Hi guys!
Is there any way to connect my ClearOS router to an external VPN server via PPTP/LP2T/OpenVPN etc protocol? ibVPN app available from the Marketplace doesn't work fine for me.
Many thanks for the help.
Is there any way to connect my ClearOS router to an external VPN server via PPTP/LP2T/OpenVPN etc protocol? ibVPN app available from the Marketplace doesn't work fine for me.
Many thanks for the help.
In VPN
Share this post:
Responses (14)
-
Accepted Answer
-
Accepted Answer
As a hack, it looks like the script is trying to update resolv.conf to insert the DNS server 1.2.3.4. The equivalent file in ClearOS would be /etc/resolv-peerdns.conf.
What you could try is set up ClearOS to use manually configured DNS servers. Choose your current ones then then try adding 1.2.3.4 as a third server. It may make your DNS lookups a little slow as, when the VPN is up, it needs to wait for the first two servers to time out.
You may also just get away with manually configuring your DNS servers to public DNS servers such OpenDNS or GoogleDNS and not even need to add 1.2.3.4. -
Accepted Answer
I'm sorry I can't help much further as I don't want to sign up for a VPN service and I've no idea why it is not working.
The "ping: unknown host www.google.com" suggests your DNS lookups are failing which could be a problem with the update-resolv-conf implementation. Looking at the script, if yours is anything like mine, it will do nothing as the file /sbin/resolvconf does not exist. This will cause the script to exit immediately.
You can try PPTP and IPsec implementations. In both cases look for router implementations (especially with IPsec). -
Accepted Answer
Unfortunately I don't have any connectivity with the Internet from my network. I tried to ping google from the router itself and gotping: unknown host www.google.com
. I also tried another VPN service. I downloaded corresponding OpenVPN configs and tried to feed them to the program. At the end, I got a successful connection but without access to the Internet. I applied your commands as well with a well known result.
So, it is definitely a ClearOS issue with OpenVPN. Maybe it would be easier to establish a PPTP or IPSec connection?
P.S. I've allowed both protocols for OpenVPN in the firewall rules. -
Accepted Answer
It looks like they are pushing the "redirect-gateway def1" when you connect so you should not need it in your config.
I wonder if there is a firewalling issue. ClearOS sets up rules for tun+ but not tap+. To mirror the tun+ rules you'd need:
I don't know if you'd need them as in this case ClearOS is a client and not a server.iptables -w -I INPUT -i tap+ -j ACCEPT
iptables -w -I FORWARD -i tap+ -j ACCEPT
iptables -w -I OUTPUT -o tap+ -j ACCEPT
iptables -w -I POSTROUTING -t nat -o tap+ -j ACCEPT
Do you have any connectivity from either ClearOS or from the LAN to the internet through the tunnel? -
Accepted Answer
I downloaded a configuration for Sabai router. (Basically the only difference is the absence of two lines with update-resolv-conf) Here is my output:
[root@gateway VPN]# openvpn --config ibVPN_Bulgaria_Sofia.ovpn
Sat Feb 11 12:33:04 2017 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Sat Feb 11 12:33:04 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Enter Auth Username: **********************
Enter Auth Password: ********
Sat Feb 11 12:33:46 2017 Socket Buffers: R=[229376->229376] S=[229376->229376]
Sat Feb 11 12:33:47 2017 UDPv4 link local: [undef]
Sat Feb 11 12:33:47 2017 UDPv4 link remote: [AF_INET]185.94.192.26:1196
Sat Feb 11 12:33:47 2017 TLS: Initial packet from [AF_INET]185.94.192.26:1196, sid=522d5668 8a6bbe8c
Sat Feb 11 12:33:47 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Feb 11 12:33:50 2017 VERIFY OK: depth=1, C=RO, ST=MS, L=TirguMures, O=Amplusnet, OU=ibVPN, CN=Amplusnet CA, name=EasyRSA, emailAddress=admin@ibvpn.com
Sat Feb 11 12:33:50 2017 VERIFY OK: nsCertType=SERVER
Sat Feb 11 12:33:50 2017 VERIFY OK: depth=0, C=RO, ST=MS, L=TirguMures, O=Amplusnet, OU=ibVPN, CN=server, name=EasyRSA, emailAddress=admin@ibvpn.com
Sat Feb 11 12:33:52 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Feb 11 12:33:52 2017 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Feb 11 12:33:52 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Feb 11 12:33:52 2017 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Feb 11 12:33:52 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Feb 11 12:33:52 2017 [server] Peer Connection Initiated with [AF_INET]185.94.192.26:1196
Sat Feb 11 12:33:54 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 11 12:33:54 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.10.220.1,ping 10,ping-restart 60,redirect-gateway def1,dhcp-option DNS 1.2.3.4,ifconfig 10.10.220.2 255.255.255.0'
Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: route options modified
Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: route-related options modified
Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Feb 11 12:33:54 2017 ROUTE_GATEWAY 213.57.37.1/255.255.255.0 IFACE=enp3s0 HWADDR=00:e0:b4:17:72:08
Sat Feb 11 12:33:54 2017 TUN/TAP device tap0 opened
Sat Feb 11 12:33:54 2017 TUN/TAP TX queue length set to 100
Sat Feb 11 12:33:54 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Feb 11 12:33:54 2017 /usr/sbin/ip link set dev tap0 up mtu 1500
Sat Feb 11 12:33:54 2017 /usr/sbin/ip addr add dev tap0 10.10.220.2/24 broadcast 10.10.220.255
Sat Feb 11 12:33:56 2017 /usr/sbin/ip route add 185.94.192.26/32 via 213.57.37.1
Sat Feb 11 12:33:56 2017 /usr/sbin/ip route add 0.0.0.0/1 via 10.10.220.1
Sat Feb 11 12:33:56 2017 /usr/sbin/ip route add 128.0.0.0/1 via 10.10.220.1
Sat Feb 11 12:33:56 2017 Initialization Sequence Completed
It seems to be there is no error in my VPN connection. And yes I set up my user_passt.txt file (actually it is set up automatically by their servers when downloading my configs). -
Accepted Answer
-
Accepted Answer
Sorry for confusion, Nick. I simply forgot to copy update-resolv-conf file with the ovpn config.
Now I get a conection with the server but didn't have access to the Internet. Here is my configuration file where I added line "redirect-gateway def1"
remote bg1.ibvpn.com 1196 udp
remote 185.94.192.26 1196 udp
fragment 1300
explicit-exit-notify 3
auth-user-pass user_pass.txt
up 'update-resolv-conf'
down 'update-resolv-conf'
dev tap
server-poll-timeout 20
client
nobind
resolv-retry infinite
auth-retry nointeract
persist-key
persist-tun
cipher AES-256-CBC
auth RSA-SHA512
mute-replay-warnings
comp-lzo
verb 3
mute 20
ns-cert-type server
route-method exe
route-delay 2
script-security 3
reneg-sec 0
redirect-gateway def1
-
Accepted Answer
It looks like you are missing a file update-resolv-conf which I'd have thought you'd find in some of their configs. My remote Raspberry Pi has a file like that, but I've no idea if it is compatible. If it helps, its contents are below:
..... but it is your risk!#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
split_into_parts()
{
part1="$1"
part2="$2"
part3="$3"
}
case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
echo "$option"
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
done
R=""
[ "$SRCHS" ] && R="search $SRCHS
"
for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
;;
down)
/sbin/resolvconf -d "${dev}.openvpn"
;;
esac
In the OpenVPN config you may want to check you have the option "redirect-gateway def1" in your config file. I suspect it is needed to put all traffic through the tunnel. Beyond that, I can't help much. -
Accepted Answer
The instructions for Linux look pretty simple, but I can't get to the underlying files. Whay are you trying to start with the command line and not the ibvpn app?
Indeed they are, and this is exactly what I'm trying to do, to run the openvpn client with a personal config file downloaded from my ibVPN account (openvpn --config config.ovpn). Pretty simple, but I'm getting the above-mentioned error.
With the app I can't get my whole system connected to VPN servers. I can't get it working even with my local PC (in the app you have to pick up a device, connected to the router, which should use the ibVPN service). If I type something like localhost I lose access to the Internet at all. However, as I said before, everything is ok for my laptop, which is a bit weird) -
Accepted Answer
The instructions for Linux look pretty simple, but I can't get to the underlying files. Whay are you trying to start with the command line and not the ibvpn app?
I'm afraid I can't troubleshoot much as the I don't have a user/pass for the ibvpn site. You may need a combination of the Linux and a linux based router config (dd-wrt, tomato etc).
I did try to help another user with PureVPN but the thread fizzled out. They do have router based configs, but it should really be the VPN provider giving support. -
Accepted Answer
Here is an error I get while using openvpn config file:
[root@gateway VPN]# openvpn --config ibVPN-Bulgaria.ovpn
Options error: --up script fails with 'update-resolv-conf': No such file or directory
Options error: Please correct this error.
Use --help for more information.
From my Ubuntu PC everything works fine.
The issue with the ibVPN app is that I can't connect the router itself to a VPN server. Moreover, this app works only with my laptop via wi-fi and doesn't work with my main PC connected by wire. I've been searching for a while for a good instruction or FAQ here in this forum but couldn't find any complete solution. VPN providers usually give to users configuration settings in GUI mode. -
Accepted Answer
I believe ibVPN only uses OpenVPN under the hood. What is the issue?
You should be able to use a number of different VPN providers. A lot of them use OpenVPN underneath, but I don't see why you would not be able to use some other type of VPN. You'd need to try to follow their instructions to get it up and running.

Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »