openvpn not changing IP address












0














I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get: 



Mon Jan  7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018

Mon Jan  7 11:53:59 2019 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08

Mon Jan  7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Mon Jan  7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]

Mon Jan  7 11:53:59 2019 UDP link local: (not bound)

Mon Jan  7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Mon Jan  7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 VERIFY OK: nsCertType=SERVER

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Mon Jan  7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194

Mon Jan  7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)

Mon Jan  7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: route options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: peer-id set

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified

Mon Jan  7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'

Mon Jan  7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09

Mon Jan  7 11:54:00 2019 TUN/TAP device tun0 opened

Mon Jan  7 11:54:00 2019 TUN/TAP TX queue length set to 100

Mon Jan  7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Mon Jan  7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500

Mon Jan  7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1

Mon Jan  7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89

Mon Jan  7 11:54:00 2019 GID set to nogroup

Mon Jan  7 11:54:00 2019 UID set to nobody

Mon Jan  7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Mon Jan  7 11:54:00 2019 Initialization Sequence Complete


the client config file is the same I've used on the Mac, so it should be correctly populated.



The client.ovpn file I'm using is as follows:



client

dev tun

remote <myhostdomain> 1194

proto udp

resolv-retry infinite

nobind



# On non-Windows systems, please uncomment the following for added security:

user nobody

group nogroup



persist-key

persist-tun



ca keys/ca.crt

cert keys/myuser.crt

key keys/myuser.key

tls-auth keys/tls-auth.key 1



ns-cert-type server

comp-lzo



# Log file verbosity

verb 3

# Silence repeating messages

mute 20


Any ideas?



Thank you



output of ls -al /etc/resolv.conf :



lrwxrwxrwx 1 root root 39 Jan  7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


output of cat /etc/resolv.conf :



# This file is managed by man:systemd-resolved(8). Do not edit.

#

# This is a dynamic resolv.conf file for connecting local clients to the

# internal DNS stub resolver of systemd-resolved. This file lists all

# configured search domains.

#

# Run "systemd-resolve --status" to see details about the uplink DNS servers

# currently in use.

#

# Third party programs must not access this file directly, but only through the

# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,

# replace this symlink by a static file or a different symlink.

#

# See man:systemd-resolved.service(8) for details about the supported modes of

# operation for /etc/resolv.conf.



nameserver 127.0.0.53

search Home


output of ps auxc | grep -i dns : no output at all



ouput of ps auxc | grep -i resolv :



systemd+   612  0.0  0.0  71120  2440 ?        Ss   17:39   0:09 systemd-resolve





vpn openvpn ip







share|improve this question









New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
    – hello moto
    Jan 7 at 13:30












  • I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
    – fatoddsun
    Jan 7 at 14:49






  • 1




    Use ifconfig to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
    – heynnema
    Jan 7 at 16:10












  • added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
    – fatoddsun
    Jan 7 at 17:32






  • 1




    Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me ls -al /etc/resolv.conf and cat /etc/resolv.conf, and ps auxc | grep -i dns and ps auxc | grep -i resolv. Edit this info into your question... not in the comments, please.
    – heynnema
    Jan 7 at 20:43
















0














I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get: 



Mon Jan  7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018

Mon Jan  7 11:53:59 2019 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08

Mon Jan  7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Mon Jan  7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]

Mon Jan  7 11:53:59 2019 UDP link local: (not bound)

Mon Jan  7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Mon Jan  7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 VERIFY OK: nsCertType=SERVER

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Mon Jan  7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194

Mon Jan  7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)

Mon Jan  7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: route options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: peer-id set

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified

Mon Jan  7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'

Mon Jan  7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09

Mon Jan  7 11:54:00 2019 TUN/TAP device tun0 opened

Mon Jan  7 11:54:00 2019 TUN/TAP TX queue length set to 100

Mon Jan  7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Mon Jan  7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500

Mon Jan  7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1

Mon Jan  7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89

Mon Jan  7 11:54:00 2019 GID set to nogroup

Mon Jan  7 11:54:00 2019 UID set to nobody

Mon Jan  7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Mon Jan  7 11:54:00 2019 Initialization Sequence Complete


the client config file is the same I've used on the Mac, so it should be correctly populated.



The client.ovpn file I'm using is as follows:



client

dev tun

remote <myhostdomain> 1194

proto udp

resolv-retry infinite

nobind



# On non-Windows systems, please uncomment the following for added security:

user nobody

group nogroup



persist-key

persist-tun



ca keys/ca.crt

cert keys/myuser.crt

key keys/myuser.key

tls-auth keys/tls-auth.key 1



ns-cert-type server

comp-lzo



# Log file verbosity

verb 3

# Silence repeating messages

mute 20


Any ideas?



Thank you



output of ls -al /etc/resolv.conf :



lrwxrwxrwx 1 root root 39 Jan  7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


output of cat /etc/resolv.conf :



# This file is managed by man:systemd-resolved(8). Do not edit.

#

# This is a dynamic resolv.conf file for connecting local clients to the

# internal DNS stub resolver of systemd-resolved. This file lists all

# configured search domains.

#

# Run "systemd-resolve --status" to see details about the uplink DNS servers

# currently in use.

#

# Third party programs must not access this file directly, but only through the

# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,

# replace this symlink by a static file or a different symlink.

#

# See man:systemd-resolved.service(8) for details about the supported modes of

# operation for /etc/resolv.conf.



nameserver 127.0.0.53

search Home


output of ps auxc | grep -i dns : no output at all



ouput of ps auxc | grep -i resolv :



systemd+   612  0.0  0.0  71120  2440 ?        Ss   17:39   0:09 systemd-resolve





vpn openvpn ip







share|improve this question









New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
    – hello moto
    Jan 7 at 13:30












  • I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
    – fatoddsun
    Jan 7 at 14:49






  • 1




    Use ifconfig to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
    – heynnema
    Jan 7 at 16:10












  • added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
    – fatoddsun
    Jan 7 at 17:32






  • 1




    Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me ls -al /etc/resolv.conf and cat /etc/resolv.conf, and ps auxc | grep -i dns and ps auxc | grep -i resolv. Edit this info into your question... not in the comments, please.
    – heynnema
    Jan 7 at 20:43














0












0








0







I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get: 



Mon Jan  7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018

Mon Jan  7 11:53:59 2019 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08

Mon Jan  7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Mon Jan  7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]

Mon Jan  7 11:53:59 2019 UDP link local: (not bound)

Mon Jan  7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Mon Jan  7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 VERIFY OK: nsCertType=SERVER

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Mon Jan  7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194

Mon Jan  7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)

Mon Jan  7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: route options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: peer-id set

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified

Mon Jan  7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'

Mon Jan  7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09

Mon Jan  7 11:54:00 2019 TUN/TAP device tun0 opened

Mon Jan  7 11:54:00 2019 TUN/TAP TX queue length set to 100

Mon Jan  7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Mon Jan  7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500

Mon Jan  7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1

Mon Jan  7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89

Mon Jan  7 11:54:00 2019 GID set to nogroup

Mon Jan  7 11:54:00 2019 UID set to nobody

Mon Jan  7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Mon Jan  7 11:54:00 2019 Initialization Sequence Complete


the client config file is the same I've used on the Mac, so it should be correctly populated.



The client.ovpn file I'm using is as follows:



client

dev tun

remote <myhostdomain> 1194

proto udp

resolv-retry infinite

nobind



# On non-Windows systems, please uncomment the following for added security:

user nobody

group nogroup



persist-key

persist-tun



ca keys/ca.crt

cert keys/myuser.crt

key keys/myuser.key

tls-auth keys/tls-auth.key 1



ns-cert-type server

comp-lzo



# Log file verbosity

verb 3

# Silence repeating messages

mute 20


Any ideas?



Thank you



output of ls -al /etc/resolv.conf :



lrwxrwxrwx 1 root root 39 Jan  7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


output of cat /etc/resolv.conf :



# This file is managed by man:systemd-resolved(8). Do not edit.

#

# This is a dynamic resolv.conf file for connecting local clients to the

# internal DNS stub resolver of systemd-resolved. This file lists all

# configured search domains.

#

# Run "systemd-resolve --status" to see details about the uplink DNS servers

# currently in use.

#

# Third party programs must not access this file directly, but only through the

# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,

# replace this symlink by a static file or a different symlink.

#

# See man:systemd-resolved.service(8) for details about the supported modes of

# operation for /etc/resolv.conf.



nameserver 127.0.0.53

search Home


output of ps auxc | grep -i dns : no output at all



ouput of ps auxc | grep -i resolv :



systemd+   612  0.0  0.0  71120  2440 ?        Ss   17:39   0:09 systemd-resolve





vpn openvpn ip







share|improve this question









New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get: 



Mon Jan  7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018

Mon Jan  7 11:53:59 2019 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08

Mon Jan  7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Mon Jan  7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Jan  7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]

Mon Jan  7 11:53:59 2019 UDP link local: (not bound)

Mon Jan  7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194

Mon Jan  7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Mon Jan  7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 VERIFY OK: nsCertType=SERVER

Mon Jan  7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com

Mon Jan  7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Mon Jan  7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194

Mon Jan  7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)

Mon Jan  7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: route options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: peer-id set

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625

Mon Jan  7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified

Mon Jan  7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'

Mon Jan  7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Jan  7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09

Mon Jan  7 11:54:00 2019 TUN/TAP device tun0 opened

Mon Jan  7 11:54:00 2019 TUN/TAP TX queue length set to 100

Mon Jan  7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Mon Jan  7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500

Mon Jan  7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1

Mon Jan  7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89

Mon Jan  7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89

Mon Jan  7 11:54:00 2019 GID set to nogroup

Mon Jan  7 11:54:00 2019 UID set to nobody

Mon Jan  7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Mon Jan  7 11:54:00 2019 Initialization Sequence Complete


the client config file is the same I've used on the Mac, so it should be correctly populated.



The client.ovpn file I'm using is as follows:



client

dev tun

remote <myhostdomain> 1194

proto udp

resolv-retry infinite

nobind



# On non-Windows systems, please uncomment the following for added security:

user nobody

group nogroup



persist-key

persist-tun



ca keys/ca.crt

cert keys/myuser.crt

key keys/myuser.key

tls-auth keys/tls-auth.key 1



ns-cert-type server

comp-lzo



# Log file verbosity

verb 3

# Silence repeating messages

mute 20


Any ideas?



Thank you



output of ls -al /etc/resolv.conf :



lrwxrwxrwx 1 root root 39 Jan  7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


output of cat /etc/resolv.conf :



# This file is managed by man:systemd-resolved(8). Do not edit.

#

# This is a dynamic resolv.conf file for connecting local clients to the

# internal DNS stub resolver of systemd-resolved. This file lists all

# configured search domains.

#

# Run "systemd-resolve --status" to see details about the uplink DNS servers

# currently in use.

#

# Third party programs must not access this file directly, but only through the

# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,

# replace this symlink by a static file or a different symlink.

#

# See man:systemd-resolved.service(8) for details about the supported modes of

# operation for /etc/resolv.conf.



nameserver 127.0.0.53

search Home


output of ps auxc | grep -i dns : no output at all



ouput of ps auxc | grep -i resolv :



systemd+   612  0.0  0.0  71120  2440 ?        Ss   17:39   0:09 systemd-resolve





vpn openvpn ip




vpn openvpn ip






share|improve this question









New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited Jan 7 at 21:56







fatoddsun













New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Jan 7 at 12:02









fatoddsunfatoddsun

1034




1034




New contributor




fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






fatoddsun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
    – hello moto
    Jan 7 at 13:30












  • I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
    – fatoddsun
    Jan 7 at 14:49






  • 1




    Use ifconfig to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
    – heynnema
    Jan 7 at 16:10












  • added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
    – fatoddsun
    Jan 7 at 17:32






  • 1




    Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me ls -al /etc/resolv.conf and cat /etc/resolv.conf, and ps auxc | grep -i dns and ps auxc | grep -i resolv. Edit this info into your question... not in the comments, please.
    – heynnema
    Jan 7 at 20:43














  • 1




    How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
    – hello moto
    Jan 7 at 13:30












  • I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
    – fatoddsun
    Jan 7 at 14:49






  • 1




    Use ifconfig to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
    – heynnema
    Jan 7 at 16:10












  • added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
    – fatoddsun
    Jan 7 at 17:32






