Open Jorman opened 6 years ago
jotyGill
commented
6 years ago Thank you. I have implemented ability to test if systemd is found or not. This should work for non systemd Linux system. (-d won't work obviously). Give it a go.
sudo python3 -m pip install --upgrade openpyn
Jorman
commented
6 years ago Thank you, I'll try it, in some day I'll have my new R7800 so will make some new test to see if works!
Would be very beautiful use this piece of sw on router, then just need a proper script to start it automatically -> easy some rules for the firewall, like a kill switch -> easy a cron to check the connection? -> is needed?
What do you think?
J
yuriw
commented
6 years ago @Jorman add "check for DNS leaks" to your list :)
Jorman
commented
6 years ago I never know the existence about it till yesterday. I saw voxels fw and after some search I saw this DNS leak! I don't know if there's a way to install this into ddwrt, I'll search when the router arrive!
Jorman
commented
6 years ago Ok, I've the router but...
Installation ok, with python3 module, only one note, the command is
python3 -m pip install --upgrade openpyn
But in my case I don't need sudo, I'm root user, and on R7800 python3 don't symlink pip3 into pip, so I only had to symlink pip3 into pip
So installation was ok but when I try to save the credentials I got this:
Enter the password for NordVPN:
wget: not an http or ftp url: https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
Exception occurred while wgetting zip, is the internet working? is nordcdn.com blocked by your ISP or Country?, If so use Privoxy [https://github.com/jotyGill/openpyn-nordvpn/issues/109]Internet is up and no block on ips. To me seems can't find wget or can't write on basepath?
root@DD-WRT:~# which wget
/usr/bin/wget
root@DD-WRT:~# ls /opt/bin/wget
/opt/bin/wget
root@DD-WRT:~# ll /opt/bin/wget
lrwxrwxrwx 1 root root 8 Aug 25 14:50 /opt/bin/wget -> wget-sslI don't know what can be a best solution in this case. Where I can find the credential file? so I can set it up by hand and maybe I can force the very 1st downlod of the zip configuration file.
Any idea @jotyGill @yuriw
Jorman
commented
6 years ago Found the problem, wget used is not the one from opt but from busybox! For now I fixed but I've another problem on connecting phase, see the log:
Out of the Best Available Servers, Chose uk323
2018-08-25 22:05:43 [SUCCESS] CONNECTING TO SERVER uk323 ON PORT udp
2018-08-25 22:05:43 [VERBOSE] os.getlogin(), returned FileNotFoundError, assuming 'openpyn' is running with 'SUDO'
2018-08-25 22:05:43 [WARNING] Desktop notifications don't work when using 'sudo', run without it, when asked, provide the sudo credentials
Traceback (most recent call last):
File "/opt/bin/openpyn", line 11, in <module>
load_entry_point('openpyn==2.7.4', 'console_scripts', 'openpyn')()
File "/opt/lib/python3.6/site-packages/openpyn/openpyn.py", line 144, in main
args.skip_dns_patch, args.silent, args.nvram, args.openvpn_options, args.location)
File "/opt/lib/python3.6/site-packages/openpyn/openpyn.py", line 405, in run
return(connect(aserver, port, silent, test, skip_dns_patch, openvpn_options))
File "/opt/lib/python3.6/site-packages/openpyn/openpyn.py", line 875, in connect
use_systemd_resolved = uses_systemd_resolved()
File "/opt/lib/python3.6/site-packages/openpyn/openpyn.py", line 794, in uses_systemd_resolved
stderr=subprocess.DEVNULL,
File "/subprocess.py", line 267, in call
File "/subprocess.py", line 709, in __init__
File "/subprocess.py", line 1344, in _execute_child
FileNotFoundError: [Errno 2] No such file or directory: 'systemctl': 'systemctl'
root@DD-WRT:~#I see. try installing this version and see if it's all good.
