Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

DNS Leak Test Failing

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

DNS Leak Test Failing

Postby btechgraduate2001 » Sat Aug 13, 2016 2:37 pm

Friends,

I am doing DNS leak test with cryptostorm and seems some different ips [mainly of google] coming in picture for resolving DNS. Here are my iptables configuration

iptables -A OUTPUT -d 212.129.34.154 -j ACCEPT
iptables -A INPUT -s 212.129.34.154 -j ACCEPT
iptables -A OUTPUT -d 212.129.10.40 -j ACCEPT
iptables -A INPUT -s 212.129.10.40 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -j DROP
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A INPUT -j DROP

Now while doing DNS testing i found my ipaddress is of cryptopstorm while DNS IP: 74.125.47.11 which not belongs to cryptostorm. Did i missed any configuration? Also as said i already disabled ipv6 and using UDPv4.

Please help.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Sat Aug 13, 2016 2:51 pm

If you're running Ubuntu or any other Debian based distribution, be sure to follow the instructions at the bottom of https://github.com/cryptostorm/cryptost ... ster/linux to prevent /etc/resolv.conf from being overwritten by dhclient, which will cause DNS leaks.


Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

Re: DNS Leak Test Failing

Postby btechgraduate2001 » Sat Aug 13, 2016 3:53 pm

@DF, I already followed below steps but still dns leak test failing. I have modified below these two files -

1) cryptofree_linux-tcp.ovpn
2) /etc/sysctl.conf

==================================
To disable IPv6 permanently, add to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
===================================

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Sat Aug 13, 2016 4:01 pm

Are you running Ubuntu or some other Debian variant?
If not, it's possible that something else could be replacing /etc/resolv.conf with whatever is pushed via DHCP by your router.

P.S. A cheap fix for that scenario is to put the deepdns IP for the node you're connecting to inside of /etc/resolv.conf then preventing further changes with a `chattr +i /etc/resolv.conf`. That's a bit cumbersome though to do if you change nodes often. Better to find the program that's modifying it and tell it to knock it off.


9218391809182

Re: DNS Leak Test Failing

Postby 9218391809182 » Sun Aug 14, 2016 4:40 am

What would put a google translate IP in resolve.conf??... Weird.


Guest

Re: DNS Leak Test Failing

Postby Guest » Sun Aug 14, 2016 10:35 am

I can't recall exactly why- but I"m sure there's a good reason that IPV6 should be disabled at the kernel level, rather then the interface level- it's a matter of editing grub.cfg - or whatever the sys-d default equivalent is.. grub.d? /etc/default/grub.conf? idk... ixquick it... anyway. the line that starts with linux - usually has 'quiet splash' or 'no splash' at the end- add ipv6.disable=1 at the end. sys-d will revert it if you have the wrong file- and maybe even if you don't (I've had that happen on an update with no warning)- so be aware. -due to this, it seams a good idea to modify your modem/router dns settings after you figure out how the system is allowing dhcp to change them in the first place.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Mon Aug 15, 2016 11:00 am

@9218391809182
That's not a Google translate IP, it's one of the exit/end points for Google's public DNS servers 8.8.8.8 (or 8.8.4.4), which uses load balancing:

[root@b ~]# echo 'nameserver 8.8.8.8' > /etc/resolv.conf
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.47.135
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.73.79
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.47.137
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.47.13


Those commands are looking up the A record for "whoami.cryptostorm.is" using 8.8.8.8 as the DNS server.
whoami.cryptostorm.is is a custom DNS server of ours that responds to all A requests with the IP of the DNS server that made the request.
Useful for checking for DNS leaks without using any websites.
Also to find out what the actual IPs are of something using the type of load balancing mentioned above.
whoami.ultradns.net and whoami.akamai.net also provide this service, if someone doesn't want to use the cryptostorm one.

@Guest
On Ubuntu, changing the line in the file /etc/default/grub from:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

to:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

followed by a `sudo update-grub`, will disable IPv6 at the kernel level on boot, after you reboot.

