Raspberry Pi issues [Solved]

RiPi

Hello community,

After using this very forum to try and gain some help (albeit from looking in at topics) i have registered to see if anyone can help me at all.

I have set up my Raspberry Pi as a remote torrent client and installed everything i need to get it up and working. Now i need to change my ip to my PIA VPN subscription.

So far i have installed OpenVPN on my Pi and had a go at configuring it. This is where the problems start. I am more used to windows OpenVPN installations with a GUI. I am a bit of a noob at Linux command line but am learning quickly. I began to use this guide here:
http://bobhood.wordpress.com/2013/07/28/raspberry-pi-creating-a-secure-torrent-client/ but it seems to skip over the main meat of what is needed.

I also tried the 'turn your Pi into a VPN' but found it only uses your home network, which i really don't need.

What i need is someone to point me in the right direction of an indepth tutorial, i.e writing the pia.conf file, setting up keys etc.

If anyone can help i would be very grateful.

OmniNegro

I do not own a Raspberry Pi, but I have always wanted one or ten...

I like the article you linked in, but the URL is incorrect. You can put a normal link in here without it getting nuked by moderators.
http://bobhood.wordpress.com/2013/07/28/raspberry-pi-creating-a-secure-torrent-client/
It looks like you typed it in fully into the link button, but missed the colon. In reality, you do not have to do that manual work on these forums. Just putting a link in works fine without using the link button. (That is what I did in this post, and you can see it works.)

I hope someone can help you. And welcome aboard.

RiPi

thanks for that. I have sorted it now and checked it.

RiPi

Hi guys, here is how i managed to do it. Please follow the instructions and it'll work no problem! [EDITED]

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install network-manger-openvpn
sudo apt-get install openvpn
Run sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
Extract the files from the zip with unzip openvpn.zip

Now try and connect to the VPN of your choice ending in ovpn.

sudo openvpn --config ./Netherlands.ovpn
 
It’ll ask you for your user and password. Enter these and hopefully you get 'Initialization Sequence Completed’. If not, go over the process before.
On the Raspberry Pi you need to press ‘CTRL -c’ to cancel the sequence and take control again.
After this you need to change the config to keep your User and Password in it.
sudo nano /etc/openvpn/login.conf

here you need 2 lines

USERNAME- add your credentials
PASSWORD- add your credentials

e.g

p4589098
SrtyuJkh

now 
sudo chmod 400 /etc/openvpn/login.conf

And now make a copy of the .ovpn config file and add the login.conf file onto the existing line with auth-user-pass. The * depicts the .opvn file of your choice.

sudo cp *.ovpn /etc/openvpn/*.conf

so: sudo nano /etc/openvpn/*.conf

At the line auth-user-pass add login.conf so it looks exactly like

auth-user-pass login.conf

Now the important part. Move both the ca.crtfile and the crl.pem file into /etc/openvpn folder.

Run another test to make sure your username and password are automatically accepted by running:

sudo openvpn *.conf

You should get the 'Initialization Sequence Completed’ again and no interaction. Please CTRL -c’ out of it.

To make it work on start up we need to change the startup file for openvpn.
sudo nano /etc/default/openvpn

Look down the file for these lines:
Add the name of your VPN WITHOUT .opvn extension. For me its Netherlands

#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office”
AUTOSTART=“Netherlands”

Now reboot your Pi:

sudo reboot

Then to make sure it’s working find my external IP

wget http://ipecho.net/plain -O - -q ; echo

chris48083

so I've been using the same tutorial, but no matter what I do, it freezes at

Tue Jun 4 19:30:35 2013 Initialization Sequence Completed

Any thoughts on how to correct this?

RiPi

Sorry, i forgot to mention that! It does freeze as it thinks that is the end of your terminal commands. Now you know that it works exit terminal and reload it, then continue on with the steps.

The steps after help you to configure the script to start without needing terminal open. The bit you got up to was to make sure that the script worked visually.

chris48083

That leaves my Pi unable to connect to anything....

So I get to the point it crashes - how do you leave the terminal? Just exit? I've tried several things at this point...

