OpenVPN/IPVanish

So I’m trying to connect my VPN while reading the arch wiki, and it says standard kernel should have tun module… but according to this output, I don’t?

Mon Jul 16 21:28:27 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 16 21:28:27 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 16 21:28:27 2018 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=wlp1s0 HWADDR=3c:95:09:60:2b:db
Mon Jul 16 21:28:27 2018 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Mon Jul 16 21:28:27 2018 Exiting due to fatal error
1 jase@yxia ~/ipvanish % sudo modprobe tun                                                                                                       :(
modprobe: FATAL: Module tun not found in directory /lib/modules/4.17.5-1-ARCH

Make sure you have networkmanager-vpnc installed

pacman -S networkmanager-vpnc

This hopefully should solve your issue.

Side Note: The kernel does have it built-in, this is why it’s not probable, it isn’t a module. Perhaps I’m wrong here.

Cheers

Thank you for your guidance. Unfortunately I don’t think that’s what I need, though I did try it, and still received a no such device /dev/net/tun error
I only tried to modprobe it out of old habit. This is an OpenVPN connection and I have networkmanager-openvpn but I don’t want to configure it manually, and they don’t exactly give detailed instructions on their sites how to do it in that method.

1 jase@yxia ~/ipvanish % sudo openvpn --config ipvanish-US-New-York-nyc-a21.ovpn :(
this is the command I am attempting to run.

Try

find /lib/modules/ -iname 'tun.ko.gz'

# use the file found above, this is just for example
insmod /lib/modules/4.16.9-1-ARCH/kernel/drivers/net/tun.ko.gz

If that still fails try

sudo mkdir -p /dev/net
sudo mknod /dev/net/tun c 10 200
1 Like

Exact output is as follows

jase@yxia ~/ipvanish % find /lib/modules -iname 'tun.ko.gz'
jase@yxia ~/ipvanish % sudo mkdir -p /dev/net
[sudo] password for jase: 
jase@yxia ~/ipvanish % sudo mknod /dev/net/tun c 10 200
mknod: /dev/net/tun: File exists
1 jase@yxia ~/ipvanish % 

omitted the insmod since it couldn’t find it.

Try finding the module somewhere. You’ll need to do this as root and it might still throw some errors, but at the end it should give you a list of files it found matching the -name 'regexp' if you search through them perhaps it’s just buried somewhere else

find / -name 'tun*'

Beyond this and installing networkmanager-vpnc, I’m not sure what other advice to offer.

1 Like

Have you asked ipvanish for help? It could be their module needs to be configured. I use NordVPN and had issues at first, but added other network managers to get it to work. I have forgotten exactly how I did it, but will try to reverse engineer to see how I did it and give you a possible solution.

1 Like

Yes, I asked IP vanish for help, and am following the archWiki. They had a script for kali linux, but it seemed to be a generic script meant for Linux in general, and I followed the instructions for that.

130 jase@yxia ~/ipvanish % sudo ./ipvanish-vpn-linux start                                                                                       :(
./ipvanish-vpn-linux: line 123: cd: /root/ipvanish: No such file or directory

Checking Internet Connection
 - Internet connection test: PASS
 - DNS test: PASS

Connecting IPVanish VPN
 - Enter your IPVanish username [nin.is.my.hero@gmail.com]: 
 - Enter your IPVanish password: 
 - Enter VPN server name [bos-c02.ipvanish.com]: 
 - Enter VPN protocol [udp]: 
Options error: In [CMD-LINE]:1: Error opening configuration file: /root/ipvanish/openvpn.conf
Use --help for more information.
jase@yxia ~/ipvanish % 

I also found tun.ko.xz here

/usr/lib/modules/4.17.6-1-ARCH/kernel/drivers/net/tun.ko.xz

should I try that insmod command again with the tun.ko.xz?

–edit I tried the insmod command with the tun.ko.xz

Great success :slight_smile: seems to be working. I’ll report back if it isn’t.

Now what to do when kernel updates?
Will I have to run insmod everytime I want to connect? after a reboot I mean

Thank you for your help guys :slight_smile:

I also found the spot for importing a vpn connection too, in networkmanager GUI, so now I feel double dumb… I didn’t see it last night, only the spot to manually configure.

Alright… so I’ve tried connecting from terminal and from network manager… my IP never seems to change though even on successful connection. I’ll ask IPVanish again, and see if they responded to my email. <<<<< This is solved.

Should I perform the steps under https://wiki.archlinux.org/index.php/OpenVPN#Routing_client_traffic_through_the_server

@sevenday4 Did you do these steps for NordVPN?

I’m afraid that doing that will break normal connections from how it’s worded. <<< concern

ALSO, it does seem to be working, according to ipleak.net. But my IPv6 doesn’t change… which I know IPVanish doesn’t “yet” support IPv6, so that’s fine… how could I possibly test/set whether or not all requests are sent and received over IPv4… I tried the dns leak tool at ipleak.net which showed fine, but how can I be certain I’m not using IPv6 without disabling it for the system? I will google this, and find out. Because it defeats the purpose if I’m giving away my location over ipv6, which it seems to be doing according to other metrics on the page.

I’ve just realized that the above, and below are the same thing probably huh, just worded differently?

Yes @Xase the link that you have used

https://wiki.archlinux.org/index.php/OpenVPN#Routing_client_traffic_through_the_server

was the one I was going to suggest to you as I tried to find other resources. If your IPv6 is not setup on your router, then you will not have to be concerned about that issue.
i’m also guessing that you’re using the openVPN app as well? As for breaking your communications, since you have it working through IPvanish, I would let it be.

I also found the spot for importing a vpn connection too, in networkmanager GUI, so now I feel double dumb… I didn’t see it last night, only the spot to manually configure.

Actually, that vpn spot would not have shown up unless did the manual configuration from the above wiki. If you had looked in the GUI, before doing the steps required in the wiki, you would have not found it.

I would also suggest that you choose several sites from IPvanish and configure them as well for when other sites are too busy.

1 Like

Yeah, I have their full set of configs in the ipvanish folder. I noticed that when I ran the torrent test though on ipleak.net, that my IPv6 showed up as a result… That’s what concerns me. I have an IPv6 address actively being shown to the internet, is my understanding. Which still allows users to locate me, right? I don’t torrent often, but a hole is a hole. Guess I’ll have to try and wiggle out the worms.

1 Like

If IPvanish doesn’t have any configuration for an IPv6 socket, you may have to make sure that you only us IPv4 socket. I will have to do some research on this, but yeah, if you have data going in and out through IPv6 it would be like putting a screen door on a submarine.

you can see from my scrot:

I don’t have IPv6 and I don’t live in Texas. But if ipleak.net is seeing your IPv6 from your actual location, then yes you do have an issue.

@Xase you may want to read this wiki:

https://wiki.archlinux.org/index.php/IPv6

This may also help you to disable and enable IPv6 in AL. like this:

To disable IPv6 in NetworkManager, right click the network status icon, and select Edit Connections > Wired > Network name > Edit > IPv6 Settings > Method > Ignore/Disabled

1 Like

Alright. So I’ll have to do that for any connection that I wish to use my VPN on? This is a laptop, so it’s a couple of connections. That would be best bet I guess then. Thank you @sevenday4

Setting it to ignore didn’t do anything it seemed, so I set it to link-local.

1 Like

https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup

May give some ideas as well. It may make it easier to disable IPv6 as an default.

2 Likes

@sevenday4

It s basically what I do to most of my installs after it s updated/upgraded. ( Disable IPv6)

2 Likes

Yeah, I’ll disable IPv6 I suppose. There’s no real advantage to it is there? Keeping IPv6 I mean… I’m not gaining super powers from it, am I?

It can also be disabled in the sysctl menue.

Edit: mistake

1 Like

This section of

https://wiki.archlinux.org/index.php/IPv6#systemd-networkd_2

may help you to do it globally:

systemd-networkd

networkd supports disabling IPv6 on a per-interface basis. When a network unit's [Network] section has either LinkLocalAddressing=ipv4 or LinkLocalAddressing=no, networkd will not try to configure IPv6 on the matching interfaces.

Note however that even when using the above option, networkd will still be expecting to receive router advertisements if IPv6 is not disabled globally. If IPv6 traffic is not being received by the interface (e.g. due to sysctl or ip6tables settings), it will remain in the configuring state and potentially cause timeouts for services waiting for the network to be fully configured. To avoid this, the IPv6AcceptRA=no option should also be set in the [Network] section.
2 Likes