Using sysctl.conf as I suggest in https://github.com/cryptostorm/cryptost ... ster/linux also disables IPv6 at the kernel level, but without requiring a reboot to take effect. Only a `sysctl -p` is needed.


9218391809182

Re: DNS Leak Test Failing

Postby 9218391809182 » Mon Aug 15, 2016 1:22 pm

@df

Thank you :)


Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

Re: DNS Leak Test Failing

Postby btechgraduate2001 » Wed Aug 24, 2016 2:23 pm

Is it means if i am seeing below IPs while doing DNS leak test it belongs to "whoami.cryptostorm.is" [A custom DNS server of cryptostorm] and there is no any DNS leak. Please correct me.

74.125.73.80
74.125.73.86
74.125.73.75
74.125.47.137
74.125.47.5
74.125.47.150
74.125.47.4
74.125.47.144
74.125.47.11
74.125.47.151
74.125.47.139
74.125.181.204

74.125.47.5
74.125.47.136
74.125.47.12
74.125.47.145
74.125.47.144
74.125.47.146
74.125.47.154
74.125.47.152
74.125.47.11
74.125.47.140
74.125.47.134
74.125.47.147
74.125.47.148
74.125.47.2
74.125.47.3
74.125.47.138
74.125.47.12
74.125.47.130
74.125.47.9
74.125.47.142
74.125.73.86
74.125.73.72
74.125.73.72
74.125.73.70
74.125.73.80
74.125.73.68
74.125.73.86
74.125.73.85
74.125.73.87
74.125.73.67
74.125.73.69
74.125.73.79
74.125.73.75
74.125.73.80
74.125.181.215
74.125.181.217
74.125.181.212

74.125.190.130
74.125.190.135
74.125.190.27
74.125.190.144
74.125.190.3
74.125.190.18

df wrote:@9218391809182
That's not a Google translate IP, it's one of the exit/end points for Google's public DNS servers 8.8.8.8 (or 8.8.4.4), which uses load balancing:

[root@b ~]# echo 'nameserver 8.8.8.8' > /etc/resolv.conf
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.47.135
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.73.79
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.47.137
[root@b ~]# host whoami.cryptostorm.is
whoami.cryptostorm.is has address 74.125.47.13


Those commands are looking up the A record for "whoami.cryptostorm.is" using 8.8.8.8 as the DNS server.
whoami.cryptostorm.is is a custom DNS server of ours that responds to all A requests with the IP of the DNS server that made the request.
Useful for checking for DNS leaks without using any websites.
Also to find out what the actual IPs are of something using the type of load balancing mentioned above.
whoami.ultradns.net and whoami.akamai.net also provide this service, if someone doesn't want to use the cryptostorm one.

@Guest
On Ubuntu, changing the line in the file /etc/default/grub from:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

to:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

followed by a `sudo update-grub`, will disable IPv6 at the kernel level on boot, after you reboot.

Using sysctl.conf as I suggest in https://github.com/cryptostorm/cryptost ... ster/linux also disables IPv6 at the kernel level, but without requiring a reboot to take effect. Only a `sysctl -p` is needed.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Wed Aug 24, 2016 7:31 pm

@btechgraduate2001
No, that IP range is owned by Google:

[root@b ~]# whois 74.125.73.80|grep -E "NetName|Range"
NetRange: 74.125.0.0 - 74.125.255.255
NetName: GOOGLE

So your DNS is still set to either 8.8.8.8 or 8.8.4.4.


Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

Re: DNS Leak Test Failing

Postby btechgraduate2001 » Sun Aug 28, 2016 11:09 am

@df

After so much r&d i came to know that network-manager is updating /etc/resolv.conf. Here is my NetworkManager.conf file:
=================================
[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false
=====================================

Each time when i restart network-manager service it override /etc/resolv.conf with below content :

==============
search Home
nameserver 8.8.8.8
===================

Now after googling i found i should modify NetworkManager.conf with "dns=none" in main section. But after modifying the same now i am getting another error as

Sun Aug 28 11:34:12 2016 us=212VE: Cannot resolve host address: linux-cryptofree.cryptostorm.net: Name or service not known548 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:143 ET:0 EL:3 AF:3/1 ]

This make sense since now there is no any DNS, vpn not able to resolve crypto servers. I also tried to change vpn configuration file by using direct IPs but it also didn't work.

