[Solved] Setting up VPN server on a Raspberry Pi

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
jd
OpenVpn Newbie
Posts: 3
Joined: Tue Mar 08, 2016 1:19 am

[Solved] Setting up VPN server on a Raspberry Pi

Post by jd » Wed Mar 09, 2016 11:38 pm

Hi Everyone, I've been trying to set up a VPN server on my raspberry pi using a few tutorials online (http://www.bbc.co.uk/news/technology-33548728 and readwrite.com).

I've noticed there's been a few problems with these articles having read through other posts on here. I went through this tutorial completing all the steps, all works fine, I am able to connect to my server using the OpenVPN app on my iPhone, however the internet won't work.

I originally got the error "route is not canonical" similar to topic20757.html but I managed to fix this.

Now, I get the error "TUN write error: cannot identify IP version for prefix"

I can connect from when i am using the same wifi and when using public wifi in a different location, but no internet.

Another thing I should add is, when i type my dynamic dns domain name into the address, nothing will load (is it meant to?) but it will update my openvpn log when my IP address changes.

I will post my settings here, any help will be much appreciated!

$ ifconfig

Code: Select all

eth0      Link encap:Ethernet  HWaddr b8:27:eb:f4:7b:fb  
          inet addr:192.168.1.149  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2efc:e5ba:5e3e:a8aa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:177097 errors:0 dropped:905 overruns:0 frame:0
          TX packets:24811 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 

   # then lo and tun0 #
        
$ route -n

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    202    0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0 
$ interfaces setup

Code: Select all

# interfaces(5) file used by ifup(8) and ifdown(8)
 Please note that this file is written to be used with dhcpcd# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet static
inet addr 192.168.1.149
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
        pre-up /etc/firewall-openvpn-rules.sh

allow-hotplug wlan0
iface wlan0 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
$ server.conf

Code: Select all

local 192.168.1.149
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/iconnect.crt # SWAP XX WITH YOUR SERVER NAME
key /etc/openvpn/easy-rsa/keys/iconnect.key # SWAP XX WITH YOUR SERVER NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # IF YOU CHANGED YOUR ENCRYPTION TO 2048, CHANGE THAT HERE
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2     # i tried deleting this as previously suggested but still doesn't work 
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255" # …. #
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"   # …. #
# your local subnet
push "route 192.168.1.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8   # originally I tried my own router address, but changed to it 8.8.8.8
push "dhcp-option DNS 8.8.8.8" # THIS SHOULD ALREADY MATCH YOUR OWN ROUTER ADDRESS AND SHOULD NOT NEED TO BE CHANGED
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 6
$ default text

Code: Select all

client
dev tun
proto udp
remote <my_dns_domain_name> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
compo-lzo
verb 6
mute 20
this is the openvpn app log

Code: Select all


2016-03-09 23:18:52 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-03-09 23:18:52 UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
8 [mute-replay-warnings] 
12 [compo-lzo] 
13 [verb] [1] 
14 [mute] [20] 

2016-03-09 23:18:52 EVENT: RESOLVE
2016-03-09 23:18:53 Contacting <MY_IP_ADDRESS>:1194 via UDP
2016-03-09 23:18:53 EVENT: WAIT
2016-03-09 23:18:53 SetTunnelSocket returned 1
2016-03-09 23:18:53 Connecting to <my_dynamic_domain_name>:1194 (<MYIPADDRESS>) via UDPv4
2016-03-09 23:18:53 EVENT: CONNECTING
2016-03-09 23:18:53 Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2016-03-09 23:18:53 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1

2016-03-09 23:18:53 VERIFY OK: depth=1

2016-03-09 23:18:53 VERIFY OK: depth=0

2016-03-09 23:18:54 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-03-09 23:18:54 Session is ACTIVE
2016-03-09 23:18:54 EVENT: GET_CONFIG
2016-03-09 23:18:54 Sending PUSH_REQUEST to server...
2016-03-09 23:18:54 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [8.8.8.8] 
2 [redirect-gateway] [def1] 
3 [route] [10.8.0.0] [255.255.255.0] 
4 [topology] [net30] 
5 [ping] [10] 
6 [ping-restart] [120] 
7 [ifconfig] [10.8.0.6] [10.8.0.5] 

