search

jotyGill / openpyn-nordvpn

Easily connect to and switch between, OpenVPN servers hosted by NordVPN on Linux (+patch leakes)
GNU General Public License v3.0
628 stars 114 forks source link

No connection and fatal error on Fedora30 #231

Open ickam opened 5 years ago

ickam commented 5 years ago

Openpyn installs no problem on Fedora 30. However, when I try to execute sudo openpyn uk I get: `Thu May 23 15:40:56 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure Thu May 23 15:40:56 2019 OpenVPN 2.4.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Thu May 23 15:40:56 2019 library versions: OpenSSL 1.1.1b FIPS 26 Feb 2019, LZO 2.08 Thu May 23 15:40:56 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7015 Thu May 23 15:40:56 2019 WARNING: --ping should normally be used with --ping-restart or --ping-exit Thu May 23 15:40:56 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu May 23 15:40:56 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Thu May 23 15:40:56 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Thu May 23 15:40:56 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]194.36.110.229:1194 Thu May 23 15:40:56 2019 Socket Buffers: R=[212992->212992] S=[212992->212992] Thu May 23 15:40:56 2019 UDP link local: (not bound) Thu May 23 15:40:56 2019 UDP link remote: [AF_INET]194.36.110.229:1194 Thu May 23 15:40:56 2019 TLS: Initial packet from [AF_INET]194.36.110.229:1194, sid=d7c9c531 6890a49d Thu May 23 15:40:56 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu May 23 15:40:56 2019 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA Thu May 23 15:40:56 2019 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA3 Thu May 23 15:40:56 2019 VERIFY KU OK Thu May 23 15:40:56 2019 Validating certificate extended key usage Thu May 23 15:40:56 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu May 23 15:40:56 2019 VERIFY EKU OK Thu May 23 15:40:56 2019 VERIFY OK: depth=0, CN=uk780.nordvpn.com Thu May 23 15:40:56 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Thu May 23 15:40:56 2019 [uk780.nordvpn.com] Peer Connection Initiated with [AF_INET]194.36.110.229:1194 Thu May 23 15:40:57 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:7015 Thu May 23 15:40:57 2019 SENT CONTROL [uk780.nordvpn.com]: 'PUSH_REQUEST' (status=1) Thu May 23 15:40:57 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.6 255.255.255.0,peer-id 4,cipher AES-256-GCM' Thu May 23 15:40:57 2019 OPTIONS IMPORT: timers and/or timeouts modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: explicit notify parm(s) modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: compression parms modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Thu May 23 15:40:57 2019 Socket Buffers: R=[212992->425984] S=[212992->425984] Thu May 23 15:40:57 2019 OPTIONS IMPORT: --ifconfig/up options modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: route options modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: route-related options modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu May 23 15:40:57 2019 OPTIONS IMPORT: peer-id set Thu May 23 15:40:57 2019 OPTIONS IMPORT: adjusting link_mtu to 1657 Thu May 23 15:40:57 2019 OPTIONS IMPORT: data channel crypto options modified Thu May 23 15:40:57 2019 Data Channel: using negotiated cipher 'AES-256-GCM' Thu May 23 15:40:57 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu May 23 15:40:57 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu May 23 15:40:57 2019 ROUTE_GATEWAY 192.168.86.1/255.255.255.0 IFACE=wlp3s0 HWADDR=bc:a8:a6:cf:fe:63 Thu May 23 15:40:57 2019 TUN/TAP device tun0 opened Thu May 23 15:40:57 2019 TUN/TAP TX queue length set to 100 Thu May 23 15:40:57 2019 /sbin/ip link set dev tun0 up mtu 1500 Thu May 23 15:40:57 2019 /sbin/ip addr add dev tun0 10.8.8.6/24 broadcast 10.8.8.255 Thu May 23 15:40:57 2019 /usr/local/lib/python3.7/site-packages/openpyn/scripts/update-systemd-resolved.sh tun0 1500 1585 10.8.8.6 255.255.255.0 init /usr/local/lib/python3.7/site-packages/openpyn/scripts/update-systemd-resolved.sh: line 61: ip: command not found

<11>May 23 15:40:57 update-systemd-resolved.sh: Invalid device name: 'tun0'. Usage: update-systemd-resolved.sh up|down device_name. Thu May 23 15:40:57 2019 MANAGEMENT: Client disconnected Thu May 23 15:40:57 2019 WARNING: Failed running command (--up/--down): external program exited with error status: 1 Thu May 23 15:40:57 2019 Exiting due to fatal error ` Please help me resolve it
lubi888 commented 5 years ago

Ditto! :-( Pretty much the entire same error message. Ending with 

<11>Jun 15 14:08:50 update-systemd-resolved.sh: Invalid device name: 'tun0'. Usage: update-systemd-resolved.sh up|down device_name.
Sat Jun 15 14:08:50 2019 MANAGEMENT: Client disconnected
Sat Jun 15 14:08:50 2019 WARNING: Failed running command (--up/--down): external program exited with error status: 1
Sat Jun 15 14:08:50 2019 Exiting due to fatal error
ickam commented 5 years ago

The error also appears on Fedora 29, but not Fedora 28, so it might be worth to look at what changed between Fedora 28 and 29. Sadly I don't have enough knowledge to look into it myself.

On Sat, 15 Jun 2019 at 14:16, Linux Ubiquitous notifications@github.com wrote:

Ditto! :-( Pretty much the entire same error message. Ending with

<11>Jun 15 14:08:50 update-systemd-resolved.sh: Invalid device name: 'tun0'. Usage: update-systemd-resolved.sh up|down device_name. Sat Jun 15 14:08:50 2019 MANAGEMENT: Client disconnected Sat Jun 15 14:08:50 2019 WARNING: Failed running command (--up/--down): external program exited with error status: 1 Sat Jun 15 14:08:50 2019 Exiting due to fatal error — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .
lazToum commented 5 years ago

Actually the error could be a few lines above (journalctl -xeu openpyn). For me it was in "update-systemd-resolved.sh" line 61: ip: command not found. Fixed with linking /usr/sbin/ip to /usr/bin/ip.

lubi888 commented 5 years ago

Actually the error could be a few lines above (journalctl -xeu openpyn). For me it was in "update-systemd-resolved.sh" line 61: ip: command not found. Fixed with linking /usr/sbin/ip to /usr/bin/ip.

I still have the same error but which file and line number did you change to fix this?

lazToum commented 5 years ago

Actually the error could be a few lines above (journalctl -xeu openpyn). For me it was in "update-systemd-resolved.sh" line 61: ip: command not found. Fixed with linking /usr/sbin/ip to /usr/bin/ip.

I still have the same error but which file and line number did you change to fix this?

The problem is that the script /usr/local/lib/python3.7/site-packages/openpyn/scripts/update-systemd-resolved.sh cannot find the path to the command "ip" 3 ways:

lubi888 commented 5 years ago

Thanks @lazToum @ickam I left the code repo as is and took option 3 to create the sym link for fedora:

keep it as is and make a symbolic link: sudo ln -s /usr/sbin/ip /usr/bin/ip

For me the issue is now closed now as the app connected on the first test to a foreign country :-)

@localhost sbin]$ openpyn -c fr
According to NordVPN, Least Busy 10 Servers in FR With 'Load' Less Than 70 Which Support OPENVPN-UDP Are: [['fr255', 15], ['fr289', 16], ['fr203', 17], ['fr377', 17], ['fr230', 18], ['fr313', 18], ['fr254', 20], ['fr337', 20], ['fr212', 21], ['fr243', 21]]

Pinging Server fr255 min/avg/max/mdev = [37, 39, 41, 1] 

Pinging Server fr289 min/avg/max/mdev = [33, 34, 36, 1] 

Pinging Server fr203 min/avg/max/mdev = [52, 62, 71, 7] 

Pinging Server fr377 min/avg/max/mdev = [50, 55, 58, 3] 

Pinging Server fr230 min/avg/max/mdev = [36, 43, 54, 7] 

Pinging Server fr313 min/avg/max/mdev = [48, 60, 67, 8] 

Pinging Server fr254 min/avg/max/mdev = [38, 44, 53, 6] 

Pinging Server fr337 min/avg/max/mdev = [34, 37, 39, 2] 

Pinging Server fr212 min/avg/max/mdev = [45, 48, 53, 3] 

Pinging Server fr243 min/avg/max/mdev = [43, 46, 53, 4] 

Top 10 Servers with Best Ping Are: ['fr289', 'fr337', 'fr255', 'fr230', 'fr254', 'fr243', 'fr212', 'fr377', 'fr313', 'fr203']

Out of the Best Available Servers, Chose fr289

2019-06-20 19:22:48 [SUCCESS] CONNECTING TO SERVER fr289 ON PORT udp
2019-06-20 19:22:48 [WARNING] systemd-resolved is running, but resolv.conf contains ['10.128.128.128'], test if DNS leaks!
2019-06-20 19:22:48 [SUCCESS] Your OS 'linux' has systemd-resolve running, using it to update DNS Resolver Entries
Thu Jun 20 19:22:48 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Thu Jun 20 19:22:48 2019 OpenVPN 2.4.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Thu Jun 20 19:22:48 2019 library versions: OpenSSL 1.1.1c FIPS  28 May 2019, LZO 2.08
Thu Jun 20 19:22:48 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7015
Thu Jun 20 19:22:48 2019 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Jun 20 19:22:48 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jun 20 19:22:48 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Jun 20 19:22:48 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Jun 20 19:22:48 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]212.83.135.190:1194
Thu Jun 20 19:22:48 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Jun 20 19:22:48 2019 UDP link local: (not bound)
Thu Jun 20 19:22:48 2019 UDP link remote: [AF_INET]212.83.135.190:1194
Thu Jun 20 19:22:49 2019 TLS: Initial packet from [AF_INET]212.83.135.190:1194, sid=e5111da1 81719e19
Thu Jun 20 19:22:49 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jun 20 19:22:49 2019 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Thu Jun 20 19:22:49 2019 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA3
Thu Jun 20 19:22:49 2019 VERIFY KU OK
Thu Jun 20 19:22:49 2019 Validating certificate extended key usage
Thu Jun 20 19:22:49 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 20 19:22:49 2019 VERIFY EKU OK
Thu Jun 20 19:22:49 2019 VERIFY OK: depth=0, CN=fr289.nordvpn.com
Thu Jun 20 19:22:49 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Jun 20 19:22:49 2019 [fr289.nordvpn.com] Peer Connection Initiated with [AF_INET]212.83.135.190:1194
Thu Jun 20 19:22:50 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:7015
Thu Jun 20 19:22:50 2019 SENT CONTROL [fr289.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Thu Jun 20 19:22:50 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.0.5 255.255.255.0,peer-id 17,cipher AES-256-GCM'
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: compression parms modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Jun 20 19:22:50 2019 Socket Buffers: R=[212992->425984] S=[212992->425984]
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: route options modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: route-related options modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: peer-id set
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: adjusting link_mtu to 1657
Thu Jun 20 19:22:50 2019 OPTIONS IMPORT: data channel crypto options modified
Thu Jun 20 19:22:50 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jun 20 19:22:50 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jun 20 19:22:50 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jun 20 19:22:50 2019 ROUTE_GATEWAY 10.128.128.128/255.0.0.0 IFACE=wlp58s0 HWADDR=9c:b6:d0:f3:39:77
Thu Jun 20 19:22:50 2019 TUN/TAP device tun0 opened
Thu Jun 20 19:22:50 2019 TUN/TAP TX queue length set to 100
Thu Jun 20 19:22:50 2019 /sbin/ip link set dev tun0 up mtu 1500
Thu Jun 20 19:22:50 2019 /sbin/ip addr add dev tun0 10.8.0.5/24 broadcast 10.8.0.255
Thu Jun 20 19:22:50 2019 /usr/local/lib/python3.7/site-packages/openpyn/scripts/update-systemd-resolved.sh tun0 1500 1585 10.8.0.5 255.255.255.0 init
<14>Jun 20 19:22:50 update-systemd-resolved.sh: Link 'tun0' coming up
<14>Jun 20 19:22:50 update-systemd-resolved.sh: Adding DNS Routed Domain .
<14>Jun 20 19:22:50 update-systemd-resolved.sh: Adding IPv4 DNS Server 103.86.96.100
<14>Jun 20 19:22:50 update-systemd-resolved.sh: Adding IPv4 DNS Server 103.86.99.100
<14>Jun 20 19:22:50 update-systemd-resolved.sh: SetLinkDNS(9 2 2 4 103 86 96 100 2 4 103 86 99 100)
<14>Jun 20 19:22:50 update-systemd-resolved.sh: SetLinkDomains(9 1 . true)
Thu Jun 20 19:22:50 2019 /sbin/ip route add 212.83.135.190/32 via 10.128.128.128
Thu Jun 20 19:22:50 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Thu Jun 20 19:22:50 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Thu Jun 20 19:22:50 2019 Initialization Sequence Completed