Problemas de VPN com o Ubuntu 16.04

0

Estranhamente, pareço ser capaz de se conectar com sucesso à VPN, mas, em seguida, todos os pedidos apenas o tempo limite (as coisas estavam bem em 14.04 antes da atualização)

   NetworkManager[26605]: <info>  [1475104045.6096] audit: op="connection-activate" uuid="f3e592de-b14e-4775-8950-cdedac3b5a28" name="AirVPN_United-Kingdom_UDP-443" pid=2156 uid=1000 result="success"
   NetworkManager[26605]: <info>  [1475104045.6166] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: Started the VPN service, PID 4493
   NetworkManager[26605]: <info>  [1475104045.6237] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: Saw the service appear; activating connection
   NetworkManager[26605]: nm-openvpn-Message: openvpn[4496] started
   NetworkManager[26605]: <info>  [1475104045.6310] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN plugin: state changed: starting (3)
   NetworkManager[26605]: <info>  [1475104045.6313] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN connection: (ConnectInteractive) reply received
   nm-openvpn[4496]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
   nm-openvpn[4496]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
   nm-openvpn[4496]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
   nm-openvpn[4496]: Control Channel Authentication: using '/home/lee/.cert/nm-openvpn/AirVPN_United-Kingdom_UDP-443-tls-auth.pem' as a OpenVPN static key file
   nm-openvpn[4496]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
   nm-openvpn[4496]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
   nm-openvpn[4496]: UDPv4 link local: [undef]
   nm-openvpn[4496]: UDPv4 link remote: [AF_INET]185.103.96.133:443
   nm-openvpn[4496]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
   nm-openvpn[4496]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
   nm-openvpn[4496]: [server] Peer Connection Initiated with [AF_INET]185.103.96.133:443
   nm-openvpn[4496]: TUN/TAP device tun0 opened
   nm-openvpn[4496]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_5 --tun -- tun0 1500 1557 10.4.9.184 255.255.0.0 init
   NetworkManager[26605]: <info>  [1475104048.1017] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/5)
   NetworkManager[26605]: <info>  [1475104048.1177] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
   NetworkManager[26605]: <info>  [1475104048.1178] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
   NetworkManager[26605]: <info>  [1475104048.1261] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN connection: (IP Config Get) reply received.
   nm-openvpn[4496]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
   nm-openvpn[4496]: GID set to nm-openvpn
   NetworkManager[26605]: <info>  [1475104048.1346] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN connection: (IP4 Config Get) reply received
   nm-openvpn[4496]: UID set to nm-openvpn
   NetworkManager[26605]: <info>  [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: VPN Gateway: 185.103.96.133
   nm-openvpn[4496]: Initialization Sequence Completed
   NetworkManager[26605]: <info>  [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Tunnel Device: tun0
   NetworkManager[26605]: <info>  [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: IPv4 configuration:
   NetworkManager[26605]: <info>  [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Internal Gateway: 10.4.0.1
   NetworkManager[26605]: <info>  [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Internal Address: 10.4.9.184
   NetworkManager[26605]: <info>  [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Internal Prefix: 16
   NetworkManager[26605]: <info>  [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Internal Point-to-Point Address: 10.4.9.184
   NetworkManager[26605]: <info>  [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Maximum Segment Size (MSS): 0
   NetworkManager[26605]: <info>  [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Forbid Default Route: no
   NetworkManager[26605]: <info>  [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   Internal DNS: 10.4.0.1
   NetworkManager[26605]: <info>  [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data:   DNS Domain: '(none)'
   NetworkManager[26605]: <info>  [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: No IPv6 configuration
   NetworkManager[26605]: <info>  [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN plugin: state changed: started (4)
   NetworkManager[26605]: <info>  [1475104048.1387] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN connection: (IP Config Get) complete
   NetworkManager[26605]: <info>  [1475104048.1392] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
   NetworkManager[26605]: <info>  [1475104048.1500] manager: NetworkManager state is now CONNECTED_LOCAL
   NetworkManager[26605]: <info>  [1475104048.1502] manager: NetworkManager state is now CONNECTED_GLOBAL
   NetworkManager[26605]: <info>  [1475104048.1505] dns-mgr: Writing DNS information to /sbin/resolvconf
   dnsmasq[26678]: setting upstream servers from DBus
   dnsmasq[26678]: using nameserver 10.4.0.1#53
   dbus[804]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
   NetworkManager[26605]: <info>  [1475104048.1769] keyfile: add connection in-memory (40a6043d-7871-4195-8e3e-d7ea59e00877,"tun0")
   NetworkManager[26605]: <info>  [1475104048.1786] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
   NetworkManager[26605]: <info>  [1475104048.1852] device (tun0): Activation: starting connection 'tun0' (40a6043d-7871-4195-8e3e-d7ea59e00877)
   NetworkManager[26605]: <info>  [1475104048.1890] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
   NetworkManager[26605]: <info>  [1475104048.1894] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
   NetworkManager[26605]: <info>  [1475104048.1897] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
   NetworkManager[26605]: <info>  [1475104048.1901] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
   NetworkManager[26605]: <info>  [1475104048.1904] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
   NetworkManager[26605]: <info>  [1475104048.1907] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
   NetworkManager[26605]: <info>  [1475104048.1935] manager: NetworkManager state is now CONNECTED_LOCAL
   NetworkManager[26605]: <info>  [1475104048.1936] manager: NetworkManager state is now CONNECTED_GLOBAL
   NetworkManager[26605]: <info>  [1475104048.1937] policy: set 'tun0' (tun0) as default for IPv4 routing and DNS
   NetworkManager[26605]: <info>  [1475104048.1938] device (tun0): Activation: successful, device activated.
   systemd[1]: Starting Network Manager Script Dispatcher Service...
   dbus[804]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
   systemd[1]: Started Network Manager Script Dispatcher Service.
   nm-dispatcher: req:1 'vpn-up' [tun0]: new request (2 scripts)
   nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
   nm-dispatcher: req:2 'up' [tun0]: new request (2 scripts)
   wpa_supplicant[1266]: wlp4s0: Failed to initiate sched scan
   nm-openvpn[4496]: write to TUN/TAP : Invalid argument (code=22)
   nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
   whoopsie[881]: [] Cannot reach: https://daisy.ubuntu.com
   whoopsie[881]: [] offline
   whoopsie[881]: [] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/6
   whoopsie[881]: [] Network connection may be a paid data plan: /org/freedesktop/NetworkManager/Devices/5
   whoopsie[881]: [] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/6
   whoopsie[881]: [] Network connection may be a paid data plan: /org/freedesktop/NetworkManager/Devices/5
   nm-openvpn[4496]: write to TUN/TAP : Invalid argument (code=22)

