Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stuck on "Launching OpenVPN..." on Synology DS920+ #130

Open
lemstress opened this issue Jan 24, 2022 · 4 comments
Open

Stuck on "Launching OpenVPN..." on Synology DS920+ #130

lemstress opened this issue Jan 24, 2022 · 4 comments

Comments

@lemstress
Copy link

So I'm trying to get vopono running on my Synology NAS via PIA. I'm assuming the issue I'm running into is related to the fact that I'm running this within the Synology version of Linux. Here's some info:

DSM Version: DSM 7.0.1-42218 Update 2
Linux Version: Linux PDX-NAS 4.4.180+ #42218 SMP Fri Sep 24 02:41:48 CST 2021 x86_64 GNU/Linux synology_geminilake_920+
Kernel Version: 4.4.180+

The test operation hangs on 2022-01-24T21:00:28.709Z INFO vopono::openvpn > Launching OpenVPN...

and with verbose on here's what it hangs on:

lemstress@PDX-NAS:~$ vopono -v exec --provider privateinternetaccess --server poland "curl ifconfig.co/country"
 2022-01-24T21:08:43.222Z DEBUG vopono::util > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.223Z DEBUG vopono       > pactl not found, will not set PULSE_SERVER
 2022-01-24T21:08:43.223Z INFO  vopono::util > Calling sudo for elevated privileges, current user will be used as default user
 2022-01-24T21:08:43.223Z DEBUG vopono::util > Args: ["vopono", "-v", "exec", "--provider", "privateinternetaccess", "--server", "poland", "curl ifconfig.co/country"]
 2022-01-24T21:08:43.436Z DEBUG vopono::util > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.436Z DEBUG vopono       > pactl not found, will not set PULSE_SERVER
 2022-01-24T21:08:43.436Z DEBUG vopono::util > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.437Z DEBUG vopono::util > Existing namespaces: ["vopono_pia_poland"]
 2022-01-24T21:08:43.437Z DEBUG vopono::util > Removing dead namespace: vopono_pia_poland
 2022-01-24T21:08:43.437Z DEBUG vopono::util > ip netns delete vopono_pia_poland
 2022-01-24T21:08:43.445Z DEBUG vopono::util > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.445Z DEBUG vopono::util > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "firewall" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "custom_config" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "postup" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "predown" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "user" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "dns" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::exec > vopono config.toml: configuration property "protocol" not found
 2022-01-24T21:08:43.446Z DEBUG vopono::util > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.446Z DEBUG vopono::network_interface > ip addr
 2022-01-24T21:08:43.448Z DEBUG vopono::exec              > Interface: eth0
 2022-01-24T21:08:43.448Z DEBUG vopono::util              > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.449Z INFO  vopono::util              > Chosen config: /var/services/homes/lemstress/.config/vopono/pia/openvpn/poland-pl.ovpn
 2022-01-24T21:08:43.450Z DEBUG vopono::util              > Existing namespaces: []
 2022-01-24T21:08:43.450Z DEBUG vopono::util              > ip netns add vopono_pia_poland
 2022-01-24T21:08:43.561Z INFO  vopono::netns             > Created new network namespace: vopono_pia_poland
 2022-01-24T21:08:43.562Z DEBUG vopono::util              > Existing interfaces:
 2022-01-24T21:08:43.564Z DEBUG vopono::util              > Assigned IPs: []
 2022-01-24T21:08:43.564Z DEBUG vopono::netns             > ip netns exec vopono_pia_poland ip addr add 127.0.0.1/8 dev lo
 2022-01-24T21:08:43.581Z DEBUG vopono::netns             > ip netns exec vopono_pia_poland ip link set lo up
 2022-01-24T21:08:43.609Z DEBUG vopono::veth_pair         > NetworkManager not detected running
 2022-01-24T21:08:43.609Z DEBUG vopono::veth_pair         > firewalld not detected running
 2022-01-24T21:08:43.609Z DEBUG vopono::util              > ip link add pia_poland_d type veth peer name pia_poland_s
 2022-01-24T21:08:43.613Z DEBUG vopono::util              > ip link set pia_poland_d up
 2022-01-24T21:08:43.623Z DEBUG vopono::util              > ip link set pia_poland_s netns vopono_pia_poland up
 2022-01-24T21:08:43.638Z DEBUG vopono::util              > ip addr add 10.200.1.1/24 dev pia_poland_d
 2022-01-24T21:08:43.639Z DEBUG vopono::netns             > ip netns exec vopono_pia_poland ip addr add 10.200.1.2/24 dev pia_poland_s
 2022-01-24T21:08:43.657Z DEBUG vopono::netns             > ip netns exec vopono_pia_poland ip route add default via 10.200.1.1 dev pia_poland_s
 2022-01-24T21:08:43.675Z INFO  vopono::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-01-24T21:08:43.675Z INFO  vopono::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-01-24T21:08:43.675Z DEBUG vopono::util              > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o eth0 -j MASQUERADE
 2022-01-24T21:08:43.690Z DEBUG vopono::util              > iptables -I FORWARD -i pia_poland_d -o eth0 -j ACCEPT
 2022-01-24T21:08:43.713Z DEBUG vopono::util              > iptables -I FORWARD -o pia_poland_d -i eth0 -j ACCEPT
 2022-01-24T21:08:43.733Z DEBUG vopono::util              > sysctl -q net.ipv4.ip_forward=1
 2022-01-24T21:08:43.736Z DEBUG vopono::util              > Using config dir from $HOME config: /var/services/homes/lemstress/.config
 2022-01-24T21:08:43.736Z DEBUG vopono::vpn               > Read auth file: /var/services/homes/lemstress/.config/vopono/pia/openvpn/auth.txt
 2022-01-24T21:08:43.736Z DEBUG vopono::dns_config        > Setting namespace vopono_pia_poland DNS server to 209.222.18.222, 209.222.18.218
 2022-01-24T21:08:43.737Z INFO  vopono::openvpn           > Launching OpenVPN...
 2022-01-24T21:08:43.737Z DEBUG vopono::openvpn           > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable
 2022-01-24T21:08:43.737Z DEBUG vopono::openvpn           > Found remotes: [Remote { host: Hostname("poland.privacy.network"), port: 1198, protocol: UDP }]
 2022-01-24T21:08:43.737Z DEBUG vopono::netns             > ip netns exec vopono_pia_poland openvpn --config /volume1/homes/lemstress/.config/vopono/pia/openvpn/poland-pl.ovpn --machine-readable-output --log /etc/netns/vopono_pia_poland/openvpn.log --auth-user-pass /var/services/homes/lemstress/.config/vopono/pia/openvpn/auth.txt --pull-filter ignore block-outside-dns