2016-03-09 23:18:54 EVENT: ASSIGN_IP
2016-03-09 23:18:54 TunPersist: saving tun context:
Session Name: <my_dynamic_domain_name>
Remote Address: MY_IP_ADDRESS
Tunnel Addresses:
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
 8.8.8.8
Search Domains:

2016-03-09 23:18:54 Connected via tun
2016-03-09 23:18:54 EVENT: CONNECTED @<my_dynamic_domain_name>:1194 (MY_IP_ADDRESS) via /UDPv4 on tun/10.8.0.6/
2016-03-09 23:18:54 SetStatus Connected
2016-03-09 23:19:04 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:14 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:24 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:34 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:44 TUN write error: cannot identify IP version for prefix
2016-03-09 23:19:54 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:04 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:14 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:25 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:36 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:46 TUN write error: cannot identify IP version for prefix
2016-03-09 23:20:55 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:05 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:16 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:25 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:36 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:46 TUN write error: cannot identify IP version for prefix
2016-03-09 23:21:56 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:06 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:17 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:26 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:37 TUN write error: cannot identify IP version for prefix
2016-03-09 23:22:47 TUN write error: cannot identify IP version for prefix
2016-03-09 23:23:09 TUN reset routes
2016-03-09 23:23:09 EVENT: DISCONNECTED
2016-03-09 23:23:09 Raw stats on disconnect:
 BYTES_IN : 6820
 BYTES_OUT : 14145
 PACKETS_IN : 63
 PACKETS_OUT : 133
 TUN_BYTES_IN : 5583
 TUN_PACKETS_IN : 80
 TUN_FRAMING_ERROR : 23
2016-03-09 23:23:09 Performance stats on disconnect:
 CPU usage (microseconds): 142085
 Tunnel compression ratio (downlink): inf
 Network bytes per CPU second: 147552
 Tunnel bytes per CPU second: 39293
2016-03-09 23:23:09 ----- OpenVPN Stop -----

$ ddclient

Code: Select all

daemon=1200                  
syslog=yes                             
mail=root                          
mail-failure=root                       
pid=/var/run/ddclient.pid              

use=web, web=ip.changeip.com


protocol=dyndns2      # one forum said this should be changeip not dyndns2
server=nic.changeip.com   
login=mypassword
password=mypassword
<my_dynamic_domain name>
Sorry for the long post, another pair of eyes on this would be a great help!

Thanks

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Setting up VPN server on a Raspberry Pi

Post by Traffic » Thu Mar 10, 2016 12:20 pm

jd wrote:$ default text

Code:
client
compo-lzo
verb 6

this is the openvpn app log
Code:

2016-03-09 23:18:52 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-03-09 23:18:52 UNUSED OPTIONS

12 [compo-lzo]
13 [verb] [1]
Client config: compo-lzo -> comp-lzo .. verb 6 -> verb 1 .. :geek:

jd
OpenVpn Newbie
Posts: 3
Joined: Tue Mar 08, 2016 1:19 am

Re: Setting up VPN server on a Raspberry Pi

Post by jd » Thu Mar 10, 2016 2:53 pm

Thanks, that's seems to get grid that error message. From the server and client logs it all looks ok but still can't connect to the Internet, any ideas?

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Setting up VPN server on a Raspberry Pi

Post by Traffic » Thu Mar 10, 2016 6:09 pm


jd
OpenVpn Newbie
Posts: 3
Joined: Tue Mar 08, 2016 1:19 am

Re: Setting up VPN server on a Raspberry Pi

Post by jd » Thu Mar 10, 2016 7:22 pm

No I hadn't! Thanks for your help, it's now up and running

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Setting up VPN server on a Raspberry Pi

Post by Traffic » Thu Mar 10, 2016 8:19 pm

Thanks for letting us know our solution works 8-)
jd wrote:I've been trying to set up a VPN server on my raspberry pi using a few tutorials online (http://www.bbc.co.uk/news/technology-33548728 and readwrite.com).
Please let these authors know that their documentation is [insert your opinion here] and include a link back to us :mrgreen:

Code: Select all

[url=https://forums.openvpn.net/topic21237.html][Solved] Setting up VPN server on a Raspberry Pi[/url]
* Marking Solved and Closing thread for posterity *


Always check the OpenVPN Documentation: Pro tips

Anybody else reading this:
  • Please see the Forum rules (top of page)

    :ugeek:
Last edited by debbie10t on Thu Mar 10, 2016 8:53 pm, edited 4 times in total.
Reason: Improved.

Post Reply