppies and I use it fairly often.

Might not be easy to help, but I am wondering which version of openvpn you have installed, Ubuntu version via PPM or some other?
I have found that compiling from source is always best if you know how to do that.

Also, which VPN provider are you trying to use?
I know that VPNbook changed some of their servers recently and added a couple of new ones, so you may need to grab a fresh bundle of their .ovpn config files. Some of the old ones will not work at all any more.

I still mostly use the freevpn.me service rather than VPNbook, but the password on that is changing once or twice a week sometimes. Only takes a couple of minutes to grab the new password and update though.

I suggest running from terminal with the command as mentioned above

Code: Select all

openvpn --config /etc/vpnconfig
That should provide more clues as well as to why it is not initialising as it should.
Oscar in England
Image
User avatar
bacteriax
Posts: 3
Joined: Wed 06 Feb 2019, 21:10

openvpn --config /etc/vpnconfig terminal output:

#25 Post by bacteriax »

Hi Oscartalks thanks for your reply.
I have installed the openvpn-2.4.5-i686-xenial that you kindly compiled downloaded from your repo
I I am attempting to connect to vpnbook set to the euro server your build defaults to.
After your suggestion I downloaded the vpnbook pl sever openvpn.zip.
I unzipped and renamed the port 80 file to vpnpl without an extension.
I then deleted the euro1 symlink and made new symlink from vpnpl file called vpnconfig.
I then used the connect vpn menu entry but had same result as before.

Here is the openvpn --config /etc/vpnconfig terminal output:
root# openvpn --config /etc/vpnconfig
Fri Feb 8 10:33:33 2019 OpenVPN 2.4.5 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2018
Fri Feb 8 10:33:33 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Fri Feb 8 10:33:33 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.217:80
Fri Feb 8 10:33:33 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Fri Feb 8 10:33:33 2019 Attempting to establish TCP connection with [AF_INET]176.126.237.217:80 [nonblock]

Any thoughts or insight you can share would be greatly appreciated.
Thanks again,
BX
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#26 Post by OscarTalks »

Hello BX,

Sounds like you are doing the right things.

I don't personally run Xenial, but I'm sure I tested that build after I compiled it so that should be OK

The old euro1 and euro2 servers are definitely gone. The pl one you have used is one of the replacements along with the de which allow p2p. I can only suggest you try some of the other servers and other port numbers by repeating what you did with the pl .ovpn config file.

Ah, just thought of something.
You might need to edit the line in the .ovpn config file which reads
auth-user-pass
You need to add the path to the passfile with stored username and password so it reads:-
auth-user-pass /etc/vpnpass

Here is my edited .ovpn file for pl

Code: Select all

client
dev tun3
proto tcp
remote 51.68.152.226 80
remote pl226.vpnbook.com 80
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass /etc/vpnpass
auth-nocache
comp-lzo
verb 3
cipher AES-128-CBC
pull
route-delay 2
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>
There are a couple of other minor edits from the original.
These are not fatal though:-
remote-cert-tls server
auth-nocache

You will need to do this with any and all of the other .ovpn files that you want to include as well.
Then switching the symlink switches the server.
Oscar in England
Image
User avatar
bacteriax
Posts: 3
Joined: Wed 06 Feb 2019, 21:10

#27 Post by bacteriax »

OscarTalks,
After creating a vpnbook pl profile with your provided code I was able to connect without a problem.
Thanks very much for your help!
Best,
BX
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-Activator.pet

#28 Post by AvidHunter »

I'm having difficulty finding the VPN-Activator.pet, can someone please supply a link. I'm running Xenial Pup if it makes a difference.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#29 Post by OscarTalks »

Hello AvidHunter,

The link to the .pet is in the first post of this thread. You should be able to download it from there, BUT take note that most of the VPNbook .ovpn config files are now expired and will not work.

If downloading fresh VPNbook .ovpn config files from their website, or if using .ovpn files from any other VPN provider, take note that you will need to edit them a bit, at least adding the path /etc/vpnpass to the auth-user-pass line. This is because you have to manually enter the username and password in the file /etc/vpnpass and openvpn has to know to look in that file to find those 2 things.

I would recommend anyone interested in using this VPN implementation should read carefully through all the posts of this thread in order to piece together all the bits of information.

I might try to upload an updated package of the scripts and config files when I get some time. The difficulty is that although the scripts should be OK indefinitely and in any Puppy, the .ovpn config files can go out of date if VPN providers change their servers. Also, the full package requires an openvpn executable and a yad executable renamed as "yad-vpn" (if you want a fully functional tray notification icon) and these need to be compiled for the Puppy you are running them in.

As I say though, I use it myself regularly and for a totally free solution it is rather neat.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-Activator

#30 Post by AvidHunter »

Hello OscarTalks

I have read this through a couple times now and am still unable to locate a link to the VPN-activator.pet file. It is mentioned in the first post but the only links that show up are to VPNbook.com and Smokey01.com/OscarTalks. I have also read through that a couple times and am unable to find a link to the file. How am I missing it?

BTW: my intention is to use the Free version of ProtonVPN because it has no logging and no adds (but is evidently crippled on many features). In any case this is my first venture into a VPN service so I obviously have a learning curve to climb so I want to thank you for this thread and all the support you have put into it, I really appreciate it.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#31 Post by OscarTalks »

@ AvidHunter

The .pet is near the bottom of the first post as an attachment, below the image attachments. It is in a rectangular box with the .pet name in the title bar and the download link on the right hand side. As I say, it is a bit out of date now.

Are you running 32bit Xenial or 64bit Xenial?

I have put together a much more complete package with updated config files, scripts, icons, .desktop files, and all executables for 32bit Xenial and I gave it a quick test. (64bit Xenial version also added).

I named these .pet packages vpn-onoff-0.1-i686-xenial and vpn-onoff-0.1-x86_64-xenial
Version vpn-onoff-0.1-i686-slack14.1 also added for Slacko 6.3.2 32bit
I will upload them to http://smokey01.com/OscarTalks
Strictly for testing

All configuration is now done in the sub-directory /etc/vpn-onoff
The .ovpn config files (renamed), the vpnconfig symlink, and the vpnpass text file containing username and password are now all in this directory along with a bit of a README.
This is more tidy than having these files among others in /etc
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-Activator --- On-Off

#32 Post by AvidHunter »

@ OscarTalks

I found the VPN-Activator download link just where you said it would be...(that was embarrassing). However, I also grabbed the vpn-onoff-0.1-x86_64-xenial from smokey01 (I'm running the 64 bit xenial) that you just posted and installed it (sweet). I will spend tonight and see if I can get everything running. Thankyou
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#33 Post by OscarTalks »

AvidHunter wrote:BTW: my intention is to use the Free version of ProtonVPN because it has no logging and no adds (but is evidently crippled on many features.
Took a look at ProtonVPN free version and was able to get it working.

Signed up with e-mail
Logged in to their website which gives me my dashboard.
From there I can download the .ovpn config files for each of their servers.
Place this (or several of them) in /etc/vpn-onoff with the others.
Delete the symlink vpnconfig
Right click the ProtonVPN .ovpn file and select "link"
Name the link you are creating as vpnconfig (replacing what you just deleted)
From the dashboard I also obtain the long random username and password which I have to use.
Those I paste into my vpnpass file (also in /etc/vpn-onoff)
I add the path to my vpnpass file into the .ovpn config file:-
auth-user-pass /etc/vpn-onoff/vpnpass
Save and close everything.
The VPN-Start "button" in JWM menu then starts it and connects.

The FREE servers are only 2 in Japan, 2 in The Netherlands, and 2 in USA and they are all very busy, some showing 100% load and none lower than around 80% when I looked. I chose USA2 and it was performing reasonably well, although the first 7 days are trial period so speed may slow down after that.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

ProtonVPN

#34 Post by AvidHunter »

@ OscarTalks

I am so glad you wrote these tutorials I would be so lost.

Anyway I meticulously followed your instructions through, closed the browser and clicked on VPN-start on the network men. I got the 30 second warning pop-up followed by the browser opening to "What is my IP?" web page. I minimized the browser and again clicked on the VPN-start button, again got the 30 second warning and the browser again opened another tab to the "What is my IP?" web page. I do not see the "openVPN already running" pop-up. How do I know if I'm connected?

BTW: netherlands-01 is running at 33% right now, I just can't tell if I'm connecting.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#35 Post by OscarTalks »

If you know your IP address before you try to connect you can compare it to the IP address after you connect. Also the "What is my IP" page gives additional information such as location, which should match the VPN server location rather than your own real location. You can close the browser once you have looked at the information, whether you are successfully connected or not.

If the browser opens again or opens another tab it would suggest that openvpn is not running or VPN has not initialised, but the information in the page is supposed to indicate that for you anyway. I suspect that something is still not quite right in your configuration process.

The tray notification icon will also re-open the browser on left click.
Right click of the tray notification icon gives the option to VPN-Stop.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

ProtonVPN Config

#36 Post by AvidHunter »

@ OscarTalks

The tray actually has two of the blue globes with the gold locks. At the moment a left click opens a none accessible web page (I suspect the web site is down) and a right click closes both globes. Prior to loosing access to the "What is my IP?" I mapped my IP address to a building in downtown Seattle (not the Netherlands). This sounds more and more like I've messed it up somehow so I'll start over and try again. In the mean time you are 8 or 9 hour ahead of me so I am going to bed and will return in 10 - 15 hrs.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#37 Post by OscarTalks »

@ AvidHunter

(This is specific to using ProtonVPN in my vpn-onoff thing)

Doing a bit more testing just now and discovered something.
In the ProtonVPN .ovpn config file, you will need to look for the 2 lines:-
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


These are causing it to error out.

Delete them completely or comment them out:-
#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf


I didn't notice this yesterday when testing, because I had previously been experimenting with Proton's own application and that had installed the /etc/openvpn/update-resolv-conf script automatically. My vpn-onoff thing does not use this.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

ProtonVPN - Connection Issue

#38 Post by AvidHunter »

@ OscarTalks

I commented out the lines mentioned, that changed things. When selecting VPN-start I no-longer get the blue orb with the gold lock in the tray nor does the "What is my IP?" web page pop open. However, when I do select the VPN-start button a second time I do get the pop-up that openVPN is already running, but no blue orb. Also when opening the "What is my IP?" web page manually I still get my local ISP IP address here in Seattle.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#39 Post by OscarTalks »

@ AvidHunter

I still think this is a configuration issue which is not quite right yet.

One hint, if you have tried to do VPN-Start and it seems not to have worked, always a good idea to click VPN-Stop before trying VPN-Start again. Otherwise open a terminal and enter killall openvpn to kill any openvpn process which is running but not completed initialisation.

To run a diagnostic, open a terminal and enter openvpn --config /etc/vpn-onoff/vpnconfig
This will not open any browsers or tray icons, but might help show what is wrong.
To kill it, open another terminal and enter killall openvpn (otherwise sometimes the process continues running even if you close the first terminal).

Make sure you have the correct username and password in /etc/vpn-onoff/vpnpass
It should be the long, randomly generated ones from your Proton dashboard, not the ones you use to log in to Proton.
The long username goes on the first line, replacing the word "vpnbook"
The long password goes on the second line, replacing the word "password"

In your .ovpn config file, make sure that the line which was originally auth-user-pass now has the path to /etc/vpn-onoff/vpnpass added after a space. It should now read
auth-user-pass /etc/vpn-onoff/vpnpass
That is telling openvpn where to look for the stored username and password.

Hover your mouse cursor over /etc/vpn-onoff/vpnconfig to confirm that it is a symlink to the correct file (your Proton .ovpn file).

I can't think of much else at the moment. Once configured it should be easy to click in and out of VPN and presumably with no need to update passwords as is the case with the other free providers like VPNbook and Freevpn.me
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-OnOff

#40 Post by AvidHunter »

@ OscarTalks
One hint, if you have tried to do VPN-Start and it seems not to have worked, always a good idea to click VPN-Stop before trying VPN-Start again. Otherwise open a terminal and enter killall openvpn to kill any openvpn process which is running but not completed initialisation. [/quote/

