VPN, Linux Mint x64 17.2 KDE, OpenVPN &/or PPTP.

Steffie

[color=#8800bb]Hi. Does anyone here have advice for making IPVanish VPN with either OpenVPN or PPTP [or even L2TP] fully function in Linux Mint? For the past ~10 days i've been struggling to try to make my ~10-day-old IPVanish VPN subscription work. My primary "on metal" OS is Linux Mint x64 17.2 KDE, & within it i have multiple VB VMs, one of which is Win10 x64 Pro***. More on that VM later, the next little bit concerns IPV in Linux Mint. i had no hassles at all creating multiple IPVanish VPN Connections in my KDE Connection Manager, in each case following their instructions to import each relevant configuration as downloaded from https://www.ipvanish.com/software/configs/. Thereafter for each of my new VPNs i was able to connect ok, & verify by various test sites that my IP address genuinely had changed to the intended remote server's IP & was no longer my domestic IP. So far so good. Then, most of the time when i try to browse "ordinary" unprotected websites, eg, common news sites, i can do so ok. The one exception i've found so far where even an unsecured site fails with IPVanish active, is the Chrome Webstore. Sometimes i cannot connect to it at all, but other times even once connected, i cannot download/install any apps or extensions... the page never finishes reloading [but immediately behaves again once i close IPVanish]. The worst problem however occurs whenever i need to connect to MOST* of my regular sites for which i need to log in using my account credentials for that site, eg, my main online banking portal, my Netflix, my webmail, my telephone, my credit cards... & also all attempts to Send emails from my Outlook 2010** client fail with IPVanish running [but are ok as soon as i close IPVanish again]. I have confirmed this fault with multiple IPVanish IPs around the world, & with multiple browsers [Chrome, Chromium, Vivaldi, Slimjet, Firefox, Pale Moon]. Sample error messages: [ol] [li]All chromium-based browsers: "[i]No data received ERR_EMPTY_RESPONSE Reload Unable to load the webpage because the server sent no data[/i]."[/li] [li]Firefox: "[i]The connection was reset. The connection to the server was reset while the page was loading. The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web[/i]."[/li] [li]Outlook 2010**: "[i]Task 'steffiexxxxxxxxxx - Sending' reported error (0x800CCC0B) : 'Unknown Error 0x800CCC0B[/i]'".[/li] [/ol] [color=#8800bb]Conversely with my online banking & credit card portals there is no error message, as the pages never move beyond the initial login screens, ie, after inputting my credentials & then entering, the pages sit there "forever" doing nothing. Suffice to say that this never occurs with IPVanish deactivated, everything then instantly behaves well. My entire objective in deciding to pay for a VPN was that i could connect, then STAY connected for ALL my normal internet activities. It is completely unacceptable if, everytime i need to do any of my private stuff requiring logging in, i have to first close down the VPN. Furthermore I specifically then chose IPVanish, after several days of intensive research, because of the claims that company makes, & the generally good public reviews. It goes without saying that at the moment i am very disillusioned & unhappy. * UPDATE: Originally i had typed "ALL", but changed it to "MOST", as i discovered a small number of my other secured sites DO still let me login & proceed ok [eg, my supermarket shopping, my ISP portal, & even my direct connection to my modem-router [phew]]. ** As i said earlier i use Linux, & obviously Outlook 2010 is a Microsoft product, incompatible with Linux. Hence i have a VirtualBox Virtual Machine set up inside my Linux OS, & this VM runs Windows 10 Pro x64; installed in that VM's OS is then Office 2010. It generally works great this way, but i discovered yet another fault of the IPVanish service... whenever IPVanish is active, Win10 cannot connect to Microsoft to check for updates. It works just fine without the VPN. I've exchanged multiple detailed emails with IPV documenting the symptoms. Annoyingly there's now been five separate IPV support reps [Level 1 & 2] interact with me, & so far ALL help has been useless. They've had me make the OpenVPN connections direct via terminal rather than the KDE Connections Manager [made no difference], & they gave me the PPTP setup methodology which proved even more useless as that way i could not connect to even a single IPV server anywhere. Sigh. As i await their next reply [& with me reaching such exasperation with them that unless they solve it asap i'll ask for a full refund & go to a competitor], it occurred to me to maybe try posting here to see if the marvellous experience & helpfulness of "my Vivaldi fraternity" might know of the solution...? ***[u]UPDATE re my Win10 VM[/u]: My goal remains to be able to secure my pc at the Linux Mint level [thus also encompassing all my VMs], but today whilst i still await the next IPV reply i had an idea -- i downloaded & installed the IPV Windows VPN client into my Win10 VM, Magically i discovered that when i connect to various IPV servers around the world via OpenVPN with this client in Win10, ---> EVERYTHING WORKS!!! Ie, Outlook 2010 happily sends & receives, so far all my websites work properly [of course, this remark ONLY applies to the scenario of using a browser WITHIN the Win10 VM, not my Linux OS more generally], & Win10 [i]can [/i]connect to Microsoft to check for updates. Logically this comparative test seems to indicate that IPV is not necessarily the pile of rubbish i was beginning to suspect, but instead there's something specific about how its OpenVPN config is not quite right in Linux Mint. Sorry for the overwhelming detail here... but any pearls of wisdom, pls?[/color][/color]

Ayespy

Sorry. You know me, I help if I can. But the subject matter of your query is all Greek to me. So have to shrug.

3Phase

Steffie, if it all works when everything is pretty much 'inside' the VM according to the update on your post then what you have here is a failure to communicate.

Check the config files and make sure they're all using the same sockets/ports/flags/mirrors/smoke detectors. The apps have to be able to tell the VM to ask the Host OS to have the VPN pass the message to IPVanish(?) and the error messages you listed are basically saying that's not happening.

Happy hunting!

3Phase

Steffie,

You can't connect with secure sites after you log in to an IPVanish server?

Are there any more error messages that can help you figure out where the failed connection is located: in your machine, at the IPVanish server, or at the remote site?<hopeful look="">

Are you using the correct DNS servers for IPVanish?

I found an interesting warning looking up IPVanish that I assume would apply using Windows 10 in a VM but I learned something new today – thank you, I'd never have seen this if I didn't look up IPVanish and I've turned off the problematic DNS setting in my system!

WARNING! Windows 10 VPN Users at Big Risk of DNS Leaks</hopeful>

3Phase

Relax, you already know it works so I'm trying to help you help yourself.
Breathe.
If you can connect with Windows but not Linux it's probably not the IPVanish server or their software, it's your machine. :evil:

Yes, I got that you're using Mint. Trust me, you would have to do something a lot more offensive than run Linux to be offensive. I've never run Linux but I have run various BSD releases and MS operating systems on their own and inside of each other and sideways, sort of, since the 80s. It was a hoot having 12 different partitions/operating systems on different drives but it got old and I got tired of it.

I had to look up IPVanish because my first thought was of a bathroom cleaning product and not a VPN subscription. :ohmy: The company FAQ says they don't have software that runs under Linux so I'm not sure what program you're running from the Mint desktop. If you're not familiar with the system and all of the software it can be a lot of fun trying to figure out what is sending an error message and why, then you have to figure out how to make it go away so you can use the machine instead of spending all your time troubleshooting. :whistle:

So, are the errors coming from an application like the browser?
The OS (Mint)?
One of the daemons?
One of the tools?
The remote IPV server?
The remote secure site?

On using Office/Win10 in a VM even briefly: I gather that you're trying to use a VPN to keep a low profile and not get noticed, correct? Firing up Windows 10 is like that brilliant Star Wars 'droid C3P0 hopping up and down on a sand dune, waving his arms and shouting, "A transport! I'm saved! Over here! :woohoo: " Next thing you know your Minty-fresh desktop has been fitted with a restraining bolt and some punk farmer's kid has the remote. Turn off the fancy DNS feature. :dry:

3Phase

Glad you're still breathing, Steffie!

Check the Linux firewall log on your local machine – not the router -- and see what happens when you log on to the VPN and try to load a couple of those web sites that keep failing. There should be a call out from your machine and a response from the remote system.

security.stackexchange | If I use a VPN, who will resolve my DNS requests?

The DNS servers should be set in your local machine OS. After you are connected to IPV the DNS settings can get complicated. IPVanish has a support page with a 'netsh' command to clear the Windows IP stack and remove their nameservers. If you happen to find them, don't list them here.

You shouldn't need to change the DNS setting in your router, that might only be used when you first step out of the house in your trench coat, hat pulled down around your ears, dark sunglasses on as you pull your scarf down to ask the router, "EXCUSE ME! WHERE IS THE ENTRANCE TO THE IPVANISH SECRET TUNNEL?" Your router gets in touch with a New York nameserver and replies, "TREE BLOCKS DOWN, THOYTY-THOYD AND THOYD! SAME AS YESTIDDY!" After that, everything should be inside the VPN. If it's not staying in the VPN, it's similar to sticking your head up out of a handy manhole in the secret tunnel to ask, "EXCUSE ME! WHERE IS THE BANK TODAY?"

That would probably be a DNS leak.

3Phase

Really? Support giving up on you is totally rude! I was hoping there would be something in the firewall log or even syslog but since you turned off the firewall and it still didn't work there's nothing to see there.

The frustrating part is that the VPN apparently works with your Mint install for some sites so it's not a total fail. If it's not a DNS problem then I'd say that something is wrong with the Mint cipher suite or the secure site's suite (say that five times fast!) but it connects fine outside of the VPN. :blink: :blink:

Here's another company that supports Mint and OpenVPN. They have a tutorial with pictures for connecting to their service – note the coat, hat and glasses. Even if you don't use their service it should give you some ideas:-

support hidemyass dot com | Linux Mint OpenVPN, PPTP and L2TP setup

3Phase

Ah, you like 'Python so you'll appreciate their "Not Being Seen" sketch!

I'm glad you found the HMA site and the config setups useful! After thinking about the problem you're having and thinking a little beyond the technical aspect, you may be a little harsh on the IPVanish folks. What if the problem is that they are telling the truth and they really do not track their customers?

If I were a bank that had been getting fifty-million attempted robberies a month from IPVanish customers and they tried to give me the spiel about respecting their customers' privacy, I'd immediately blackhole every IP address for every one of their servers in every country. If someone had actually managed to use IPVanish to rob the bank, it might even be possible to put together a team of bloodthirsty lawyers, then take IPVanish to court and sue their tailfeathers off in every country that has one of their servers; bonus points for stacking the juries with people that have had their accounts anonymously hacked.

3Phase

Way to go, Steffie! If the IPV service isn't working for you, find another one that does work!

Just to be absolutely clear because there seems to be some misunderstanding: do NOT use your own, your router's or your ISP's DNS servers for your VPN unless the VPN provider tells you exactly how to set it up safely and securely to work with their service and you follow their instructions to the letter.

The point to the flowery paragraph is that no service provider can guarantee connectivity and there can be consequences for abuse. The only problem most anonymous VPN customers will have is fitting their halos into the tunnel to surf the 'net. Unfortunately there is always that one knuckledragging, mouthbreathing, scriptkiddie that lives so deep in a basement fantasy world that it requires a series of relays to reach the router and play games with the anonymous VPN .

Surprise. Banks don't play games. The angels get blocked along with the 'kiddies. :o

3Phase

Okay that's just weird. :|

The only software/version problems I've found for your Mint version were a couple of config errors in the distro (PAP CHAP MSCHAP) that broke working setups and wouldn't allow a VPN connection at all but nothing about borked secure connections except for the usual problems with mismatched port settings and/or DNS.

3Phase

Steffie, the problem is beyond me without installing Mint and finding a VPN service.

Out of curiosity do you have a router with a VPN client like DD-WRT? Hang a $20 router off of your machine ahead of the regular 'net router, then do whatever you want and don't worry about local machine settings, maybe turn off firewall logging if you're worried about logs.

3Phase

With the problem you're having with the VPN I'm wondering if your earlier success with Windows 10 in a VM was really working with your IPVanish connection or if it went around it.

I agree, your Mint setup should work but sometimes it's easier to use an inexpensive but reliable tool:-
ebay: $7.00 Used Linksys WRT54GS

I'm surprised none of the other folks running Linux have some clues, I'm just speaking up before I bow out and fall in but for $7.00 I might grab a spare router myself. :whistle:
83bmsluWHZc

3Phase

Right on, Steffie! So … none of the companies except one mentioned checking the packet type? At least your connection is working and thank you for following up with the solution!

Now that you've got me! looking at VPNs I've conscripted a Netgear MIMO G router to build my own bridge on the river Wi. :whistle:

i90rr

Hi all,
TL;DR

Last time I tried to connect to some VPNs (one my personal VPN provider, the other two work VPN from different companies) it was impossible to do so from Linux Mint 17.3 Cinnamon nor Ubuntu 15.10, these are the reasons:
Ubuntu: they basically screwed the way networking works in GNU+Linux, congratulations Canonical. I don't ask anybody for blind fate, in fact please don't trust me but please do cat /etc/resolv.conf and see for yourself: there's an extremely annoying loop there that prevents some VPN connections from working properly. In fact none of my VPN connections did work with Ubuntu 15.10 - again, congratz!
Linux Mint: it is based on Ubuntu 14.04 LTS and as such it is a bit old nowadays since soon it will be two years since its release and because the policy of its maintainers no new software (upgrades) is added except it address some critical bug.
As such Linux Mint 17 - and I want to say here that I really do like Mint and I understand why the team decided to maintain a 'stable' base so they can focus on working on Cinnamon - just doesn't understand the format of my two work VPN .ovpn files because the version of OpenVPN shipped with it is too old. Sure, I could go and try find some PPA, cross my fingers and hope that it won't break my system while upgrading OpenVPN and possibly NetworkManager but even that didn't assure me that my VPN connections would work - given the inheritance of Mint.

My suggestion is that you try connecting to your VPN using a sane flavor of the penguin like Fedora (despite some flaws works quite well), any of it's siblings like Korora or Chapeau (these two are to Fedora what Mint is to Ubuntu) or even anything completely different depending on your taste and needs.

HTH