Installed the vpn
Rebooted
#su spot
#riseup-vpn
GUI runs but firewall and VPN fails
Anyone have it running?
riseup-vpn errors (BookwormPup64 10.0.4)
Moderator: Forum moderators
-
- Posts: 68
- Joined: Fri Nov 06, 2020 8:55 pm
- Location: Halifax, NS Canada
- Has thanked: 28 times
- Been thanked: 12 times
- Contact:
riseup-vpn errors (BookwormPup64 10.0.4)
Reason: added exact Puppy version to the subject
On-line since 1992
long time Linux & puppy Linux user
volunteer & supporter
- bigpup
- Moderator
- Posts: 6975
- Joined: Tue Jul 14, 2020 11:19 pm
- Location: Earth, South Eastern U.S.
- Has thanked: 902 times
- Been thanked: 1520 times
Re: riseup-vpn errors
What exact version of BookwormPup????
How did you do the install of VPN?
The things you do not tell us, are usually the clue to fixing the problem.
When I was a kid, I wanted to be older.
This is not what I expected
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors
Try this bash script with YAD GUI, you will need to install openvpn from the ppm repo, and make sure your puppy does not have the ipv6 tools/modules blacklisted (most don't). As always, use at your own risk,
Reason: Changed the attached file to a pet. Pets can be attached as long as they are not bigger than allowed max attachment size
Re: riseup-vpn errors
@xx_T3n0ch_X
Thanks for this
Works in Fossapup64-95, straight from the menu entry.
I did notice there was an initial comment/warning when it first connected and I added an additional line to my config file.
It works fine, but am a little unsure as if it is correct.
Any advice?
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors
Jasper wrote: ↑Tue Jan 02, 2024 8:54 am@xx_T3n0ch_X
Thanks for this
Works in Fossapup64-95, straight from the menu entry.
I did notice there was an initial comment/warning when it first connected and I added an additional line to my config file.
It works fine, but am a little unsure as if it is correct.
Any advice?
Yes it will be fine.
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors
I'm glad it worked, if any of you reading this know about VPNs and OPENVPN, and how to improve the configuration file, let me know to include the changes.
Re: riseup-vpn errors
@xx_T3n0ch_X
Is it possible to resize the gui?
The two columns on the initial screen are large. On the LHS it says "Connect" and I have forgotten already what it said on the RHS
I did try to resize the dialog box but dragging the cursor from the top corners did not allow me to do so.
<EDIT>
I have compiled OpenVPN 2.6.8 for Fossapup64-95 and from memory it needs to be compiled alongside OpenSSL.
Fossapup64-5 uses a discontinued build version ie 1.x. Bookworm users have the latest 3.x build included.
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors
Jasper wrote: ↑Tue Jan 02, 2024 9:09 am@xx_T3n0ch_X
Is it possible to resize the gui?
The two columns on the initial screen are large. On the LHS it says "Connect" and I have forgotten already what it said on the RHS
I did try to resize the dialog box but dragging the cursor from the top corners did not allow me to do so.
in the file: riseupvpny, locate user_settings, remove --center to be able to change size with the mouse, or keep --center and adjust size to your liking by modifying --width and --height
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors
That is the one that draws the window to see the log, not related to the "Start Window"
Re: riseup-vpn errors
Yes, it was a YAD error.
Compiled and used the current build and the GUI looks normal now
Many thanks
If anyone using FossaPup95 needs the YAD update:
yad-13.0-x86_64
https://www.mediafire.com/file/g44g0jqg ... 4.pet/file
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors
@xx_T3n0ch_X
I had to make a change in my config file as I spotted this comment in the log.
Code: Select all
005 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
It may be only specific to Fossapup64-95 as I am using OpenSSL 1.1.1s.
My new configuration eliminates the issue.
It also will serve as a reminder when I upgrade OpenVPN to the next build.
-
- Posts: 68
- Joined: Fri Nov 06, 2020 8:55 pm
- Location: Halifax, NS Canada
- Has thanked: 28 times
- Been thanked: 12 times
- Contact:
Re: riseup-vpn errors
10.0.4
synaptic I think
On-line since 1992
long time Linux & puppy Linux user
volunteer & supporter
- OscarTalks
- Posts: 623
- Joined: Tue Jul 14, 2020 10:11 pm
- Location: London UK
- Has thanked: 2 times
- Been thanked: 247 times
Re: riseup-vpn errors
xx_T3n0ch_X wrote: ↑Tue Jan 02, 2024 9:07 amI'm glad it worked, if any of you reading this know about VPNs and OPENVPN, and how to improve the configuration file, let me know to include the changes.
