Maybe @Darryl Sokoloski can help

I believe the problem is not in DNS since I cannot ping any IP address in the Internet as well. Will try to check a PPTP connection.

As a hack, it looks like the script is trying to update resolv.conf to insert the DNS server 1.2.3.4. The equivalent file in ClearOS would be /etc/resolv-peerdns.conf.

What you could try is set up ClearOS to use manually configured DNS servers. Choose your current ones then then try adding 1.2.3.4 as a third server. It may make your DNS lookups a little slow as, when the VPN is up, it needs to wait for the first two servers to time out.

You may also just get away with manually configuring your DNS servers to public DNS servers such OpenDNS or GoogleDNS and not even need to add 1.2.3.4.

I'm sorry I can't help much further as I don't want to sign up for a VPN service and I've no idea why it is not working.

The "ping: unknown host www.google.com"; suggests your DNS lookups are failing which could be a problem with the update-resolv-conf implementation. Looking at the script, if yours is anything like mine, it will do nothing as the file /sbin/resolvconf does not exist. This will cause the script to exit immediately.

You can try PPTP and IPsec implementations. In both cases look for router implementations (especially with IPsec).

Unfortunately I don't have any connectivity with the Internet from my network. I tried to ping google from the router itself and got

ping: unknown host www.google.com

. I also tried another VPN service. I downloaded corresponding OpenVPN configs and tried to feed them to the program. At the end, I got a successful connection but without access to the Internet. I applied your commands as well with a well known result.

So, it is definitely a ClearOS issue with OpenVPN. Maybe it would be easier to establish a PPTP or IPSec connection?

P.S. I've allowed both protocols for OpenVPN in the firewall rules.

It looks like they are pushing the "redirect-gateway def1" when you connect so you should not need it in your config.

I wonder if there is a firewalling issue. ClearOS sets up rules for tun+ but not tap+. To mirror the tun+ rules you'd need:

iptables -w -I INPUT -i tap+ -j ACCEPT

iptables -w -I FORWARD -i tap+ -j ACCEPT

iptables -w -I OUTPUT -o tap+ -j ACCEPT

iptables -w -I POSTROUTING -t nat  -o tap+ -j ACCEPT

I don't know if you'd need them as in this case ClearOS is a client and not a server.

Do you have any connectivity from either ClearOS or from the LAN to the internet through the tunnel?

I downloaded a configuration for Sabai router. (Basically the only difference is the absence of two lines with update-resolv-conf) Here is my output:

[root@gateway VPN]# openvpn --config ibVPN_Bulgaria_Sofia.ovpn

Sat Feb 11 12:33:04 2017 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov  3 2016

Sat Feb 11 12:33:04 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06

Enter Auth Username: **********************

Enter Auth Password: ********

Sat Feb 11 12:33:46 2017 Socket Buffers: R=[229376->229376] S=[229376->229376]

Sat Feb 11 12:33:47 2017 UDPv4 link local: [undef]

Sat Feb 11 12:33:47 2017 UDPv4 link remote: [AF_INET]185.94.192.26:1196

Sat Feb 11 12:33:47 2017 TLS: Initial packet from [AF_INET]185.94.192.26:1196, sid=522d5668 8a6bbe8c

Sat Feb 11 12:33:47 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Sat Feb 11 12:33:50 2017 VERIFY OK: depth=1, C=RO, ST=MS, L=TirguMures, O=Amplusnet, OU=ibVPN, CN=Amplusnet CA, name=EasyRSA, emailAddress=admin@ibvpn.com

Sat Feb 11 12:33:50 2017 VERIFY OK: nsCertType=SERVER

Sat Feb 11 12:33:50 2017 VERIFY OK: depth=0, C=RO, ST=MS, L=TirguMures, O=Amplusnet, OU=ibVPN, CN=server, name=EasyRSA, emailAddress=admin@ibvpn.com

Sat Feb 11 12:33:52 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Sat Feb 11 12:33:52 2017 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication

Sat Feb 11 12:33:52 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Sat Feb 11 12:33:52 2017 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication

Sat Feb 11 12:33:52 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Feb 11 12:33:52 2017 [server] Peer Connection Initiated with [AF_INET]185.94.192.26:1196

Sat Feb 11 12:33:54 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Sat Feb 11 12:33:54 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.10.220.1,ping 10,ping-restart 60,redirect-gateway def1,dhcp-option DNS 1.2.3.4,ifconfig 10.10.220.2 255.255.255.0'

Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: timers and/or timeouts modified

Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: --ifconfig/up options modified

Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: route options modified

Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: route-related options modified

Sat Feb 11 12:33:54 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sat Feb 11 12:33:54 2017 ROUTE_GATEWAY 213.57.37.1/255.255.255.0 IFACE=enp3s0 HWADDR=00:e0:b4:17:72:08

Sat Feb 11 12:33:54 2017 TUN/TAP device tap0 opened

Sat Feb 11 12:33:54 2017 TUN/TAP TX queue length set to 100

Sat Feb 11 12:33:54 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sat Feb 11 12:33:54 2017 /usr/sbin/ip link set dev tap0 up mtu 1500

Sat Feb 11 12:33:54 2017 /usr/sbin/ip addr add dev tap0 10.10.220.2/24 broadcast 10.10.220.255

Sat Feb 11 12:33:56 2017 /usr/sbin/ip route add 185.94.192.26/32 via 213.57.37.1

Sat Feb 11 12:33:56 2017 /usr/sbin/ip route add 0.0.0.0/1 via 10.10.220.1

Sat Feb 11 12:33:56 2017 /usr/sbin/ip route add 128.0.0.0/1 via 10.10.220.1

Sat Feb 11 12:33:56 2017 Initialization Sequence Completed

It seems to be there is no error in my VPN connection. And yes I set up my user_passt.txt file (actually it is set up automatically by their servers when downloading my configs).

