Unable to connect using MullgardVPN config and Whonix

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
whonixuser
OpenVpn Newbie
Posts: 1
Joined: Sat Sep 10, 2022 1:16 am

Unable to connect using MullgardVPN config and Whonix

Post by whonixuser » Sat Sep 10, 2022 1:26 am

Hello. I am trying to connect using a config file for openvpn that was generated by
the MullgardVPN website config tool. I am trying to make a proxy for Whonix.

My goal is user>tor>openvpn>internet.

When I run OpenVPN in the terminal I get "initialized sequence complete" but then it
sits for maybe 30 seconds and continuously fails and tries to restart. Here is the
log:

user@VPN-Gateway:/home/mullvad$ sudo openvpn mullvad_us_sjc.conf
2022-09-09 20:53:20 Note: option tun-ipv6 is ignored because modern operating
systems do not need special IPv6 tun handling anymore.
2022-09-09 20:53:20 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in
--data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore
--cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change
--cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this
warning.
2022-09-09 20:53:20 WARNING: file 'mullvad_userpass.txt' is group or others accessible
2022-09-09 20:53:20 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4]
[EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2022-09-09 20:53:20 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2022-09-09 20:53:20 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2022-09-09 20:53:20 TCP/UDP: Preserving recently used remote address:
[AF_INET]198.54.134.34:443
2022-09-09 20:53:20 Socket Buffers: R=[131072->425984] S=[16384->425984]
2022-09-09 20:53:20 Attempting to establish TCP connection with
[AF_INET]198.54.134.34:443 [nonblock]
2022-09-09 20:53:20 TCP connection established with [AF_INET]198.54.134.34:443
2022-09-09 20:53:20 TCP_CLIENT link local: (not bound)
2022-09-09 20:53:20 TCP_CLIENT link remote: [AF_INET]198.54.134.34:443
2022-09-09 20:53:21 TLS: Initial packet from [AF_INET]198.54.134.34:443,
sid=e709b870 fc6af0f7
2022-09-09 20:53:22 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom
AB, OU=Mullvad, CN=Mullvad Root CA v2, emailAddress=security@mullvad.net
2022-09-09 20:53:22 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB,
OU=Mullvad, CN=Mullvad Intermediate CA v4, emailAddress=security@mullvad.net
2022-09-09 20:53:22 VERIFY KU OK
2022-09-09 20:53:22 Validating certificate extended key usage
2022-09-09 20:53:22 ++ Certificate has EKU (str) TLS Web Server Authentication,
expects TLS Web Server Authentication
2022-09-09 20:53:22 VERIFY EKU OK
2022-09-09 20:53:22 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB,
OU=Mullvad, CN=us-sjc-ovpn-001.mullvad.net, emailAddress=security@mullvad.net
2022-09-09 20:53:23 WARNING: 'link-mtu' is used inconsistently, local='link-mtu
1559', remote='link-mtu 1560'
2022-09-09 20:53:23 WARNING: 'comp-lzo' is present in remote config but missing in
local config, remote='comp-lzo'
2022-09-09 20:53:23 Control Channel: TLSv1.3, cipher TLSv1.3
TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
2022-09-09 20:53:23 [us-sjc-ovpn-001.mullvad.net] Peer Connection Initiated with
[AF_INET]198.54.134.34:443
2022-09-09 20:53:24 SENT CONTROL [us-sjc-ovpn-001.mullvad.net]: 'PUSH_REQUEST'
(status=1)
2022-09-09 20:53:25 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS
10.5.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6
4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway
10.5.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6
fdda:d0d0:cafe:443::1008/64 fdda:d0d0:cafe:443::,ifconfig 10.5.0.10
255.255.0.0,peer-id 0,cipher AES-256-GCM'
2022-09-09 20:53:25 WARNING: You have specified redirect-gateway and
redirect-private at the same time (or the same option multiple times). This is not
well supported and may lead to unexpected results
2022-09-09 20:53:25 OPTIONS IMPORT: compression parms modified
2022-09-09 20:53:25 OPTIONS IMPORT: --socket-flags option modified
2022-09-09 20:53:25 Socket flags: TCP_NODELAY=1 succeeded
2022-09-09 20:53:25 OPTIONS IMPORT: --ifconfig/up options modified
2022-09-09 20:53:25 OPTIONS IMPORT: route options modified
2022-09-09 20:53:25 OPTIONS IMPORT: route-related options modified
2022-09-09 20:53:25 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-09-09 20:53:25 OPTIONS IMPORT: peer-id set
2022-09-09 20:53:25 OPTIONS IMPORT: adjusting link_mtu to 1626
2022-09-09 20:53:25 OPTIONS IMPORT: data channel crypto options modified
2022-09-09 20:53:25 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-09-09 20:53:25 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256
bit key
2022-09-09 20:53:25 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256
bit key
2022-09-09 20:53:25 net_route_v4_best_gw query: dst 0.0.0.0
2022-09-09 20:53:25 net_route_v4_best_gw result: via 10.137.0.13 dev eth0
2022-09-09 20:53:25 ROUTE_GATEWAY 10.137.0.13
2022-09-09 20:53:25 GDG6: remote_host_ipv6=n/a
2022-09-09 20:53:25 net_route_v6_best_gw query: dst ::
2022-09-09 20:53:25 sitnl_send: rtnl: generic error (-101): Network is unreachable
2022-09-09 20:53:25 ROUTE6: default_gateway=UNDEF
2022-09-09 20:53:25 TUN/TAP device tun0 opened
2022-09-09 20:53:25 net_iface_mtu_set: mtu 1500 for tun0
2022-09-09 20:53:25 net_iface_up: set tun0 up
2022-09-09 20:53:25 net_addr_v4_add: 10.5.0.10/16 dev tun0
2022-09-09 20:53:25 net_iface_mtu_set: mtu 1500 for tun0
2022-09-09 20:53:25 net_iface_up: set tun0 up
2022-09-09 20:53:25 net_addr_v6_add: fdda:d0d0:cafe:443::1008/64 dev tun0
2022-09-09 20:53:25 /etc/openvpn/update-resolv-conf tun0 1500 1554 10.5.0.10
255.255.0.0 init
2022-09-09 20:53:25 net_route_v4_add: 198.54.134.34/32 via 10.137.0.13 dev [NULL]
table 0 metric -1
2022-09-09 20:53:25 net_route_v4_add: 0.0.0.0/1 via 10.5.0.1 dev [NULL] table 0
metric -1
2022-09-09 20:53:25 net_route_v4_add: 128.0.0.0/1 via 10.5.0.1 dev [NULL] table 0
metric -1
2022-09-09 20:53:25 add_route_ipv6(::/2 -> fdda:d0d0:cafe:443:: metric -1) dev tun0
2022-09-09 20:53:25 net_route_v6_add: ::/2 via :: dev tun0 table 0 metric -1
2022-09-09 20:53:25 add_route_ipv6(4000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev tun0
2022-09-09 20:53:25 net_route_v6_add: 4000::/2 via :: dev tun0 table 0 metric -1
2022-09-09 20:53:25 add_route_ipv6(8000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev tun0
2022-09-09 20:53:25 net_route_v6_add: 8000::/2 via :: dev tun0 table 0 metric -1
2022-09-09 20:53:25 add_route_ipv6(c000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev tun0
2022-09-09 20:53:25 net_route_v6_add: c000::/2 via :: dev tun0 table 0 metric -1
2022-09-09 20:53:25 WARNING: this configuration may cache passwords in memory -- use
the auth-nocache option to prevent this
2022-09-09 20:53:25 Initialization Sequence Completed

2022-09-09 20:54:25 Connection reset, restarting [0]
2022-09-09 20:54:25 SIGUSR1[soft,connection-reset] received, process restarting
2022-09-09 20:54:25 Restart pause, 5 second(s)
2022-09-09 20:54:30 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2022-09-09 20:54:30 TCP/UDP: Preserving recently used remote address:
[AF_INET]198.54.134.34:443
2022-09-09 20:54:30 Socket Buffers: R=[131072->425984] S=[16384->425984]
2022-09-09 20:54:30 Attempting to establish TCP connection with
[AF_INET]198.54.134.34:443 [nonblock]
2022-09-09 20:54:30 TCP: connect to [AF_INET]198.54.134.34:443 failed: No route to host
2022-09-09 20:54:30 SIGUSR1[connection failed(soft),init_instance] received, process
restarting
2022-09-09 20:54:30 Restart pause, 5 second(s)
2022-09-09 20:54:35 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2022-09-09 20:54:35 TCP/UDP: Preserving recently used remote address:
[AF_INET]198.54.134.66:443
2022-09-09 20:54:35 Socket Buffers: R=[131072->425984] S=[16384->425984]
2022-09-09 20:54:35 Attempting to establish TCP connection with
[AF_INET]198.54.134.66:443 [nonblock]


Here are my config file settings:

client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
proto tcp
auth-user-pass mullvad_userpass.txt
ca mullvad_ca.crt
tun-ipv6
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
remote-random
remote 198.54.134.34 443 # us-sjc-ovpn-001
remote 198.54.134.66 443 # us-sjc-ovpn-003
remote 198.54.134.50 443 # us-sjc-ovpn-002
redirect-gateway def1


Will you please help me troubleshoot this issue?

Post Reply