  • 1




    Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me ls -al /etc/resolv.conf and cat /etc/resolv.conf, and ps auxc | grep -i dns and ps auxc | grep -i resolv. Edit this info into your question... not in the comments, please.
    – heynnema
    Jan 7 at 20:43








1




1




How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30






How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30














I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49




I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49




1




1




Use ifconfig to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
– heynnema
Jan 7 at 16:10






Use ifconfig to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
– heynnema
Jan 7 at 16:10














added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32




added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32




1




1




Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me ls -al /etc/resolv.conf and cat /etc/resolv.conf, and ps auxc | grep -i dns and ps auxc | grep -i resolv. Edit this info into your question... not in the comments, please.
– heynnema
Jan 7 at 20:43




Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me ls -al /etc/resolv.conf and cat /etc/resolv.conf, and ps auxc | grep -i dns and ps auxc | grep -i resolv. Edit this info into your question... not in the comments, please.
– heynnema
Jan 7 at 20:43










1 Answer
1






active

oldest

votes


















1














Your symlink for /etc/resolv.conf is incorrect.



ls -al /etc/resolv.conf shows us:



resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


which is incorrect. It should point to resolv.conf, like so:



resolv.conf -> /run/systemd/resolve/resolv.conf


so...



sudo rm -i /etc/resolv.conf # remove the incorrect symlink



sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly


then make sure that ls -al /etc/resolv.conf looks correct. cat /etc/resolv.conf should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).



Update #1:



Add this at the end of your .ovpn file, then sudo openvpn client_file, and see if /etc/resolv.conf changes with/without VPN.



script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf


Update #2:



DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.



As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.



At this point, if you use sudo openvpn client.ovpn, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.



Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf. It should probably contain something similar to 192.168.x.1, the address of your router.



Create a new Network Manager VPN connection script. Import your .ovpn file like so:



enter image description here



enter image description here



enter image description here



After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.



Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.



Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.






share|improve this answer























  • done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
    – fatoddsun
    Jan 7 at 22:29










  • this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
    – fatoddsun
    Jan 7 at 22:31










  • When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
    – heynnema
    Jan 7 at 22:46










  • yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
    – fatoddsun
    Jan 7 at 23:14










  • @fatoddsun see my Update #1
    – heynnema
    Jan 8 at 0:28











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107704%2fopenvpn-not-changing-ip-address%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Your symlink for /etc/resolv.conf is incorrect.



ls -al /etc/resolv.conf shows us:



resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


which is incorrect. It should point to resolv.conf, like so:



resolv.conf -> /run/systemd/resolve/resolv.conf


so...



sudo rm -i /etc/resolv.conf # remove the incorrect symlink



sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly


then make sure that ls -al /etc/resolv.conf looks correct. cat /etc/resolv.conf should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).



Update #1:



Add this at the end of your .ovpn file, then sudo openvpn client_file, and see if /etc/resolv.conf changes with/without VPN.



script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf


Update #2:



DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.



As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.



At this point, if you use sudo openvpn client.ovpn, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.



Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf. It should probably contain something similar to 192.168.x.1, the address of your router.



Create a new Network Manager VPN connection script. Import your .ovpn file like so:



enter image description here



enter image description here



enter image description here



After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.



Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.



Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.






share|improve this answer























  • done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
    – fatoddsun
    Jan 7 at 22:29










  • this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
    – fatoddsun
    Jan 7 at 22:31










  • When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
    – heynnema
    Jan 7 at 22:46










  • yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
    – fatoddsun
    Jan 7 at 23:14










  • @fatoddsun see my Update #1
    – heynnema
    Jan 8 at 0:28
















1














Your symlink for /etc/resolv.conf is incorrect.



ls -al /etc/resolv.conf shows us:



resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


which is incorrect. It should point to resolv.conf, like so:



resolv.conf -> /run/systemd/resolve/resolv.conf


so...



sudo rm -i /etc/resolv.conf # remove the incorrect symlink



sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly


then make sure that ls -al /etc/resolv.conf looks correct. cat /etc/resolv.conf should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).



Update #1:



Add this at the end of your .ovpn file, then sudo openvpn client_file, and see if /etc/resolv.conf changes with/without VPN.



script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf


Update #2:



DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.



As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.



At this point, if you use sudo openvpn client.ovpn, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.



Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf. It should probably contain something similar to 192.168.x.1, the address of your router.



Create a new Network Manager VPN connection script. Import your .ovpn file like so:



enter image description here



enter image description here



enter image description here



After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.



Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.



Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.






share|improve this answer























  • done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
    – fatoddsun
    Jan 7 at 22:29










  • this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
    – fatoddsun
    Jan 7 at 22:31










  • When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
    – heynnema
    Jan 7 at 22:46










  • yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
    – fatoddsun
    Jan 7 at 23:14










  • @fatoddsun see my Update #1
    – heynnema
    Jan 8 at 0:28














1












1








1






Your symlink for /etc/resolv.conf is incorrect.



ls -al /etc/resolv.conf shows us:



resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


which is incorrect. It should point to resolv.conf, like so:



resolv.conf -> /run/systemd/resolve/resolv.conf


so...



sudo rm -i /etc/resolv.conf # remove the incorrect symlink



sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly


then make sure that ls -al /etc/resolv.conf looks correct. cat /etc/resolv.conf should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).



Update #1:



Add this at the end of your .ovpn file, then sudo openvpn client_file, and see if /etc/resolv.conf changes with/without VPN.



script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf


Update #2:



DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.



As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.



At this point, if you use sudo openvpn client.ovpn, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.



Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf. It should probably contain something similar to 192.168.x.1, the address of your router.



Create a new Network Manager VPN connection script. Import your .ovpn file like so:



enter image description here



enter image description here



enter image description here



After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.



Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.



Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.






share|improve this answer














Your symlink for /etc/resolv.conf is incorrect.



ls -al /etc/resolv.conf shows us:



resolv.conf -> ../run/systemd/resolve/stub-resolv.conf


which is incorrect. It should point to resolv.conf, like so:



resolv.conf -> /run/systemd/resolve/resolv.conf


so...



sudo rm -i /etc/resolv.conf # remove the incorrect symlink



sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly


then make sure that ls -al /etc/resolv.conf looks correct. cat /etc/resolv.conf should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).



Update #1:



Add this at the end of your .ovpn file, then sudo openvpn client_file, and see if /etc/resolv.conf changes with/without VPN.



script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf


Update #2:



DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.



As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.



At this point, if you use sudo openvpn client.ovpn, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.



Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf. It should probably contain something similar to 192.168.x.1, the address of your router.



Create a new Network Manager VPN connection script. Import your .ovpn file like so:



enter image description here



enter image description here



enter image description here



After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.



Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.



Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.







share|improve this answer














share|improve this answer



share|improve this answer








edited 15 hours ago

























answered Jan 7 at 22:07









heynnemaheynnema

18.2k22054




18.2k22054












  • done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
    – fatoddsun
    Jan 7 at 22:29










  • this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
    – fatoddsun
    Jan 7 at 22:31










  • When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
    – heynnema
    Jan 7 at 22:46










  • yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
    – fatoddsun
    Jan 7 at 23:14










  • @fatoddsun see my Update #1
    – heynnema
    Jan 8 at 0:28


















  • done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
    – fatoddsun
    Jan 7 at 22:29










  • this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
    – fatoddsun
    Jan 7 at 22:31










  • When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
    – heynnema
    Jan 7 at 22:46










  • yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
    – fatoddsun
    Jan 7 at 23:14










  • @fatoddsun see my Update #1
    – heynnema
    Jan 8 at 0:28
















done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29




done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29












this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31




this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31












When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46




When you cat /etc/resolv.conf you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46












yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14




yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14












@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28




@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28










fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.













fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.












fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107704%2fopenvpn-not-changing-ip-address%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How did Captain America manage to do this?