Killed everything
Make sure you have the correct username and password in /etc/vpn-onoff/vpnpass
It should be the long, randomly generated ones from your Proton dashboard, not the ones you use to log in to Proton.
The long username goes on the first line, replacing the word "vpnbook"
The long password goes on the second line, replacing the word "password"
Verified
Verified
Verified
In your .ovpn config file, make sure that the line which was originally auth-user-pass now has the path to /etc/vpn-onoff/vpnpass added after a space. It should now read
auth-user-pass /etc/vpn-onoff/vpnpass
Verified
In your .ovpn config file, make sure that the line which was originally auth-user-pass now has the path to /etc/vpn-onoff/vpnpass added after a space. It should now read
auth-user-pass /etc/vpn-onoff/vpnpass
Verified
To run a diagnostic, open a terminal and enter openvpn --config /etc/vpn-onoff/vpnconfig
This will not open any browsers or tray icons, but might help show what is wrong.
Running this had an interesting effect, it changed my radio icon in the tray to something I didn't recognize and killed all access to the web. I ran the VPMstop to recover my access. The diagnotic output is below but I do not know what it is telling me. I do not know if this means anything but when I run VPNstart I do get the pink popup letting me know that openvpn is already running, but I do not get the blue orb with the gold lock in the tray nore do I get the "What is my IP?" browser popup. I do get the "What is my IP?" browser popup when I run VPNstop...this seems backwards.

root# openvpn --config /etc/vpn-onoff/vpnconfig
Wed Feb 13 02:44:07 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 10 2019
Wed Feb 13 02:44:07 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Feb 13 02:44:07 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 13 02:44:07 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 13 02:44:07 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]89.39.107.199:443
Wed Feb 13 02:44:07 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 13 02:44:07 2019 UDP link local: (not bound)
Wed Feb 13 02:44:07 2019 UDP link remote: [AF_INET]89.39.107.199:443
Wed Feb 13 02:44:07 2019 TLS: Initial packet from [AF_INET]89.39.107.199:443, sid=874ca90c 7b32ffcc
Wed Feb 13 02:44:07 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb 13 02:44:07 2019 VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Wed Feb 13 02:44:07 2019 VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Wed Feb 13 02:44:07 2019 VERIFY KU OK
Wed Feb 13 02:44:07 2019 Validating certificate extended key usage
Wed Feb 13 02:44:07 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Feb 13 02:44:07 2019 VERIFY EKU OK
Wed Feb 13 02:44:07 2019 VERIFY OK: depth=0, CN=nl-110.protonvpn.com
Wed Feb 13 02:44:08 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Wed Feb 13 02:44:08 2019 [nl-110.protonvpn.com] Peer Connection Initiated with [AF_INET]89.39.107.199:443
Wed Feb 13 02:44:09 2019 SENT CONTROL [nl-110.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Wed Feb 13 02:44:09 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.1.5 255.255.255.0,peer-id 3,cipher AES-256-GCM'
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: compression parms modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Wed Feb 13 02:44:09 2019 Socket Buffers: R=[212992->425984] S=[212992->425984]
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: route options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: route-related options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: peer-id set
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: adjusting link_mtu to 1657
Wed Feb 13 02:44:09 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Feb 13 02:44:09 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Feb 13 02:44:09 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb 13 02:44:09 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb 13 02:44:09 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=00:14:a5:b5:0d:f5
Wed Feb 13 02:44:09 2019 TUN/TAP device tun0 opened
Wed Feb 13 02:44:09 2019 TUN/TAP TX queue length set to 100
Wed Feb 13 02:44:09 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Feb 13 02:44:09 2019 /sbin/ifconfig tun0 10.8.1.5 netmask 255.255.255.0 mtu 1500 broadcast 10.8.1.255
Wed Feb 13 02:44:09 2019 /sbin/route add -net 89.39.107.199 netmask 255.255.255.255 gw 192.168.0.1
Wed Feb 13 02:44:09 2019 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Wed Feb 13 02:44:09 2019 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Wed Feb 13 02:44:09 2019 Initialization Sequence Completed
Wed Feb 13 02:55:23 2019 event_wait : Interrupted system call (code=4)
Wed Feb 13 02:55:23 2019 SIGTERM received, sending exit notification to peer
Wed Feb 13 02:55:24 2019 /sbin/route del -net 89.39.107.199 netmask 255.255.255.255
route: SIOCDELRT: No such process
Wed Feb 13 02:55:24 2019 ERROR: Linux route delete command failed: external program exited with error status: 1
Wed Feb 13 02:55:24 2019 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Wed Feb 13 02:55:24 2019 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Wed Feb 13 02:55:24 2019 Closing TUN/TAP interface
Wed Feb 13 02:55:24 2019 /sbin/ifconfig tun0 0.0.0.0
Wed Feb 13 02:55:24 2019 SIGTERM[soft,exit-with-notification] received, process exiting
Post Reply