Anyone got an idiot's guide for this idiot?
I occasionally want to route all internet access from a machine (not just a browser) via a VPN.
~ Windscribe browser VPN works fine but I haven't been able to get the CLI version working for a few years now & I can't get any sense out of what they loosely term "support".
~ ProtonVPN's website instructions for installing their linux clients are predicated on using apt-get & I cannot translate their instructions into any pkg commands that work.
~ I found this useful post here on the forum viewtopic.php?p=42712#p42712 so I installed openVPN (v2.44) via PPM & downloaded a few .ovpn config files from protonVPN.
~ This sort-of works: I can start up a vpn session in a terminal with no errors as follows:
Code: Select all
Sat Dec 4 15:16:26 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Dec 4 15:16:26 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Dec 4 15:16:26 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Dec 4 15:16:26 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:xxxx
Sat Dec 4 15:16:26 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Dec 4 15:16:26 2021 UDP link local: (not bound)
Sat Dec 4 15:16:26 2021 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:4569
Sat Dec 4 15:16:26 2021 TLS: Initial packet from [AF_INET]xx.xxx.xxx.xxx:4569, sid=5b640f38 27843da3
Sat Dec 4 15:16:26 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Dec 4 15:16:26 2021 VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Sat Dec 4 15:16:26 2021 VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Sat Dec 4 15:16:26 2021 VERIFY KU OK
Sat Dec 4 15:16:26 2021 Validating certificate extended key usage
Sat Dec 4 15:16:26 2021 ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Sat Dec 4 15:16:26 2021 ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Sat Dec 4 15:16:26 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 4 15:16:26 2021 VERIFY EKU OK
Sat Dec 4 15:16:26 2021 VERIFY OK: depth=0, CN=lxc-nl-11.protonvpn.com
Sat Dec 4 15:16:26 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
Sat Dec 4 15:16:26 2021 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sat Dec 4 15:16:26 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sat Dec 4 15:16:26 2021 [lxc-nl-11.protonvpn.com] Peer Connection Initiated with [AF_INET]xx.xxx.xxx.xxx:xxxx
Sat Dec 4 15:16:28 2021 SENT CONTROL [lxc-nl-11.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Sat Dec 4 15:16:28 2021 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.21.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.21.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.21.0.54 255.255.0.0,peer-id 327687,cipher AES-256-GCM'
Sat Dec 4 15:16:28 2021 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: explicit notify parm(s) modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: compression parms modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sat Dec 4 15:16:28 2021 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: --socket-flags option modified
Sat Dec 4 15:16:28 2021 NOTE: setsockopt TCP_NODELAY=1 failed
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: route options modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: route-related options modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: peer-id set
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: adjusting link_mtu to 1656
Sat Dec 4 15:16:28 2021 OPTIONS IMPORT: data channel crypto options modified
Sat Dec 4 15:16:28 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Dec 4 15:16:28 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 4 15:16:28 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 4 15:16:28 2021 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=xx:xx:xx:xx:xx:xx
Sat Dec 4 15:16:28 2021 TUN/TAP device tun0 opened
Sat Dec 4 15:16:28 2021 TUN/TAP TX queue length set to 100
Sat Dec 4 15:16:28 2021 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 4 15:16:28 2021 /sbin/ip link set dev tun0 up mtu 1500
Sat Dec 4 15:16:28 2021 /sbin/ip addr add dev tun0 10.21.0.54/16 broadcast 10.21.255.255
Sat Dec 4 15:16:28 2021 /etc/openvpn/update-resolv-conf tun0 1500 1584 10.21.0.54 255.255.0.0 init
Sat Dec 4 15:16:28 2021 /sbin/ip route add xx.xxx.xxx.xxx/32 via 192.168.1.254
Sat Dec 4 15:16:28 2021 /sbin/ip route add 0.0.0.0/1 via 10.21.0.1
Sat Dec 4 15:16:28 2021 /sbin/ip route add 128.0.0.0/1 via 10.21.0.1
Sat Dec 4 15:16:28 2021 Initialization Sequence Completed
But even a simple test pinging google dns throws an error:
Code: Select all
root# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Operation not permitted
root#
So, presumably, either there's something I'm doing wrong, or there's something I'm not doing, and I would love to be told what it is and how I correct it.
thanks.