Hello xx_T3n0ch_X
Good work on the riseup yad gui script program. Thanks for posting it. I probably know less than you about this topic overall, but what I can tell you is that BookwormPup has openvpn-2.6.x which works in conjunction with openssl-3 rather than the earlier Pups which had openssl-1.1 and this upgrade from 1.1 to 3.x does tend to introduce some slight differences and tighter rules when it comes to the configuration. There are more warnings about --cipher and --data-ciphers and --data-ciphers-fallback and when I was doing some testing the other day I was having some difficulty working it all out.
Anyway, in BookwormPup in my initial very brief test of your riseupvpny it did work. The wget downloads of the files (cert,key,list) did give a couple of hiccups before connecting and downloading. I selected one of the Paris gateways and it connected OK. Not sure if the IPv6 routing is working though. Also on my hardware there is a DNS leak to my ISP via the router hub. There are several ways in which openvpn or client programs attempt to address this DNS lookups situation. I haven't even looked at any logs yet so would need to investigate further, but looks like a worthwhile project to me.
-
- Posts: 68
- Joined: Fri Nov 06, 2020 8:55 pm
- Location: Halifax, NS Canada
- Has thanked: 28 times
- Been thanked: 12 times
- Contact:
Re: riseup-vpn errors (BookwormPup64 10.0.4)
some links
https://dnsleak.com/
https://ipleak.net/
On-line since 1992
long time Linux & puppy Linux user
volunteer & supporter
- OscarTalks
- Posts: 623
- Joined: Tue Jul 14, 2020 10:11 pm
- Location: London UK
- Has thanked: 2 times
- Been thanked: 247 times
Re: riseup-vpn errors (BookwormPup64 10.0.4)
I compiled the dco kernel module for kernel 6.1.67 for my compiled-from-source openvpn-2.6.8
The feature (Data Channel Offload) is now recognised and shown in openvpn --version so hopefully it does improve performance.
I think you can use cipher AES-256-GCM and also data-ciphers AES-256-GCM in the .ovpn config file but not essential. some of those options get pushed from the server side I believe. I always like to see if I can connect without any of those 'WARNING' or 'DEPRECATED OPTION' or 'Note' messages popping up, even though often they are not fatal errors.
- Attachments
-
- dco-module.jpg (110.41 KiB) Viewed 1681 times
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors (BookwormPup64 10.0.4)
On my machine:
Code: Select all
OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Aug 21 2023
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
The option cipher AES-256-GCM fails, and the option data-ciphers, appears to not be available.
The warnings, notes, and deprecated options, when utilizing the configuration file in the pet, are the following:
Code: Select all
Thu Jan 4 05:57:07 2024 us=486428 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Thu Jan 4 05:57:07 2024 us=67965 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Thu Jan 4 05:57:08 2024 us=726973 NOTE: setsockopt TCP_NODELAY=1 failed
I tried the website ipleak mentioned by @galen , I think it passed:
it is important to mention my browser set up, and /etc/resolv.conf:
Firefox 121.0 with Disable Webrtc, ublock origin, privacy badger, chameleon, local cdn, clear url
the /etc/resolv.conf:
Code: Select all
nameserver 9.9.9.11
nameserver 149.112.112.11
2620:fe::11
2620:fe::fe:11
domain https://dns11.quad9.net/dns-query
tls://dns11.quad9.net
Changing the DNS resolver to quad9.net solved the ISP leaking my ip, but again, we are trusting yet another entity.
- OscarTalks
- Posts: 623
- Joined: Tue Jul 14, 2020 10:11 pm
- Location: London UK
- Has thanked: 2 times
- Been thanked: 247 times
Re: riseup-vpn errors (BookwormPup64 10.0.4)
Hello,
Yes, I am testing in BookwormPup64 with openvpn-2.6.8 which uses data-ciphers, supposedly in place of cipher, but sometimes it still complains with a "Note" if cipher is not set so I find that all is OK if I use AES-256-GCM as the setting for both. I know that openvpn-2.4.12 which I am still using in FossaPup does not recognise the data-ciphers option and maybe AES-256-GCM is not negotiable as a cipher in that scenario. I don't want to introduce BF-CBC at all because that is an old one which forces openvpn to disable dco.
I think the riseup VPN server is blocking IPv6 traffic which is probably a good thing. The option is there in Connection Manager in Puppy to turn off IPv6 protocol. I reckon that is worth looking at if running a VPN as it represents another potential route for a leak.
I have also used ConnMan to set system DNS to Cloudflare. Yet another entity as you say, but considered highly reputable (at least until now), so there is no leak to my ISP any more. I was just wondering if something in your client script could address DNS in some way, as many users will have that situation of the network manager sending lookups to the router gateway which obviously is then sent to the ISP DNS. In my simple VPN program I do have the DNS switching to Cloudflare and then back to the user's settings on VPN disconnection (modifying /etc/resolv.conf). I think there must be better ways, but with openvpn-2.4.x they were calling other external third party scripts to switch things as the executable had no way of doing so directly. Maybe 2.6.x has introduced new and better mechanisms, not sure. Anyway, I am still playing around with it. The server connects very quickly and delivers good speed, so worth having.
-
- Posts: 68
- Joined: Fri Nov 06, 2020 8:55 pm
- Location: Halifax, NS Canada
- Has thanked: 28 times
- Been thanked: 12 times
- Contact:
Re: riseup-vpn errors (BookwormPup64 10.0.4)
audit your connection leaks
On-line since 1992
long time Linux & puppy Linux user
volunteer & supporter
-
- Posts: 68
- Joined: Fri Nov 06, 2020 8:55 pm
- Location: Halifax, NS Canada
- Has thanked: 28 times
- Been thanked: 12 times
- Contact:
Re: riseup-vpn errors (BookwormPup64 10.0.4)
DNS providers that do not censor or log your DNS queries:
FreeDNS — open, free and public DNS —
37.235.1.174
37.235.1.177
DNS.Watch — free, no logging, DNSSEC enabled –
84.200.69.80
84.200.70.40
Censurfridns.DK — two Danish uncensored DNS servers –
91.239.100.100
89.233.43.71
Opendns
208.67.222.222
208.67.222.220
On-line since 1992
long time Linux & puppy Linux user
volunteer & supporter
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors (BookwormPup64 10.0.4)
@OscarTalks
I was just wondering if something in your client script could address DNS in some way, as many users will have that situation of the network manager sending lookups to the router gateway which obviously is then sent to the ISP DNS
Thank you for your advice, I will look into it. I'm quite new at everything.
@galen , thanks for the info.
Re: riseup-vpn errors (BookwormPup64 10.0.4)
Hi all
My server list text file is empty now therefore it cannot connect to a server.
Can someone share this with me?
It is found in the .risevpn directory in /root
It is simply a text file of their named servers.
Thanks in advance
-
- Posts: 36
- Joined: Thu Jul 22, 2021 1:31 am
- Has thanked: 3 times
- Been thanked: 10 times
Re: riseup-vpn errors (BookwormPup64 10.0.4)
I think, something changed with the API, I'll take a look tomorrow.
Re: riseup-vpn errors (BookwormPup64 10.0.4)
Hey, Jasper, here is the list of servers, in /root/.riseupvpn/servers_list.txt:
Code: Select all
vpn01-sea.riseup.net|Seattle
vpn19-ams.riseup.net|Amsterdam
vpn17-mia.riseup.net|Miami
vpn03-par.riseup.net|Paris
vpn10-mtl.riseup.net|Montreal
vpn15-sea.riseup.net|Seattle
vpn16-sea.riseup.net|Seattle
vpn05-par.riseup.net|Paris
vpn14-par.riseup.net|Paris
vpn02-par.riseup.net|Paris
vpn07-par.riseup.net|Paris
vpn04-ams.riseup.net|Amsterdam
vpn11-par.riseup.net|Paris
vpn06-ams.riseup.net|Amsterdam
vpn13-ams.riseup.net|Amsterdam
vpn18-mtl.riseup.net|Montreal
vpn08-par.riseup.net|Paris
vpn12-nyc.riseup.net|New York City
vpn09-mia.riseup.net|Miami
Hope this helps.
bliss, festus
Re: riseup-vpn errors (BookwormPup64 10.0.4)
@festus
Thanks for the list
Unfortunately, it gives me an error message stating it cannot connect to the chosen server and advises to try another one.
Tried a few different servers with no luck.
Re: riseup-vpn errors (BookwormPup64 10.0.4)
The riseupvpn pet doesn't seem to be working.
After install and launch it says
# riseupvpny
Could not read certificate from /root/.riseupvpn/client.key
Unable to load certificate
https://api.black.riseup.net/1/configs/eip-service.json:
2024-05-02 00:19:18 ERROR 404: Not Found.
https://api.black.riseup.net/1/cert:
2024-05-02 00:19:19 ERROR 404: Not Found.
2024-05-02 00:19:22 URL:https://black.riseup.net/ca.crt [542/542] -> "/root/.riseupvpn/riseup.crt" [1]
Could not read certificate from /root/.riseupvpn/client.key
Unable to load certificate
and the gateway dropdown has nothing.
Is this known to be broken and is there a fix? I tried using the riseup vpn installed via apt but it complains about running as root. I tried run-as-spot and it starts but never connects.
For my scripts and pets and such:
https://drive.google.com/drive/folders/ ... 4CUTEeBvPr