Jump to content

Search the Community

Showing results for tags 'openvpn'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The Lounge
    • TorGuard News
    • Introductions
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 12 results

  1. How to create VPN Killswitch with Windows 7/8/10 Firewall Stop leaks when VPN disconnects. Introduction Having troubles with your VPN disconnecting and exposing your true IP address(es)? With the Windows firewall you can eliminate accidental leakage. What's the difference between TorGuards VPN Client killswitch and a Firewall killswitch? Simple, the client disables your main network interface, while the firewall simply blocks all traffic without disabling any network interface. The main problem with any third party application that disables your network adapter is when the VPN connection is terminated, there is a very small window where your IP address can be leaked. Let's not forget to mention that if the client cannot disable the adapter, perhaps due to: security suite, permissions, or when a malfunctioning operating system interferes. A firewall, especially Windows Firewall will have minimum chances of failure if configured correctly; it is arguably the best firewall for Windows in my opinion. Requirements: TorGuard VPN Client Windows (Tested with 7/8/10) No third-party firewall Step 1: Setting main network adapter from Public to Private Step 2: Open Windows Firewall with Advanced Security Step 3: Backup Current Firewall Policy Step 4: Create Outbound Rule Step 5: Block all Connections for Private/Domain Step 6: Giving internet permission to applications manually Final Notes + WARNINGS If you ever get a firewall popup to add program, make sure to uncheck Private networks and only have Public networks checked before clicking Allow access; If you fail to monitor this, the killswitch will be pointless. Never allow any program to automatically add firewall exceptions. You should only do this manually or whenever you get prompted by Windows Firewall. This isn't a setup and forget solution. Existing firewall rules that are assigned the Private/Domain network spaces will be able to still connect, usually it's just local network related stuff. It would be good if you reviewed all rules and adjust them accordingly to your needs.
  2. I have been trying to learn more about the TorGuard Client and how it differs from plain old OpenVPN; which I have used for ages. I have been looking for a software manual for the TorGuard Client. I was hoping to find a breakdown of it's features so that I could figure out if OpenVPN was capable of emulating everything the TorGuard client does. I'm just curious. I have used both for connecting to TorGuard's VPN service, but I'd really like to know the differences between them. Can anybody tell me or point me in the direction of a resource where I might learn more? Thanks so much
  3. Hi! I have following setup. The main idea: Connect to VPN trough special WiFi spot if i need to do something special. Next upgrade: Add Tor and Privoxy service and connect from Home LAN, trough special Privoxy port. | INTERNET | external IP | |------------+-------------------------| | ISP GPON ROUTER | | | Comment: i CAN forward ports, | NAT, | change IP of internal network, | provider controlled | change a name of SSID | firewall | can't check any rules on |------------+------------------------| this firewall and can't trust fully | | wlan0-1 WiFi AP for VPN |------------+-----------------------+----------------------- | eth1 (wan) | (VPN lan) | | network, dhcp | | VPN options | OPENWRT router | TUN | firewall | subnet | OpenVPN client | | Privoxy | | Tor | (HOME lan) | | network, dhcp, | br-lan+----------------------- | | internet access through main router w/o VPN | | |--------------------------------------| OpenVPN is working with TorGuard and it's ok. BUT... Starting OpenVPN droping the all connection to internet, from HOME lan users, cos of OpenVPN changing the routing table. Then i'm using option - option pull-filter 'ignore redirect-gateway' - it's working. But i still can't create valid routing for working VPN and HOME lan at the SAME time. Routing table with OpenVPN started default UG 0 0 0 tun0 default UG 0 0 0 eth1 UGH 0 0 0 tun0 * UH 0 0 0 tun0 * U 0 0 0 wlan0-1 UGH 0 0 0 eth1 UG 0 0 0 tun0 * U 0 0 0 eth1 * U 0 0 0 br-lan How i can solve this?
