Jump to content

Search the Community

Showing results for tags 'OpenVPN'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The TorGuard Lounge
    • General Discussion
    • Member Tutorials
  • TorGuard Software Releases
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Browser Extension Releases
  • TorGuard Community Support
    • VPN Questions and General Support
    • Proxy Questions and General Support

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 17 results

  1. Dear Community, As is my wont as of late along with my personal inclinations and indulgences - here we go with the intro: I know you got it - lyrics to sing along : https://genius.com/Bobby-byrd-i-know-you-got-soul-lyrics and video : https://www.youtube.com/watch?v=-aY4x5l2QzA and Bonus : Take This with you as as we stroll along : https://genius.com/Hank-ballard-from-the-love-side-lyrics and video : https://www.youtube.com/watch?v=zKKcArCApx0 - Hello and here is the tutorial which details exactly how to get the great Hardened BSD based Distro OPNsense up and running with TORGUARD OpenVPN Client. OPNsense found here: https://opnsense.org/about/features/ and downloads found here : https://opnsense.org/download/ A - To begin you need to get your OpenVPN configuration files from the TORGUARD website. To do so login your TORGUARD account then go to Tools ( along the top of Login Page ) from drop Down Menu click on OpenVPN Config Generator. On this page that opens up - select in order - VPN Server Hostname/IP, VPN Protocol, VPN Port, VPN Cipher, OpenVPN Build, and whether or not you want to require TLS 1.2 as a minimum. After entering your choices, click on green " Generate Config " Box and download and save the file as we will use this later on in this process to configure OpenVPN settings on OPNsense FireWall. B -Open the downloaded file ( it normally has same random number - mine is 96 in this example ). The first piece you need from this file is the CA ( certificate authority ). TORGUARD has just updated their certificates and are also in the process of enabling IPV6 support. Things just keep getting better with TORGUARD. There are actually two certificates in file - along with a tls-auth key. Let me back up for a minute - I chose NJ server UDP protocol - port 1195 - sha256 - aes-256-gcm - Build OpenVPN 2.4 and above plus checked box for TLS 1.2 - Your file may have different options depending on how you choose to connect to TORGUARD Server. C - Now - to proceed - the CA you want ( in this case ) is the first one listed. Here is a direct link to the CA in case you prefer to grab it by this method : https://torguard.net/downloads/ca.txt - After you have this certificate log into your OPNsense Firewall - you will be presented with the " Lobby: Dashboard " page. You can always get back to this page by clicking on " OPNsense Logo " at the uppermost left corner of page. This is where you find " The OPNsense Menu Settings " which is from where we will configure TORGUARD OpenVPN Client. I will be using the .ovpn file and server I mentioned earlier for the purposes of this tutorial going forward. 1 - Begin by entering the ca in the appropriate field. In order to this, first Click on > System. A sub-menu will will be revealed - look for for the entry labeled " Trust ". Click on " Trust " - from there another sub-menu pops up - In that sub-menu Click on " Authorities " so that we can add the TORGUARD-CA to our firewall. You will now be on a landing page entitled " System: Trust: Authorities ". Follow the steps below: Click on ( + ) Add in the uppermost right corner of this page. Follow these instructions: Method: Import an existing Certificate Description: TORGUARD Certificate data: ( enter ( copy and paste ) certificate data content between <ca> and </ca> from the CA mentioned above) Click Save . ( Do not alter / enter anything else here - leave at defaults ) Now we need to configure OPNsense TORGUARD OpenVPN Client . Click on " OPNsense Logo " at the top of the left uppermost corner of the OPNsense Web Gui. . This action refreshes the Web Gui. which brings us back to the full Menu on the furthest most left column of the OPNsense Web Gui. Remember this as you can always get back to the full Menu by this method. 2 - Click on " VPN " in the left side vertical Menu. From the pop-up sub-menu Click on " OpenVpn ". From that pop-up sub-menu Click on " Clients ". When you click on " clients " you will be presented with the " VPN: OpenVPN: Clients " Landing page. In order to proceed, Click on ( + ) Add in the uppermost right corner of this page. Follow these instructions: Once on this page- enter these are settings: Disabled: Unchecked Description: TORGUARD-NJ Server mode: Peer to Peer ( SSL/TLS) Protocol: UDP Device mode: tun Interface: WAN Remote server: nj.east.usa.torguardvpnaccess.com Port: 1195 Select remote server at random : Unchecked Retry DNS resolution: Checked ( Infinitely resolve remote server ) Proxy host or address: Blank Proxy port: Blank Proxy Authentication: none Local port: Blank User Authentication Settings: User name/pass: ( from your TORGUARD Account ) Username: enter TORGUARD user name from Manual setup > userpass.txt file ( found on first line ) Password: enter TORGUARD password from Manual setup > userpass.txt file ( found on second line ) Renegotiate time : Blank TLS Authentication: Leave this checked ( Uncheck box directly below it then enter tls-auth key from TORGUARD ) Automatically generate a shared TLS authentication key. ( Uncheck this box first and then enter tls-auth key from OpenVPN Config you generated and downloaded at the very beginning ) Peer Certificate Authority: TORGUARD ( name will be the " Descriptive name " you gave CA in Step 1 ) Client Certificate: None ( Username and Password required) Encryption Algorithm: AES-256-GCM (256 bit key, 128 bit block) Auth digest algorithm: SHA256 (256-bit) Hardware Crypto: No Crypto Hardware acceleration IPv4 Tunnel Network : Blank IPv6 Tunnel Network : Blank IPv4 Remote Network : Blank IPv6 Remote Network : Blank Limit outgoing bandwidth : Blank Compression: No Preference Type-of-Service : Blank Disable IPv6: Checked Don't pull routes: Blank Don't add/remove routes : Blank Advanced configuration: persist-key persist-tun remote-cert-tls server reneg-sec 0 auth-retry interact compress auth-nocache script-security 2 mute-replay-warnings ncp-disable key-direction 1 setenv CLIENT_CERT 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 sndbuf 524288 rcvbuf 524288 push "sndbuf 524288" push "rcvbuf 524288" Verbosity level: 3 ( recommended ) Click Save. You are redirected to VPN: OpenVPN: Clients Landing page and you should see a "green arrow" by "UDP nj.east.usa.torguardvpnaccess.com:1195 " in this example. Once you see this arrow, you will see that you are still in the OpenVPN pop-up sub-menu. Now, click on " Connection Status " in the OpenVPN pop-up sub-menu. This takes you to the VPN: OpenVPN: Connection Status Landing page. You should check under " Status " and make sure that it indicates that you tunnel is " up ". 3 - We now need to add a Hybrid Firewall Rule in order to get OPNsense TORGUARD OpenVPN fully up, running and completed. We do this as follows. Once again, Click on " OPNsense Logo " at the op of the left uppermost corner of the OPNsense Web Gui - this action refreshes the Web Gui. which brings us back to the full Menu on the furthest most left column of the OPNsense Web Gui. Follow these instructions: A- Click on Firewall ( once again a pop-up sub-menu appears ) B - On that sub-menu click on NAT ( once again a pop-up sub-menu appears ) C - From that sub-menu click on Outbound ( you will now be presented with the Firewall: NAT: Outbound Landing page ) Once on the Firewall: NAT: Outbound Landing page, place a dot in the Hybrid outbound NAT rule generation (automatically generated rules are applied after manual rules) radio button.Click Save ( which is located at the top of the page under the " Mode " section. After clicking save, DO NOT ! - Repeat Do Not Click Apply ! at this time. Instead- Click on ( + ) Add in the uppermost right corner of this page. you will presented with the " Edit Advanced Outbound NAT entry " Landing page. Change the " Interface " setting from Wan to " OpenVPN " from the drop down menu. Also , for Description : enter ( Made For TORGUARD ). Do not touch or change anything else whatsoever on this page. Click Save -and you will be redirected to the Firewall: NAT: Outbound Landing page. You will see at the very top of the page it says " The NAT configuration has been changed.You must apply the changes in order for them to take effect. " So, Click on Apply Changes at the top of the page. Done with Firewall Rules for OPNsense TORGUARD OpenVPN. Once again, Click on " OPNsense Logo " at the top of the left uppermost corner of the OPNsense Web Gui - this action refreshes the Web Gui. which brings us back to the full Menu on the furthest most left column of the OPNsense Web Gui. Follow these instructions:' Click on " VPN " in the left side vertical Menu. From the pop-up sub-menu Click on " OpenVPN ". A - Now, click on " Connection Status " in the OpenVPN pop-up sub-menu. you still should be up and running B - From the same OpenVPN pop-up sub-menu - click on " Log File " and you should see that you are connected. Good News ! I erroneously reported earlier that your WAN would not reboot without disabling OpenVPN Client using the Hybrid FireWall detailed in this tutorial. Actually, I was testing the setup on a an OPNsense VMware Work Station Machine. I can now emphatically state and assure you that your WAN will reboot if you use this setup ( along with Hybrid FireWall Rule ) on a real physical hardware installation. I disable all properties on the WAN interface when using Virtual Machines ( an old habit ) EXCEPT for VMware Bridge Protocol. This may be the problem when I deploy OPNsense on VMware Virtual Machine. I will test back and report back later. The good thing about VMware is that you can take snapshots, so you can always go back if you make an error. However, the BOTTOM LINE is that you can implement this guide on a hardware installation AS IS ! without any issues on OPNsense reboot. I will write up an updated tutorial for DNS OVER TLS WITH GETDNS+STUBBY on OPNsense. Since version OPNsense 18.7 - you may install stubby and getdns on OPNsense by simply issuing command # pkg install getdns - I am running DNS OVER TLS with OpenVPN now - and it works beautifully. Lastly, in order to check that your are connected to TORGUARD - go to : https://torguard.net/whats-my-ip.php . At the very top of the page on the upper left hand side - click on " Check Now " and down under " Your Current Info " you will see your TORGUARD ROUTED OpenVPN IP Address - next to it you will see this : IP Address: (Protected) - the key is you are now " Protected " which means that you are now successfully connected via TORGUARD OPNsense OpenVPN CLIENT. This setup will work with virtually any commercial OpenVPN Service Provider - trust me; I have tested a few others in addition to TORGUARD as outlined here in this tutorial. Remember that you may have to modify settings depending on your personal configuration and / or the features ( cryptography and so on ) that your commercial OpenVPN Service Provider supports and deploys. Peace & Universal Love
  2. Hi guys. I need some help, I have a current Wireguard setup which is working fine, but I want to test out performance with OpenVPN and so far it seems that OpenVPN is performing better on my Rasp4. My Rasp needs internet from Wifi , then share to eth . My TG.conf without cerficates: client dev tun proto udp remote swe.torguardvpnaccess.com 1912 resolv-retry infinite nobind persist-key persist-tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca ca.crt remote-cert-tls server auth-user-pass user.txt script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf compress ncp-disable verb 3 reneg-sec 0 keepalive 5 30 fast-io sndbuf 393216 rcvbuf 393216 cipher AES-256-GCM auth SHA256 key-direction 1 <tls-auth> My script #!/bin/bash # Share Wifi with Eth device # # # This script is created to work with Raspbian Stretch # but it can be used with most of the distributions # by making few changes. # # Make sure you have already installed `dnsmasq` # Please modify the variables according to your need # Don't forget to change the name of network interface # Check them with `ifconfig` ip_address="" netmask="" dhcp_range_start="" dhcp_range_end="" dhcp_time="12h" eth="eth0" wlan="tun0" sudo systemctl start network-online.target &> /dev/null sudo iptables -F sudo iptables -t nat -F sudo iptables -t nat -A POSTROUTING -o $wlan -j MASQUERADE sudo iptables -A FORWARD -i $wlan -o $eth -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i $eth -o $wlan -j ACCEPT sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" sudo ifconfig $eth $ip_address netmask $netmask # Remove default route created by dhcpcd sudo ip route del 0/0 dev $eth &> /dev/null sudo systemctl stop dnsmasq sudo rm -rf /etc/dnsmasq.d/* &> /dev/null echo -e "interface=$eth\n\ bind-interfaces\n\ server=\n\ domain-needed\n\ bogus-priv\n\ dhcp-range=$dhcp_range_start,$dhcp_range_end,$dhcp_time" > /tmp/custom-dnsmasq.conf sudo cp /tmp/custom-dnsmasq.conf /etc/dnsmasq.d/custom-dnsmasq.conf sudo systemctl start dnsmasq My ethernet dont seem to get any ip adress: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether XXXXXXXXXXXXXXXXXXXX inet brd scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 XXXXXXXXXXXXXXXXXXX/64 scope link valid_lft forever preferred_lft forever 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether XXXXXXXXXXXXXXXXXXXXX inet brd scope global dynamic noprefixroute wlan0 valid_lft 85907sec preferred_lft 75107sec inet6 XXXXXXXXXXXXXX64 scope link valid_lft forever preferred_lft forever 4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet peer scope global tun0 valid_lft forever preferred_lft forever inet6 XXXXXXXXXXXXXXXXXXX64 scope link stable-privacy valid_lft forever preferred_lft forever DNSMASQ info: [email protected]errypi:~ $ sudo systemctl status dnsmasq.service ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2020-09-24 10:48:54 CEST; 10min ago Process: 567 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Process: 570 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS) Process: 580 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS) Main PID: 579 (dnsmasq) Tasks: 1 (limit: 4915) CGroup: /system.slice/dnsmasq.service └─579 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-d Sep 24 10:58:39 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:40 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:41 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:42 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:43 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:44 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:45 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:46 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:57 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 Sep 24 10:58:58 raspberrypi dnsmasq-dhcp[579]: no address range available for DHCP request via eth0 What am I missing here ?
  3. I'm having minor difficulties setting up TorGuard VPN to my TP-Link Archer A2300 router. The connection I'm trying to use is L2TP. Do I use OpenVPN? Is there certain certificates I need? Can someone please help me out. I'm following the basic setup/manual/instructions but It's just not working for me, I don't know what I'm doing wrong. 😢
  4. Does anyone use openvpn client + port forward? Trying to find out what I need to put in a config file to make it work? Thanks to anyone whom may be able to advise! [Currently have stock configs working fine. I assume I need to make some edits.]
  5. Hey everyone, This is my first post so please be kind. I waned to post a tutorial about how I got a kill switch system working on my raspberry pi using openvpn and connecting through TorGuard. For my purposes, this kill switch is customizable to kill any applications' connections to the internet if the VPN goes down for whatever reason. This method also attempts to reconnect to alternative servers and when connection is established again, it relaunches the application(s) you originally killed. I couldn't find a tutorial for a killswitch that was specific to raspberry pi and torguard. NOTE: I am a novice, through and through. I know this probably can be done easier and more elegantly by someone with any amount of experience. This method currently serves my needs, but if you have constructive feedback, please do share! Credit: This post is a conglomeration of tutorials and instruction from various sites including: OpenVPN with deluge and PIA various other google searches to solve problems that I ran into NOTES: - if you already have deluge setup and openvpn installed, skip to step step 18 for killswitch ASSUMPTIONS: - you are logged in as a non-root user 1) sudo apt-get update 2) sudo apt-get upgrade 3) install deluge: sudo apt-get install deluged sudo apt-get install deluge-console 4) run deluge to create configuration file: deluged 5) kill deluge while we make changes sudo pkill deluged 6) *OPTIONAL: make a backup of the configuration file before we modify it: sudo cp ~/.config/deluge/auth ~/.config/deluge/auth.bkp 7) open the configuration file in an editor: sudo nano ~/.config/deluge/auth 8) add this to the end of the configuration file user:password:level NOTE: user is whatever user account you want the deluge to run under; password is the password for the account; and level 10 gives full administrative privileges to deluge mine: I set mine as user "pi" (no quotes) 9) exit the editor by pressing "ctrl+x" then "y" then "enter" 10) start deluge again: deluged 10) let's one up deluge's console to make some changes: deluge-console 11) the code below will allow the thin client to access deluge: config -s allow_remote True then config allow_remote then exit the console: exit 12) let's restart deluge again: sudo pkill deluged then deluged TEST: let's make sure that you can connect to the deluge daemon on your raspberry pi. open another computer on the same local network as your raspberry pi and download the application deluge from their official website (http://deluge-torrent.org). After finishing installing that on your other computer, open the deluge client application on your computer (not the raspberry pi) 13) we need to change one setting in the deluge client in order for it to connect to deluge on the raspberry pi open up the preferences of the deluge client and go to "Interface" then uncheck the box "classic mode/enabled" 14) go ahead and restart the deluge client app on your non-raspberry pi computer 15) this time it will prompt you with a connection manager window. follow the steps: - click "add" - hostname: enter static IP address of your raspberry pi - username: enter the username you selected in step 8 - password: enter the password you created in step 8 - leave the port as default 16) while you are in the preferences of the deluge client app on your non-raspberry pi, you should set the folder where your torrents download to. look under the "downloads" section of the preferences to set this TEST: let's make sure you can download torrents. go ahead and grab a legal copy of a torrent (any of these: http://whirlpool.net.au/wiki/test_torrents)and drag it onto the deluge client app on your non-raspberry pi computer to see if it starts downloading it; 17) install openvpn with the corresponding torguard .ovpn files by following this tutorial: https://torguard.net/knowledgebase.php?action=displayarticle&id=174 18) let's modify one part of that tutorial (step 17). we are going to change a command that was outlined in that tutorial. do the following: cd /etc/openvpn/ crontab -e - choose whatever editor you want if