Author Topic: New to Linux/Manjaro, Need some VPN help.  (Read 2801 times)

0 Members and 1 Guest are viewing this topic.

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
New to Linux/Manjaro, Need some VPN help.
« on: 21. February 2014, 16:00:19 »
Hi, as the title says, im new to the linux field. I've done a clean install over my windows as i no longer wish to use windows. I have vowed to not reinstall windows as a dual boot/VM.

so far i've had to keep my live usb at hand, since i messed up manjaro a good 3 times in the last day :D

Sorry if this has been asked before, but how would i go about configuring my VPN, Private internet access with manjaro using the built in OpenVpn support, i have tried to set it up using the .zip (.ovpn .ca) configurations by using the import feature at the far bottom of the drop down menu when adding a new connection in the Network Manager. However each time i restart to initiated the VPN it fails to connect.

Any help will be much appreciated.

Thanks in advanced
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline schpankme

  • Held Mitglied
  • *****
  • Posts: 1541
  • High Carb / Low Fat / Vegan
  • Kernel: 4.1.3-2 x64
  • Desktop: Qt..i3..OpenRC..Eudev
  • Branch: Unstable
  • GPU Card: Radeon 6450
  • GPU driver: Catalyst 15.20.1046-3
  • Skill: Advanced
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #1 on: 21. February 2014, 16:30:24 »
... how would i go about configuring my VPN
... Private internet access with manjaro using the built in OpenVpn support

Suggest reading:

PPTP VPN client setup with pptpclient
https://wiki.archlinux.org/index.php/PPTP_VPN_client_setup_with_pptpclient

OpenVPN
https://wiki.archlinux.org/index.php/OpenVPN

Offline thundersqueak

  • Held Mitglied
  • *****
  • Posts: 1619
  • everyone dies
  • Kernel: most,if not all
  • Desktop: gnome
  • Branch: all of em
  • GPU Card: nvidia 9300
  • GPU driver: non-free
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #2 on: 21. February 2014, 16:56:10 »
@hamzahqaisar welcome to the forums!once you have read thru the suggested reading if you can take the time to fill out your specs on your forum profile any future help needed will be much easier for all,good luck  :)
"Why is it that every grubby little government i pass has the impertinence to assume that i can spare the time and energy necessary for their destruction?"

Offline inkrypted

  • Sr. Mitglied
  • ****
  • Posts: 399
  • Kernel: The latest unless I need to fallback.
  • Desktop: Plasma 5
  • Branch: Stable
  • GPU Card: NVIDIA Geforce GTX 780
  • GPU driver: Latest Non Free
  • Skill: Intermediate
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #3 on: 21. February 2014, 17:08:09 »
First thing is make sure openvpn is installed. Then download your config and .crt file from Private Internet Access the one that ends in .ovpn and edit it and add the following line without quotes "auth-user-pass private" save it then change the name of the ovpn file to something like PVPN.conf and then place it inside /etc/openvpn. Also copy your .crt file into /etc/openvpn and make sure the ca line points to it IE "ca user.crt" Then make a text file with nothing but the username and password in it no spaces just one on each line like so.

username
password

Name it private. change permissions on it sudo chmod 600 /etc/openvpn/private
You can start the service with the following command sudo systemctl start openvpn@PVPN.service
or enable it to start up automatically with this command sudo systemctl enable openvpn@PVPN.service

If you experience any lag or slow speeds you might try adding this to your PVPN.conf file
tun-mtu 1500
fragment 1400
mssfix 1400

Of course if you are on a DSL connection your tun-mtu will be 1492. You may have to experiment. Lastly go to a place like speedtest.net and make sure your IP has changed and so has your geolocation. Restart the VPN with the command sudo systemctl restart openvpn@PVPN.service

If you use a firewall such as iptables the following rules should be sufficient to get you up and running.
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
« Last Edit: 21. February 2014, 17:20:39 by inkrypted »
Inkrypted

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #4 on: 21. February 2014, 23:01:32 »
Suggest reading:

PPTP VPN client setup with pptpclient
https://wiki.archlinux.org/index.php/PPTP_VPN_client_setup_with_pptpclient

OpenVPN
https://wiki.archlinux.org/index.php/OpenVPN

I had a read through that before, i always try to google before asking, I think that wiki link is a bit too technical for me as i currently stand with the whole linux-terminal predicament, nevertheless, thanks for trying.
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #5 on: 21. February 2014, 23:01:56 »
@hamzahqaisar welcome to the forums!once you have read thru the suggested reading if you can take the time to fill out your specs on your forum profile any future help needed will be much easier for all,good luck  :)

I will do that ASAP, thanks!
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #6 on: 21. February 2014, 23:03:22 »
First thing is make sure openvpn is installed. Then download your config and .crt file from Private Internet Access the one that ends in .ovpn and edit it and add the following line without quotes "auth-user-pass private" save it then change the name of the ovpn file to something like PVPN.conf and then place it inside /etc/openvpn. Also copy your .crt file into /etc/openvpn and make sure the ca line points to it IE "ca user.crt" Then make a text file with nothing but the username and password in it no spaces just one on each line like so.

username
password

Name it private. change permissions on it sudo chmod 600 /etc/openvpn/private
You can start the service with the following command sudo systemctl start openvpn@PVPN.service
or enable it to start up automatically with this command sudo systemctl enable openvpn@PVPN.service

If you experience any lag or slow speeds you might try adding this to your PVPN.conf file
tun-mtu 1500
fragment 1400
mssfix 1400

Of course if you are on a DSL connection your tun-mtu will be 1492. You may have to experiment. Lastly go to a place like speedtest.net and make sure your IP has changed and so has your geolocation. Restart the VPN with the command sudo systemctl restart openvpn@PVPN.service

If you use a firewall such as iptables the following rules should be sufficient to get you up and running.
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT

This looks like something i can do, awesome! I'll try that right after filling my profile in, much appreciated, thanks alot!
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline mips

  • Held Mitglied
  • *****
  • Posts: 2781
  • Valkyrja
  • Kernel: 3.16
  • Desktop: XFCE
  • Branch: Testing
  • GPU Card: GTX 960
  • GPU driver: video-nvidia
  • Skill: Intermediate
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #7 on: 21. February 2014, 23:14:01 »
Which VPN service are you using?

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #8 on: 21. February 2014, 23:26:20 »
Which VPN service are you using?

Private Internet Access
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #9 on: 21. February 2014, 23:40:54 »
First thing is make sure openvpn is installed. Then download your config and .crt file from Private Internet Access the one that ends in .ovpn and edit it and add the following line without quotes "auth-user-pass private" save it then change the name of the ovpn file to something like PVPN.conf and then place it inside /etc/openvpn. Also copy your .crt file into /etc/openvpn and make sure the ca line points to it IE "ca user.crt" Then make a text file with nothing but the username and password in it no spaces just one on each line like so.

username
password

Name it private. change permissions on it sudo chmod 600 /etc/openvpn/private
You can start the service with the following command sudo systemctl start openvpn@PVPN.service
or enable it to start up automatically with this command sudo systemctl enable openvpn@PVPN.service

If you experience any lag or slow speeds you might try adding this to your PVPN.conf file
tun-mtu 1500
fragment 1400
mssfix 1400

Of course if you are on a DSL connection your tun-mtu will be 1492. You may have to experiment. Lastly go to a place like speedtest.net and make sure your IP has changed and so has your geolocation. Restart the VPN with the command sudo systemctl restart openvpn@PVPN.service

If you use a firewall such as iptables the following rules should be sufficient to get you up and running.
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT

Just did this and i can confirm that my vpn service is running

Last question, would the command for disabling this be : { sudo systemctl stop openvpn@PVPN.service
                                                                                   sudo systemctl disable openvpn@PVPN.service } ?
Thanks!

« Last Edit: 22. February 2014, 12:40:03 by hamzahqaisar »
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline mips

  • Held Mitglied
  • *****
  • Posts: 2781
  • Valkyrja
  • Kernel: 3.16
  • Desktop: XFCE
  • Branch: Testing
  • GPU Card: GTX 960
  • GPU driver: video-nvidia
  • Skill: Intermediate
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #10 on: 21. February 2014, 23:47:05 »
Just did this and i can confirm that my vpn service is running so as the issue currently stands it is officially SOLVED, Thanks a ton mate and those that helped!

I have marked the thread as solved.  ;)

Offline handy

  • Held Mitglied
  • *****
  • Posts: 5330
  • All things must pass...
  • Kernel: x86_64 Linux 4.0.3-1
  • Desktop: Openbox 3.5.2-7
  • Branch: Testing
  • GPU Card: GeForce GTX 660 Ti
  • GPU driver: non-free
  • Skill: Intermediate
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #11 on: 22. February 2014, 00:41:18 »
It is also worth noting that it is a good idea to not use your ISP's DNS, use OpenDNS or GoogleDNS, this makes it harder to track you. If you VPN provider has their own DNS then you can use their DNS, though if you do you need to organize your system so that if you drop your VPN (which will happen one way or another) your internet connection is terminated immediately. Doing so, again makes it harder for you to be tracked.

An ideal example of this is that say you were torrenting overnight whilst you are asleep in bed & your VPN connection fails, your true IP address is now available for all to see, unless you have a fail-safe that cuts your internet connection. You can do this via your IPTables.

I use the following:

Code: [Select]
# Generated by iptables-save v1.4.20 on Thu Dec 19 15:06:52 2013
*nat
:PREROUTING ACCEPT [2:125]
:INPUT ACCEPT [2:125]
:OUTPUT ACCEPT [14:840]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Thu Dec 19 15:06:52 2013
# Generated by iptables-save v1.4.20 on Thu Dec 19 15:06:52 2013
*filter
:INPUT ACCEPT [17:1502]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [79:4712]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 255.255.255.255/32 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255/32 -j ACCEPT
-A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A OUTPUT ! -d <A VPN SERVER ENTRY IP> -o eth0 -j DROP
COMMIT
# Completed on Thu Dec 19 15:06:52 2013

You need to change any of the IP addresses to suit your system & replace the <A VPN SERVER ENTRY IP> section (including the angle brackets) with such an address. You may have to contact your VPN provider to get a list of their various server entry IP addresses, then choose the one you want to use.

There is a page here relating to my VPN setup:

http://forum.manjaro.org/index.php?topic=9345.0
The ultimate tyranny in a society is not control
by martial law. It is control by the psychological
manipulation of consciousness, through which reality
is defined so that those who exist within do not even
realize that they are in prison.
  —  Barbara Marciniak

Offline inkrypted

  • Sr. Mitglied
  • ****
  • Posts: 399
  • Kernel: The latest unless I need to fallback.
  • Desktop: Plasma 5
  • Branch: Stable
  • GPU Card: NVIDIA Geforce GTX 780
  • GPU driver: Latest Non Free
  • Skill: Intermediate
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #12 on: 22. February 2014, 04:07:58 »
Just did this and i can confirm that my vpn service is running so as the issue currently stands it is officially SOLVED, Thanks a ton mate and those that helped!

Last question, would the command for disabling this be : { sudo systemctl stop openvpn@PVPN.service
                                                                                   sudo systemctl disable openvpn@PVPN.service } ?
Thanks!

Exactly sudo systemctl stop openvpn@PVPN.service to stop the service and sudo systemctl disable openvpn@PVPN.service  to disable the service from starting automatically. I have nVPN which is very much the same but they feature torrent optimized IP's and allow you to open ports through your VPN Tunnel. I am glad you got it working. Handy has a point but I recommend the Swiss Privacy foundation DNS even without the VPN.
77.109.138.45, 77.109.139.29
In addition, no log files are written (except for errors). The DNS servers resolve the test zone welcome.spf on. If your a security freak like me you might also check out Unbound DNS. Let me know if you need help there too.
« Last Edit: 22. February 2014, 05:20:13 by inkrypted »
Inkrypted

Offline hamzahqaisarTopic starter

  • Neuling
  • *
  • Posts: 25
  • Kernel: 3.10.28-1-MANJAROx64
  • Desktop: XFCE
  • Branch: Stable
  • GPU Card: AMD HD7750
  • GPU driver: Catalyst 13.4
  • Skill: Novice
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #13 on: 22. February 2014, 12:38:45 »
It is also worth noting that it is a good idea to not use your ISP's DNS, use OpenDNS or GoogleDNS, this makes it harder to track you. If you VPN provider has their own DNS then you can use their DNS, though if you do you need to organize your system so that if you drop your VPN (which will happen one way or another) your internet connection is terminated immediately. Doing so, again makes it harder for you to be tracked.

An ideal example of this is that say you were torrenting overnight whilst you are asleep in bed & your VPN connection fails, your true IP address is now available for all to see, unless you have a fail-safe that cuts your internet connection. You can do this via your IPTables.

I use the following:

Code: [Select]
# Generated by iptables-save v1.4.20 on Thu Dec 19 15:06:52 2013
*nat
:PREROUTING ACCEPT [2:125]
:INPUT ACCEPT [2:125]
:OUTPUT ACCEPT [14:840]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Thu Dec 19 15:06:52 2013
# Generated by iptables-save v1.4.20 on Thu Dec 19 15:06:52 2013
*filter
:INPUT ACCEPT [17:1502]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [79:4712]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 255.255.255.255/32 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255/32 -j ACCEPT
-A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A OUTPUT ! -d <A VPN SERVER ENTRY IP> -o eth0 -j DROP
COMMIT
# Completed on Thu Dec 19 15:06:52 2013

You need to change any of the IP addresses to suit your system & replace the <A VPN SERVER ENTRY IP> section (including the angle brackets) with such an address. You may have to contact your VPN provider to get a list of their various server entry IP addresses, then choose the one you want to use.

There is a page here relating to my VPN setup:

http://forum.manjaro.org/index.php?topic=9345.0

HI, thanks for the help! I added my VPN providers DNS to the resolv.conf file, how would i go about telling manjaro to cur the connection to the internet when the vpn drops? i tried copying and pasting that code in terminal but all i got was error.

Also, i have the IP address to my VPN providers server, this server also supports port forwarding, how can i set the port forwarding up if need be ?

thanks again!
Trying my best to leave the windows OS for good, with something fast, reliable and open source.

Level - Noob @Manjaro

Offline handy

  • Held Mitglied
  • *****
  • Posts: 5330
  • All things must pass...
  • Kernel: x86_64 Linux 4.0.3-1
  • Desktop: Openbox 3.5.2-7
  • Branch: Testing
  • GPU Card: GeForce GTX 660 Ti
  • GPU driver: non-free
  • Skill: Intermediate
Re: New to Linux/Manjaro, Need some VPN help.
« Reply #14 on: 22. February 2014, 13:03:03 »
The /iptables/iptables.rules that I quoted would cut the connection if the VPN drops (once you make the IP addresses suit your system, which is essential). Mucking about with this stuff requires some study, so that you learn how to change your IPTables configuration, it is easy to do it wrong & can make a mess of network if you do (though just clearing your rules or renaming the iptables.rules file will get you out of trouble quickly). The ArchWiki has a good page on IPTables, just search it for IPTables.

This section will give you more info' on things that can be done re. control of your DNS settings (which may boggle your mind... ;) ):

https://wiki.archlinux.org/index.php/Resolv.conf#Preserve_DNS_settings

Your VPN should give you information re. port forwarding - which ports you can use, how to choose them on their server, & some examples of how to set them up on your own machine. It should be easy with most if not all torrent software, you have to find the section in its configuration menu where you can choose the port(s) that it will use. It is at least easy in qBittorrent anyway.

The ultimate tyranny in a society is not control
by martial law. It is control by the psychological
manipulation of consciousness, through which reality
is defined so that those who exist within do not even
realize that they are in prison.
  —  Barbara Marciniak