• Firefox DID NOT use connected openvpn


    I run sudo openvpn configFile

    Thu Dec 22 15:24:08 2016 OpenVPN 2.3.14 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  7 2016
    Thu Dec 22 15:24:08 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
    Enter Auth Username: ***************
    Enter Auth Password: ****
    Thu Dec 22 15:24:15 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Thu Dec 22 15:24:15 2016 Socket Buffers: R=[87380->87380] S=[16384->16384]
    Thu Dec 22 15:24:15 2016 Attempting to establish TCP connection with [AF_INET]67.205.135.109:443 [nonblock]
    Thu Dec 22 15:24:16 2016 TCP connection established with [AF_INET]67.205.135.109:443
    Thu Dec 22 15:24:16 2016 TCPv4_CLIENT link local: [undef]
    Thu Dec 22 15:24:16 2016 TCPv4_CLIENT link remote: [AF_INET]67.205.135.109:443
    Thu Dec 22 15:24:16 2016 TLS: Initial packet from [AF_INET]67.205.135.109:443, sid=a948c5e0 5aaead74
    Thu Dec 22 15:24:16 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Thu Dec 22 15:24:17 2016 VERIFY OK: depth=1, C=US, ST=openvpn, L=openvpn, O=openvpn, OU=openvpn, CN=openvpn, name=openvpn, emailAddress=openvpn
    Thu Dec 22 15:24:17 2016 VERIFY OK: depth=0, C=US, ST=openvpn, L=openvpn, O=openvpn, OU=openvpn, CN=openvpn, name=openvpn, emailAddress=openvpn
    Thu Dec 22 15:24:19 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec 22 15:24:19 2016 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Thu Dec 22 15:24:19 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec 22 15:24:19 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec 22 15:24:19 2016 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Thu Dec 22 15:24:19 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec 22 15:24:19 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Thu Dec 22 15:24:19 2016 [openvpn] Peer Connection Initiated with [AF_INET]67.205.135.109:443
    Thu Dec 22 15:24:21 2016 SENT CONTROL [openvpn]: 'PUSH_REQUEST' (status=1)
    Thu Dec 22 15:24:22 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.126 10.8.0.125'
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: --ifconfig/up options modified
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: route options modified
    Thu Dec 22 15:24:22 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Thu Dec 22 15:24:22 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp3s0 HWADDR=74:c6:3b:92:87:5b
    Thu Dec 22 15:24:22 2016 TUN/TAP device tun0 opened
    Thu Dec 22 15:24:22 2016 TUN/TAP TX queue length set to 100
    Thu Dec 22 15:24:22 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Thu Dec 22 15:24:22 2016 /usr/bin/ip link set dev tun0 up mtu 1500
    Thu Dec 22 15:24:22 2016 /usr/bin/ip addr add dev tun0 local 10.8.0.126 peer 10.8.0.125
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 67.205.135.109/32 via 192.168.1.1
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 0.0.0.0/1 via 10.8.0.125
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 128.0.0.0/1 via 10.8.0.125
    Thu Dec 22 15:24:22 2016 /usr/bin/ip route add 10.8.0.1/32 via 10.8.0.125
    Thu Dec 22 15:24:22 2016 Initialization Sequence Completed
    
    

    It said completed, when I ping to google, the latency changed from 50ms to 800ms after completion.
    But it seems my firefox doesnt use the openvpn. I cannot open blocked sites. But when I’m using free proxy services it works.
    I dont understand, it always work on windows. Can someone help me please?

    +actually not only firefox, but also chromium

    Thank you

  • I have try this https://wiki.archlinux.org/index.php/OpenVPN#Routing_all_client_traffic_through_the_server
    But it only work once, when I opened firefox, when I reload the page the vpn didnt connected again.

    Then I followed IP table guide on that wiki and now firefox cant even connect to vpn anymore, even if it shown intialization sequence completed.

    EDIT:
    now openvpn show repetitive error
    here is the output http://pastebin.com/e74VL6z9 (too long)

    I can’t even use a proxy using network manager in gnome.

firefox31 openvpn7 Posts 2Views 843
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.