Please help.


Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

Re: DNS Leak Test Failing

Postby btechgraduate2001 » Sun Aug 28, 2016 11:40 am

@DF

Today i also installed "wireshark" to check all network calls and surprisingly after analysis i found whenever i connected to vpn there is no any DNS leaks or can say no any network call with DNS protocol. While when i disconnect vpn i can see DNS traffic. Does it mean my network is not leaking with DNS?

But i still have one doubt when i test with http://dnsleak.com or https://ipleak.net/ it shows me different google ips as i said earlier even i connected with VPN.

Please suggest,

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Sun Aug 28, 2016 2:18 pm

From the NetworkManager.conf manpage:
dns
Set the DNS (resolv.conf) processing mode.

default: The default if the key is not specified. NetworkManager
will update resolv.conf to reflect the nameservers provided by
currently active connections.

dnsmasq: NetworkManager will run dnsmasq as a local caching
nameserver, using a "split DNS" configuration if you are connected
to a VPN, and then update resolv.conf to point to the local
nameserver.

unbound: NetworkManager will talk to unbound and dnssec-triggerd,
providing a "split DNS" configuration with DNSSEC support. The
/etc/resolv.conf will be managed by dnssec-trigger daemon.

none: NetworkManager will not modify resolv.conf.

So setting it to "none" will stop it from modifying resolv.conf, but if resolv.conf doesn't contain any entries then DNS won't work. It sounds like setting it to "default" would cause it to use the correct DNS pushed from the VPN server, but I'm not sure if a DHCP broadcast from the router might change that and cause DNS leaks.

Though none of that should be necessary on Ubuntu.
If you're using /etc/openvpn/update-resolv-conf correctly, it changes resolv.conf as needed to prevent leaks.


Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

Re: DNS Leak Test Failing

Postby btechgraduate2001 » Sun Aug 28, 2016 2:52 pm

@DF

Please also suggest on below:

Today i also installed "wireshark" to check all network calls and surprisingly after analysis i found whenever i connected to vpn there is no any DNS leaks or can say no any network call with DNS protocol. While when i disconnect vpn i can see DNS traffic. Does it mean my network is not leaking with DNS?

But i still have one doubt when i test with http://dnsleak.com or https://ipleak.net/ it shows me different google ips as i said earlier even i connected with VPN.

df wrote:From the NetworkManager.conf manpage:
dns
Set the DNS (resolv.conf) processing mode.

default: The default if the key is not specified. NetworkManager
will update resolv.conf to reflect the nameservers provided by
currently active connections.

dnsmasq: NetworkManager will run dnsmasq as a local caching
nameserver, using a "split DNS" configuration if you are connected
to a VPN, and then update resolv.conf to point to the local
nameserver.

unbound: NetworkManager will talk to unbound and dnssec-triggerd,
providing a "split DNS" configuration with DNSSEC support. The
/etc/resolv.conf will be managed by dnssec-trigger daemon.

none: NetworkManager will not modify resolv.conf.

So setting it to "none" will stop it from modifying resolv.conf, but if resolv.conf doesn't contain any entries then DNS won't work. It sounds like setting it to "default" would cause it to use the correct DNS pushed from the VPN server, but I'm not sure if a DHCP broadcast from the router might change that and cause DNS leaks.

Though none of that should be necessary on Ubuntu.
If you're using /etc/openvpn/update-resolv-conf correctly, it changes resolv.conf as needed to prevent leaks.


Topic Author
btechgraduate2001
Posts: 24
Joined: Thu May 14, 2015 11:02 pm

Re: DNS Leak Test Failing

Postby btechgraduate2001 » Sun Aug 28, 2016 3:04 pm

@DF

Please also suggest on below:

Today i also installed "wireshark" to check all network calls and surprisingly after analysis i found whenever i connected to vpn there is no any DNS leaks or can say no any network call with DNS protocol. While when i disconnect vpn i can see DNS traffic. Does it mean my network is not leaking with DNS?

But i still have one doubt when i test with http://dnsleak.com or https://ipleak.net/ it shows me different google ips as i said earlier even i connected with VPN.

df wrote:From the NetworkManager.conf manpage:
dns
Set the DNS (resolv.conf) processing mode.

default: The default if the key is not specified. NetworkManager
will update resolv.conf to reflect the nameservers provided by
currently active connections.

dnsmasq: NetworkManager will run dnsmasq as a local caching
nameserver, using a "split DNS" configuration if you are connected
to a VPN, and then update resolv.conf to point to the local
nameserver.

unbound: NetworkManager will talk to unbound and dnssec-triggerd,
providing a "split DNS" configuration with DNSSEC support. The
/etc/resolv.conf will be managed by dnssec-trigger daemon.

none: NetworkManager will not modify resolv.conf.

So setting it to "none" will stop it from modifying resolv.conf, but if resolv.conf doesn't contain any entries then DNS won't work. It sounds like setting it to "default" would cause it to use the correct DNS pushed from the VPN server, but I'm not sure if a DHCP broadcast from the router might change that and cause DNS leaks.

Though none of that should be necessary on Ubuntu.
If you're using /etc/openvpn/update-resolv-conf correctly, it changes resolv.conf as needed to prevent leaks.


phonky

Re: DNS Leak Test Failing

Postby phonky » Tue Aug 30, 2016 1:17 am

I have quite the same issue so i guess i'll post here.

Im using Xubuntu 15.10, added

Code: Select all

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

to the bottom of the *ovpn config i am using, disabled ipv6.

When i connect, cat /etc/resolv.conf still shows

Code: Select all

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search fritz.box


DNS leakchecking sites show a strange mix of CS's DNS Servers and my ISP's at first, after some time only my ISP's DNS servers remain.

I dont want to copyprotect my resolv.conf but I got no idea what I am missing at the moment and would be glad if someone helped me.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Sat Sep 03, 2016 6:46 am

@phonky
Does Xubuntu come with an /etc/openvpn/update-resolv-conf script?
It might also be useful to change your ovpn config's "verb" line to something higher (5 or 6) so that your log gets more information.

@btechgraduate2001
If I understand you correctly, you're saying that you see DNS packets in wireshark when NOT connected to the VPN.
If so, that's normal, but it might be a security or anonymity risk, depending on your threat model.
To protect your pre-connect DNS, install dnscrypt-proxy from https://dnscrypt.org/ and either use our list of DNSCrypt resolvers from https://github.com/cryptostorm/cstorm_d ... olvers.csv or just use the official list that comes with DNSCrypt (most of our servers are already in there).


phonky

Re: DNS Leak Test Failing

Postby phonky » Mon Sep 05, 2016 10:50 pm

Does Xubuntu come with an /etc/openvpn/update-resolv-conf script?
It might also be useful to change your ovpn config's "verb" line to something higher (5 or 6) so that your log gets more information.

Code: Select all

sw00f@sw00f:~$ grep VPN /var/log/syslog
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  Starting VPN service 'openvpn'...
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3819
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN plugin state changed: init (1)
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN plugin state changed: starting (3)
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 10:42:29 sw00f NetworkManager[814]: <warn>  VPN plugin failed: connect-failed (1)
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN plugin state changed: stopped (6)
Sep  5 10:42:29 sw00f NetworkManager[814]: <info>  VPN plugin state change reason: unknown (0)
Sep  5 10:42:29 sw00f NetworkManager[814]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Sep  5 10:42:36 sw00f NetworkManager[814]: <info>  VPN plugin state changed: starting (3)
Sep  5 10:42:36 sw00f NetworkManager[814]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 10:42:36 sw00f NetworkManager[814]: <warn>  VPN plugin failed: connect-failed (1)
Sep  5 10:42:36 sw00f NetworkManager[814]: <info>  VPN plugin state changed: stopped (6)
Sep  5 10:42:36 sw00f NetworkManager[814]: <info>  VPN plugin state change reason: unknown (0)
Sep  5 10:42:36 sw00f NetworkManager[814]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Sep  5 10:42:55 sw00f NetworkManager[3867]: <info>  VPN: loaded org.freedesktop.NetworkManager.openvpn
Sep  5 10:42:55 sw00f NetworkManager[3867]: <info>  VPN: loaded org.freedesktop.NetworkManager.pptp
Sep  5 10:42:56 sw00f NetworkManager[3867]: <info>  VPN service 'openvpn' disappeared
Sep  5 10:43:02 sw00f NetworkManager[3867]: <info>  Starting VPN service 'openvpn'...
Sep  5 10:43:02 sw00f NetworkManager[3867]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3947
Sep  5 10:43:02 sw00f NetworkManager[3867]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 10:43:03 sw00f NetworkManager[3867]: <info>  VPN plugin state changed: starting (3)
Sep  5 10:43:03 sw00f NetworkManager[3867]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 10:43:03 sw00f NetworkManager[3867]: <warn>  VPN plugin failed: connect-failed (1)
Sep  5 10:43:03 sw00f NetworkManager[3867]: <info>  VPN plugin state changed: stopped (6)
Sep  5 10:43:03 sw00f NetworkManager[3867]: <info>  VPN plugin state change reason: unknown (0)
Sep  5 10:43:03 sw00f NetworkManager[3867]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Sep  5 10:43:17 sw00f NetworkManager[4025]: <info>  VPN: loaded org.freedesktop.NetworkManager.openvpn
Sep  5 10:43:17 sw00f NetworkManager[4025]: <info>  VPN: loaded org.freedesktop.NetworkManager.pptp
Sep  5 10:43:22 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: starting (3)
Sep  5 10:43:22 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 10:43:22 sw00f NetworkManager[4025]: <warn>  VPN plugin failed: connect-failed (1)
Sep  5 10:43:22 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: stopped (6)
Sep  5 10:43:22 sw00f NetworkManager[4025]: <info>  VPN plugin state change reason: unknown (0)
Sep  5 10:43:22 sw00f NetworkManager[4025]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Sep  5 10:43:42 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' disappeared
Sep  5 10:43:46 sw00f NetworkManager[4025]: <info>  Starting VPN service 'openvpn'...
Sep  5 10:43:46 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 4123
Sep  5 10:43:46 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 10:43:47 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: starting (3)
Sep  5 10:43:47 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 10:43:47 sw00f nm-openvpn[4129]: OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul  8 2015
Sep  5 10:43:50 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) reply received.
Sep  5 10:43:50 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (IP4 Config Get) reply received.
Sep  5 10:43:50 sw00f NetworkManager[4025]: <info>  VPN Gateway: 212.129.10.40
Sep  5 10:43:50 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: started (4)
Sep  5 10:43:50 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) complete.
Sep  5 10:47:27 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' disappeared
Sep  5 10:50:55 sw00f NetworkManager[4025]: <info>  Starting VPN service 'openvpn'...
Sep  5 10:50:55 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 4506
Sep  5 10:50:55 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 10:50:55 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: init (1)
Sep  5 10:50:55 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: starting (3)
Sep  5 10:50:55 sw00f nm-openvpn[4512]: OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul  8 2015
Sep  5 10:50:55 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 10:50:59 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) reply received.
Sep  5 10:50:59 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (IP4 Config Get) reply received.
Sep  5 10:50:59 sw00f NetworkManager[4025]: <info>  VPN Gateway: 212.129.10.40
Sep  5 10:50:59 sw00f NetworkManager[4025]: <info>  VPN plugin state changed: started (4)
Sep  5 10:50:59 sw00f NetworkManager[4025]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) complete.
Sep  5 10:52:53 sw00f NetworkManager[4025]: <info>  VPN service 'openvpn' disappeared
Sep  5 11:06:11 sw00f NetworkManager[4882]: <info>  VPN: loaded org.freedesktop.NetworkManager.openvpn
Sep  5 11:06:11 sw00f NetworkManager[4882]: <info>  VPN: loaded org.freedesktop.NetworkManager.pptp
Sep  5 11:11:53 sw00f NetworkManager[4882]: <info>  Starting VPN service 'openvpn'...
Sep  5 11:11:53 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 4998
Sep  5 11:11:53 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 11:11:53 sw00f NetworkManager[4882]: <info>  VPN plugin state changed: starting (3)
Sep  5 11:11:53 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 11:11:53 sw00f nm-openvpn[5005]: OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul  8 2015
Sep  5 11:11:57 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) reply received.
Sep  5 11:11:57 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (IP4 Config Get) reply received.
Sep  5 11:11:57 sw00f NetworkManager[4882]: <info>  VPN Gateway: 212.129.10.40
Sep  5 11:11:57 sw00f NetworkManager[4882]: <info>  VPN plugin state changed: started (4)
Sep  5 11:11:57 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) complete.
Sep  5 11:16:30 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' disappeared
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  Starting VPN service 'openvpn'...
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 5333
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  VPN plugin state changed: starting (3)
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 11:17:57 sw00f NetworkManager[4882]: <warn>  VPN plugin failed: connect-failed (1)
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  VPN plugin state changed: stopped (6)
Sep  5 11:17:57 sw00f NetworkManager[4882]: <info>  VPN plugin state change reason: unknown (0)
Sep  5 11:17:57 sw00f NetworkManager[4882]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Sep  5 11:18:17 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' disappeared
Sep  5 11:18:17 sw00f NetworkManager[4882]: <info>  Starting VPN service 'openvpn'...
Sep  5 11:18:17 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 5355
Sep  5 11:18:17 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 11:18:17 sw00f NetworkManager[4882]: <info>  VPN plugin state changed: starting (3)
Sep  5 11:18:17 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 11:18:17 sw00f nm-openvpn[5361]: OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul  8 2015
Sep  5 11:18:22 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) reply received.
Sep  5 11:18:22 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (IP4 Config Get) reply received.
Sep  5 11:18:22 sw00f NetworkManager[4882]: <info>  VPN Gateway: 212.129.10.40
Sep  5 11:18:22 sw00f NetworkManager[4882]: <info>  VPN plugin state changed: started (4)
Sep  5 11:18:22 sw00f NetworkManager[4882]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) complete.
Sep  5 11:23:27 sw00f NetworkManager[4882]: <info>  VPN service 'openvpn' disappeared
Sep  5 18:23:14 sw00f systemd[1]: Starting OpenVPN service...
Sep  5 18:23:14 sw00f NetworkManager[819]: <info>  VPN: loaded org.freedesktop.NetworkManager.openvpn
Sep  5 18:23:14 sw00f NetworkManager[819]: <info>  VPN: loaded org.freedesktop.NetworkManager.pptp
Sep  5 18:23:14 sw00f systemd[1]: Started OpenVPN service.
Sep  5 19:45:06 sw00f NetworkManager[819]: <info>  Starting VPN service 'openvpn'...
Sep  5 19:45:06 sw00f NetworkManager[819]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2445
Sep  5 19:45:06 sw00f NetworkManager[819]: <info>  VPN service 'openvpn' appeared; activating connections
Sep  5 19:45:06 sw00f NetworkManager[819]: <info>  VPN plugin state changed: starting (3)
Sep  5 19:45:06 sw00f NetworkManager[819]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  5 19:45:06 sw00f nm-openvpn[2453]: OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul  8 2015
Sep  5 19:45:09 sw00f NetworkManager[819]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) reply received.
Sep  5 19:45:09 sw00f NetworkManager[819]: <info>  VPN connection 'cryptofree_linux-tcp' (IP4 Config Get) reply received.
Sep  5 19:45:09 sw00f NetworkManager[819]: <info>  VPN Gateway: 212.129.10.40
Sep  5 19:45:09 sw00f NetworkManager[819]: <info>  VPN plugin state changed: started (4)
Sep  5 19:45:09 sw00f NetworkManager[819]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) complete.


