chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

OpenVPN Install? w/ Private Internet Access

Sun Jul 13, 2014 12:58 am

What's going on, party people...

I'm working on setting Private Internet Access on my RPi Model B by using OpenVPN, but I can't seem to get it to work. I've tried a bunch of different things, which I'll detail below. I've even created a fresh install of Raspbian on a spare SD card and get the same outcome...

Steps --

- Install - apt-get install openvpn

- download config files - wget http://www.privateinternetaccess.com/op ... penvpn.zip

- unzip the contents of openvip.zip to /etc/openvpn

- run - openvpn Switzerlnd.ovpn - at this point, it proceeds to ask for my login info, does a bunch of stuff and seems to connect to something. I'm left with a timestamp and 'Initialization Sequence Completed' and a curser on the next line. I've let it sit like this for awhile, nothing happens. My network monitor gets quiet, so I'm pretty sure it's not doing anything. So I CTRL+C to get out of it. If I do 'curl ifconfig.me' right now, I get my local IP address, not my remote.

Everything from here is a moot point. I've tried going on from here in the multitudes of tutorials, adding my login info to the config file, changing .ovpn to .conf, etc... and come up with this outcome or a RPi that cannot connect to anything.

Again, I've tried this on a fresh install of Raspbian (installed the OS and immediately attempted to install) so I'm pretty sure it's not anything to so with something on my actual build. I feel like I must be missing something big, or something is goofy with my network...

- Should things freeze after 'Initialization Sequence Complete'??? What would cause it to stop here? Is it actually freezing, or am I loosing my SSH connection at this point and it only looks frozen? (but then I wouldn't be able to CTRL+C to stop it...right?)

- Where should the contents of openvpn.zip be put? /etc/openvpn, yeah?

- Is there a setting on my router I should look for?

Any help would be great appreciated. Thanks duders!
Last edited by chris48083 on Sun Jul 13, 2014 4:09 am, edited 1 time in total.

rmurr
Posts: 11
Joined: Sat Jul 12, 2014 10:33 pm

Re: OpenVPN Install?

Sun Jul 13, 2014 2:17 am

Good timing for your question!

I just posted a tutorial on how to set up OpenVPN on the Pi:

http://www.raspberrypi.org/forums/viewt ... 36&t=81657

chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

Re: OpenVPN Install?

Sun Jul 13, 2014 3:19 am

Nice tutorial. If I need to use the Private Internet Access servers, where/when do I incorporate their .ovpn files?

rmurr
Posts: 11
Joined: Sat Jul 12, 2014 10:33 pm

Re: OpenVPN Install?

Sun Jul 13, 2014 3:39 am

I believe in Linux you want to use .conf files, not .ovpn files.

chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

Re: OpenVPN Install?

Sun Jul 13, 2014 3:42 am

Right, so PIA (Private Internet Access) gives you a zip file of a bunch of .ovpn files, which are their different servers. You take the one you want, and change it to .conf.

When would I add this file? Where would I add it?

I think I might be getting ahead of myself. I'm going to run your tutorial from top-down and then try to add the PIA stuff.

rmurr
Posts: 11
Joined: Sat Jul 12, 2014 10:33 pm

Re: OpenVPN Install?

Sun Jul 13, 2014 3:54 am

Ok, just to make sure: the instructions I wrote are mainly for setting up a VPN server - the client side is super simple to set up (with the correct settings). Your last post suggests that you have OpenVPN servers ready to go and just need a client connection, in which case you would just need to work out the client side configurations based on the server info you have.

Or did I misunderstand?

chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

Re: OpenVPN Install?

Sun Jul 13, 2014 4:09 am

I believe you are correct, although I am a VPN n00b...

I'm using PIA to hide all of my traffic, so everything coming and going from my RPi should be a connection with a PIA server out of the country. I suppose in this situation I am the client and PIA is the server.

I *think* the issue has to do with connecting my eth0 and tun0 interfaces to each other? Something about IP-routing tables...

rmurr
Posts: 11
Joined: Sat Jul 12, 2014 10:33 pm

Re: OpenVPN Install? w/ Private Internet Access

Sun Jul 13, 2014 4:23 am

You shouldn't have to mess around with iptables as a client.

If you look at the ovpn file and then compare it with anexample conf file that might give you some clue as to construct a conf file that openvpn will recognize.

As a client, you just enter

Code: Select all

openvpn <path to conf file>
If everything is correct in the conf file it should be all set.

chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

Re: OpenVPN Install? w/ Private Internet Access

Sun Jul 13, 2014 6:12 am

Hmph. This is getting frustrating...

I mean, the conf files look a little different, but they should. I'm not sure if things are OK or not. Here's how mine looks...

Code: Select all

client
dev tun
proto udp
remote swiss.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
presist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem
Do I need to be looking at port forwarding on my router??

rmurr
Posts: 11
Joined: Sat Jul 12, 2014 10:33 pm

Re: OpenVPN Install? w/ Private Internet Access

Sun Jul 13, 2014 1:24 pm

Try putting in the full path of the .pem file and .crt file. It also doesn't look like you have a key. My client file has a line for:
ca
cert
key

No, as a client you don't have to set up port forwarding on your router.

chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

Re: OpenVPN Install? w/ Private Internet Access

Sun Jul 13, 2014 4:32 pm

ah ha! maybe you found something? I'm going to try what you said, although I have to imagine the way the file names are is OK, ca.crt and crl.pem are in the same directory, just like pass.txt, so they should be found. I'll flip all three to full addresses though...

cert - is that remote-cert-tls? If so, this suggest that it should point to a file called 'server,' which does not exists where this zip file does (/etc/openvpn). Maybe that needs to change? Maybe all of these files are in the wrong place?

Added full extensions - same outcome. Crashes after 'Initialization Sequence Complete'

chris48083
Posts: 38
Joined: Thu Aug 08, 2013 1:56 am

Re: OpenVPN Install? w/ Private Internet Access

Wed Jul 16, 2014 4:26 am

:oops: :oops: :cry: :evil: :evil: :evil: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :x :x :x :x

OK. This is annoying level times a thousand. I'm going to walk through each step, if someone would be kind enough to tell me where I'm going wrong that would be great. What I don't understand, is apparently this isn't that difficult, and yet, it just. doesn't. work.

So, I have completely whiped an SD card clean and loaded a fresh insatll of Wheezy Raspbian. The only commands I've run that you don't see here are apt-get update/upgrade. Other than that, this is a 100% stock install.

I am connected to my ISP via a router, which is running static below 192.168.1.199 and handing out IP addresses above .200. The Pi is in DHCP mode (remember? nothing else has been done...).

STEP 1 - 'sudo apt-get insatll openvpn' - should be pretty standard stuff here...

Code: Select all

[email protected] ~ $ sudo apt-get install openvpn
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  liblzo2-2 libpkcs11-helper1
Suggested packages:
  resolvconf
The following NEW packages will be installed:
  liblzo2-2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 569 kB of archives.
After this operation, 1,281 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://mirrordirector.raspbian.org/raspbian/ wheezy/main liblzo2-2 armhf 2.06-1 [56.0 kB]
Get:2 http://mirrordirector.raspbian.org/raspbian/ wheezy/main libpkcs11-helper1 armhf 1.09-1 [46.1 kB]
Get:3 http://mirrordirector.raspbian.org/raspbian/ wheezy/main openvpn armhf 2.2.1-8+deb7u2 [466 kB]
Fetched 569 kB in 1s (397 kB/s)
Preconfiguring packages ...
Selecting previously unselected package liblzo2-2:armhf.
(Reading database ... 69055 files and directories currently installed.)
Unpacking liblzo2-2:armhf (from .../liblzo2-2_2.06-1_armhf.deb) ...
Selecting previously unselected package libpkcs11-helper1:armhf.
Unpacking libpkcs11-helper1:armhf (from .../libpkcs11-helper1_1.09-1_armhf.deb) ...
Selecting previously unselected package openvpn.
Unpacking openvpn (from .../openvpn_2.2.1-8+deb7u2_armhf.deb) ...
Processing triggers for man-db ...
Setting up liblzo2-2:armhf (2.06-1) ...
Setting up libpkcs11-helper1:armhf (1.09-1) ...
Setting up openvpn (2.2.1-8+deb7u2) ...
[ ok ] Restarting virtual private network daemon.:.
[email protected] ~ $ 
STEP 2 - get PIA files and unpack them in /etc/openvpn

Code: Select all

[email protected] ~ $ cd /etc/openvpn
[email protected] /etc/openvpn $ sudo wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
--2014-07-16 04:17:07--  http://www.privateinternetaccess.com/openvpn/openvpn.zip
Resolving www.privateinternetaccess.com (www.privateinternetaccess.com)... 23.7.154.137
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)|23.7.154.137|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.privateinternetaccess.com/openvpn/openvpn.zip [following]
--2014-07-16 04:17:07--  https://www.privateinternetaccess.com/openvpn/openvpn.zip
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)|23.7.154.137|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7307 (7.1K) [application/zip]
Saving to: `openvpn.zip'

