openvpn not changing IP address
I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get:
Mon Jan 7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Mon Jan 7 11:53:59 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Mon Jan 7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Mon Jan 7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jan 7 11:53:59 2019 UDP link local: (not bound)
Mon Jan 7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Jan 7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 VERIFY OK: nsCertType=SERVER
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jan 7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194
Mon Jan 7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)
Mon Jan 7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: route options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: peer-id set
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified
Mon Jan 7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jan 7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09
Mon Jan 7 11:54:00 2019 TUN/TAP device tun0 opened
Mon Jan 7 11:54:00 2019 TUN/TAP TX queue length set to 100
Mon Jan 7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jan 7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500
Mon Jan 7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1
Mon Jan 7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89
Mon Jan 7 11:54:00 2019 GID set to nogroup
Mon Jan 7 11:54:00 2019 UID set to nobody
Mon Jan 7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan 7 11:54:00 2019 Initialization Sequence Complete
the client config file is the same I've used on the Mac, so it should be correctly populated.
The client.ovpn file I'm using is as follows:
client
dev tun
remote <myhostdomain> 1194
proto udp
resolv-retry infinite
nobind
# On non-Windows systems, please uncomment the following for added security:
user nobody
group nogroup
persist-key
persist-tun
ca keys/ca.crt
cert keys/myuser.crt
key keys/myuser.key
tls-auth keys/tls-auth.key 1
ns-cert-type server
comp-lzo
# Log file verbosity
verb 3
# Silence repeating messages
mute 20
Any ideas?
Thank you
output of ls -al /etc/resolv.conf :
lrwxrwxrwx 1 root root 39 Jan 7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
output of cat /etc/resolv.conf :
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
search Home
output of ps auxc | grep -i dns : no output at all
ouput of ps auxc | grep -i resolv :
systemd+ 612 0.0 0.0 71120 2440 ? Ss 17:39 0:09 systemd-resolve
vpn openvpn ip
New contributor
|
show 1 more comment
I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get:
Mon Jan 7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Mon Jan 7 11:53:59 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Mon Jan 7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Mon Jan 7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jan 7 11:53:59 2019 UDP link local: (not bound)
Mon Jan 7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Jan 7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 VERIFY OK: nsCertType=SERVER
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jan 7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194
Mon Jan 7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)
Mon Jan 7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: route options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: peer-id set
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified
Mon Jan 7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jan 7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09
Mon Jan 7 11:54:00 2019 TUN/TAP device tun0 opened
Mon Jan 7 11:54:00 2019 TUN/TAP TX queue length set to 100
Mon Jan 7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jan 7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500
Mon Jan 7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1
Mon Jan 7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89
Mon Jan 7 11:54:00 2019 GID set to nogroup
Mon Jan 7 11:54:00 2019 UID set to nobody
Mon Jan 7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan 7 11:54:00 2019 Initialization Sequence Complete
the client config file is the same I've used on the Mac, so it should be correctly populated.
The client.ovpn file I'm using is as follows:
client
dev tun
remote <myhostdomain> 1194
proto udp
resolv-retry infinite
nobind
# On non-Windows systems, please uncomment the following for added security:
user nobody
group nogroup
persist-key
persist-tun
ca keys/ca.crt
cert keys/myuser.crt
key keys/myuser.key
tls-auth keys/tls-auth.key 1
ns-cert-type server
comp-lzo
# Log file verbosity
verb 3
# Silence repeating messages
mute 20
Any ideas?
Thank you
output of ls -al /etc/resolv.conf :
lrwxrwxrwx 1 root root 39 Jan 7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
output of cat /etc/resolv.conf :
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
search Home
output of ps auxc | grep -i dns : no output at all
ouput of ps auxc | grep -i resolv :
systemd+ 612 0.0 0.0 71120 2440 ? Ss 17:39 0:09 systemd-resolve
vpn openvpn ip
New contributor
1
How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30
I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49
1
Useifconfig
to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
– heynnema
Jan 7 at 16:10
added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32
1
Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show mels -al /etc/resolv.conf
andcat /etc/resolv.conf
, andps auxc | grep -i dns
andps auxc | grep -i resolv
. Edit this info into your question... not in the comments, please.
