Nice one!! Might have to give this a try!
Iāve installed OpenVPN via apt-get. I have an /etc/init.d/openvpn and a proper configuration file for my server.
Everything is configured properly. Like above, I receive this error.
Mon May 4 15:37:39 2015 /sbin/ip route add 0.0.0.0/0 via (IP of VPN)
RTNETLINK answers: File exists
The default route fails to be established, and the VPN does not function unless I manually change the default route thereafter via:
$ /sbin/ip route change default via <ip-address> dev tun0
From what I can tell via my searching, the problem is in connman. I have only found the problem mentioned; no solutions. connman monkeys with the default route somehow before it should, and prevents it from being set by openvpn.
So, Iām thinking one of two things is true:
- This is a bug in connman, or
- This is a default system misconfiguration by OSMC
Anyone have any insight?
OSMC doesnāt use init scripts, use system sudo service openvpn restart
Also sometimes it help to first start the client manually to see any errors openvpn --config /etc/openvpn/client.conf
Whether or not I use init.d, systemd or whatever doesnāt have any bearing on the error. Hereās the output from systemd:
Sep 11 12:56:18 wight openvpn[273]: /sbin/ip route del 0.0.0.0/0
Sep 11 12:56:18 wight openvpn[273]: /sbin/ip route add 0.0.0.0/0 via 10.10.10.5
Sep 11 12:56:18 wight openvpn[273]: ERROR: Linux route add command failed: external program exited with error status: 2
The command always fails, Iām almost certain, because connman does something w/ the default route which makes it impossible to remove. /sbin/ip route del 0.0.0.0/0 should delete it so /sbin/ip route add 0.0.0.0/0 via 10.10.10.5 can add it.
I have an identical configuration on another box running Rasbian (which does not use connman); there are no problems.
Iāve got this rough tutorial for a openvpn client that Ive gotten to work,
sudo apt-get update
sudo apt-get install openvpn
cd /etc/openvpn
add .ovpn file to dir /etc/openvpn
Add lines to .ovpn for user/pass
sudo sed -i '/auth-user-pass/cauth-user-pass user.txt' *.ovpn
sudo nano user.txt
In this file create only two lines of text
username(your username)
password(your password)
press crtl+x to save the file then press y and enter.
Since the file we have created contains sensitive info we need to ensure that only the user that created the file can read and write to it. Type:
sudo chmod go-rwx user.txt
Rename ovpn file, vpn.conf
Start/Enable Service
sudo systemctl enable openvpn@vpn.service
sudo systemctl start openvpn@vpn.service
Check status:
Type:
curl http://checkip.dyndns.orgthinking of doing a AIO script based of this discussion and a server discussion here on the forum not that i use vpn for Kodi/OSMC but it seems to be popular a request
I was able to hack around the problem; I created a script in /etc/systemd/system/multi-user.target.wants:
[Unit]
Description=Change Default Route
Requisite=openvpn.service
After=openvpn.service
[Service]
Type=oneshot
ExecStart=/sbin/change-route
[Install]
WantedBy=mult-user.target
Which executes /sbin/change-route:
#!/bin/bash
COUNT=60
while [ $COUNT -gt 0 ]
do
if [[ -n `/sbin/ip route | grep tun0` ]]
then
break
fi
sleep 1
let COUNT-=1
done
IP=`/sbin/ip route | grep 'tun0 proto kernel' | cut -d ' ' -f12`
/sbin/ip route change default via $IP dev tun0
The script above waits (60s max) until device tun0 is created by OpenVPN. Once it is, it grabs the gateway address then changes the default route to use it.
This is not about running an OpenVPN server; this is about running an OpenVPN client.
From what I can gather, something is broken in OSMC prevents OpenVPN clients from working properly which needs addressing. I havenāt been able to pinpoint the problem, however.
My best guess is that connman is either bugged or misconfigured in OSMC. Iām not sure why connman is needed by OSMC. Iām curious why this tool was chosen instead of a more established one, like some other users on this thread. If I wanted to propose it be replaced with something else, where would I do that?
1 Like
Itās not recommended to replace it or to propose to replace it? Because if the latter is true, then thatās a problem.
its not recommended to replace it on your system atmā¦ as to the reasons why im gonna refer to Sam cause i dont remember the specifics
I wouldnāt do it as a user, but rather to propose it be replaced at the distribution level
You could propose it but your use case is somewhat niche and is unlikely to result in the change you are seeking here.
Hereās why you wouldnāt want to attempt to change it as a user
One manās shit is one manās treasure.
ConnMan fully supports VPN configuration. The reason for choosing ConnMan over the legacy networking system is that while it worked for you, the large majority (99%) of our users do not wish to configure networking via a command line. ConnMan provides us with a stable DBus interface so we can make configuring connections simple and manageable from Kodi. It also has a very low footprint.
It is easy for you to copy over /etc/network/ files to remedy the situation, and thatās what we expect from power users. We need to support the most common use case scenarios and make these as easy as possible for users to employ. ConnMan lets us do that.
With that said, I donāt anticipate a reason why we wonāt have GUI based VPN configuration eventually
Here. What would you consider as more established? NetworkManager is a lot more resource intensive and wouldnāt work any magic: weād still need to develop our addon to support VPN via the GUI, and additionally, have to rewrite all of the networking code.
If you can provide a better description of the issue then we can have a look.
Edit:
You are likely being caught out by WISPR. To determine true network connectivity (and in the future, to allow login to WiFi networks that ask for a username and password), ConnMan will configure a route and try to connect to osmc.tv. If it receives HTTP-X-OSMC then it knows that it is really connected to the Internet, and not a web page asking for credentials.
I see you are using a legacy /etc/init.d/ script. The solution is to write a proper systemd unit (I am sure one already exists for OpenVPN) and add After=connman.service.
ConnMan assumes that as it is the network manager it is permitted to configure routes accordingly. Other network managers will do the same
Sam
An even more generic solution that would still work on OSMC would be to specify After=network.target in your OpenVPN service.
This is the established way in systemd of specifying that your service should start after the network manager (whatever it might be) is up and running. (network.target does not mean that the network connection is configured and up and running, only that the network manager daemon has started running)
Because our connman.service has Before=network.target it must finish starting before any service that specifies After=network.target is allowed to start, but because network.target is a well known, generic, network manager agnostic target name it should work on any systemd system.
Question guys, have openvpn successfully installed and tested on my Rasp Pi but when configuring the Kodi add-on my folder /usr/sbin seems to be empty (show hidden files and folder enabled in file lists)
Probably a small thing i overlook but hope somebody can point me in good direction
thanksā¦
Sorry already solved, editing trough the context menu of the add-on did the trick
hi guys!
Is there any way to add visual feedback to OSMC while an openvpn connection is active? Maybe a tiny flag or text on any of the corners of the main menu (only) would doā¦
Just a thoughtā¦
Hi all, I am a total novice at Pi as only received it today. So any help would be appreciated.
When typing into Putty I get the response: openvpn: command not found.
Does that mean I have typed incorrectly into putty or the original configuration file.
Thanks, James
Did you actually install and configure openvpn or you thought it was preinstalled?
Ok, got past the putty problem, but now when I try to run openvpn i get the message:
An error has occurred whilst trying to connect OpenVPN
Unable to connect to OpenVPN management interface
Any suggestions please.