it prompts you (I use nano) - modify this line: @reboot sudo openvpn --daemon --cd /etc/openvpn --config TorGuard.Canada.ovpn and replace it with: @reboot sudo openvpn --daemon --cd /etc/openvpn --config mastervpn.ovpn we will create this "matervpn.ovpn file in a bit, don't worry, it doesn't exist yet NOTE: before you start this next part, make sure you have killed the openvpn process: sudo killall -9 openvpn KILLSWITCH PART After you have openvpn installed, let's setup the killswitch that will: - immediately kill deluge on your raspberry pi if the VPN connection goes down - attempt to reconnect to alternative VPN servers - when a successful connection is established, it will restart deluge 19) first let's create our master .ovpn file that we are going to use to connect to torgaurd's VPN server(s) cd /etc/openvpn/ sudo mkdir mastervpn.ovpn you can call the file whatever you want, I named it "mastervpn.ovpn" in this case 20) next let's make it executable: sudo chmod u+x,g+x,o+x mastervpn.ovpn 21) first let's copy the configuration file of any of the other servers, preferably one of the ones you want to connect to: nano TorGuard.USA-CHICAGO.ovpn - highlight everything in that window and copy it press "crtl+x" then to exit the editor 22) now open up the mastervpn.ovpn file and paste the code you just copied: sudo nano mastervpn.ovpn 23) we are going to add some additional things you can insert them anywhere, I inserted mine just before the torguard server name. here an example of the my mastervpn.ovpn file: clientdev tun proto udp route-up route-up.sh down down.sh remote chi.central.usa.torguardvpnaccess.com 1912 remote ny.east.usa.torguardvpnaccess.com 1912 remote la.west.usa.torguardvpnaccess.com 1912 remote lon.uk.torguardvpnaccess.com 1912 resolv-retry 300 nobind persist-key persist-tun ca ca.crt tls-auth ta.key 1 auth SHA256 cipher AES-128-CBC remote-cert-tls server auth-user-pass user.txt comp-lzo verb 1 reneg-sec 0 fast-io # Uncomment these directives if you have speed issues ;sndbuf 393216 ;rcvbuf 393216 ;push "sndbuf 393216" ;push "rcvbuf 393216" almost all of this is the default, the only parts I added were the things in red: - the route-up route-up.sh line tells the VPN that when it successfully establishes a VPN connection, to execute the route-up.sh script (we haven't created that yet, we will soon) - the down down.sh similarity tells openvpn to execute the down.sh script when the VPN connection drops for whatever reason - those servers are just a list of servers that I want openvpn to connect to. you can replace these with whatever servers you want, just pull the names from the other .ovpn files that you got from torguard when you installed openvpn. if you have multiple listed like I do, openvpn will attempt to connect to the first one, and if successful will use that one. if for some reason it can't connect or drops a connection and can't reconnect, it will try the next one, and so on and so forth. you can list as many as you want. 24) let's save this file - press "ctrl x" then "y" then "enter" 25) now let's create our scripts, first "route-up.sh": cd /etc/openvpn/ sudo nano route-up.sh 26) copy and paste the following text into the blank window: sudo ip rule add from xx.x.x.x table 10 sudo ip route add default via yy.y.y.y table 10 sudo iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE sudo -u pi deluged PID=$! sleep 3 kill -2 $PID 2>/dev/null - the first and second lines allow you to still SSH into your raspberry pi while it is connected to the VPN. replace the "xx.x.x.x" with the static IP address of your raspberry pi and "yy.y.y.y" is the IP address of your router - the third line add the appropriate iptables rules that will route all traffic through your VPN tunnel - the last couple of lines starts deluge on your raspberry pi (the last 3 lines is get around a problem of the wrong lib torrent version being incompatible with deluge) 27) save that file press "ctrl x" then "y" then "enter" 28) let's create the "down.sh" sudo nano down.sh 29) post the following code into the blank window: sudo pkill deluged sudo iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE this will kill deluge on your raspberry pi if the VPN goes down and then removes the routing table so that when connected from the internet, you still have internet on your raspberry pi 30) save that file press "ctrl x" then "y" then "enter" 31) now let's make sure they are executable: sudo chmod u+x,g+x,o+x down.sh sudo chmod u+x,g+x,o+x route-up.sh Everything should work now. you can test by manually running your down.sh and route-up.sh scripts to see if they properly quit and restart deluge on your raspberry pi. Thanks!