100%[======================================>] 7,307       --.-K/s   in 0s      

2014-07-16 04:17:13 (16.3 MB/s) - `openvpn.zip' saved [7307/7307]

[email protected] /etc/openvpn $ sudo unzip openvpn.zip
Archive:  openvpn.zip
  inflating: CA North York.ovpn      
  inflating: CA Toronto.ovpn         
  inflating: France.ovpn             
  inflating: Germany.ovpn            
  inflating: Hong Kong.ovpn          
  inflating: Netherlands.ovpn        
  inflating: Romania.ovpn            
  inflating: Sweden.ovpn             
  inflating: Switzerland.ovpn        
  inflating: UK London.ovpn          
  inflating: UK Southampton.ovpn     
  inflating: US California.ovpn      
  inflating: US East.ovpn            
  inflating: US Florida.ovpn         
  inflating: US Midwest.ovpn         
  inflating: US Seattle.ovpn         
  inflating: US Texas.ovpn           
  inflating: US West.ovpn            
  inflating: ca.crt                  
  inflating: crl.pem                 
[email protected] /etc/openvpn $ 
STEP 3 - Attempt to connect to a server

Code: Select all

[email protected] /etc/openvpn $ sudo openvpn Switzerland.ovpn
Wed Jul 16 04:18:44 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Enter Auth Username:###############
Enter Auth Password:
Wed Jul 16 04:19:10 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jul 16 04:19:10 2014 LZO compression initialized
Wed Jul 16 04:19:10 2014 RESOLVE: NOTE: swiss.privateinternetaccess.com resolves to 4 addresses
Wed Jul 16 04:19:10 2014 UDPv4 link local: [undef]
Wed Jul 16 04:19:10 2014 UDPv4 link remote: [AF_INET]81.17.16.170:1194
Wed Jul 16 04:19:10 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jul 16 04:19:12 2014 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]81.17.16.170:1194
Wed Jul 16 04:19:15 2014 TUN/TAP device tun0 opened
Wed Jul 16 04:19:15 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jul 16 04:19:15 2014 /sbin/ifconfig tun0 10.197.1.6 pointopoint 10.197.1.5 mtu 1500
Wed Jul 16 04:19:15 2014 Initialization Sequence Completed

And this is where it hangs up. I could sit here forever if I wanted to. I never get command line back, unless I CTRL+C or something.

Just for giggles, here's a list of everything in my /etc/openvpn folder -

Code: Select all

[email protected] /etc/openvpn $ ls -l
total 92
-rw-rw-r-- 1 root root 1395 May  8 12:37 ca.crt
-rw-rw-r-- 1 root root  227 May  8 12:37 CA North York.ovpn
-rw-rw-r-- 1 root root  235 May  8 12:37 CA Toronto.ovpn
-rw-r--r-- 1 root root  577 May  8 12:37 crl.pem
-rw-rw-r-- 1 root root  231 May  8 12:37 France.ovpn
-rw-rw-r-- 1 root root  232 May  8 12:37 Germany.ovpn
-rw-rw-r-- 1 root root  227 May  8 12:37 Hong Kong.ovpn
-rw-rw-r-- 1 root root  227 May  8 12:37 Netherlands.ovpn
-rw-r--r-- 1 root root 7307 May 12 22:09 openvpn.zip
-rw-rw-r-- 1 root root  227 May  8 12:37 Romania.ovpn
-rw-rw-r-- 1 root root  231 May  8 12:37 Sweden.ovpn
-rw-rw-r-- 1 root root  230 May  8 12:37 Switzerland.ovpn
-rw-rw-r-- 1 root root  234 May  8 12:37 UK London.ovpn
-rw-rw-r-- 1 root root  239 May  8 12:37 UK Southampton.ovpn
-rwxr-xr-x 1 root root 1357 Oct 12  2013 update-resolv-conf
-rw-rw-r-- 1 root root  238 May  8 12:37 US California.ovpn
-rw-rw-r-- 1 root root  232 May  8 12:37 US East.ovpn
-rw-rw-r-- 1 root root  235 May  8 12:37 US Florida.ovpn
-rw-rw-r-- 1 root root  235 May  8 12:37 US Midwest.ovpn
-rw-rw-r-- 1 root root  235 May  8 12:37 US Seattle.ovpn
-rw-rw-r-- 1 root root  233 May  8 12:37 US Texas.ovpn
-rw-rw-r-- 1 root root  232 May  8 12:37 US West.ovpn
[email protected] /etc/openvpn $ 
and a peak at the .ovpn file

Code: Select all

[email protected] /etc/openvpn $ cat Switzerland.ovpn
client
dev tun
proto udp
remote swiss.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem


[email protected] /etc/openvpn $ 
So does anyone around here have PIA up and running on their RPi? Any pointers?