Can you download a router config from ibVPN and have a look at it. On PureVPN they don't use "redirect-gateway def1" so perhaps it is not needed. What they do use is "route 0.0.0.0 0.0.0.0"

Have you also set up your user_pass.txt file? Do your logs (/var/log/messages) give any errors?

Sorry for confusion, Nick. I simply forgot to copy update-resolv-conf file with the ovpn config.

Now I get a conection with the server but didn't have access to the Internet. Here is my configuration file where I added line "redirect-gateway def1"

remote bg1.ibvpn.com 1196 udp

remote 185.94.192.26 1196 udp

fragment 1300

explicit-exit-notify 3

auth-user-pass user_pass.txt

up 'update-resolv-conf'

down 'update-resolv-conf'

dev tap

server-poll-timeout 20

client

nobind

resolv-retry infinite

auth-retry nointeract

persist-key

persist-tun

cipher AES-256-CBC

auth RSA-SHA512

mute-replay-warnings

comp-lzo

verb 3

mute 20

ns-cert-type server

route-method exe

route-delay 2

script-security 3

reneg-sec 0

redirect-gateway def1

It looks like you are missing a file update-resolv-conf which I'd have thought you'd find in some of their configs. My remote Raspberry Pi has a file like that, but I've no idea if it is compatible. If it helps, its contents are below:

#!/bin/bash

# 

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.

# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 

# 

# Example envs set from openvpn:

#

#     foreign_option_1='dhcp-option DNS 193.43.27.132'

#     foreign_option_2='dhcp-option DNS 193.43.27.133'

#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

#



[ -x /sbin/resolvconf ] || exit 0

[ "$script_type" ] || exit 0

[ "$dev" ] || exit 0



split_into_parts()

{

	part1="$1"

	part2="$2"

	part3="$3"

}



case "$script_type" in

  up)

	NMSRVRS=""

	SRCHS=""

	for optionvarname in ${!foreign_option_*} ; do

		option="${!optionvarname}"

		echo "$option"

		split_into_parts $option

		if [ "$part1" = "dhcp-option" ] ; then

			if [ "$part2" = "DNS" ] ; then

				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"

			elif [ "$part2" = "DOMAIN" ] ; then

				SRCHS="${SRCHS:+$SRCHS }$part3"

			fi

		fi

	done

	R=""

	[ "$SRCHS" ] && R="search $SRCHS

"

	for NS in $NMSRVRS ; do

        	R="${R}nameserver $NS

"

	done

	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"

	;;

  down)

	/sbin/resolvconf -d "${dev}.openvpn"

	;;

esac

..... but it is your risk!

In the OpenVPN config you may want to check you have the option "redirect-gateway def1" in your config file. I suspect it is needed to put all traffic through the tunnel. Beyond that, I can't help much.

The instructions for Linux look pretty simple, but I can't get to the underlying files. Whay are you trying to start with the command line and not the ibvpn app?

Indeed they are, and this is exactly what I'm trying to do, to run the openvpn client with a personal config file downloaded from my ibVPN account (openvpn --config config.ovpn). Pretty simple, but I'm getting the above-mentioned error.

With the app I can't get my whole system connected to VPN servers. I can't get it working even with my local PC (in the app you have to pick up a device, connected to the router, which should use the ibVPN service). If I type something like localhost I lose access to the Internet at all. However, as I said before, everything is ok for my laptop, which is a bit weird)

The instructions for Linux look pretty simple, but I can't get to the underlying files. Whay are you trying to start with the command line and not the ibvpn app?

I'm afraid I can't troubleshoot much as the I don't have a user/pass for the ibvpn site. You may need a combination of the Linux and a linux based router config (dd-wrt, tomato etc).

I did try to help another user with PureVPN but the thread fizzled out. They do have router based configs, but it should really be the VPN provider giving support.

Here is an error I get while using openvpn config file:

[root@gateway VPN]# openvpn --config ibVPN-Bulgaria.ovpn 

Options error: --up script fails with 'update-resolv-conf': No such file or directory

Options error: Please correct this error.

Use --help for more information.

From my Ubuntu PC everything works fine.

The issue with the ibVPN app is that I can't connect the router itself to a VPN server. Moreover, this app works only with my laptop via wi-fi and doesn't work with my main PC connected by wire. I've been searching for a while for a good instruction or FAQ here in this forum but couldn't find any complete solution. VPN providers usually give to users configuration settings in GUI mode.

I believe ibVPN only uses OpenVPN under the hood. What is the issue?

You should be able to use a number of different VPN providers. A lot of them use OpenVPN underneath, but I don't see why you would not be able to use some other type of VPN. You'd need to try to follow their instructions to get it up and running.