Problem: No Internet connection when connected to NordVPN using OpenVPN
Any ideas on what is causing my problem?
I have installed the latest version of OSMC on a Raspberry Pi 3b. I have also installed the OpenVPN from this URL
https://github.com/brianhornsby/script.openvpn/releases/download/v3.0.0/script.openvpn-3.0.0.zip
I am using NordVPN as my VPN provider.
I have been able to get Internet connectivity on the OSMC when the OpenVPN is disconnected.
This is the results of running ‘curl http://checkip.dyndns.org’ in a PuTTY window connected to OSMC
Based on documentation I have seen, it sounds like adding the following command to the OVPN config file should update the DNS addresses to what the VPN server provides.
script-security 2
run /etc/openvpn/update-resolv-conf.sh when the connection is set up
up /etc/openvpn/update-resolv-conf
run /etc/openvpn/update-resolv-conf.sh when the connection is set disconnected
down /etc/openvpn/update-resolv-conf
but it does not work.
It looks like the arguments passed into the ‘update-resolv-conf’ script don’t match what the script is looking for so the script just exits.
From the log generated by OpenVPN, here is the command that runs the update-resolv-conf script
Tue Feb 6 08:34:29 2018 /etc/openvpn/update-resolv-conf tun1 1500 1585 10.8.8.188 255.255.255.0 init
The arguments passed in are:
$1 = tun1
$2 = 1500
$3 = 1585
The script is expecting the arguments to be:
$1 = dhcp-option
$2 = DNS or DOMAIN
$3 = Search name if $2 = DOMAIN
Here is the startup log from OpenVPN with the Up script defined in the OPVN config file.
I ran the openvpn command in a Putty window.
root@Percy:/home/osmc# openvpn /home/osmc/vpn-conf/us1142.nordvpn.com.udp1194.ovpn
Tue Feb 6 08:34:28 2018 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Tue Feb 6 08:34:28 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Tue Feb 6 08:34:28 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Feb 6 08:34:28 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Feb 6 08:34:28 2018 Outgoing Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication
Tue Feb 6 08:34:28 2018 Incoming Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication
Tue Feb 6 08:34:28 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]173.254.254.27:1194
Tue Feb 6 08:34:28 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Tue Feb 6 08:34:28 2018 UDP link local: (not bound)
Tue Feb 6 08:34:28 2018 UDP link remote: [AF_INET]173.254.254.27:1194
Tue Feb 6 08:34:28 2018 TLS: Initial packet from [AF_INET]173.254.254.27:1194, sid=6676031f 9bd91c54
Tue Feb 6 08:34:28 2018 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Tue Feb 6 08:34:28 2018 VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us1142.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Tue Feb 6 08:34:28 2018 Validating certificate key usage
Tue Feb 6 08:34:28 2018 ++ Certificate has key usage 00a0, expects 00a0
Tue Feb 6 08:34:28 2018 VERIFY KU OK
Tue Feb 6 08:34:28 2018 Validating certificate extended key usage
Tue Feb 6 08:34:28 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 6 08:34:28 2018 VERIFY EKU OK
Tue Feb 6 08:34:28 2018 VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us1142.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Tue Feb 6 08:34:28 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Feb 6 08:34:28 2018 [us1142.nordvpn.com] Peer Connection Initiated with [AF_INET]173.254.254.27:1194
Tue Feb 6 08:34:29 2018 SENT CONTROL [us1142.nordvpn.com]: ‘PUSH_REQUEST’ (status=1)
Tue Feb 6 08:34:29 2018 PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.188 255.255.255.0,peer-id 12,cipher AES-256-GCM’
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: --sndbuf/–rcvbuf options modified
Tue Feb 6 08:34:29 2018 Socket Buffers: R=[163840->327680] S=[163840->327680]
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: route options modified
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: route-related options modified
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: peer-id set
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: adjusting link_mtu to 1657
Tue Feb 6 08:34:29 2018 OPTIONS IMPORT: data channel crypto options modified
Tue Feb 6 08:34:29 2018 Data Channel Encrypt: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Feb 6 08:34:29 2018 Data Channel Decrypt: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Feb 6 08:34:29 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:08:de:19
Tue Feb 6 08:34:29 2018 TUN/TAP device tun1 opened
Tue Feb 6 08:34:29 2018 TUN/TAP TX queue length set to 100
Tue Feb 6 08:34:29 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Feb 6 08:34:29 2018 /sbin/ip link set dev tun1 up mtu 1500
Tue Feb 6 08:34:29 2018 /sbin/ip addr add dev tun1 10.8.8.188/24 broadcast 10.8.8.255
Tue Feb 6 08:34:29 2018 /etc/openvpn/update-resolv-conf tun1 1500 1585 10.8.8.188 255.255.255.0 init
Tue Feb 6 08:34:29 2018 /sbin/ip route add 173.254.254.27/32 via 192.168.0.1
Tue Feb 6 08:34:29 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Tue Feb 6 08:34:29 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Tue Feb 6 08:34:29 2018 Initialization Sequence Completed