The logs aren't too helpful either. Do I need iptables?

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Tue Sep 06, 2016 11:55 am

@phonky
Looks like there's no OpenVPN data in your syslog, just NetworkManager data.
Change the "verb" line in your config file to "verb 5" or "verb 6" for more verbosity in the logs, and you also might need to add the directive "log-append /var/log/openvpn.log" so that log data will be appended to /var/log/openvpn.log instead of syslog, to make it easier to read OpenVPN errors.


phonky

Re: DNS Leak Test Failing

Postby phonky » Tue Sep 06, 2016 10:24 pm

Here's the conf I imported in Network Manager:

Code: Select all

dev tun
log-append /var/log/openvpn.log
resolv-retry 16
nobind
float
txqueuelen 686
remote-random
remote linux-cryptofree.cryptostorm.net 443 tcp
remote linux-cryptofree.cryptostorm.org 443 tcp
remote linux-cryptofree.cryptokens.ca 443 tcp
remote linux-cryptofree.cstorm.pw 443 tcp
remote linux-cryptofree.cryptostorm.nu 443 tcp
comp-lzo
down-pre
allow-pull-fqdn
hand-window 37
auth-user-pass
ca ca.crt
<ca>
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----
</ca>
ns-cert-type server
auth SHA512
cipher AES-256-CBC
replay-window 128 30
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-client
key-method 2
#log devnull.txt
verb 6
mute 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


Unfortunately, no log file gets created. At first I thought the line
log devnull.txt was to blame, so i edited it out. This didn't change a thing though..

However, the devnull.txt reads

Code: Select all

Options error: --down script fails with '/etc/openvpn/update-resolv-confclient': No such file or directory



Here's the syslog output though..

Code: Select all

Sep  6 19:10:34 sw00f NetworkManager[796]: nm-openvpn-Message: openvpn started with pid 8558
Sep  6 19:10:34 sw00f NetworkManager[796]: <info>  VPN connection 'cryptofree_linux-tcp' (ConnectInteractive) reply received.
Sep  6 19:10:34 sw00f nm-openvpn[8558]: OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul  8 2015
Sep  6 19:10:34 sw00f nm-openvpn[8558]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Sep  6 19:10:34 sw00f nm-openvpn[8558]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sep  6 19:10:34 sw00f nm-openvpn[8558]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep  6 19:10:34 sw00f nm-openvpn[8558]: UDPv4 link local: [undef]
Sep  6 19:10:34 sw00f nm-openvpn[8558]: UDPv4 link remote: [AF_INET]212.129.34.154:443
Sep  6 19:10:35 sw00f nm-openvpn[8558]: [server] Peer Connection Initiated with [AF_INET]212.129.34.154:443
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): new Tun device (carrier: OFF, driver: 'tun', ifindex: 11)
Sep  6 19:10:37 sw00f nm-openvpn[8558]: TUN/TAP device tun0 opened
Sep  6 19:10:37 sw00f nm-openvpn[8558]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1602 10.55.0.3 255.255.0.0 init
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) reply received.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  VPN connection 'cryptofree_linux-tcp' (IP4 Config Get) reply received.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  VPN Gateway: 212.129.34.154
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  Tunnel Device: tun0
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  IPv4 configuration:
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Internal Gateway: 10.55.0.1
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Internal Address: 10.55.0.3
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Internal Prefix: 16
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Internal Point-to-Point Address: 0.0.0.0
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Maximum Segment Size (MSS): 0
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Forbid Default Route: no
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    Internal DNS: 212.83.175.31
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>    DNS Domain: '(none)'
Sep  6 19:10:37 sw00f nm-openvpn[8558]: Initialization Sequence Completed
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  No IPv6 configuration
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  VPN plugin state changed: started (4)
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  VPN connection 'cryptofree_linux-tcp' (IP Config Get) complete.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): link connected
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  NetworkManager state is now CONNECTED_LOCAL
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Sep  6 19:10:37 sw00f whoopsie[813]: [19:10:37] offline
Sep  6 19:10:37 sw00f dnsmasq[1066]: vorgelagerte Server von DBus gesetzt
Sep  6 19:10:37 sw00f dnsmasq[1066]: Benutze Namensserver 212.83.175.31#53
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  Writing DNS information to /sbin/resolvconf
Sep  6 19:10:37 sw00f dbus[800]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  keyfile: add connection in-memory (d161110b-c5b3-4646-8f15-f9ad59e7d6d0,"tun0")
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Sep  6 19:10:37 sw00f systemd[1]: Starting Network Manager Script Dispatcher Service...
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  Device 'tun0' has no connection; scheduling activate_check in 0 seconds.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): Activation: starting connection 'tun0' (d161110b-c5b3-4646-8f15-f9ad59e7d6d0)
Sep  6 19:10:37 sw00f whoopsie[813]: [19:10:37] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/17
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: prepare -> config (reason 'none') [40 50 0]
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: config -> ip-config (reason 'none') [50 70 0]
Sep  6 19:10:37 sw00f dbus[800]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Sep  6 19:10:37 sw00f nm-dispatcher: Dispatching action 'vpn-up' for tun0
Sep  6 19:10:37 sw00f systemd[1]: Started Network Manager Script Dispatcher Service.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Sep  6 19:10:37 sw00f whoopsie[813]: [19:10:37] Not a paid data plan: /org/freedesktop/NetworkManager/ActiveConnection/17
Sep  6 19:10:37 sw00f whoopsie[813]: [19:10:37] Found usable connection: /org/freedesktop/NetworkManager/ActiveConnection/17
Sep  6 19:10:37 sw00f whoopsie[813]: [19:10:37] online
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  NetworkManager state is now CONNECTED_LOCAL
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  Policy set 'tun0' (tun0) as default for IPv4 routing and DNS.
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  Writing DNS information to /sbin/resolvconf
Sep  6 19:10:37 sw00f dnsmasq[1066]: vorgelagerte Server von DBus gesetzt
Sep  6 19:10:37 sw00f dnsmasq[1066]: Benutze Namensserver 212.83.175.31#53
Sep  6 19:10:37 sw00f dnsmasq[1066]: Benutze Namensserver 192.168.178.1#53
Sep  6 19:10:37 sw00f NetworkManager[796]: <info>  (tun0): Activation: successful, device activated.
Sep  6 19:10:38 sw00f nm-dispatcher: Dispatching action 'up' for tun0
Sep  6 19:10:38 sw00f whoopsie[813]: [19:10:38] offlineNetworkManager
Sep  6 19:10:38 sw00f whoopsie[813]: [19:10:38] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/18
Sep  6 19:10:38 sw00f whoopsie[813]: [19:10:38] Network connection may be a paid data plan: /org/freedesktop//Devices/10


I really appreciate any help, thanks!

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: DNS Leak Test Failing

Postby df » Sun Sep 11, 2016 7:49 am

@phonky
That doesn't make any sense...
Your config has in it:
down /etc/openvpn/update-resolv-conf
but the error:
Options error: --down script fails with '/etc/openvpn/update-resolv-confclient': No such file or directory
means that it's trying to execute /etc/openvpn/update-resolv-confclient, which doesn't exist.

Not sure why that extra "client" part gets added to the end, but a cheap fix would be to just copy /etc/openvpn/update-resolv-conf over to /etc/openvpn/update-resolv-confclient

EDIT:
Also, you shouldn't be using TCP unless you absolutely need to (maybe to bypass a simple firewall that blocks OpenVPN on UDP). UDP is usually the better choice with OpenVPN - http://sites.inka.de/bigred/devel/tcp-tcp.html

You're also using the cryptofree server(s). If you bought a token then you should be using one of the paid nodes.
The free one has the bandwidth capped and doesn't include some of the extra features the paid nodes have (like transparent .onion access, etc.).


Return to “member support & tech assistance”

Who is online

Users browsing this forum: No registered users and 22 guests

Login