Esta é uma vpn do AirVPN e o arquivo ovpn foi gerado através do seu gerador de configuração para o Linux selecionando o país do Reino Unido e o UDP (a mesma configuração funciona bem no meu telefone Android openvpn). Eu tentei com um arquivo VPN ovpn de trabalho e foi uma história semelhante.

Eu já instalei network-manager-openvpn e network-manager-openvpn-gnome

Também ifconfig mostra:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.4.16.251  P-t-P:10.4.16.251  Mask:255.255.0.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:1860 (1.8 KB)

iptables liberados:

[ root@myhostname: /home/lee ]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

route -n (sem VPN):

[ root@myhostname: ~ ]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 enp3s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp3s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0

route -n (com VPN):

[ root@myhostname: ~ ]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.4.0.1        0.0.0.0         UG    50     0        0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 enp3s0
10.4.0.0        0.0.0.0         255.255.0.0     U     50     0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp3s0
185.103.96.130  192.168.0.1     255.255.255.255 UGH   100    0        0 enp3s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0

O ovpn AirVPN se parece com (eu removi no crts e chaves no final):

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 28th of September 2016 11:02:52 PM
# OpenVPN Client Configuration.
# AirVPN_United-Kingdom_UDP-443
# --------------------------------------------------------

client
dev tun
proto udp
remote gb.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5

EDIT: Descobri que, se eu alterar a configuração para que comp-lzo seja habilitado (ou use a compactação de dados LZO nas configurações do Network Manager), as coisas funcionam. Não sei exatamente por que esse foi o problema, e por que essa partida das configurações geradas pelo AirVPN são necessárias em 16.04.

    
por fpghost 29.09.2016 / 01:32

1 resposta

2

O que é "comp-lzo" de qualquer maneira?

Bem, de acordo com o site da OpenVPN:

Use fast LZO compression -- may add up to 1 byte per packet for incompressible data.

Mas isso não é suficiente, então vamos começar com o nome "LZO Compression" ...

Lempel-Ziv-Oberhumer, sensivelmente abreviado para LZO ...

... É um algoritmo de compactação que permanece até hoje particularmente rápido, especialmente na descompactação de dados - o que o torna ideal para um sistema VPN no qual muitos pacotes pequenos de dados podem ser enviados com freqüência.

Então, qual é o objetivo de usar a compactação ...?

Ativar a compactação é simplesmente uma compensação - você reduz sua velocidade de conexão em uma pequena fração e usa um pouco mais de capacidade de processamento, mas, em contrapartida, ocupa menos largura de banda. Naturalmente, alguns servidores permitem usá-lo para permitir que mais usuários se conectem simultaneamente para uma determinada largura de banda.

Ok, então qual foi o problema aqui / por que preciso ativá-lo?

Simplificando, se um cliente não enviar pacotes compactados para um servidor que os espera, o servidor verá isso como um erro e se recusará a continuar - da mesma forma, se um servidor estiver esperando dados descompactados e o receber compactado, não entenderá a solicitação sendo feita e simplesmente a descartará.

Se você está se perguntando por que os servidores e clientes não são apenas programados para detectar automaticamente e lidar com a compactação, suspeito de sua otimização - auditar cada pacote de dados para compactação diminuiria tudo, permitindo que o usuário especificasse manualmente o sistema é mais eficiente, se menos resiliente a um bom erro humano antigo.

Eu suspeito que o AirVPN mudou essa configuração recentemente, mas não modificou a ferramenta de configuração!

    
por 29.09.2016 / 13:40