– heynnema
Jan 7 at 20:43
|
show 1 more comment
I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get:
Mon Jan 7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Mon Jan 7 11:53:59 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Mon Jan 7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Mon Jan 7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jan 7 11:53:59 2019 UDP link local: (not bound)
Mon Jan 7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Jan 7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 VERIFY OK: nsCertType=SERVER
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jan 7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194
Mon Jan 7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)
Mon Jan 7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: route options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: peer-id set
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified
Mon Jan 7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jan 7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09
Mon Jan 7 11:54:00 2019 TUN/TAP device tun0 opened
Mon Jan 7 11:54:00 2019 TUN/TAP TX queue length set to 100
Mon Jan 7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jan 7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500
Mon Jan 7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1
Mon Jan 7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89
Mon Jan 7 11:54:00 2019 GID set to nogroup
Mon Jan 7 11:54:00 2019 UID set to nobody
Mon Jan 7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan 7 11:54:00 2019 Initialization Sequence Complete
the client config file is the same I've used on the Mac, so it should be correctly populated.
The client.ovpn file I'm using is as follows:
client
dev tun
remote <myhostdomain> 1194
proto udp
resolv-retry infinite
nobind
# On non-Windows systems, please uncomment the following for added security:
user nobody
group nogroup
persist-key
persist-tun
ca keys/ca.crt
cert keys/myuser.crt
key keys/myuser.key
tls-auth keys/tls-auth.key 1
ns-cert-type server
comp-lzo
# Log file verbosity
verb 3
# Silence repeating messages
mute 20
Any ideas?
Thank you
output of ls -al /etc/resolv.conf :
lrwxrwxrwx 1 root root 39 Jan 7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
output of cat /etc/resolv.conf :
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
search Home
output of ps auxc | grep -i dns : no output at all
ouput of ps auxc | grep -i resolv :
systemd+ 612 0.0 0.0 71120 2440 ? Ss 17:39 0:09 systemd-resolve
vpn openvpn ip
New contributor
I have set up an openvpn VPN on my ubuntu laptop, and everything seemed to be working fine, but when I connect my IP address does not change. I have tried to use the same procedure on my Mac (using a third-party software to load the client.ovpn) and everything works fine. Could you please help undrstanding what's going wrong?
If I open a terminal and connect from my openvpn client, this is the full message I get:
Mon Jan 7 11:53:59 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Mon Jan 7 11:53:59 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Mon Jan 7 11:53:59 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Mon Jan 7 11:53:59 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 7 11:53:59 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jan 7 11:53:59 2019 UDP link local: (not bound)
Mon Jan 7 11:53:59 2019 UDP link remote: [AF_INET]185.21.216.152:1194
Mon Jan 7 11:53:59 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Jan 7 11:53:59 2019 TLS: Initial packet from [AF_INET]185.21.216.152:1194, sid=75702836 ec665d46
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=Feral Hosting CA, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 VERIFY OK: nsCertType=SERVER
Mon Jan 7 11:53:59 2019 VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=Feral Hosting, CN=nyx, emailAddress=support@feralhosting.com
Mon Jan 7 11:53:59 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jan 7 11:53:59 2019 [nyx] Peer Connection Initiated with [AF_INET]185.21.216.152:1194
Mon Jan 7 11:54:00 2019 SENT CONTROL [nyx]: 'PUSH_REQUEST' (status=1)
Mon Jan 7 11:54:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.90 10.32.0.89,peer-id 3,cipher AES-256-GCM'
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: route options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: peer-id set
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Jan 7 11:54:00 2019 OPTIONS IMPORT: data channel crypto options modified
Mon Jan 7 11:54:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jan 7 11:54:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jan 7 11:54:00 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=20:16:d8:c7:61:09
Mon Jan 7 11:54:00 2019 TUN/TAP device tun0 opened
Mon Jan 7 11:54:00 2019 TUN/TAP TX queue length set to 100
Mon Jan 7 11:54:00 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jan 7 11:54:00 2019 /sbin/ip link set dev tun0 up mtu 1500
Mon Jan 7 11:54:00 2019 /sbin/ip addr add dev tun0 local 10.32.0.90 peer 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1
Mon Jan 7 11:54:00 2019 /sbin/ip route add 0.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 128.0.0.0/1 via 10.32.0.89
Mon Jan 7 11:54:00 2019 /sbin/ip route add 10.32.0.1/32 via 10.32.0.89
Mon Jan 7 11:54:00 2019 GID set to nogroup
Mon Jan 7 11:54:00 2019 UID set to nobody
Mon Jan 7 11:54:00 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan 7 11:54:00 2019 Initialization Sequence Complete
the client config file is the same I've used on the Mac, so it should be correctly populated.