  6. Hi, I'm trying to configure OpenVPN on my Chromebook (ChromeOS 71.0.3578.127). I followed the official instructions, and while a few steps are worded slightly differently, things initially seemed to work. I can connect to TorGuard servers and obtain a 10.25.x.x IP along with DNS Servers, Unfortunately, the connection doesn't work. Any web activity just hangs at 'resolving host', and I can't ping external servers (e.g. Google) from the developer console - either by hostname or IP address. I tried manually entering DNS servers to rule that out, but it just seems like I'm not establishing a proper connection. After a couple of minutes, the VPN still says 'connected' but my computer reverts to its normal public IP and lets network traffic through again. Unfortunately, this is worse than not working at all since it superficially seems like the VPN is working. Anyone here have ideas for next steps, or recommendations for Chromebook configurations? Thanks UPDATE: I tried another configuration method and it worked. I manually generated an ONC config file for Chromebook. I then imported it into my system by browsing to chrome://net-internals/#chromeos and imported the ONC file where it gives the option. It didn't look like it changed anything, but when I checked my network connections I noticed a new VPN configuration was added. This one actually works! I hope this helps anyone else looking to configure their Chromebooks. Perhaps the documentation should be updated to reflect this option in case the first method doesn't work.
  7. So I see TorGuard now provides 'residential streaming IPs'. Sounds very promising. However, if I just need streaming, and because most browsing is now over TLS, I don't need any VPN encryption at all (which coincidentally is the bottleneck with 99% of routers). So ideally I'd pay for, say, an NYC residential IP address, and use my Ubiquity EdgeRouter-Lite (which is not speedy at all when used with OpenVPN and can't use hardware for L2TP encryption), so I'd get the maximum possible speed. My question: Is it possible to configure some sort of PPTP-client for TorGuard with no encryption whatsoever?
  8. I have been trying to learn more about the TorGuard Client and how it differs from plain old OpenVPN; which I have used for ages. I have been looking for a software manual for the TorGuard Client. I was hoping to find a breakdown of it's features so that I could figure out if OpenVPN was capable of emulating everything the TorGuard client does. I'm just curious. I have used both for connecting to TorGuard's VPN service, but I'd really like to know the differences between them. Can anybody tell me or point me in the direction of a resource where I might learn more? Thanks so much
  9. Hi! I have following setup. The main idea: Connect to VPN trough special WiFi spot if i need to do something special. Next upgrade: Add Tor and Privoxy service and connect from Home LAN, trough special Privoxy port. | INTERNET | external IP | |------------+-------------------------| | ISP GPON ROUTER | | | Comment: i CAN forward ports, | NAT, | change IP of internal network, | provider controlled | change a name of SSID | firewall | can't check any rules on |------------+------------------------| this firewall and can't trust fully | | wlan0-1 WiFi AP for VPN |------------+-----------------------+----------------------- | eth1 (wan) | (VPN lan) | | network, dhcp | | VPN options | OPENWRT router | TUN | firewall | subnet | OpenVPN client | | Privoxy | | Tor | (HOME lan) | | network, dhcp, | br-lan+----------------------- | | internet access through main router w/o VPN | | |--------------------------------------| OpenVPN is working with TorGuard and it's ok. BUT... Starting OpenVPN droping the all connection to internet, from HOME lan users, cos of OpenVPN changing the routing table. Then i'm using option - option pull-filter 'ignore redirect-gateway' - it's working. But i still can't create valid routing for working VPN and HOME lan at the SAME time. Routing table with OpenVPN started default UG 0 0 0 tun0 default UG 0 0 0 eth1 UGH 0 0 0 tun0 * UH 0 0 0 tun0 * U 0 0 0 wlan0-1 UGH 0 0 0 eth1 UG 0 0 0 tun0 * U 0 0 0 eth1 * U 0 0 0 br-lan How i can solve this?
  10. What's with the ridiculously cryptic filenames in the output of the OpenVPN Config Generator? Is that someone trying to be cool? Didn't your computer science teachers tell you to name things something anyone can easily understand? It really sucks to have to decipher that garbage and rename the files to something intelligible. Could someone change that please. How about just country.city? That would be nice.
  11. Has anyone had any experience setting up torguard in OpenSuse tumbleweed? The network manager by default in Opensuse is called Wicked and doesn't support openvpn config files.