Edit - I've also killed the process and completed the tutorial, which has you set it up to autostart. This makes it so my Pi doesn't connect to anything outside of the network. I can ping anything localling, but ping www.google.com doesn't work, nor does curl ifconfig.me

Thanks for the help guys.

Cab121
Posts: 2
Joined: Thu Jan 17, 2013 1:30 am

Re: OpenVPN Install? w/ Private Internet Access

Tue Dec 02, 2014 1:59 am

I am in the exact same spot. Not thrilled to find 0 replies to this issue since last July. Hope someone on this vast forum finds this and knows the solution or can point in the right direction. Thanks in advance.

renegaderyu
Posts: 5
Joined: Mon Mar 17, 2014 3:55 am

Re: OpenVPN Install? w/ Private Internet Access

Wed Jan 28, 2015 6:40 am

Cab121 wrote:I am in the exact same spot. Not thrilled to find 0 replies to this issue since last July. Hope someone on this vast forum finds this and knows the solution or can point in the right direction. Thanks in advance.
chris48083 wrote:Edit - I've also killed the process and completed the tutorial, which has you set it up to autostart. This makes it so my Pi doesn't connect to anything outside of the network. I can ping anything localling, but ping http://www.google.com doesn't work, nor does curl ifconfig.me
Whats your /etc/resolv.conf look like before and after you start the openvpn connection?
You might want to try changing your nameservers to PIA's DNS hosts (https://www.privateinternetaccess.com/p ... t-support/) or Google's DNS host (8.8.8.8)

Fletchybaby
Posts: 2
Joined: Thu Feb 02, 2012 9:55 pm

Re: OpenVPN Install? w/ Private Internet Access

Sat Feb 14, 2015 8:51 pm

You're right on the cusp, hang in there! From piecing together various posts I've managed to get mine working. I followed the stuff written here & got to the same point, an unresponsive shell that I had to Ctrl-C out of. Then I found this thread - RiPi's posts are very helpful.
https://www.privateinternetaccess.com/f ... ues-solved

The unresponsive shell is perfectly correct - this is a VPN connection that remains open until the process is halted. If you've started that process from a shell, the shell will be tied up with the OpenVPN process.

Running

Code: Select all

sudo service openvpn start
will start OpenVPN as a service, and allow the shell to continue

The other little gem I've got is to add the line

Code: Select all

log-append /var/log/openvpn.log
into your OpenVPN .conf file.

2 things I'm still struggling with:
- getting OpenVPN to start on boot. init.d script is present and I've run update-rc.d but no joy
- logging for the above ; I've presently got no idea why the service is failing to start on boot

Any gurus with advice on those issues? (as opposed to my amateur hackings)

sirlaughalot
Posts: 1
Joined: Tue Feb 24, 2015 4:04 am

Re: OpenVPN Install? w/ Private Internet Access

Tue Feb 24, 2015 4:13 am

Hi,

So I got to the same part (unresponsive shell) and crtl+C out. I also dind the "sudo service openvpn start", but I/m still stuck with the same ip address and furthermore I still cant actually connect to any page (I'm ping several pages but no response other than whats on my local network).

What can I do? i've followed the tutorials but they all get results after this point and I cant seem to go further.

plantoschka
Posts: 1
Joined: Tue Mar 03, 2015 1:46 pm

Re: OpenVPN Install? w/ Private Internet Access

Tue Mar 03, 2015 1:49 pm

Will OpenVPN speed increase from ArmV7 and Neon optimizations on the Pi2.

OpenVPN works great on my Pi2 but I only get data troughput of about 20Mbit/s. Would be nice if it could be higher with the new instruction set.

Or will it be as fast as the current ArmV6 package?

ayredris75
Posts: 2
Joined: Sat Mar 19, 2016 4:49 pm

Re: OpenVPN Install? w/ Private Internet Access

Sat Mar 19, 2016 10:51 pm

Guys, you must have solved your problems by now, since the messages are from 2014.

I just started with Raspbian, and stuck at that same point. I get connected to PIA, but everything freezes until I Ctr+C, but then there's no PIA.

Please help..

paulv
Posts: 558
Joined: Tue Jan 15, 2013 12:10 pm
Location: Netherlands

Re: OpenVPN Install? w/ Private Internet Access

Sun Mar 20, 2016 6:46 pm

Look here for a very detailed install that is working on a wireless accesspoint all configured on Jessie.

viewtopic.php?f=36&t=139790

Good luck!

Return to “Networking and servers”