Page 1 of 1

[Solved] Setting up VPN server on a Raspberry Pi

Posted: Wed Mar 09, 2016 11:38 pm
by jd
Hi Everyone, I've been trying to set up a VPN server on my raspberry pi using a few tutorials online (http://www.bbc.co.uk/news/technology-33548728 and readwrite.com).

I've noticed there's been a few problems with these articles having read through other posts on here. I went through this tutorial completing all the steps, all works fine, I am able to connect to my server using the OpenVPN app on my iPhone, however the internet won't work.

I originally got the error "route is not canonical" similar to topic20757.html but I managed to fix this.

Now, I get the error "TUN write error: cannot identify IP version for prefix"

I can connect from when i am using the same wifi and when using public wifi in a different location, but no internet.

Another thing I should add is, when i type my dynamic dns domain name into the address, nothing will load (is it meant to?) but it will update my openvpn log when my IP address changes.

I will post my settings here, any help will be much appreciated!

$ ifconfig

Code: Select all

eth0      Link encap:Ethernet  HWaddr b8:27:eb:f4:7b:fb  
          inet addr:192.168.1.149  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2efc:e5ba:5e3e:a8aa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:177097 errors:0 dropped:905 overruns:0 frame:0
          TX packets:24811 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 

   # then lo and tun0 #
        
$ route -n

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    202    0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0 
$ interfaces setup

Code: Select all

# interfaces(5) file used by ifup(8) and ifdown(8)
 Please note that this file is written to be used with dhcpcd# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet static
inet addr 192.168.1.149
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
        pre-up /etc/firewall-openvpn-rules.sh

allow-hotplug wlan0
iface wlan0 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
$ server.conf

Code: Select all

local 192.168.1.149
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/iconnect.crt # SWAP XX WITH YOUR SERVER NAME
key /etc/openvpn/easy-rsa/keys/iconnect.key # SWAP XX WITH YOUR SERVER NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # IF YOU CHANGED YOUR ENCRYPTION TO 2048, CHANGE THAT HERE
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2     # i tried deleting this as previously suggested but still doesn't work 
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255" # …. #
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"   # …. #
# your local subnet
push "route 192.168.1.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8   # originally I tried my own router address, but changed to it 8.8.8.8
push "dhcp-option DNS 8.8.8.8" # THIS SHOULD ALREADY MATCH YOUR OWN ROUTER ADDRESS AND SHOULD NOT NEED TO BE CHANGED
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 6
$ default text

Code: Select all

client
dev tun
proto udp
remote <my_dns_domain_name> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
compo-lzo
verb 6
mute 20
this is the openvpn app log

Code: Select all


2016-03-09 23:18:52 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-03-09 23:18:52 UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
8 [mute-replay-warnings] 
12 [compo-lzo] 
13 [verb] [1] 
14 [mute] [20] 

2016-03-09 23:18:52 EVENT: RESOLVE
2016-03-09 23:18:53 Contacting <MY_IP_ADDRESS>:1194 via UDP
2016-03-09 23:18:53 EVENT: WAIT
2016-03-09 23:18:53 SetTunnelSocket returned 1
2016-03-09 23:18:53 Connecting to <my_dynamic_domain_name>:1194 (<MYIPADDRESS>) via UDPv4
2016-03-09 23:18:53 EVENT: CONNECTING
2016-03-09 23:18:53 Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2016-03-09 23:18:53 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1

2016-03-09 23:18:53 VERIFY OK: depth=1

2016-03-09 23:18:53 VERIFY OK: depth=0

2016-03-09 23:18:54 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-03-09 23:18:54 Session is ACTIVE
2016-03-09 23:18:54 EVENT: GET_CONFIG
2016-03-09 23:18:54 Sending PUSH_REQUEST to server...
2016-03-09 23:18:54 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [8.8.8.8] 
2 [redirect-gateway] [def1] 
3 [route] [10.8.0.0] [255.255.255.0] 
4 [topology] [net30] 
5 [ping] [10] 
6 [ping-restart] [120] 
7 [ifconfig] [10.8.0.6] [10.8.0.5] 