  12. When I launch my .ovpn configuration with: "sudo openvpn --config TorGuard.TCP.ovpn" I receive three warnings that I am having trouble fixing. Although I do have a connection that seems to work well. I rather not have any warnings. WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1592' WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532' and WARNING: file 'auth.txt' is group or others accessible Here is my TorGuard.TCP.ovpn file contents. client dev tun redirect-gateway def1 proto tcp # The xxxx are replaced with whichever country remote xxxxx.torguardvpnaccess.com 995 resolv-retry infinite nobind persist-key persist-tun ca ca.crt remote-cert-tls server cipher AES-256-CBC auth-user-pass auth.txt comp-lzo verb 1 reneg-sec 0 auth-nocache ;link-mtu 1592 ;tun-mtu 1532 user nobody group nobody dhcp-option DNS To address the first two warnings, I though to add the link-mtu 1592 and tun-mtu 1532 to match the remote server, but recieved an error that I can't specify both. So I kept the link-mtu 1592 and took out the tun-mtu 1532. This configuration seemed to work the best because I no longer have the first two warnings, but a new one: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532) How should I configure my link-mtu and tun-mtu with warnings and what would be a good way to secure my auth.txt file to remove the the group accessibility? Thank you for your time.
  13. Hi, I bought an Archer C7 v2 router so I could use it as OpenVPN client. That way the best speeds I maanged to get were 8Mbps down / 16 up. After testing a lot of differnet configuration and searching in Google the experience of other users with the same router I came to the conclusion that most routers can't deliver more than 10Mbps when they work as openvpn clients. So does anyone know any openwrt router that can deliver at least 30Mbps download speed when it works as OpenVPN client? thank you
  14. Hi everybody, As a linux n00b and first time poster on this forum I wanted to share my experiences and gained knowledge setting up a VPN on OpenElec. The main reason I wanted to set op a VPN-client on my raspberry Pi was to watch BBC iPlayer from outside the UK. I tried xBian but got into trouble with some DNS-stuff and the TUN adapter. So I flashed openELEC on it and tried again. Setting Up Raspberry Pi 1 Windows 7 PC ExtraPutty Winrar Notepad++ Filezilla Win32 disk imager OpenELEC-RPi.arm-6.95.3 8GB SD card Tips & trics for linux n00bs: You can use TAB to autofill folders the command pwd gives you the current folder name the command ls gives a list of files in the current folder the command cd ~ brings you to your home folder When the terminal looks frozen after running a command, use CTRL+C to return. OpenElec installation First download the latest beta version of openELEC for the Raspberry Pi, then extract the .img file to a folder. Use Win32 disk imager to write the .img to the SD card. Insert the SD card into the raspberry pi and supply power to the device. Complete the wizard. Get the openvpn files Download the openvpn config files from TorGuard HERE and unzip them somewhere. I only needed the TorGuard.UK.London.ovpn files and isolated this one to my desktop. Open the file in Notepad++ and look for: auth-user-pass replace this by: auth-user-pass /storage/login.txt I read somewhere that the TorGuard ovpn files got he incorrect line endings and need to be changed to the Linux EOL. To do this in notepad++, Edit -> EOL Conversion -> Convert to UNIX format. Save the file as all files and rename it to: TorGuard.UK.London.conf Then create a new file in notepad++ and insert yout TorGoard username and password on two lines. [email protected] TGpassword Convert the line endings as stated above and save as, all files, login.txt SSH into the device Make sure your windows computer is connected to the same network as the Raspberry Pi, preferably wired. Find the IP-address of raspberry pi and write it down. (System -> System info -> Network) My IP-address was but your's is definitely different. Open extraputty and insert the IP-address, tick SSH and click "OPEN". A black console should appear asking for a login. If not, upgrade the putty client and check connection with raspberry pi. The password and username are as following: login: root password: openelec congratulations! you're connected to the raspberry pi. Overclock Raspberry pi (optional) I got a Raspberry pi version 1, so speed is a bit of a problem. To overclock the device use: mount /flash -o remount,rw nano /flash/config.txt Look for the line: arm_freq=700 core_freq=250 and replace this by: arm_freq=800 core_freq=300 reboot the device to see the effects. Getting openvpn OpenELEC doesn't have apt-get so you need some hassle to get openvpn. I'ts in the unofficial repository so lets download it. I copy pasted the steps from here, to prevent link rot I also post them here. Make sure you are connected to the internet for this steps. * Open Kodi * Select SYSTEM > File Manager * Select Add Source * Select None * Type the following EXACTLY http://fusion.tvaddons.ag and select Done * Highlight the box underneath Enter a name for this media Source & type fusion * Select OK * Go back to your Home Screen* Select SYSTEM * Select Add-Ons * Select Install from zip file * Select fusion * Select xbmc-repos * Select english * Select repository.metalkettle-x.x.x.zip * Wait for Add-on enabled notification * Select Install from repository or Get Add-Ons on Helix * Select MetalKettles Addon Repository * Select Program add-ons * Select openvpn * Select Install * Wait for Add-on enabled notification * Select VPN for OpenELEC * Select Install * Wait for Add-on enabled notification Copy files to raspberry pi I use Filezilla to transfer files from the Windows computer to the raspberry PI. Open Filezilla HOST: sftp:// (insertyour own IP) USERNAME: root PASSWORD: openelec quickconnect Drag and drop the TorGuard.UK.London.conf file from the Windows computer in the storage folder. Do the same with the login.txt file. Test the VPN connection SSH into the device using extraPutty, insert root/openelec and you are in the terminal. First test if openvpn is installed: openvpn --help When you see alot of commands and information pop-up, congratulations. then test the VPN connection: openvpn /storage/TorGuard.UK.London.conf When you see: Initialization Sequence Completed the connection is established. To test if the external IP-address is foreign use: openvpn /storage/TorGuard.UK.London.conf & wget http://ipinfo.io/ip -qO - The result is an IP-address you can check online to see if it's foreign. Run on Startup To run the line of code on startup openelec is different from other linux distro's. It uses a file called autostart.sh to tun things. run this to edit/create the file: nano /storage/.config/autostart.sh insert this into the file: ( openvpn /storage/TorGuard.UK.London.conf ) & CTRL-X to save and exit. reboot reboot the system and test the connection. DONE!