The client.ovpn file I'm using is as follows:
client
dev tun
remote <myhostdomain> 1194
proto udp
resolv-retry infinite
nobind
# On non-Windows systems, please uncomment the following for added security:
user nobody
group nogroup
persist-key
persist-tun
ca keys/ca.crt
cert keys/myuser.crt
key keys/myuser.key
tls-auth keys/tls-auth.key 1
ns-cert-type server
comp-lzo
# Log file verbosity
verb 3
# Silence repeating messages
mute 20
Any ideas?
Thank you
output of ls -al /etc/resolv.conf :
lrwxrwxrwx 1 root root 39 Jan 7 09:14 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
output of cat /etc/resolv.conf :
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
search Home
output of ps auxc | grep -i dns : no output at all
ouput of ps auxc | grep -i resolv :
systemd+ 612 0.0 0.0 71120 2440 ? Ss 17:39 0:09 systemd-resolve
vpn openvpn ip
vpn openvpn ip
New contributor
New contributor
edited Jan 7 at 21:56
fatoddsun
New contributor
asked Jan 7 at 12:02
fatoddsunfatoddsun
1034
1034
New contributor
New contributor
1
How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30
I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49
1
Useifconfig
to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
– heynnema
Jan 7 at 16:10
added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32
1
Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show mels -al /etc/resolv.conf
andcat /etc/resolv.conf
, andps auxc | grep -i dns
andps auxc | grep -i resolv
. Edit this info into your question... not in the comments, please.
– heynnema
Jan 7 at 20:43
|
show 1 more comment
1
How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30
I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49
1
Useifconfig
to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).
– heynnema
Jan 7 at 16:10
added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32
1
Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show mels -al /etc/resolv.conf
andcat /etc/resolv.conf
, andps auxc | grep -i dns
andps auxc | grep -i resolv
. Edit this info into your question... not in the comments, please.
– heynnema
Jan 7 at 20:43
1
1
How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30
How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30
I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49
I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49
1
1
Use
ifconfig
to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).– heynnema
Jan 7 at 16:10
Use
ifconfig
to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).– heynnema
Jan 7 at 16:10
added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32
added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32
1
1
Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me
ls -al /etc/resolv.conf
and cat /etc/resolv.conf
, and ps auxc | grep -i dns
and ps auxc | grep -i resolv
. Edit this info into your question... not in the comments, please.– heynnema
Jan 7 at 20:43
Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me
ls -al /etc/resolv.conf
and cat /etc/resolv.conf
, and ps auxc | grep -i dns
and ps auxc | grep -i resolv
. Edit this info into your question... not in the comments, please.– heynnema
Jan 7 at 20:43
|
show 1 more comment
1 Answer
1
active
oldest
votes
Your symlink for /etc/resolv.conf
is incorrect.
ls -al /etc/resolv.conf shows us:
resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
which is incorrect. It should point to resolv.conf, like so:
resolv.conf -> /run/systemd/resolve/resolv.conf
so...
sudo rm -i /etc/resolv.conf # remove the incorrect symlink
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly
then make sure that ls -al /etc/resolv.conf
looks correct. cat /etc/resolv.conf
should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).
Update #1:
Add this at the end of your .ovpn file, then sudo openvpn client_file
, and see if /etc/resolv.conf changes with/without VPN.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Update #2:
DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.
As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.
At this point, if you use sudo openvpn client.ovpn
, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.
Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf
. It should probably contain something similar to 192.168.x.1, the address of your router.
Create a new Network Manager VPN connection script. Import your .ovpn file like so:
After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.
Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.
Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
When youcat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
|
show 13 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107704%2fopenvpn-not-changing-ip-address%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your symlink for /etc/resolv.conf
is incorrect.
ls -al /etc/resolv.conf shows us:
resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
which is incorrect. It should point to resolv.conf, like so:
resolv.conf -> /run/systemd/resolve/resolv.conf
so...
sudo rm -i /etc/resolv.conf # remove the incorrect symlink
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly
then make sure that ls -al /etc/resolv.conf
looks correct. cat /etc/resolv.conf
should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).
Update #1:
Add this at the end of your .ovpn file, then sudo openvpn client_file
, and see if /etc/resolv.conf changes with/without VPN.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Update #2:
DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.
As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.
At this point, if you use sudo openvpn client.ovpn
, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.
Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf
. It should probably contain something similar to 192.168.x.1, the address of your router.
Create a new Network Manager VPN connection script. Import your .ovpn file like so:
After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.
Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.
Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
When youcat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
|
show 13 more comments
Your symlink for /etc/resolv.conf
is incorrect.
ls -al /etc/resolv.conf shows us:
resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
which is incorrect. It should point to resolv.conf, like so:
resolv.conf -> /run/systemd/resolve/resolv.conf
so...
sudo rm -i /etc/resolv.conf # remove the incorrect symlink
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly
then make sure that ls -al /etc/resolv.conf
looks correct. cat /etc/resolv.conf
should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).
Update #1:
Add this at the end of your .ovpn file, then sudo openvpn client_file
, and see if /etc/resolv.conf changes with/without VPN.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Update #2:
DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.
As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.
At this point, if you use sudo openvpn client.ovpn
, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.
Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf
. It should probably contain something similar to 192.168.x.1, the address of your router.
Create a new Network Manager VPN connection script. Import your .ovpn file like so:
After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.
Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.
Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
When youcat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
|
show 13 more comments
Your symlink for /etc/resolv.conf
is incorrect.
ls -al /etc/resolv.conf shows us:
resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
which is incorrect. It should point to resolv.conf, like so:
resolv.conf -> /run/systemd/resolve/resolv.conf
so...
sudo rm -i /etc/resolv.conf # remove the incorrect symlink
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly
then make sure that ls -al /etc/resolv.conf
looks correct. cat /etc/resolv.conf
should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).
Update #1:
Add this at the end of your .ovpn file, then sudo openvpn client_file
, and see if /etc/resolv.conf changes with/without VPN.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Update #2:
DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.
As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.
At this point, if you use sudo openvpn client.ovpn
, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.
Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf
. It should probably contain something similar to 192.168.x.1, the address of your router.
Create a new Network Manager VPN connection script. Import your .ovpn file like so:
After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.
Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.
Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.
Your symlink for /etc/resolv.conf
is incorrect.
ls -al /etc/resolv.conf shows us:
resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
which is incorrect. It should point to resolv.conf, like so:
resolv.conf -> /run/systemd/resolve/resolv.conf
so...
sudo rm -i /etc/resolv.conf # remove the incorrect symlink
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # recreate it correctly
then make sure that ls -al /etc/resolv.conf
looks correct. cat /etc/resolv.conf
should show a different result than you had before... probably 192.168.x.1 (your router) or another dns server address (probably from your VPN provider).