python3 -m pip install openpyn==2.7.5.dev1
Jorman
commented
6 years ago Yep, you're right! Btw you're pretty close, see the log:
root@DD-WRT:~# python3 -m pip install openpyn==2.7.5.dev1
Collecting openpyn==2.7.5.dev1
Downloading https://files.pythonhosted.org/packages/cc/f5/087ac008fde61ac0ac95228f8f0ff4a276ef6b0dc6f3502071212cb322e5/openpyn-2.7.5.dev1.tar.gz (61kB)
100% |################################| 71kB 1.0MB/s
Requirement already satisfied: requests in /opt/lib/python3.6/site-packages (from openpyn==2.7.5.dev1) (2.19.1)
Requirement already satisfied: colorama in /opt/lib/python3.6/site-packages (from openpyn==2.7.5.dev1) (0.3.9)
Requirement already satisfied: coloredlogs in /opt/lib/python3.6/site-packages (from openpyn==2.7.5.dev1) (10.0)
Requirement already satisfied: verboselogs in /opt/lib/python3.6/site-packages (from openpyn==2.7.5.dev1) (1.7)
Requirement already satisfied: certifi>=2017.4.17 in /opt/lib/python3.6/site-packages (from requests->openpyn==2.7.5.dev1) (2018.8.24)
Requirement already satisfied: urllib3<1.24,>=1.21.1 in /opt/lib/python3.6/site-packages (from requests->openpyn==2.7.5.dev1) (1.23)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /opt/lib/python3.6/site-packages (from requests->openpyn==2.7.5.dev1) (3.0.4)
Requirement already satisfied: idna<2.8,>=2.5 in /opt/lib/python3.6/site-packages (from requests->openpyn==2.7.5.dev1) (2.7)
Requirement already satisfied: humanfriendly>=4.7 in /opt/lib/python3.6/site-packages (from coloredlogs->openpyn==2.7.5.dev1) (4.16.1)
Building wheels for collected packages: openpyn
Running setup.py bdist_wheel for openpyn ... done
Stored in directory: /tmp/root/.cache/pip/wheels/02/29/41/e8e5d5fb0d71c68e9c2e72d5230ce32810106336614bde8fb5
Successfully built openpyn
Installing collected packages: openpyn
Found existing installation: openpyn 2.7.4
Uninstalling openpyn-2.7.4:
Successfully uninstalled openpyn-2.7.4
Successfully installed openpyn-2.7.5.dev1
root@DD-WRT:~# openpyn -s it --p2p
2018-09-11 22:20:27 [NOTICE] VPN configuration file /opt/lib/python3.6/site-packages/openpyn/files/ovpn_udp/it.nordvpn.com.udp.ovpn doesn't exist, don't worry running 'openpyn --update' for you :)
--2018-09-11 22:20:33-- https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
Resolving downloads.nordcdn.com... 104.18.109.14, 104.18.108.14, 104.18.112.14, ...
Connecting to downloads.nordcdn.com|104.18.109.14|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20925807 (20M) [application/zip]
Saving to: '/opt/lib/python3.6/site-packages/openpyn/ovpn.zip'
ovpn.zip 100%[=====================================================================================>] 19.96M 9.19MB/s in 2.2s
2018-09-11 22:20:35 (9.19 MB/s) - '/opt/lib/python3.6/site-packages/openpyn/ovpn.zip' saved [20925807/20925807]
2018-09-11 22:20:38 [NOTICE] Killing the running openvpn-management client
2018-09-11 22:20:41 [SUCCESS] CONNECTING TO SERVER it ON PORT udp
2018-09-11 22:20:41 [VERBOSE] os.getlogin(), returned FileNotFoundError, assuming 'openpyn' is running with 'SUDO'
2018-09-11 22:20:41 [WARNING] Desktop notifications don't work when using 'sudo', run without it, when asked, provide the sudo credentials
2018-09-11 22:20:41 [WARNING] Your OS 'linux' Does not have '/sbin/resolvconf'
2018-09-11 22:20:41 [NOTICE] Manually applying patch to tunnel DNS through the VPN tunnel by modifying '/etc/resolv.conf'
Changing DNS servers to NordVPN's DNS Servers
nameserver nordDNS1 = 103.86.99.100
nameserver nordDNS2 = 103.86.96.100
nameserver openDNS3 = 208.67.222.220
Options error: In [CMD-LINE]:1: Error opening configuration file: /opt/lib/python3.6/site-packages/openpyn/files/ovpn_udp/it.nordvpn.com.udp.ovpn
Use --help for more information.Take note that maybe I've to install some command, I use Entware on ddwrt kong system.
