• Firefox DID NOT use connected openvpn


    I run sudo openvpn configFile

    Thu Dec 22 15:24:08 2016 OpenVPN 2.3.14 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  7 2016
    Thu Dec 22 15:24:08 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
    Enter Auth Username: ***************
    Enter Auth Password: ****
    Thu Dec 22 15:24:15 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Thu Dec 22 15:24:15 2016 Socket Buffers: R=[87380->87380] S=[16384->16384]
    Thu Dec 22 15:24:15 2016 Attempting to establish TCP connection with [AF_INET]67.205.135.109:443 [nonblock]
    Thu Dec 22 15:24:16 2016 TCP connection established with [AF_INET]67.205.135.109:443
    Thu Dec 22 15:24:16 2016 TCPv4_CLIENT link local: [undef]
    Thu Dec 22 15:24:16 2016 TCPv4_CLIENT link remote: [AF_INET]67.205.135.109:443
    Thu Dec 22 15:24:16 2016 TLS: Initial packet from [AF_INET]67.205.135.109:443, sid=a948c5e0 5aaead74
    Thu Dec 22 15:24:16 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Thu Dec 22 15:24:17 2016 VERIFY OK: depth=1, C=US, ST=openvpn, L=openvpn, O=openvpn, OU=openvpn, CN=openvpn, name=openvpn, emailAddress=openvpn
    Thu Dec 22 15:24:17 2016 VERIFY OK: depth=0, C=US, ST=openvpn, L=openvpn, O=openvpn, OU=openvpn, CN=openvpn, name=openvpn, emailAddress=openvpn
    Thu Dec 22 15:24:19 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec 22 15:24:19 2016 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Thu Dec 22 15:24:19 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec 22 15:24:19 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec 22 15:24:19 2016 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Thu Dec 22 15:24:19 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec 22 15:24:19 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Thu Dec 22 15:24:19 2016 [openvpn] Peer Connection Initiated with [AF_INET]67.205.135.109:443
    Thu Dec 22 15:24:21 2016 SENT CONTROL [openvpn]: 'PUSH_REQUEST' (status=1)
    Thu Dec 22 15:24:22 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.126 10.8.0.125'
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: --ifconfig/up options modified
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: route options modified
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Thu Dec 22 15:24:22 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp3s0 HWADDR=74:c6:3b:92:87:5b
    Thu Dec 22 15:24:22 2016 TUN/TAP device tun0 opened
    Thu Dec 22 15:24:22 2016 TUN/TAP TX queue length set to 100
    Thu Dec 22 15:24:22 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Thu Dec 22 15:24:22 2016 /usr/bin/ip link set dev tun0 up mtu 1500
    Thu Dec 22 15:24:22 2016 /usr/bin/ip addr add dev tun0 local 10.8.0.126 peer 10.8.0.125
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 67.205.135.109/32 via 192.168.1.1
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 0.0.0.0/1 via 10.8.0.125
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 128.0.0.0/1 via 10.8.0.125
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 10.8.0.1/32 via 10.8.0.125
    Thu Dec 22 15:24:22 2016 Initialization Sequence Completed
    
    

    It said completed, when I ping to google, the latency changed from 50ms to 800ms after completion.
    But it seems my firefox doesnt use the openvpn. I cannot open blocked sites. But when I’m using free proxy services it works.
    I dont understand, it always work on windows. Can someone help me please?

    +actually not only firefox, but also chromium

    Thank you

  • I have try this https://wiki.archlinux.org/index.php/OpenVPN#Routing_all_client_traffic_through_the_server
    But it only work once, when I opened firefox, when I reload the page the vpn didnt connected again.

    Then I followed IP table guide on that wiki and now firefox cant even connect to vpn anymore, even if it shown intialization sequence completed.

    EDIT:
    now openvpn show repetitive error
    here is the output http://pastebin.com/e74VL6z9 (too long)

    I can’t even use a proxy using network manager in gnome.

openvpn3 firefox23 Posts 2Views 407
Log in to reply