Image
2 How does Captain America lift Thor's hammer? In Avengers: Age of Ultron , he is not worthy but how he is worthy in this film. plot-explanation marvel-cinematic-universe avengers-age-of-ultron avengers-endgame share | improve this question edited 19 mins ago A J ♦ 42.7k 16 229 246 asked 39 mins ago Andi AR Andi AR 325 1 4 14
Read more

迪纳利

Image
迪纳利峰 位于迪纳利国家公园和保留区的迪纳利峰(旧名麦金利峰) 最高点 海拔 20,237英尺(6,168米)   NGVD 29 . [1] [2] 相對高度 20,073英尺(6,118米) 列表 各洲最高峰列表 特独立山峰 各国最高点列表 美国最高点  排名第一 [3] 坐标 63°04′10″N 151°00′27″W  /  63.06944°N 151.00750°W  / 63.06944; -151.00750  ( Mount McKinley ) 坐标: 63°04′10″N 151°00′27″W  /  63.06944°N 151.00750°W  / 63.06944; -151.00750  ( Mount McKinley )   地理 位置   美國阿拉斯加州迪纳利自治市镇 迪纳利国家公园和保留区 山脈 阿拉斯加山脉 攀山 首次登頂 ( 英语 : First ascent ) 1913年6月7日 哈德逊·史塔克 哈里·卡斯坦斯 沃尔特·哈珀 罗伯特·塔特姆 最簡路線 西坡路线(攀登冰川/雪) 迪纳利 (北阿萨巴斯卡语支、 英语: Denali , / d ᵻ ˈ n ɑː l i / ,直译“高山”),1917年至2015年官方名称为 麦金利山 (另译作 麦金利峰 , 英语: Mount McKinley ),位于阿拉斯加州东南部、阿拉斯加山脉中段,海拔6194米,是北美洲最高峰,也是美国的最高峰。它的俄语名称是 Большая Гора , 罗马化:Bolshaya Gora ,意思是“大山”。 迪纳利山地区拥有变幻莫测的高山风、典型的北极植被以及野生动植物。这里大部分地区终年积雪,山间经常浓雾不断,雾气在皑皑白雪中缭绕弥漫时,几百米之外的景物便不可见。夏季,迪纳利山的青青山坡上鲜花盛开,紫色的杜鹃和精巧的铃状石南花随处可见。迪纳利山还是世界登山爱好者的汇集之地。每年5月到7月有数百人登山,只有一半不到的人能登顶成功。一次登山约花3个星期。 2015年8月31日,美國政府宣佈將山名由“麦金利山”改回原名“迪纳利山”。美國內政部發表聲
Read more

南乌拉尔铁路局

Image
南乌拉尔铁路局 Южно-Уральская железная дорога 成立 1934年1月4日 国家   蘇聯(1934年—1991年)   俄羅斯(1991年—) 总部 车里雅宾斯克 隶属 俄罗斯铁路股份公司 路局代码 80 铁路里程 4,934.9公里 奖项 网址 http://yuzd.rzd.ru/ 查 论 编 南乌拉尔铁路局 (俄语: Южно-Уральская железная дорога , 羅馬化: Yuzhno-Uralskaya zheleznaya doroga ,简称 ЮУЖД )是俄罗斯铁路股份公司属下的铁路管理局之一,总部位于车里雅宾斯克,负责管辖俄罗斯联邦乌拉尔南部地区的铁路系统,范围包括奥伦堡州、车里雅宾斯克州、库尔干州的大部分铁路,以及萨马拉州、斯维尔德洛夫斯克州、巴什科尔托斯坦共和国的少部分铁路,并有部分铁路延伸至或穿过哈萨克斯坦境内。南乌拉尔铁路局的营业里程为4,934.9公里,与伏尔加铁路局、古比雪夫铁路局、斯维尔德洛夫斯克铁路局、西西伯利亚铁路局相邻,并与南方的哈萨克斯坦铁路连接。 外部链接 (俄文) Южно-Уральская железная дорога — филиал ОАО РЖД (俄文) 南乌拉尔铁路局管辖路线图(一) (俄文) 南乌拉尔铁路局管辖路线图(二) 查 论 编 俄罗斯铁路(集团)股份公司 十月铁路局 · 莫斯科铁路局 · 北高加索铁路局 · 高尔基铁路局 · 古比雪夫铁路局 · 北方铁路局 · 伏尔加铁路局 · 东南铁路局 · 斯维尔德洛夫斯克铁路局 · 南乌拉尔铁路局 · 西西伯利亚铁路局 · 克拉斯诺亚尔斯克铁路局 · 东西伯利亚铁路局 · 后贝加尔铁路局 · 远东铁路局 · 加里宁格勒铁路局 This page is only for reference, If you need detailed information, please check here
Read more