Tell me if you need some other logs or some other tests
Please note that I had to install setuptools in order to install openpyn
python3 -m pip install --upgrade pip setuptools wheel
I've 2 questions for you @jotyGill
When all will work, can I set up a cron in order to check if I'm connected to the best case and switch to the best one if not? For example I plan a cron every hours and with a command like openpyn it --p2p the script check if I'm already connected to the best server otherwise connect to the best one. I ask this because I don't know how it works, I never see it in action :D
Do you have any plan to specify the client (ip or mac address) that can use the openvpn connection? Like the --allow arguments but for ip, ip range or mac address
Jo
Jorman
commented
6 years ago Sorry I just saw that I've put -s it instead -c it or simpy it but don't works, here the log:
root@DD-WRT:~# openpyn it --p2p
According to NordVPN, Least Busy 10 Servers in IT With 'Load' Less Than 70 Which Support OPENVPN-UDP , p2p = True Are: [['it39', 13], ['it21', 15], ['it22', 15], ['it26', 16], ['it29', 16], ['it45', 16], ['it56', 16], ['it35', 18], ['it25', 19], ['it54', 19]]
Pinging Server it39 min/avg/max/mdev = [23, 24, 24, 0]
Pinging Server it21 min/avg/max/mdev = [24, 25, 26, 1]
Pinging Server it22 min/avg/max/mdev = [24, 29, 32, 3]
Pinging Server it26 min/avg/max/mdev = [24, 24, 24, 0]
Pinging Server it29 min/avg/max/mdev = [25, 25, 25, 0]
Pinging Server it45 min/avg/max/mdev = [30, 32, 35, 2]
Pinging Server it56 min/avg/max/mdev = [25, 25, 27, 1]
Pinging Server it35 min/avg/max/mdev = [24, 24, 25, 0]
Pinging Server it25 min/avg/max/mdev = [23, 23, 24, 0]
Pinging Server it54 min/avg/max/mdev = [25, 25, 25, 0]
Top 10 Servers with Best Ping Are: ['it25', 'it39', 'it26', 'it35', 'it29', 'it54', 'it21', 'it56', 'it22', 'it45']
Out of the Best Available Servers, Chose it25
2018-09-11 23:14:11 [NOTICE] Killing the running openvpn process
2018-09-11 23:14:12 [NOTICE] Killing the running openvpn-management client
2018-09-11 23:14:15 [SUCCESS] CONNECTING TO SERVER it25 ON PORT udp
2018-09-11 23:14:15 [VERBOSE] os.getlogin(), returned FileNotFoundError, assuming 'openpyn' is running with 'SUDO'
2018-09-11 23:14:15 [WARNING] Desktop notifications don't work when using 'sudo', run without it, when asked, provide the sudo credentials
2018-09-11 23:14:16 [WARNING] Your OS 'linux' Does not have '/sbin/resolvconf'
2018-09-11 23:14:16 [NOTICE] Manually applying patch to tunnel DNS through the VPN tunnel by modifying '/etc/resolv.conf'
Changing DNS servers to NordVPN's DNS Servers
nameserver nordDNS1 = 103.86.99.100
nameserver nordDNS2 = 103.86.96.100
nameserver openDNS3 = 208.67.222.220
Tue Sep 11 23:14:16 2018 OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 14 2018
Tue Sep 11 23:14:16 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09
Tue Sep 11 23:14:16 2018 ERROR: username from Auth authfile '/opt/lib/python3.6/site-packages/openpyn/credentials' is empty
Tue Sep 11 23:14:16 2018 Exiting due to fatal errorI don't know why in the credential files the username is missing so I edited it and start, intranet works but not internet:
root@DD-WRT:~# openpyn it --p2p
According to NordVPN, Least Busy 10 Servers in IT With 'Load' Less Than 70 Which Support OPENVPN-UDP , p2p = True Are: [['it39', 13], ['it21', 15], ['it22', 15], ['it26', 16], ['it29', 16], ['it45', 16], ['it56', 16], ['it35', 18], ['it25', 19], ['it54', 19]]
Pinging Server it39 min/avg/max/mdev = [23, 24, 24, 0]
Pinging Server it21 min/avg/max/mdev = [24, 24, 24, 0]
Pinging Server it22 min/avg/max/mdev = [25, 25, 25, 0]
Pinging Server it26 min/avg/max/mdev = [24, 24, 24, 0]
Pinging Server it29 min/avg/max/mdev = [24, 24, 24, 0]
Pinging Server it45 min/avg/max/mdev = [24, 24, 25, 0]
Pinging Server it56 min/avg/max/mdev = [25, 26, 27, 1]
Pinging Server it35 min/avg/max/mdev = [24, 25, 26, 0]
Pinging Server it25 min/avg/max/mdev = [23, 23, 24, 0]
Pinging Server it54 min/avg/max/mdev = [25, 25, 26, 0]
Top 10 Servers with Best Ping Are: ['it25', 'it39', 'it21', 'it26', 'it29', 'it45', 'it22', 'it35', 'it54', 'it56']
Out of the Best Available Servers, Chose it25
2018-09-11 23:17:32 [NOTICE] Killing the running openvpn-management client
2018-09-11 23:17:35 [SUCCESS] CONNECTING TO SERVER it25 ON PORT udp
2018-09-11 23:17:35 [VERBOSE] os.getlogin(), returned FileNotFoundError, assuming 'openpyn' is running with 'SUDO'
2018-09-11 23:17:35 [WARNING] Desktop notifications don't work when using 'sudo', run without it, when asked, provide the sudo credentials
2018-09-11 23:17:35 [WARNING] Your OS 'linux' Does not have '/sbin/resolvconf'
2018-09-11 23:17:35 [NOTICE] Manually applying patch to tunnel DNS through the VPN tunnel by modifying '/etc/resolv.conf'
Changing DNS servers to NordVPN's DNS Servers
nameserver nordDNS1 = 103.86.99.100
nameserver nordDNS2 = 103.86.96.100
nameserver openDNS3 = 208.67.222.220
Tue Sep 11 23:17:36 2018 OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 14 2018
Tue Sep 11 23:17:36 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09
Tue Sep 11 23:17:36 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7015
Tue Sep 11 23:17:36 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Sep 11 23:17:36 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Sep 11 23:17:36 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Sep 11 23:17:36 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]82.102.21.68:1194
Tue Sep 11 23:17:36 2018 Socket Buffers: R=[180224->180224] S=[180224->180224]
Tue Sep 11 23:17:36 2018 UDP link local: (not bound)
Tue Sep 11 23:17:36 2018 UDP link remote: [AF_INET]82.102.21.68:1194
Tue Sep 11 23:17:36 2018 TLS: Initial packet from [AF_INET]82.102.21.68:1194, sid=7f909138 8c9583cf
Tue Sep 11 23:17:36 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Sep 11 23:17:36 2018 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Tue Sep 11 23:17:36 2018 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA2
Tue Sep 11 23:17:36 2018 VERIFY KU OK
Tue Sep 11 23:17:36 2018 Validating certificate extended key usage
Tue Sep 11 23:17:36 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep 11 23:17:36 2018 VERIFY EKU OK
Tue Sep 11 23:17:36 2018 VERIFY OK: depth=0, CN=it25.nordvpn.com
Tue Sep 11 23:17:36 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Sep 11 23:17:36 2018 [it25.nordvpn.com] Peer Connection Initiated with [AF_INET]82.102.21.68:1194
Tue Sep 11 23:17:37 2018 SENT CONTROL [it25.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Tue Sep 11 23:17:37 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.183 255.255.255.0,peer-id 18,cipher AES-256-GCM'
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: compression parms modified
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Sep 11 23:17:37 2018 Socket Buffers: R=[180224->360448] S=[180224->360448]
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: route options modified
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: route-related options modified
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: peer-id set
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: adjusting link_mtu to 1657
Tue Sep 11 23:17:37 2018 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 11 23:17:37 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Sep 11 23:17:37 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 11 23:17:37 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 11 23:17:37 2018 TUN/TAP device tun0 opened
Tue Sep 11 23:17:37 2018 TUN/TAP TX queue length set to 100
Tue Sep 11 23:17:37 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Sep 11 23:17:37 2018 /sbin/ifconfig tun0 10.8.8.183 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Tue Sep 11 23:17:37 2018 /sbin/route add -net 82.102.21.68 netmask 255.255.255.255 gw 192.168.1.1
Tue Sep 11 23:17:37 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Tue Sep 11 23:17:37 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Tue Sep 11 23:17:37 2018 Initialization Sequence Completed
Tue Sep 11 23:17:37 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:7015I don't know if is important but on the router a openvpn server is configured and I added this to my firewall rules in order to navigate through internet when I use the connection to the server
WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADEAny idea?
AbdealiLoKo
commented
2 years ago For what it's worth - I ran this on Ubuntu WSL on windows (and it doesn't have systemd)
And it gave me a very nice and clean error:
System has not been booted with systemd as init system (PID 1). Can't operate.
without any failures
Hi, I've a netgear r7000 router, so on that router I can install dd-wrt and tomato firmware on both of that I can install entware, so I can install, actually I do that with both firmware, python3 and all dependencies.
So all works till the script don't try to install the start/stop script, I got this error
So I've 2 question
Many thanks for this works! I like it!