2016-03-09 23:18:54 EVENT: ASSIGN_IP
2016-03-09 23:18:54 TunPersist: saving tun context:
Session Name: <my_dynamic_domain_name>
Remote Address: MY_IP_ADDRESS
Tunnel Addresses:
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
 8.8.8.8
Search Domains:

2016-03-09 23:18:54 Connected via tun
2016-03-09 23:18:54 EVENT: CONNECTED @<my_dynamic_domain_name>:1194 (MY_IP_ADDRESS) via /UDPv4 on tun/10.8.0.6/
2016-03-09 23:18:54 SetStatus Connected
2016-03-09 23:19:04 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:14 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:24 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:34 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:44 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:54 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:04 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:14 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:25 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:36 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:46 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:55 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:05 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:16 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:25 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:36 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:46 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:56 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:06 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:17 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:26 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:37 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:47 TUN write error: cannot identify IP version for prefix
2016-03-09 23:23:09 TUN reset routes
2016-03-09 23:23:09 EVENT: DISCONNECTED
2016-03-09 23:23:09 Raw stats on disconnect:
 BYTES_IN : 6820
 BYTES_OUT : 14145
 PACKETS_IN : 63
 PACKETS_OUT : 133
 TUN_BYTES_IN : 5583
 TUN_PACKETS_IN : 80
 TUN_FRAMING_ERROR : 23
2016-03-09 23:23:09 Performance stats on disconnect:
 CPU usage (microseconds): 142085
 Tunnel compression ratio (downlink): inf
 Network bytes per CPU second: 147552
 Tunnel bytes per CPU second: 39293
2016-03-09 23:23:09 ----- OpenVPN Stop -----

$ ddclient

Code: Select all

daemon=1200                  
syslog=yes                             
mail=root                          
mail-failure=root                       
pid=/var/run/ddclient.pid              

use=web, web=ip.changeip.com


protocol=dyndns2      # one forum said this should be changeip not dyndns2
server=nic.changeip.com   
login=mypassword
password=mypassword
<my_dynamic_domain name>
Sorry for the long post, another pair of eyes on this would be a great help!

Thanks

Re: Setting up VPN server on a Raspberry Pi

Posted: Thu Mar 10, 2016 12:20 pm
by Traffic
jd wrote:$ default text

Code:
client
compo-lzo
verb 6

this is the openvpn app log
Code:

2016-03-09 23:18:52 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-03-09 23:18:52 UNUSED OPTIONS

12 [compo-lzo]
13 [verb] [1]
Client config: compo-lzo -> comp-lzo .. verb 6 -> verb 1 .. :geek:

Re: Setting up VPN server on a Raspberry Pi

Posted: Thu Mar 10, 2016 2:53 pm
by jd
Thanks, that's seems to get grid that error message. From the server and client logs it all looks ok but still can't connect to the Internet, any ideas?

Re: Setting up VPN server on a Raspberry Pi

Posted: Thu Mar 10, 2016 6:09 pm
by Traffic

Re: Setting up VPN server on a Raspberry Pi

Posted: Thu Mar 10, 2016 7:22 pm
by jd
No I hadn't! Thanks for your help, it's now up and running

Re: Setting up VPN server on a Raspberry Pi

Posted: Thu Mar 10, 2016 8:19 pm
by Traffic
Thanks for letting us know our solution works 8-)
jd wrote:I've been trying to set up a VPN server on my raspberry pi using a few tutorials online (http://www.bbc.co.uk/news/technology-33548728 and readwrite.com).
Please let these authors know that their documentation is [insert your opinion here] and include a link back to us :mrgreen:

Code: Select all

[url=https://forums.openvpn.net/topic21237.html][Solved] Setting up VPN server on a Raspberry Pi[/url]
* Marking Solved and Closing thread for posterity *


Always check the OpenVPN Documentation: Pro tips

Anybody else reading this:
  • Please see the Forum rules (top of page)

    :ugeek: