VPN, Linux Mint x64 17.2 KDE, OpenVPN &/or PPTP.
[color=#8800bb]Hi. Does anyone here have advice for making IPVanish VPN with either OpenVPN or PPTP [or even L2TP] fully function in Linux Mint? For the past ~10 days i've been struggling to try to make my ~10-day-old IPVanish VPN subscription work. My primary "on metal" OS is Linux Mint x64 17.2 KDE, & within it i have multiple VB VMs, one of which is Win10 x64 Pro***. More on that VM later, the next little bit concerns IPV in Linux Mint. i had no hassles at all creating multiple IPVanish VPN Connections in my KDE Connection Manager, in each case following their instructions to import each relevant configuration as downloaded from https://www.ipvanish.com/software/configs/. Thereafter for each of my new VPNs i was able to connect ok, & verify by various test sites that my IP address genuinely had changed to the intended remote server's IP & was no longer my domestic IP. So far so good. Then, most of the time when i try to browse "ordinary" unprotected websites, eg, common news sites, i can do so ok. The one exception i've found so far where even an unsecured site fails with IPVanish active, is the Chrome Webstore. Sometimes i cannot connect to it at all, but other times even once connected, i cannot download/install any apps or extensions... the page never finishes reloading [but immediately behaves again once i close IPVanish]. The worst problem however occurs whenever i need to connect to MOST* of my regular sites for which i need to log in using my account credentials for that site, eg, my main online banking portal, my Netflix, my webmail, my telephone, my credit cards... & also all attempts to Send emails from my Outlook 2010** client fail with IPVanish running [but are ok as soon as i close IPVanish again]. I have confirmed this fault with multiple IPVanish IPs around the world, & with multiple browsers [Chrome, Chromium, Vivaldi, Slimjet, Firefox, Pale Moon]. Sample error messages: [ol] [li]All chromium-based browsers: "[i]No data received ERR_EMPTY_RESPONSE Reload Unable to load the webpage because the server sent no data[/i]."[/li] [li]Firefox: "[i]The connection was reset. The connection to the server was reset while the page was loading. The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web[/i]."[/li] [li]Outlook 2010**: "[i]Task 'steffiexxxxxxxxxx - Sending' reported error (0x800CCC0B) : 'Unknown Error 0x800CCC0B[/i]'".[/li] [/ol] [color=#8800bb]Conversely with my online banking & credit card portals there is no error message, as the pages never move beyond the initial login screens, ie, after inputting my credentials & then entering, the pages sit there "forever" doing nothing. Suffice to say that this never occurs with IPVanish deactivated, everything then instantly behaves well. My entire objective in deciding to pay for a VPN was that i could connect, then STAY connected for ALL my normal internet activities. It is completely unacceptable if, everytime i need to do any of my private stuff requiring logging in, i have to first close down the VPN. Furthermore I specifically then chose IPVanish, after several days of intensive research, because of the claims that company makes, & the generally good public reviews. It goes without saying that at the moment i am very disillusioned & unhappy. * UPDATE: Originally i had typed "ALL", but changed it to "MOST", as i discovered a small number of my other secured sites DO still let me login & proceed ok [eg, my supermarket shopping, my ISP portal, & even my direct connection to my modem-router [phew]]. ** As i said earlier i use Linux, & obviously Outlook 2010 is a Microsoft product, incompatible with Linux. Hence i have a VirtualBox Virtual Machine set up inside my Linux OS, & this VM runs Windows 10 Pro x64; installed in that VM's OS is then Office 2010. It generally works great this way, but i discovered yet another fault of the IPVanish service... whenever IPVanish is active, Win10 cannot connect to Microsoft to check for updates. It works just fine without the VPN. I've exchanged multiple detailed emails with IPV documenting the symptoms. Annoyingly there's now been five separate IPV support reps [Level 1 & 2] interact with me, & so far ALL help has been useless. They've had me make the OpenVPN connections direct via terminal rather than the KDE Connections Manager [made no difference], & they gave me the PPTP setup methodology which proved even more useless as that way i could not connect to even a single IPV server anywhere. Sigh. As i await their next reply [& with me reaching such exasperation with them that unless they solve it asap i'll ask for a full refund & go to a competitor], it occurred to me to maybe try posting here to see if the marvellous experience & helpfulness of "my Vivaldi fraternity" might know of the solution...? ***[u]UPDATE re my Win10 VM[/u]: My goal remains to be able to secure my pc at the Linux Mint level [thus also encompassing all my VMs], but today whilst i still await the next IPV reply i had an idea -- i downloaded & installed the IPV Windows VPN client into my Win10 VM, Magically i discovered that when i connect to various IPV servers around the world via OpenVPN with this client in Win10, ---> EVERYTHING WORKS!!! Ie, Outlook 2010 happily sends & receives, so far all my websites work properly [of course, this remark ONLY applies to the scenario of using a browser WITHIN the Win10 VM, not my Linux OS more generally], & Win10 [i]can [/i]connect to Microsoft to check for updates. Logically this comparative test seems to indicate that IPV is not necessarily the pile of rubbish i was beginning to suspect, but instead there's something specific about how its OpenVPN config is not quite right in Linux Mint. Sorry for the overwhelming detail here... but any pearls of wisdom, pls?[/color][/color]
Nobody, huh? Oh well. Pity. :blink:
Sorry. You know me, I help if I can. But the subject matter of your query is all Greek to me. So have to shrug.
Steffie, if it all works when everything is pretty much 'inside' the VM according to the update on your post then what you have here is a failure to communicate. :D
Check the config files and make sure they're all using the same sockets/ports/flags/mirrors/smoke detectors. The apps have to be able to tell the VM to ask the Host OS to have the VPN pass the message to IPVanish(?) and the error messages you listed are basically saying that's not happening.
Happy hunting! :)
Ta Ayespy & 3Phase. Since my original post & update there's been another 100,000 emails back & forth with IPVanish. So far they've managed to repeatedly ignore some of the tech questions i've asked them, & got me to repeat earlier tests that didn't work then, don't work now. They ended up pulling the plug on me, but gave me a 1 week reprieve for MY further testing… even though i've kinda run out of ideas (I thought they were supposed to be the Pros?). They told me they setup a virgin Linux Mint OS & reckon it works fine... but they won't tell me if they're using the identical setup, ie, i use Mint x64 17.2 KDE with encrypted /home partition, so if they're using Cinnamon/Mate/XFCE etc, or 32-bit, or std /home, etc, then it proves nothing [as a (recently-retired) engineer it busts my fooffle-valve when people can't grasp the scientific principle of only changing one variable per time in tests, otherwise it proves nothing].
I'm about to create 2 new temp VMs, both being my identical Mint KDE, but one i'll encrypt its /home [if the VM allows that] like my "real" Mint, except that that's on my SSD vs this VM is, um, virtual [sorry]. T'other new VM will be ditto but with /home not encrypted. In both i'll just use the default FF browser, setup OpenVPN, & try to connect to some IPVanish servers & test those websites. If both of these work, it'll indicate possibly that my encrypted "real" /home might be a factor. Otherwise… if none work then it might indicate some mysterious fault with Mint 17.2 x64 KDE... but i can't really believe i'm the very first user anywhere to discover such a putative fault.
Oh for a quiet life...
Hmmm, i suspect it's time for me to dump IPVanish & find a better VPN. I've now done 3 more tests, via 3 Linux Mint VM's. These are in addition to my "real" Mint KDE [on SSD] installation. In ALL cases, the specific suite of "difficult" websites [eg, banking, phone, Netflix –- all of which work perfectly when OFF the IP Vanish VPN] do not work once tunneled thru' an active IP Vanish server.
Tonight's 3 x VM tests comprised:
Mint x64 17.2 KDE, /home encrypted
Mint x64 17.2 KDE, /home unencrypted
Mint x64 17.2 Cinnamon, /home unencrypted
I'm damned if i know [or now believe] how IPV claim it works ok in their Mint. What a shame.
You can't connect with secure sites after you log in to an IPVanish server?
Are there any more error messages that can help you figure out where the failed connection is located: in your machine, at the IPVanish server, or at the remote site?<hopeful look="">
Are you using the correct DNS servers for IPVanish?
I found an interesting warning looking up IPVanish that I assume would apply using Windows 10 in a VM but I learned something new today – thank you, I'd never have seen this if I didn't look up IPVanish and I've turned off the problematic DNS setting in my system! B)
Ta for your ongoing valiant attempts to help. Please, PLEASE, don't take any offence at the following, coz i AM grateful [& definitely do need help to solve this]… but I'm concerned that somehow there seems to have been a mis-communication / misunderstanding here wrt my issue. To try now to clarify... this is NOT an issue for me with Win10, it's exclusively an issue with Linux Mint.
I fear I've somehow inadvertently lead you on some wild goose chase here re Win10, as if that is my problem. My Win10 adventure was only a tangent I deliberately took, to investigate if IPVanish [IPV] was a steaming pile of donkey doodoo universally, or only for my Linux Mint OS. Given that my primary "on metal" OS is Mint (I converted from a lifetime of Windows a couple of years ago), my aspiration now re a VPN is to get it fully working IN MINT. As my Tower has a whopping huge hdd supplementing my SSD [on which my Mint OS is installed], i have room to entertain myself with creating myriad VMs in the hdd to play with lots of different OSs [eg, lots of interesting Linux distros], but also legacy XP, & a couple of Win10 VMs as well [but i use one of these ONLY so i can run MS Office 2010, in turn so i can run Outlook 2010, given that all the Linux pretenders to Outlook are inadequate]].
So, to repeat, i'd decided to test IPV in my Win10 VM only after i found all the many websites that will not work properly when i browse to them IN MINT with any of my browsers IN MINT, when i'm connected to any IPV server. My interesting discovery re Win10 was that, after the misery of IPV when used in Mint, all those websites, & Outlook, work perfectly in Win10 VM. However, this is no solution at all for me, only an interesting discovery. Given i do NOT wish to have to return to Win as my daily OS (I love Mint, it eats Win for brekkie), the key objective remains solving exactly what it is about why IPV has this mad esoteric problem with many websites in Mint, but not in Win10.
Wrt DNS [& ta for that link… i would be more anxious about that IF i planned to use Win10 as my daily driver], a couple of weeks ago i changed my DNS in my router [rather than at the individual pc level] from my ISP default, temporarily to Google [thru' gritted teeth, as an experiment, til the GRC DNS Spoofability test site showed me how dodgy 22.214.171.124 really was], to OpenDNS, which i still use. Given that all traffic passes thru' my router [duh], the fact that OpenDNS is in use regardless of if i'm touching the internet from IPV in Mint or IPV in Win10 VM, implies to me that the fault doesn't lie with the DNS [???].
"Are there any more error messages that can help you figure out" … due to my Win legacy [used flavours of it for decades, vs only a couple of years for Linux] by preference when there's a choice i'm a GUI-gal rather than terminal/console, but as part of this problem testing, in Mint once i discovered all the problems [as described], after initially configuring then invoking IPV thru' the KDE Connection Manager GUI, i switched to using the terminal. This provides a myriad of logging info, every step of the way… but i'm afraid i'm simply not knowledgeable enough to interpret it. I have pasted samples of this output [twice] in emails to IPV & explicitly asked them if there's anything of significance therein, but they choose to avoid… grrrrrrrr.
I hope i haven't now made this even more confusing!
Relax, you already know it works so I'm trying to help you help yourself.
If you can connect with Windows but not Linux it's probably not the IPVanish server or their software, it's your machine. :evil:
Yes, I got that you're using Mint. Trust me, you would have to do something a lot more offensive than run Linux to be offensive. ;) I've never run Linux but I have run various BSD releases and MS operating systems on their own and inside of each other and sideways, sort of, since the 80s. It was a hoot having 12 different partitions/operating systems on different drives but it got old and I got tired of it.
I had to look up IPVanish because my first thought was of a bathroom cleaning product and not a VPN subscription. :ohmy: The company FAQ says they don't have software that runs under Linux so I'm not sure what program you're running from the Mint desktop. If you're not familiar with the system and all of the software it can be a lot of fun trying to figure out what is sending an error message and why, then you have to figure out how to make it go away so you can use the machine instead of spending all your time troubleshooting. :whistle:
So, are the errors coming from an application like the browser?
The OS (Mint)?
One of the daemons?
One of the tools?
The remote IPV server?
The remote secure site?
On using Office/Win10 in a VM even briefly: I gather that you're trying to use a VPN to keep a low profile and not get noticed, correct? Firing up Windows 10 is like that brilliant Star Wars 'droid C3P0 hopping up and down on a sand dune, waving his arms and shouting, "A transport! I'm saved! Over here! :woohoo: " Next thing you know your Minty-fresh desktop has been fitted with a restraining bolt and some punk farmer's kid has the remote. Turn off the fancy DNS feature. :dry:
Jawohl, i'm still participating in oxygen exchange. I was surprised at your urging that i abandon OpenDNS & return to my ISP's nameserver. I believe i've previously tested & proven that the Mint IPVanish website hassles persisted irrespective of chosen DNS server (& i summarised my logic on that in the previous post)… however my mind is mere marshmallow now after all these tests & so i was no longer confident of my recollection. Therefore tonight i did temporarily leave OpenDNS in my router (returning to the default DNS of my ISP), retested IPVanish, & noted that against the odds my memory had been correct... the suite of troublesome websites continued not working if IPV was active. That re-proven, i've returned my router to OpenDNS.
Earlier today i documented my recent 3 Mint VM tests in yet another email to IPV, meaning there's now a couple of emails for which i'm awaiting their replies. My pretty solid expectation now is that they will formally abandon me. If so, tomorrow i'll start the hunt all over again for a viable VPN. It really shouldn't be this hard, should it?
Enjoyed your droid drollness.
Glad you're still breathing, Steffie!
Check the Linux firewall log on your local machine – not the router -- and see what happens when you log on to the VPN and try to load a couple of those web sites that keep failing. There should be a call out from your machine and a response from the remote system.
The DNS servers should be set in your local machine OS. After you are connected to IPV the DNS settings can get complicated. IPVanish has a support page with a 'netsh' command to clear the Windows IP stack and remove their nameservers. If you happen to find them, don't list them here. :)
You shouldn't need to change the DNS setting in your router, that might only be used when you first step out of the house in your trench coat, hat pulled down around your ears, dark sunglasses on as you pull your scarf down to ask the router, "EXCUSE ME! WHERE IS THE ENTRANCE TO THE IPVANISH SECRET TUNNEL?" Your router gets in touch with a New York nameserver and replies, "TREE BLOCKS DOWN, THOYTY-THOYD AND THOYD! SAME AS YESTIDDY!" After that, everything should be inside the VPN. If it's not staying in the VPN, it's similar to sticking your head up out of a handy manhole in the secret tunnel to ask, "EXCUSE ME! WHERE IS THE BANK TODAY?"
That would probably be a DNS leak. :D
Guten morgen / abend / nacht 3Phase
Ta once more for yr info. To touch [incompletely] on some points:
- Those utter miserable b@stard$ at IPV TS overnight, rather than answer ANY of my technical questions nor remark on the implications of my multiple tests, chose instead to simply reply "Thank you for contacting support. The connection log you have provided shows that you have successfully established a connection to our VPN server. If you are still having issues with specific sites such as ones running HTTPS, please check your local settings to make sure they are allowed with your current configuration. Please note that we do not currently support IPV6 on our VPN". The same inestimable personages, when i immediately fired off a complaint email that they had ignored all my questions. chose once again to ignore it/me entirely … i've received nil reply.
- Given the couple of weeks of misery & complete time-waste, + the execrable lack of customer service, i'm now alternately sulking & raging. I've decided not to bother any more with them, but to take my custom to a competitor VPN (tba).
- Re firewall, in the wee small hours instead of doing something sensible like sleeping, i was playing about with the Mint firewall. I tried experimenting with a rule to allow port 443 traffic (seems to be what the IPV OpenVPN config uses), but it made no difference to the target suite of websites. Then i switched the FW off altogether & retried those sites, via an IPV server… & they still wouldn't work... but as has been the case all along, they responded beautifully as soon as i kill the IPV connection. Aaaaaarrrrrrrrggggggghhhhhh.
- This morning, after reading your latest advice, i did look at the FW log, & noted multiple entries of various IPs, appended with "_[Secure HTTP (443/tcp) on eth0[/i]", that were denied. Momentarily excited that here was a smoking gun, i immediately realised that it surely cannot be relevant after all, given that another of my tests (repeated) was to try the IPV VPN without my Mint FW enabled… & the websites still failed.
* I'm still somewhat mystified at the robustness of your preference that i leave DNS alone in my router, do it only in my OS, & (from previous posts) stick with my ISP rather than use an alternative (eg, my preferred OpenDNS). Just wrt router vs OS, my own research over the past week indicated (i interpreted) that router-based DNS editing was entirely reasonable & had at least one practical advantage (which clinched it for me), that i would not have to make the OS edit in both my pc's, & then try to determine how to do ditto in my android phone & tablet… as they all must pass thru' the router to "get out", this seemed & seems sensible to me.
Now, the hunt for the next candidate VPN to make me miserable, commences…_
Really? Support giving up on you is totally rude! I was hoping there would be something in the firewall log or even syslog but since you turned off the firewall and it still didn't work there's nothing to see there. :(
The frustrating part is that the VPN apparently works with your Mint install for some sites so it's not a total fail. If it's not a DNS problem then I'd say that something is wrong with the Mint cipher suite or the secure site's suite (say that five times fast!) but it connects fine outside of the VPN. :blink: :blink:
Here's another company that supports Mint and OpenVPN. They have a tutorial with pictures for connecting to their service – note the coat, hat and glasses. B) Even if you don't use their service it should give you some ideas:-
Rude? That's putting it mildly. I'd opine, at the least, that "their mother was a hamster, & their father smelled of elderberries… they are empty headed animal food trough wipers ... they are a cheesy lot of second hand electric donkey-bottom biters". (I luuuuuuurve Monty Python).
Re HMA, noooooooooooooooo, sorry, at this stage they're not on my shortlist, given they were exposed a couple of years ago as maintaining full logs, meaning they can be compelled by NSA / GCHQ / ASIO to hand them over.
PS: Though i won't use HMA, ta heaps for that link & idea it prompted. I read it, downloaded their OpenVPN config files, created a mock HMA connection in my KDE Connection Manager, imported the corresponding HMA config for that server, then opened up the dialog box to have a look-see. It generally does follow the patterns of IPV, albeit with some specific differences wrt certificates, gateway, cyphers etc. I can only suspect that IPV did not get all their settings right for full compatibility with Linux Mint x64 KDE, but without their help [or interest, apparently] there's no efficient way for me to debug & correct it. Moving on… Sigh. Ta again!
Ah, you like 'Python so you'll appreciate their "Not Being Seen" sketch! :D
I'm glad you found the HMA site and the config setups useful! After thinking about the problem you're having and thinking a little beyond the technical aspect, you may be a little harsh on the IPVanish folks. What if the problem is that they are telling the truth and they really do not track their customers?
If I were a bank that had been getting fifty-million attempted robberies a month from IPVanish customers and they tried to give me the spiel about respecting their customers' privacy, I'd immediately blackhole every IP address for every one of their servers in every country. If someone had actually managed to use IPVanish to rob the bank, it might even be possible to put together a team of bloodthirsty lawyers, then take IPVanish to court and sue their tailfeathers off in every country that has one of their servers; bonus points for stacking the juries with people that have had their accounts anonymously hacked.
Yes i like all Python… tv series' sketches, LPs, books, movies... yay.
To my surprise IPV sent another reply overnight. It kinda sorta maybe answered some of my questions but as usual ignored various other questions, so i shot off another brusque response. As i didn't even expect to receive that reply, & have resigned myself to the conclusion that IPV either can't or won't fix this problem, yesterday i selected my next possible candidate VPN. Rather than simply pay up front & possibly have this same hassle all over again [aint i the cynical cow!], i sent them a detailed email listing all the symptoms i had with their competitor, & detailed my pc OS eco-system, & gave them some of the specific websites, then asked for their assurance that their service WILL work for my situation. So far, no reply…
Afraid i don't really follow the applicability of your colourful final paragraph. with its intro per the final sentence of the 2nd para.
Way to go, Steffie! If the IPV service isn't working for you, find another one that does work! :)
Just to be absolutely clear because there seems to be some misunderstanding: do NOT use your own, your router's or your ISP's DNS servers for your VPN unless the VPN provider tells you exactly how to set it up safely and securely to work with their service and you follow their instructions to the letter.
The point to the flowery paragraph is that no service provider can guarantee connectivity and there can be consequences for abuse. The only problem most anonymous VPN customers will have is fitting their halos into the tunnel to surf the 'net. Unfortunately there is always that one knuckledragging, mouthbreathing, scriptkiddie that lives so deep in a basement fantasy world that it requires a series of relays to reach the router and play games with the anonymous VPN .
Surprise. Banks don't play games. The angels get blocked along with the 'kiddies. :o
Sent: Thursday, 5 November 2015 17:48
Subject: RE: IPVanish Case xxxxx- yyyyy.
Thank you for replying. I tried changing the default Config’s port for one IPV server I was testing, from 443 to 1194… this sadly made no difference to all the negative results as previously documented. I have performed my really large number of tests over the past couple of weeks with DNS Servers set in my modem-router as (a) my ISP’s default, (b) OpenDNS, © Google… & I have retried each of these several times in desperation. Nothing helped; all the failures have persisted 100%. I’ve just finished testing on another pc as well [also Mint x64 17.2 KDE], & it too gave 100% failure for each of those noted https sites [with Google as the router DNS] … including Netflix [it only behaved correctly again when I terminated the IPV connection].
I am completely exasperated & terribly disappointed. I had such high hopes, & had been really looking forward to begin using a good VPN… but my experience of the past few weeks has been awful. Unless you or colleagues can suggest anything else to try, then this obviously has to be the end now.
NOV 04, 2015 | 07:42AM MST
We do not support port forwarding, OpenVPN operates on port 443 or 1194. The revision changes between Mint 17.1 and 17.2 did not have any impact on any VPN services. Netflix was tested successfully on a fresh install of mint 17.2 KDE x64 over Chrome after connecting to our VPN.
One last thing you can try if you haven't already is to try setting your DNS to Google's public DNS (126.96.36.199) to see if it is an issue with that. Our Windows client automatically forces our internal DNS of 198.18.0.1/198.18.0.2 and could be the explanation for why your Windows VM worked. Please note that our internal DNS is not accessible while disconnected from our VPN.
I'm now completely over this crap… & my prospective other VPN has still not replied. Looks like i'm destined to remain the hapless plaything of NSA/GCHQ/ASIO with the other sheep. Moi = Exasperated!
Okay that's just weird. :|
The only software/version problems I've found for your Mint version were a couple of config errors in the distro (PAP CHAP MSCHAP) that broke working setups and wouldn't allow a VPN connection at all but nothing about borked secure connections except for the usual problems with mismatched port settings and/or DNS. :(
Well, tis getting odder & odderer :P I've now tried another couple of VPNs [ie, 4 in toto], & ALL have given the same lousy results; 100% repeatability of the symptoms as originally listed. I would surmise that's statistically improbable that multiple independent VPNs, from different parts of the world, & some using just the Mint KDE Connection Manager whilst one has its own spiffy GUI [in Windows that's commonplace, duh, but in Linux less so, so that's a nice feature], could ALL fail in the identical way with in each case it being their own fault. It's now obvious by logical deduction that my original hypothesis was wrong. Clearly i have been barking up the wrong tree, & possibly i'm standing in the wrong forest. I'm now wondering if my ISP does something mischievous with my traffic which is poisoning OpenVPN [which the 4 VPNs all use]. I've asked a couple of these VPNs to kindly give me appropriate specific questions on that, for me to ask my ISP. The other possibility remains that there is still something wrong on my pc that has evaded all detection by me so far… far from impossible, but again on basis of probability it still seems implausible [given i have not only done these tests in my on-SSD Mint, but also in 3 Mint VMs [2 of which retain all default settings].
On a slightly brighter note, in all this sleuthing i've made many really interesting discoveries about all manner of clever alternative DNS servers i can use, & currently am quite liking the OpenNIC project [on principle as well as practice]. Still, the main game was supposed to be a functional VPN, so on balance i'm still frustrated & confused. :dry: