OpenVPN Cyberghost
Moderator: Moderators
OpenVPN Cyberghost
Hi folks,
I’m going on a vacation to spain and expect a free wifi for the whole apartment building. In order to have a secure internet access there I plan to set up a Client + AP mode.
My router: TP-Link WDR3600 Gargoyle 1.6.2
I already set up the Client + AP mode and it works fine with my wifi at home. The TOR connection works fine as well.
But I can’t set up an OpenVPN connection to Cyberghost (Premium Plus member).
“Error Parameters saved but OpenVPN failed to connect. Re-check your configuration.”
Your help is highly appreciated! Eddie
=======================================
Here is my set up:
I downloaded the ovpn file from my Cyberghost account:
https://support.cyberghostvpn.com/index ... -for-linux
Connection --> OpenVPN --> Configure Client Manually
client
remote ua-openvpn.cyberghostvpn.com 443
dev tun
proto udp
cipher AES-256-CBC
auth-user-pass /etc/openvpn/user.txt
resolv-retry infinite
redirect-gateway def1
persist-key
persist-tun
nobind
auth MD5
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
tun-mtu 1500
fragment 1300
mssfix 1300
verb 4
comp-lzo
ca /etc/openvpn/grouter_client_phqwnwmzscao_ca.crt
cert /etc/openvpn/grouter_client_phqwnwmzscao.crt
key /etc/openvpn/grouter_client_phqwnwmzscao.key
CA Certificate:
In this box I copied the next passage from the downloaded config file. Opened the file ‚CyberGhost.ovpn‘ as before with a text editor and marked the passage between <ca> and </ca>. Copy all text between <ca> and </ca>, so from -----BEGIN CERTIFICATE … [down to] …END CERTIFICATE-----
Client Certificate:
Copied all text between <cert> and </cert>, so from CERTIFICATE: … [down to] …END CERTIFICATE----- and transfered.
Client Key:
Copied all text between <key> und </key>, so from -----BEGIN PRIVATE KEY … [down to] …END PRIVATE KEY ----- and transfered.
Finally I created the text file user.txt. First row username, second password. Uploaded it with WinSCP to /etc/openvpn/.
I’m going on a vacation to spain and expect a free wifi for the whole apartment building. In order to have a secure internet access there I plan to set up a Client + AP mode.
My router: TP-Link WDR3600 Gargoyle 1.6.2
I already set up the Client + AP mode and it works fine with my wifi at home. The TOR connection works fine as well.
But I can’t set up an OpenVPN connection to Cyberghost (Premium Plus member).
“Error Parameters saved but OpenVPN failed to connect. Re-check your configuration.”
Your help is highly appreciated! Eddie
=======================================
Here is my set up:
I downloaded the ovpn file from my Cyberghost account:
https://support.cyberghostvpn.com/index ... -for-linux
Connection --> OpenVPN --> Configure Client Manually
client
remote ua-openvpn.cyberghostvpn.com 443
dev tun
proto udp
cipher AES-256-CBC
auth-user-pass /etc/openvpn/user.txt
resolv-retry infinite
redirect-gateway def1
persist-key
persist-tun
nobind
auth MD5
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
tun-mtu 1500
fragment 1300
mssfix 1300
verb 4
comp-lzo
ca /etc/openvpn/grouter_client_phqwnwmzscao_ca.crt
cert /etc/openvpn/grouter_client_phqwnwmzscao.crt
key /etc/openvpn/grouter_client_phqwnwmzscao.key
CA Certificate:
In this box I copied the next passage from the downloaded config file. Opened the file ‚CyberGhost.ovpn‘ as before with a text editor and marked the passage between <ca> and </ca>. Copy all text between <ca> and </ca>, so from -----BEGIN CERTIFICATE … [down to] …END CERTIFICATE-----
Client Certificate:
Copied all text between <cert> and </cert>, so from CERTIFICATE: … [down to] …END CERTIFICATE----- and transfered.
Client Key:
Copied all text between <key> und </key>, so from -----BEGIN PRIVATE KEY … [down to] …END PRIVATE KEY ----- and transfered.
Finally I created the text file user.txt. First row username, second password. Uploaded it with WinSCP to /etc/openvpn/.
Re: OpenVPN Cyberghost
what editor do you use to create this file?Finally I created the text file user.txt. First row username, second password. Uploaded it with WinSCP to /etc/openvpn/.
Re: OpenVPN Cyberghost
Thanks Eddie - got your PM.
First I'd second ispyisail on the creation of the password file. To cover your bases just get a shell to the router and use echo - then you'll know it's right.
I'm no expert in this just extremely persistent!
I'd start with getting a shell to you router and checking:
1. The contents of /etc/openvpn
2. The contents of grouter_client_######.conf
3. Use ps to check that the correct process and options are running
/usr/sbin/openvpn --syslog openvpn(custom_config) --writepid /var/run/openvpn-custom_config.pid --config /etc/openvpn/grouter_client_######.conf
4. The contents of /usr/password or where ever you put it. Some locations are not persistent storage.
In general I found Gargoyle would mess things up - hence the gymnastics discussed in the original post and I guess you could (might?) achieve all the correct configuration from a shell without Gargoyle.
As far as your actual options for openvpn you need to have them specified by your service provider and use https://openvpn.net/index.php/open-sour ... l#examples as a reference.
First I'd second ispyisail on the creation of the password file. To cover your bases just get a shell to the router and use echo - then you'll know it's right.
I'm no expert in this just extremely persistent!
I'd start with getting a shell to you router and checking:
1. The contents of /etc/openvpn
2. The contents of grouter_client_######.conf
3. Use ps to check that the correct process and options are running
/usr/sbin/openvpn --syslog openvpn(custom_config) --writepid /var/run/openvpn-custom_config.pid --config /etc/openvpn/grouter_client_######.conf
4. The contents of /usr/password or where ever you put it. Some locations are not persistent storage.
In general I found Gargoyle would mess things up - hence the gymnastics discussed in the original post and I guess you could (might?) achieve all the correct configuration from a shell without Gargoyle.
As far as your actual options for openvpn you need to have them specified by your service provider and use https://openvpn.net/index.php/open-sour ... l#examples as a reference.
Re: OpenVPN Cyberghost
The Windows "editor" of Windows 8.1ispyisail wrote:what editor do you use to create this file?Finally I created the text file user.txt. First row username, second password. Uploaded it with WinSCP to /etc/openvpn/.
Re: OpenVPN Cyberghost
Use notepad++ or vi in command line.Eddie9000 wrote:The Windows "editor" of Windows 8.1ispyisail wrote:what editor do you use to create this file?Finally I created the text file user.txt. First row username, second password. Uploaded it with WinSCP to /etc/openvpn/.
Re: OpenVPN Cyberghost
Is there a way to check what the problem is exactly? Speaking of reading out a log or something similar.
By the way notepad++ is like 100 year evolution ahead of Windows editor.
By the way notepad++ is like 100 year evolution ahead of Windows editor.
Re: OpenVPN Cyberghost
1. Download and run putty.exe (http://www.chiark.greenend.org.uk/~sgta ... nload.html)
2. Connect to your router. Use the address and credentials you use through the gargoyle interface root/password
3. Type the following and check the contents of the directory. Also get the name of the *.conf file from here.
4. Type the following and check the output
Your password file should be where auth-user-pass says it is. Check that with the ls command. Also check it's contents with the cat command.
Any other files mentioned in the conf should be in the locations it says they should be. Again use ls and cat to check.
5. Type ps to see the list of running processes.
6. For logs type logread
7. Use the following to create password file. Make suire you use the correct location/name for the password file ie the one in the conf file. The first command will overwrite the file so be warned.
2. Connect to your router. Use the address and credentials you use through the gargoyle interface root/password
3. Type the following and check the contents of the directory. Also get the name of the *.conf file from here.
Code: Select all
ls /etc/openvpn
4. Type the following and check the output
Code: Select all
cat /etc/openvpn/grouter_client_########.conf
Your password file should be where auth-user-pass says it is. Check that with the ls command. Also check it's contents with the cat command.
Any other files mentioned in the conf should be in the locations it says they should be. Again use ls and cat to check.
5. Type ps to see the list of running processes.
6. For logs type logread
7. Use the following to create password file. Make suire you use the correct location/name for the password file ie the one in the conf file. The first command will overwrite the file so be warned.
Code: Select all
echo username > path to password file
echo password >> path to password file
Re: OpenVPN Cyberghost
Can't echo the password. The password contains a '&'. That might be a problem.craigrose wrote: 7. Use the following to create password file. Make suire you use the correct location/name for the password file ie the one in the conf file. The first command will overwrite the file so be warned.Code: Select all
echo username > path to password file echo password >> path to password file
root@Gargoyle:~# echo xxxxx&yyyyyyyyy >> /etc/openvpn/user.txt
-ash: yyyyyyyyy: not found
Eddie
Re: OpenVPN Cyberghost
The logread is: Gargoyle user.notice root: openvpn stopped, restartingcraigrose wrote: 6. For logs type logread
Re: OpenVPN Cyberghost
You want to use:
That log message doesn't tell me much other than the process was stopped then started.
Type the ps command. You should be able to see something like the following if it started successfully.
Code: Select all
echo "xxxxx&yyyyyyyyy" >> /etc/openvpn/user.txt
Type the ps command. You should be able to see something like the following if it started successfully.
Code: Select all
/usr/sbin/openvpn --syslog openvpn(custom_config) --writepid /var/run/openvpn-custom_config.pid --config /etc/openvpn/grouter_client_obfuscatedpart.conf