buckyb
Posts: 16
Joined: Sun Mar 30, 2014 3:05 pm
Location: South Africa

openvpn tunnelbear raspbian_April2017

Sun May 14, 2017 11:25 am

I have been using tunnelbear with openvpn successfully on my RPi 2 for some time. Recently I did a clean re-installation of Raspbian April 2017 onto a 16GB SD card, set the preferences and eth0, rebooted, updated and upgraded, then installed openvpn, and copied the tunnelbear .ovpn files + certificates into /home/pi/openvpn. This is the same setup I use for (client) openvpn in Ubuntu 16.04 and which works successfully in Ubuntu and used to work in Raspbian.

Now what happens is this:
  • pi@raspberrypi:~ $ cd openvpn
    pi@raspberrypi:~/openvpn $ sudo openvpn --config TunnelBearUS.ovpn
    Sun May 14 12:59:27 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
    Sun May 14 12:59:27 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
    Enter Auth Username: ************************
    Enter Auth Password: ************
    Sun May 14 13:00:25 2017 WARNING: file 'PrivateKey.key' is group or others accessible
    Sun May 14 13:00:25 2017 UDPv4 link local: [undef]
    Sun May 14 13:00:25 2017 UDPv4 link remote: [AF_INET]159.203.65.0:443
    Sun May 14 13:00:25 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Sun May 14 13:01:26 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
ie (note the times) it has stalled trying to make the connection. There is definitely a network connection. If I check I get this:
  • pi@raspberrypi:~ $ ifconfig
    eth0 Link encap:Ethernet HWaddr b8:27:eb:33:e5:5a
    inet addr:10.0.0.86 Bcast:10.255.255.255 Mask:255.0.0.0
    inet6 addr: fe80::c7fa:201a:5bd2:5c52/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:15032 errors:0 dropped:2 overruns:0 frame:0
    TX packets:11842 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:18707882 (17.8 MiB) TX bytes:1257577 (1.1 MiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:136 errors:0 dropped:0 overruns:0 frame:0
    TX packets:136 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1
    RX bytes:11472 (11.2 KiB) TX bytes:11472 (11.2 KiB)
Can anyone suggest why I have this problem please?

epoch1970
Posts: 5424
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: openvpn tunnelbear raspbian_April2017

Sun May 14, 2017 5:24 pm

Without some information on your networking setup (you know this was the big change in Raspbian Jessie, do you?) and routing table and ovpn conf, I'm not sure you'll get much answers.
However this "WARNING: file 'PrivateKey.key' is group or others accessible" is, IIRC, more than a warning. I think too lax access rights on private keys make more or less ovpn bail out. You should fix that first.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

buckyb
Posts: 16
Joined: Sun Mar 30, 2014 3:05 pm
Location: South Africa

Re: openvpn tunnelbear raspbian_April2017

Tue May 16, 2017 10:52 am

Thanks. No, am not aware of networking changes that you mention. Can you point me to the information please. Your idea about the Private Key being group accessible may be the problem: I see it does not come up with my successful Ubuntu login. I will check it.

buckyb
Posts: 16
Joined: Sun Mar 30, 2014 3:05 pm
Location: South Africa

Re: openvpn tunnelbear raspbian_April2017

Tue May 16, 2017 11:34 am

I got rid of that warning by changing the file permissions to be the same as with my Ubuntu setup but it has not solved the problem: your pointer on the networking update would be appreciated.

epoch1970
Posts: 5424
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: openvpn tunnelbear raspbian_April2017

Tue May 16, 2017 4:23 pm

It's all over the forums (at least it was when Jessie was newly launched): in Jessie dhcpcd (repeat: dhcp-cee-dee) has superseded /etc/network/interfaces and ifupdown for network configuration.
A stock /etc/network/interfaces file in Jessie mentions that in its header comments.
If your /etc/network/interfaces was stock, then I guess this is not a possible cause. But if you have interfaces definitions in there, esp. "manual" interfaces ("manual" now means "managed by dhcpcd") then it's certainly worth a look.
You can disable dhcpcd or even remove package dhcpcd5 without harm to the machine if it has/had a working /etc/network/interfaces config. Or you can migrate your config to dhcpcd by customizing /etc/dhcpcd.conf.
Note that dhcpcd offers some niceties but I don't think it can handle all the config types you could specify in the "old" interfaces file. I'm not sure it can handle a tun or tap device, if you're using this. (I don't rely on dhcpcd often myself)
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

buckyb
Posts: 16
Joined: Sun Mar 30, 2014 3:05 pm
Location: South Africa

Re: openvpn tunnelbear raspbian_April2017

Sat May 20, 2017 12:06 pm

Success! Tunnelbear advised me that they had hardened their system so I looked to move from openvpn 2.3.x to 2.4.

I installed the file openvpn_2.4.0-3-bpo8+1_armhf.deb on my RPi2

and the vpn is now working again. It needed a reboot after the installation to get it fully working.

Return to “Troubleshooting”