Update #1:
Add this at the end of your .ovpn file, then sudo openvpn client_file
, and see if /etc/resolv.conf changes with/without VPN.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Update #2:
DNS is messed up in Ubuntu 18.xx. OpenVPN behaves differently if started from the terminal command line, vs via Network Manager.
As per my previous instruction, make the changes to the /etc/resolv.conf symlink, and add the up/down script changes to your .ovpn file.
At this point, if you use sudo openvpn client.ovpn
, the VPN tunnel will be created, but /etc/resolv.conf will not get properly updated, and you'll have dns leaks. DNS leaks can be seen at either http://dnsleak.com or http://dnsleaktest.com.
Observe the contents of /etc/resolv.conf by typing cat /etc/resolv.conf
. It should probably contain something similar to 192.168.x.1, the address of your router.
Create a new Network Manager VPN connection script. Import your .ovpn file like so:
After ADDing the imported script, connect to your desired VPN server by going to the Network Manager menu (top panel, right corner), select VPN, and then select the VPN connection script that you added earlier.
Again, observe the contents of /etc/resolv.conf, and it now should contain the IP address of your VPN's DNS server.
Go to http://dnsleak.com, and confirm that it correctly shows your new IP address, and click the START button to confirm that you don't have any dns leaks.
edited 15 hours ago
answered Jan 7 at 22:07
heynnemaheynnema
18.2k22054
18.2k22054
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
When youcat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
|
show 13 more comments
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
When youcat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.
– heynnema
Jan 7 at 22:46
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
done: the link points to the file showing the correct IP (nameserver 192.168.0.1). Now if I go on whatsmyip.com after enabling the VPN I can see my IP changing but my geo position remaining the same.How can I be sure that the VPN is actually working? Thank you!
– fatoddsun
Jan 7 at 22:29
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
this is now part of the output when I call openvpn: Mon Jan 7 22:30:05 2019 /sbin/ip route add 185.21.216.152/32 via 192.168.0.1 RTNETLINK answers: File exists Mon Jan 7 22:30:05 2019 ERROR: Linux route add command failed: external program exited with error status: 2
– fatoddsun
Jan 7 at 22:31
When you
cat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.– heynnema
Jan 7 at 22:46
When you
cat /etc/resolv.conf
you'll either see 192.168.0.1 (with VPN down) or the DNS server of your VPN provider (when VPN is up). At the whatsmyip site, do you see your IP address change without/with VPN? I'd call your VPN provider and ask for help... I suspect the .ovpn file needs some mods for Linux/Ubuntu.– heynnema
Jan 7 at 22:46
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
yes, I do see the IP changing at the whatsmyip site, but not when I cat the resolv.conf file. I'll get in touch with the VPN provider. For now, thanks a lot for your help!
– fatoddsun
Jan 7 at 23:14
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
@fatoddsun see my Update #1
– heynnema
Jan 8 at 0:28
|
show 13 more comments
fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.
fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.
fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.
fatoddsun is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107704%2fopenvpn-not-changing-ip-address%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
How do you know it's not changing your ip address, what have you tried, have you monitored the tun0 interface with etherape so you can really see what's going on
– hello moto
Jan 7 at 13:30
I've used common online services like "what's my IP address", straight from the browser. Happy to do more checks, but I don't know how
– fatoddsun
Jan 7 at 14:49
1
Use
ifconfig
to look at tun0, and it should show an address of 10.32.0.90. You could also edit your question with your .ovpn file (with any confidential info blocked out).– heynnema
Jan 7 at 16:10
added the ovpn file content to the main message, thank you! Yes, if I type ifconfig tun0 I can see "inet 10.32.0.90"
– fatoddsun
Jan 7 at 17:32
1
Begin comments to me with @heynnema, or I may miss them. Where did you get this .ovpn file from? Why the last 4 lines? Show me
ls -al /etc/resolv.conf
andcat /etc/resolv.conf
, andps auxc | grep -i dns
andps auxc | grep -i resolv
. Edit this info into your question... not in the comments, please.– heynnema
Jan 7 at 20:43