  4. Hey everyone, This is my first post so please be kind. I waned to post a tutorial about how I got a kill switch system working on my raspberry pi using openvpn and connecting through TorGuard. For my purposes, this kill switch is customizable to kill any applications' connections to the internet if the VPN goes down for whatever reason. This method also attempts to reconnect to alternative servers and when connection is established again, it relaunches the application(s) you originally killed. I couldn't find a tutorial for a killswitch that was specific to raspberry pi and torguard. NOTE: I am a novice, through and through. I know this probably can be done easier and more elegantly by someone with any amount of experience. This method currently serves my needs, but if you have constructive feedback, please do share! Credit: This post is a conglomeration of tutorials and instruction from various sites including: OpenVPN with deluge and PIA various other google searches to solve problems that I ran into NOTES: - if you already have deluge setup and openvpn installed, skip to step step 18 for killswitch ASSUMPTIONS: - you are logged in as a non-root user 1) sudo apt-get update 2) sudo apt-get upgrade 3) install deluge: sudo apt-get install deluged sudo apt-get install deluge-console 4) run deluge to create configuration file: deluged 5) kill deluge while we make changes sudo pkill deluged 6) *OPTIONAL: make a backup of the configuration file before we modify it: sudo cp ~/.config/deluge/auth ~/.config/deluge/auth.bkp 7) open the configuration file in an editor: sudo nano ~/.config/deluge/auth 8) add this to the end of the configuration file user:password:level NOTE: user is whatever user account you want the deluge to run under; password is the password for the account; and level 10 gives full administrative privileges to deluge mine: I set mine as user "pi" (no quotes) 9) exit the editor by pressing "ctrl+x" then "y" then "enter" 10) start deluge again: deluged 10) let's one up deluge's console to make some changes: deluge-console 11) the code below will allow the thin client to access deluge: config -s allow_remote True then config allow_remote then exit the console: exit 12) let's restart deluge again: sudo pkill deluged then deluged TEST: let's make sure that you can connect to the deluge daemon on your raspberry pi. open another computer on the same local network as your raspberry pi and download the application deluge from their official website (http://deluge-torrent.org). After finishing installing that on your other computer, open the deluge client application on your computer (not the raspberry pi) 13) we need to change one setting in the deluge client in order for it to connect to deluge on the raspberry pi open up the preferences of the deluge client and go to "Interface" then uncheck the box "classic mode/enabled" 14) go ahead and restart the deluge client app on your non-raspberry pi computer 15) this time it will prompt you with a connection manager window. follow the steps: - click "add" - hostname: enter static IP address of your raspberry pi - username: enter the username you selected in step 8 - password: enter the password you created in step 8 - leave the port as default 16) while you are in the preferences of the deluge client app on your non-raspberry pi, you should set the folder where your torrents download to. look under the "downloads" section of the preferences to set this TEST: let's make sure you can download torrents. go ahead and grab a legal copy of a torrent (any of these: http://whirlpool.net.au/wiki/test_torrents)and drag it onto the deluge client app on your non-raspberry pi computer to see if it starts downloading it; 17) install openvpn with the corresponding torguard .ovpn files by following this tutorial: https://torguard.net/knowledgebase.php?action=displayarticle&id=174 18) let's modify one part of that tutorial (step 17). we are going to change a command that was outlined in that tutorial. do the following: cd /etc/openvpn/ crontab -e - choose whatever editor you want if it prompts you (I use nano) - modify this line: @reboot sudo openvpn --daemon --cd /etc/openvpn --config TorGuard.Canada.ovpn and replace it with: @reboot sudo openvpn --daemon --cd /etc/openvpn --config mastervpn.ovpn we will create this "matervpn.ovpn file in a bit, don't worry, it doesn't exist yet NOTE: before you start this next part, make sure you have killed the openvpn process: sudo killall -9 openvpn KILLSWITCH PART After you have openvpn installed, let's setup the killswitch that will: - immediately kill deluge on your raspberry pi if the VPN connection goes down - attempt to reconnect to alternative VPN servers - when a successful connection is established, it will restart deluge 19) first let's create our master .ovpn file that we are going to use to connect to torgaurd's VPN server(s) cd /etc/openvpn/ sudo mkdir mastervpn.ovpn you can call the file whatever you want, I named it "mastervpn.ovpn" in this case 20) next let's make it executable: sudo chmod u+x,g+x,o+x mastervpn.ovpn 21) first let's copy the configuration file of any of the other servers, preferably one of the ones you want to connect to: nano TorGuard.USA-CHICAGO.ovpn - highlight everything in that window and copy it press "crtl+x" then to exit the editor 22) now open up the mastervpn.ovpn file and paste the code you just copied: sudo nano mastervpn.ovpn 23) we are going to add some additional things you can insert them anywhere, I inserted mine just before the torguard server name. here an example of the my mastervpn.ovpn file: clientdev tun proto udp route-up route-up.sh down down.sh remote chi.central.usa.torguardvpnaccess.com 1912 remote ny.east.usa.torguardvpnaccess.com 1912 remote la.west.usa.torguardvpnaccess.com 1912 remote lon.uk.torguardvpnaccess.com 1912 resolv-retry 300 nobind persist-key persist-tun ca ca.crt tls-auth ta.key 1 auth SHA256 cipher AES-128-CBC remote-cert-tls server auth-user-pass user.txt comp-lzo verb 1 reneg-sec 0 fast-io # Uncomment these directives if you have speed issues ;sndbuf 393216 ;rcvbuf 393216 ;push "sndbuf 393216" ;push "rcvbuf 393216" almost all of this is the default, the only parts I added were the things in red: - the route-up route-up.sh line tells the VPN that when it successfully establishes a VPN connection, to execute the route-up.sh script (we haven't created that yet, we will soon) - the down down.sh similarity tells openvpn to execute the down.sh script when the VPN connection drops for whatever reason - those servers are just a list of servers that I want openvpn to connect to. you can replace these with whatever servers you want, just pull the names from the other .ovpn files that you got from torguard when you installed openvpn. if you have multiple listed like I do, openvpn will attempt to connect to the first one, and if successful will use that one. if for some reason it can't connect or drops a connection and can't reconnect, it will try the next one, and so on and so forth. you can list as many as you want. 24) let's save this file - press "ctrl x" then "y" then "enter" 25) now let's create our scripts, first "route-up.sh": cd /etc/openvpn/ sudo nano route-up.sh 26) copy and paste the following text into the blank window: sudo ip rule add from xx.x.x.x table 10 sudo ip route add default via yy.y.y.y table 10 sudo iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE sudo -u pi deluged PID=$! sleep 3 kill -2 $PID 2>/dev/null - the first and second lines allow you to still SSH into your raspberry pi while it is connected to the VPN. replace the "xx.x.x.x" with the static IP address of your raspberry pi and "yy.y.y.y" is the IP address of your router - the third line add the appropriate iptables rules that will route all traffic through your VPN tunnel - the last couple of lines starts deluge on your raspberry pi (the last 3 lines is get around a problem of the wrong lib torrent version being incompatible with deluge) 27) save that file press "ctrl x" then "y" then "enter" 28) let's create the "down.sh" sudo nano down.sh 29) post the following code into the blank window: sudo pkill deluged sudo iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE this will kill deluge on your raspberry pi if the VPN goes down and then removes the routing table so that when connected from the internet, you still have internet on your raspberry pi 30) save that file press "ctrl x" then "y" then "enter" 31) now let's make sure they are executable: sudo chmod u+x,g+x,o+x down.sh sudo chmod u+x,g+x,o+x route-up.sh Everything should work now. you can test by manually running your down.sh and route-up.sh scripts to see if they properly quit and restart deluge on your raspberry pi. Thanks!
  5. What's with the ridiculously cryptic filenames in the output of the OpenVPN Config Generator? Is that someone trying to be cool? Didn't your computer science teachers tell you to name things something anyone can easily understand? It really sucks to have to decipher that garbage and rename the files to something intelligible. Could someone change that please. How about just country.city? That would be nice.
  6. Has anyone had any experience setting up torguard in OpenSuse tumbleweed? The network manager by default in Opensuse is called Wicked and doesn't support openvpn config files.
  7. When I launch my .ovpn configuration with: "sudo openvpn --config TorGuard.TCP.ovpn" I receive three warnings that I am having trouble fixing. Although I do have a connection that seems to work well. I rather not have any warnings. WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1592' WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532' and WARNING: file 'auth.txt' is group or others accessible Here is my TorGuard.TCP.ovpn file contents. client dev tun redirect-gateway def1 proto tcp # The xxxx are replaced with whichever country remote xxxxx.torguardvpnaccess.com 995 resolv-retry infinite nobind persist-key persist-tun ca ca.crt remote-cert-tls server cipher AES-256-CBC auth-user-pass auth.txt comp-lzo verb 1 reneg-sec 0 auth-nocache ;link-mtu 1592 ;tun-mtu 1532 user nobody group nobody dhcp-option DNS To address the first two warnings, I though to add the link-mtu 1592 and tun-mtu 1532 to match the remote server, but recieved an error that I can't specify both. So I kept the link-mtu 1592 and took out the tun-mtu 1532. This configuration seemed to work the best because I no longer have the first two warnings, but a new one: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532) How should I configure my link-mtu and tun-mtu with warnings and what would be a good way to secure my auth.txt file to remove the the group accessibility? Thank you for your time.
  8. Hi, I bought an Archer C7 v2 router so I could use it as OpenVPN client. That way the best speeds I maanged to get were 8Mbps down / 16 up. After testing a lot of differnet configuration and searching in Google the experience of other users with the same router I came to the conclusion that most routers can't deliver more than 10Mbps when they work as openvpn clients. So does anyone know any openwrt router that can deliver at least 30Mbps download speed when it works as OpenVPN client? thank you
  9. Hi everybody, As a linux n00b and first time poster on this forum I wanted to share my experiences and gained knowledge setting up a VPN on OpenElec. The main reason I wanted to set op a VPN-client on my raspberry Pi was to watch BBC iPlayer from outside the UK. I tried xBian but got into trouble with some DNS-stuff and the TUN adapter. So I flashed openELEC on it and tried again. Setting Up Raspberry Pi 1 Windows 7 PC ExtraPutty Winrar Notepad++ Filezilla Win32 disk imager OpenELEC-RPi.arm-6.95.3 8GB SD card Tips & trics for linux n00bs: You can use TAB to autofill folders the command pwd gives you the current folder name the command ls gives a list of files in the current folder the command cd ~ brings you to your home folder When the terminal looks frozen after running a command, use CTRL+C to return. OpenElec installation First download the latest beta version of openELEC for the Raspberry Pi, then extract the .img file to a folder. Use Win32 disk imager to write the .img to the SD card. Insert the SD card into the raspberry pi and supply power to the device. Complete the wizard. Get the openvpn files Download the openvpn config files from TorGuard HERE and unzip them somewhere. I only needed the TorGuard.UK.London.ovpn files and isolated this one to my desktop. Open the file in Notepad++ and look for: auth-user-pass replace this by: auth-user-pass /storage/login.txt I read somewhere that the TorGuard ovpn files got he incorrect line endings and need to be changed to the Linux EOL. To do this in notepad++, Edit -> EOL Conversion -> Convert to UNIX format. Save the file as all files and rename it to: TorGuard.UK.London.conf Then create a new file in notepad++ and insert yout TorGoard username and password on two lines. [email protected] TGpassword Convert the line endings as stated above and save as, all files, login.txt SSH into the device Make sure your windows computer is connected to the same network as the Raspberry Pi, preferably wired. Find the IP-address of raspberry pi and write it down. (System -> System info -> Network) My IP-address was but your's is definitely different. Open extraputty and insert the IP-address, tick SSH and click "OPEN". A black console should appear asking for a login. If not, upgrade the putty client and check connection with raspberry pi. The password and username are as following: login: root password: openelec congratulations! you're connected to the raspberry pi. Overclock Raspberry pi (optional) I got a Raspberry pi version 1, so speed is a bit of a problem. To overclock the device use: mount /flash -o remount,rw nano /flash/config.txt Look for the line: arm_freq=700 core_freq=250 and replace this by: arm_freq=800 core_freq=300 reboot the device to see the effects. Getting openvpn OpenELEC doesn't have apt-get so you need some hassle to get openvpn. I'ts in the unofficial repository so lets download it. I copy pasted the steps from here, to prevent link rot I also post them here. Make sure you are connected to the internet for this steps. * Open Kodi * Select SYSTEM > File Manager * Select Add Source * Select None * Type the following EXACTLY http://fusion.tvaddons.ag and select Done * Highlight the box underneath Enter a name for this media Source & type fusion * Select OK * Go back to your Home Screen* Select SYSTEM * Select Add-Ons * Select Install from zip file * Select fusion * Select xbmc-repos * Select english * Select repository.metalkettle-x.x.x.zip * Wait for Add-on enabled notification * Select Install from repository or Get Add-Ons on Helix * Select MetalKettles Addon Repository * Select Program add-ons * Select openvpn * Select Install * Wait for Add-on enabled notification * Select VPN for OpenELEC * Select Install * Wait for Add-on enabled notification Copy files to raspberry pi I use Filezilla to transfer files from the Windows computer to the raspberry PI. Open Filezilla HOST: sftp:// (insertyour own IP) USERNAME: root PASSWORD: openelec quickconnect Drag and drop the TorGuard.UK.London.conf file from the Windows computer in the storage folder. Do the same with the login.txt file. Test the VPN connection SSH into the device using extraPutty, insert root/openelec and you are in the terminal. First test if openvpn is installed: openvpn --help When you see alot of commands and information pop-up, congratulations. then test the VPN connection: openvpn /storage/TorGuard.UK.London.conf When you see: Initialization Sequence Completed the connection is established. To test if the external IP-address is foreign use: openvpn /storage/TorGuard.UK.London.conf & wget http://ipinfo.io/ip -qO - The result is an IP-address you can check online to see if it's foreign. Run on Startup To run the line of code on startup openelec is different from other linux distro's. It uses a file called autostart.sh to tun things. run this to edit/create the file: nano /storage/.config/autostart.sh insert this into the file: ( openvpn /storage/TorGuard.UK.London.conf ) & CTRL-X to save and exit. reboot reboot the system and test the connection. DONE!
  10. Hello, I would like to use Openvpn with your service. Cipher in config files I downloaded from your site is set to BlowFish-CBC 128 bit on port 443. I would like to use AES128 or AES 256 bit encryption but it is not working on port 443. How to set cipher to desired encryption on openvpn config to work with your servers? Thank you.
  11. Avatar_GW

    MikroTik/RouterOS & OpenVPN?

    Greetings! I made the (potential) mistake of buying a MikroTik Router (MikroTik CRS125-24G-1S-IN) without doing much more research than it gets good reviews. It's been a painful experience trying to learn how to configure it, and I've now got to the point where I'm trying to get OpenVPN set-up for all internet bound traffic. The most helpful Guide I've seen is from HideMyAss on YouTube that basically does exactly what I'm trying to do. They import 2x crt file and 1x key file. I've imported the ca.crt and set-up the rest, but I get a "TLS Failed" error whenever I try to use the certificate. Some goggling implies I'm missing a key and/or crt file - not surprising, since I didn't import a key file. Are there additional crt files and a key file that i need to use? Is there a guide on how to set-up a MikroTik/RouterOS device with TorGuard OpenVPN? If not, a "What to do differently" in comparison to the HMA one would be good. Regards,
  12. Guys: I ran the ddwrt setup on a D-Link dir-615. Specs as follows: Router Model D-Link DIR-615-I1 DD-WRT v24-sp2 (06/23/14) std - build 24461 Kernel Version Linux 3.10.44 #11001 Mon Jun 23 08:07:01 CEST 2014 mips The software ran setup with no issues, no errors whatsoever, it rebooted the system but when it tries to go to the following page: Nothing come up. What can I do to resolve this. trying to setup the Sweden UDP connection. from startup: OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'` if [ "$OPVPNENABLE" != 0 ]; then nvram set openvpncl_enable=0 nvram commit fi sleep 10 mkdir /tmp/torguard; cd /tmp/torguard echo -e "$USERNAME\n$PASSWORD" > userpass.conf echo "$CA_CRT" > ca.crt echo "#!/bin/sh iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh echo "#!/bin/sh iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh sleep 10 echo "client auth-user-pass /tmp/torguard/userpass.conf management 5001 management-log-cache 50 dev tun0 proto $PROTOCOL comp-lzo adaptive fast-io script-security 2 mtu-disc yes verb 4 mute 5 cipher bf-cbc auth sha1 tun-mtu 1500 resolv-retry infinite nobind persist-key persist-tun tls-client remote-cert-tls server log-append torguard.log ca ca.crt status-version 3 status status daemon $REMOTE_SERVERS" > torguard.conf ln -s /tmp/torguard/torguard.log /tmp/torguard.log ln -s /tmp/torguard/status /tmp/status (killall openvpn; openvpn --config /tmp/torguard/torguard.conf --route-up /tmp/torguard/route-up.sh --down /tmp/torguard/route-down.sh) & exit Firewall rules: iptables -N VPN iptables -F VPN iptables -I INPUT -i tun0 -j VPN iptables -I FORWARD -i tun0 -j VPN iptables -A VPN -i tun0 -o br0 -j ACCEPT iptables -I POSTROUTING -t nat -o tun0 -j RETURN