It's hanging on 2022-01-24T21:08:43.737Z DEBUG vopono::netns > ip netns exec vopono_pia_poland openvpn --config /volume1/homes/lemstress/.config/vopono/pia/openvpn/poland-pl.ovpn --machine-readable-output --log /etc/netns/vopono_pia_poland/openvpn.log --auth-user-pass /var/services/homes/lemstress/.config/vopono/pia/openvpn/auth.txt --pull-filter ignore block-outside-dns

I'm assuming this has something to do with the network interface/namespaces but I'm not sure. Any help would be appreciated and please let me know what other information I can provide! I'd love to get this working on my Synology NAS, it would be extremely helpful.
@jamesmcm
Copy link
Owner

Can you please check the log file? /etc/netns/vopono_pia_poland/openvpn.log

And then please check:

  • Does OpenVPN work if you run it normally without vopono?
  • What if you run it with those arguments (i.e. --pull-filter ignore block-outside-dns ) ?
  • What is the OpenVPN version?

If I had to guess, it's a very old Linux kernel version, so maybe OpenVPN is also too old version to support --pull-filter - but it should hopefully be clear in the log file.

@lemstress
Copy link
Author

Thanks for replying!

  • When I check the log files at /etc/netns/vopono_pia_poland/openvpn.log there's literally nothing. It didn't write anything. Maybe it doesn't have permission? Is there a flag I can set for it to log it elsewhere?

  • OpenVPN does work without vopono, but I did it within the DSM GUI, I haven't tried via the CLI

  • While trying to invoke --pull-filter ignore block-outside-dns I get:

lemstress@PDX-NAS:~$ vopono --pull-filter ignore block-outside-dns exec --provider privateinternetaccess --server pol
and "curl https://icanhazip.com"
error: Found argument '--pull-filter' which wasn't expected, or isn't valid in this context

USAGE:
    vopono [FLAGS] <SUBCOMMAND>

For more information try --help

As for the OpenVPN version:

lemstress@PDX-NAS:~$ openvpn --version
OpenVPN 2.4.9 [git:DSM7-0-1-official/2be2264704e1da15+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 22 2021
library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

@jamesmcm
Copy link
Owner

jamesmcm commented Jan 24, 2022
edited
Loading

While trying to invoke --pull-filter ignore block-outside-dns I get

I meant pass it to OpenVPN, like:

$ sudo openvpn --config /volume1/homes/lemstress/.config/vopono/pia/openvpn/poland-pl.ovpn  --pull-filter ignore block-outside-dns

In theory it should be fine for that version though, but if you are able to run it in the CLI directly you'd be able to see more of the logs hopefully. vopono escalates to root so it shouldn't be a permissions issue.

And when you test OpenVPN is it with that config file? i.e. PIA Poland?

@ScottDillman
Copy link

Maybe related, maybe not.. but worth mentioning. I found that I had the same issue with ip netns hanging and the openvpn log completely empty. After digging a little deeper and running the openvpn command line directly I found that there was a missing symlink for libnsl.so.2. Creating a symlink solved the problem:

sudo ln -sf /usr/lib/libnsl.so /usr/lib/libnsl.so.2

I was also seeing this error when running openvpn directly:

openvpn: error while loading shared libraries: libnsl.so.2: cannot open shared object file: No such file or directory

If you are not seeing that error when running openvpn you might have a different problem with the same behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jamesmcm @ScottDillman @lemstress