-CTRL+Z or CTRL-C, continue with the steps, and then not be able to connect to anything

-Start a new terminal, login, attempt to connect to something, and not be able to connect to anything

-Reboot the Pi, complete the tutorial, reboot and still unable to connect to anything

Basically, once I've completed the tutorial, nothing works. I can ping things in my local network, but 'ping www.google.com' doesn't work, nor does 'curl ipconfig.me' or anything of that nature. 

I'm really struggling here, any help would be awesome.

noheroe2014cr

Hi there!

Nice nice tutorial! Is up and running.

Dude do you know how to incorporate this with rc local/crontab?

Cheers.

RiPi

Hi,

@noheroe2014cr

It will save to your start up here

/etc/init.d/openvpn

So there is no need to use a cronjob to keep it going or to restart it.

---

@chris48083

Im sorry to hear this, the problem i think is happen is the ca.crt file is not in the same place as your openvpn configuration. For my setup i left the whole lot in /home/pi/ it looks a little messy internally but when running my Pi with CLI i don't even notice it.

jgrn307

Has anyone managed to figure out how to modify the encryption settings?  The default ones are a bit heavy-use for the Pi (so I get fairly low bandwidth as the Pi works its butt off trying to decrypt the stream) -- when I change the encryption in the config files it stops working altogether!

RiPi

A little bit off topic but still worth answering.

What kind of connection speed do you currently get as is?

What do you mean the Pi works its butt off, are you trying to browse on the Pi?

OmniNegro

Bear in mind that the Pi has a 700 Mhz CPU and no optimizations whatsoever.

jgrn307

I'm barely breaking 700KB/s on a 50MBps line.  I can get > 5MBps with openvpn turned off.  CPU is often pegged fairly high when OpenVPN is running with deluge.  I read elsewhere that lower encryption settings can help with this, but nothing seems to work re: disabling (or reducing) the encryption (or compression) in the .conf settings.  This is the .conf file that works (I think the only mod I made was the final keepalive statement):

client

dev tun

proto udp

remote us-midwest.privateinternetaccess.com 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca /etc/openvpn/ca.crt

tls-client

remote-cert-tls server

auth-user-pass

comp-lzo

verb 1

reneg-sec 0

crl-verify /etc/openvpn/crl.pem

auth-user-pass /etc/openvpn/pass.txt

keepalive 10 60

noman

I'm stuck in the same situation that Chris was.  sudo /etc/init.d/openvpn start will result in a successful connection... but at that point, I lose connectivity to all my networks, both local (over wlan0) and remote (over tun0).  The ca.crt and crl.pem files are both in the /etc/openvpn directory

 

My thought is that the routes are getting fouled up...  has anybody worked through this already?

   

noman

AHAH!  It messes up wifi, but works if you plug an Ethernet cable into eth0

seattleandrew

I'm having issues at the following step in the tutorial  

sudo openvpn *.conf

I'm running the command

sudo openvpn USSeattle.conf

and it's giving me this response

Options error: In [CMD-LINE]:1: Error opening configurations file: USSeattle.conf Use --help for more information.

It seems really strange because I thought I followed the tutorial exactly. Here's my USSeattle.conf file:

client

dev turn

proto udp

remote us-seattle.privateinternetaccess.com 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

tls-client

remote-cert-tls server

auth-user-pass login.conf

comp-lzo

verb 1

reneg-sec 0

crl-verify crl.pem

ALSO I think I may have done the login.conf file incorrectly:

USERNAME- [my username]

PASSWORD- [my password]

RiPi

Hi, 

Firstly, the login.con is wrong. It even happened to me on the second time of setting up!!! Here is the best example i can give:

Username- [1234]

Password- [5678]

in your .conf file it should look like this:

1234

5678

Then try to connect again, if it still says Error, let us now

seattleandrew

ALRIGHT! deleted the lines in login.conf so it reads

[username]

[password]

still same error message

RiPi

Is your .conf file in the right location and did you make it by copying the .opvn file?

seattleandrew

my conf file is located in /etc/openvpn and I made it by copying USSeattle.opvn and renaming during the copy i.e. cp USSeattle.opvn /etc/openvpn/USSeattle.conf

RiPi

have you tried a different .opvn file?

seattleandrew

I have and still no luck. Not sure what's wrong. I took a dump of my /etc/openvpn/ directory and posted it here, you can take a look but I tried with both US Seattle.conf and Netherlands.conf and nothing. I know it can connect to the ovpn files normally so not sure what's going on.

I really appreciate the help you've been giving RiPi!

RiPi

No problem with the help i am trying to give!

I downloaded your files and replaced my .crt, .pem and login.conf files with yours.

then i did $ sudo openvpn Netherlands.conf and pressed enter.

My output:

Thu Oct 30 20:48:01 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013

Thu Oct 30 20:48:01 2014 WARNING: file 'login.conf' is group or others accessible

Thu Oct 30 20:48:01 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Oct 30 20:48:01 2014 LZO compression initialized

Thu Oct 30 20:48:01 2014 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 4 addresses

Thu Oct 30 20:48:01 2014 UDPv4 link local: [undef]

Thu Oct 30 20:48:01 2014 UDPv4 link remote: [AF_INET]109.201.154.162:1194

Thu Oct 30 20:48:01 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Thu Oct 30 20:48:02 2014 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]109.201.154.162:1194

Thu Oct 30 20:48:05 2014 TUN/TAP device tun0 opened

Thu Oct 30 20:48:05 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Thu Oct 30 20:48:05 2014 /sbin/ifconfig tun0 10.192.1.6 pointopoint 10.192.1.5 mtu 1500

Thu Oct 30 20:48:05 2014 Initialization Sequence Completed

Thats telling me your user/pass works fine BUT i couldn't test IP. So i CTRL+C out of the process and instead typed:

etc/openvpn $ sudo service openvpn start

Gave it a few seconds and then:

wget -qO- http://ipecho.net/plain ; echo

Output was:

109.201.154.162

The perfect outcome.

Here is the Netherlands.conf file i used, i am not saying use it as Netherlands but use it as your template.

Also delete the link to the files you upped, it contains your PIA log in details for anyone to have.

As ever, if it doesn't work, come back and tell me

Regards

  

seattleandrew

Deleted the files, changed the password, Thanks RiPi, I'll give it a go again with the .conf you linked as a template.

seattleandrew

[SOLVED] I found out my issue, I had to statically link the location of the login.conf file in US Seattle.conf so it read like

auth-user-pass /etc/openvpn/login.conf

no idea why I had to do that, but that seemed to do the trick.

Edit: Additional tip: For VPNs that use a space (e.g. "US Seattle"), you should rename your config file to something like "US-Seattle" since the openvpn service won't accept "US Seattle" or "US\ Seattle"

Thanks for all the help RiPi

RiPi

Fantastic news! Glad you found out the problem in the end and also stuck with it!

keredomo

So I have followed the steps above, compared my .conf files, and tried a lot of different things, but I still cannot get my raspberry pi to connect to anything outside the local network when I reboot or restart the openvpn service.

I have the ca.crt and crl.pem with the *.conf file in /etc/openvpn/ and everything works when I test "sudo openvpn --config /etc/openvpn/*.conf" and it gives me the message of "Initialization Sequence Complete". However, stopping that process and running "sudo service openvpn start" and then trying the internet just gives me "cannot resolve hostname" errors for all the web pages I've tried.

Does anyone have any suggestions? I can post more information if anyone would like.

RiPi

First try 'sudo openvpn *.conf' where * is the conf file of your choice. 

and see if that gives you "Initialization Sequence Complete".

I am in no way a vpn or commandline genius but to use this "sudo openvpn --config /etc/openvpn/*.conf"

and then "sudo service openvpn start" are 2 different paths.

keredomo

I rebooted my pi then ran "sudo service openvpn stop" and "sudo pkill openvpn" to really make sure it wasn't running in the background. I also ran "sudo service openvpn status" to check and it said it wasn't running. Then I just tried "sudo openvpn /etc/openvpn/*.conf and that worked (it's the only .conf file in the folder).

edit: it's really late where I am, but I'll be back after a couple hours of sleep. maybe it'll sort itself out?? idk.

RiPi

ignore writing the full path and write sudo openvpn *conf

where *conf is the Netherlands.conf file or the Seattle.conf file

keredomo

hmmm... That just gives me an error that says "Cannot resolve host address: us-west.privateinternetaccess.com: [TRY_AGAIN] A temporary error occurred on an authoritative name server."

I think I may try and uninstall and reinstall all the files...