  15. Hello, I would like to use Openvpn with your service. Cipher in config files I downloaded from your site is set to BlowFish-CBC 128 bit on port 443. I would like to use AES128 or AES 256 bit encryption but it is not working on port 443. How to set cipher to desired encryption on openvpn config to work with your servers? Thank you.
  16. Greetings! I made the (potential) mistake of buying a MikroTik Router (MikroTik CRS125-24G-1S-IN) without doing much more research than it gets good reviews. It's been a painful experience trying to learn how to configure it, and I've now got to the point where I'm trying to get OpenVPN set-up for all internet bound traffic. The most helpful Guide I've seen is from HideMyAss on YouTube that basically does exactly what I'm trying to do. They import 2x crt file and 1x key file. I've imported the ca.crt and set-up the rest, but I get a "TLS Failed" error whenever I try to use the certificate. Some goggling implies I'm missing a key and/or crt file - not surprising, since I didn't import a key file. Are there additional crt files and a key file that i need to use? Is there a guide on how to set-up a MikroTik/RouterOS device with TorGuard OpenVPN? If not, a "What to do differently" in comparison to the HMA one would be good. Regards,
  17. Guys: I ran the ddwrt setup on a D-Link dir-615. Specs as follows: Router Model D-Link DIR-615-I1 DD-WRT v24-sp2 (06/23/14) std - build 24461 Kernel Version Linux 3.10.44 #11001 Mon Jun 23 08:07:01 CEST 2014 mips The software ran setup with no issues, no errors whatsoever, it rebooted the system but when it tries to go to the following page: Nothing come up. What can I do to resolve this. trying to setup the Sweden UDP connection. from startup: OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'` if [ "$OPVPNENABLE" != 0 ]; then nvram set openvpncl_enable=0 nvram commit fi sleep 10 mkdir /tmp/torguard; cd /tmp/torguard echo -e "$USERNAME\n$PASSWORD" > userpass.conf echo "$CA_CRT" > ca.crt echo "#!/bin/sh iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh echo "#!/bin/sh iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh sleep 10 echo "client auth-user-pass /tmp/torguard/userpass.conf management 5001 management-log-cache 50 dev tun0 proto $PROTOCOL comp-lzo adaptive fast-io script-security 2 mtu-disc yes verb 4 mute 5 cipher bf-cbc auth sha1 tun-mtu 1500 resolv-retry infinite nobind persist-key persist-tun tls-client remote-cert-tls server log-append torguard.log ca ca.crt status-version 3 status status daemon $REMOTE_SERVERS" > torguard.conf ln -s /tmp/torguard/torguard.log /tmp/torguard.log ln -s /tmp/torguard/status /tmp/status (killall openvpn; openvpn --config /tmp/torguard/torguard.conf --route-up /tmp/torguard/route-up.sh --down /tmp/torguard/route-down.sh) & exit Firewall rules: iptables -N VPN iptables -F VPN iptables -I INPUT -i tun0 -j VPN iptables -I FORWARD -i tun0 -j VPN iptables -A VPN -i tun0 -o br0 -j ACCEPT iptables -I POSTROUTING -t nat -o tun0 -j RETURN
  • Create New...