TrustConnect client for RedHat and Ubuntu systems

[Guest]

[srfox23]

No, you should download the ca.crt file (i.e., through context menu at right-mouse click) and put this file into /etc/openvpn/

Ok, I'll try that, but shouldn't I have uninstalled the original trustConnect account?

[srfox23]

No, you should download the ca.crt file (i.e., through context menu at right-mouse click) and put this file into /etc/openvpn/

Ok, I'll try that.

[dlimonov]

Ok, I'll try that, but shouldn't I have uninstalled the original trustConnect account?

No, there's no need to uninstall the existing account (or TC installation).

[fantab]

I am using Ubuntu Lucid Lynx [10.04.2 LTS] and want to use my FREE CTC ACCOUNT. I see that most of the information you've provided here seems to be specifically for "Paid Account" and you've also mentioned that the procedure to install CTC is different for Paid Account.

I installed 'tcclient' for ubuntu from https://forums.comodo.com/comodo-trustconnect-ctc/trustconnect-client-for-redhat-and-ubuntu-systems-t38198.0.html. The tcclient installs ok and shows up in the 'Applications-Internet' however I am unable to connect, and moreover when I try to configure the Client I get the message, "Config not availabe!" and "Can't modify config at this moment! Try Later!".

Please help me to use CTC with Ubuntu?

[dlimonov]

Hello,

At the moment, the TrustConnect Client for Linux isn't intended for free account.
You may use OpenVPN client.
1. If you don't have openVPN installed on your system, do: sudo apt-get install openvpn

2. Download the client configuration file for FREE service:
http://download.comodo.com/trustconnect/free_client.conf

3. Download certificate: https://accounts.comodo.com/download/trustconnect/ca.crt

4. Copy config file and certificate into OpenVPN configuration directory, for example into /etc/openvpn/.

5. To start service: sudo /etc/init.d/openvpn start
   to stop: sudo /etc/init.d/openvpn stop
   to check status: sudo /etc/init.d/openvpn status
   
   Note that if you use init.d/openvpn script, you should remove all unneeded *.conf files from /etc/openvpn/ directory.

6. After connect, try to open a site.
   If you get something like "Firefox can't find the server...", add the following line into /etc/openvpn/free_client.conf:

route DNS_IP 255.255.255.255 net_gateway

where DNS_IP - your DNS server's IP (see /etc/resolv.conf)

and net_gateway - the pre-defined constant, which means in terms of openVPN-client the network default gateway.

example:
route 192.168.1.77 255.255.255.255 net_gateway

Note that if you have more than one DNS listed in /etc/resolv.conf, you should add them in subsequent lines, for example:

route 192.168.1.77 255.255.255.255 net_gateway
route 192.168.1.80 255.255.255.255 net_gateway


Also it's very useful to log the openVPN's messages to file, for example, openvpn.log.
To do this, you may add in /etc/openvpn/client.conf the line:
log /var/log/openvpn.log

[fantab]

6. After connect, try to open a site.
   If you get something like "Firefox can't find the server...", add the following line into /etc/openvpn/free_client.conf:

route DNS_IP 255.255.255.255 net_gateway

where DNS_IP - your DNS server's IP (see /etc/resolv.conf)

and net_gateway - the pre-defined constant, which means in terms of openVPN-client the network default gateway.

example:
route 192.168.1.77 255.255.255.255 net_gateway

Note that if you have more than one DNS listed in /etc/resolv.conf, you should add them in subsequent lines, for example:

route 192.168.1.77 255.255.255.255 net_gateway
route 192.168.1.80 255.255.255.255 net_gateway


Also it's very useful to log the openVPN's messages to file, for example, openvpn.log.
To do this, you may add in /etc/openvpn/client.conf the line:
log /var/log/openvpn.log

Hello and Thank you very much for helping me out.

I have followed your instructions: I have downloaded and added ca.crt and free_client.conf to the /etc/openvpn folder.

I have certain doubts with respect to Step 6.

*** Where do I add "route DNS_IP 255.255.255.255 net_gateway" in free_client.conf? Should add it at the end or is there a particular place in the mentioned file where I have to add it?

*** and same thing with the log file... ?

I have added what you had asked - I copied two DNS IP from resolv.conf to free_client.conf at the end of the file but when I run sudo /etc/init.d/openvpn start I get "fail".

I would greatly appreciate if you could help me with where to make changes in free-client.conf and in what order?

Thanks again

[dlimonov]

*** Where do I add "route DNS_IP 255.255.255.255 net_gateway" in free_client.conf? Should add it at the end or is there a particular place in the mentioned file where I have to add it?

You may put these lines anywhere in the free_client.conf, and at the end of the file, too. For example:

Code:

client
dev tap
proto tcp

remote uk2.vpn.comodo.com 443
remote-random

auth-user-pass
resolv-retry infinite
nobind
persist-key
persist-tun
pull
remap-usr1 SIGTERM

ca ca.crt
ns-cert-type server
tls-remote ComodoVPNS

mute-replay-warnings
mute 2
comp-lzo
verb 1

route 192.168.25.1 255.255.255.255 net_gateway
route 192.168.20.1 255.255.255.255 net_gateway

log /var/log/openvpn.log

[fantab]

Okay... I edited the free_client.conf as instructed; I started "sudo /etc/init.d/openvpn start, it asked for username and password which I provided (the one I used on CTC Client in Windows)... I got [ OK ], then I rechecked "sudo /etc/init.d/openvpn status"... and I get "* VPN 'free_client' is running"

And when I tried to browse to any website, Firefox says it did not find the SERVER at the respective website (SERVER NOT FOUND).

I had also disabled ufw via gufw and tried to connect to web but without any success.

What more do I need to do? or what am I doing wrongly? Please assist me in resolving this.

Regards...

[dlimonov]

Seems like hostname cannot be resolved.
Please, start OpenVPN and try to ping some site from a console and give us the output. Also, please, give the output of the following commands:

iptables -L -nv

route -nv

[dlimonov]

Please, send me in private messages the following files:
free_client.conf
/etc/resolv.conf
Also, tell what OpenVPN client version you have. You can find this out with the following command:
openvpn --version

Also be so kind to tell me how do I ascertain that I am connected to CTC, if I am connected?

Start OpenVPN and enter route -nv
You should see something like on the screenshot. Red underlined - TrustConnect VPN default gateway. You will be able to access it: ping 172.20.2.1
Also, you may execute ifconfig command and see the TAP interface in the network interfaces list.

[fantab]

Need help in configuring and using CTC Free Account for FEDORA16_64.

The Ubuntu method is not working on Fedora. The instructions provided https://www.comodo.com/trustconnect/linux.html are not much of a help.

Please help me use my Free CTC account on Fedora.

[dlimonov]

Setting up Trust Connect free on Linux using openVPN client

1. Login in your system as root.
2. Make shure that you have openVPN client installed in your system. Check it, for example, by command "which openvpn" (you should be root).
You should get the path to openvpn. If you don't have openVPN client, install it : "yum install openvpn"
3. Download config file. If you have free account:
   http://download.comodo.com/trustconnect/free_client.conf
   For paid subscription or 7 day trial:
   https://accounts.comodo.com/download/trustconnect/client.conf
4. Download CA certificate: https://accounts.comodo.com/download/trustconnect/ca.crt

5. Put config and certificate into /etc/openvpn/ (for example)

6. To connect to TrustConnect enter the command: "openvpn --config /etc/openvpn/free_client.conf --ca /etc/openvpn/ca.crt"
   You will be prompted for Service Login and Service Password.

   To disconnect, press Ctrl-C in this console.

7. If you'll get something like "Firefox can't find the server at..." after connecting,
try to add the following line into /etc/openvpn/free_client.conf:

route DNS_IP 255.255.255.255 net_gateway

where DNS_IP - your DNS server's IP (see /etc/resolv.conf)
and net_gateway - the pre-defined constant, which means in terms of openVPN-client the network default gateway.

example:

route 192.168.1.77 255.255.255.255 net_gateway

[fantab]

Thank you very much, dlimonov. I didn't know that  ca.crt has to be run too. That did the trick.

[fantab]

I have installed Arch Linux 64bit on one of my PC. I am trying to configure CTC to work with OpenVPN. I know that CTC works with Fedora and Ubuntu- I have them them both on my other computers. I want to get it to work with Arch.

Here is what I have done so far; I have followed instructions on this thread to add free_client.conf and ca.crt to /etc/openvpn after which I tested by running openvpn and I get following ERRORS as reported in /var/log/openvpn.log:

Code:

Fri May 11 17:32:00 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan  3 2012
Fri May 11 17:32:22 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri May 11 17:32:22 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 11 17:32:22 2012 LZO compression initialized
Fri May 11 17:32:22 2012 Attempting to establish TCP connection with 91.212.12.68:443 [nonblock]
Fri May 11 17:32:23 2012 TCP connection established with 91.212.12.68:443
Fri May 11 17:32:23 2012 TCPv4_CLIENT link local: [undef]
Fri May 11 17:32:23 2012 TCPv4_CLIENT link remote: 91.212.12.68:443
Fri May 11 17:32:23 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 11 17:32:26 2012 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=UA/L=Odessa/O=Comodo/OU=CSP/CN=Comodo_CA/emailAddress=csp[at]comodo.od.ua
Fri May 11 17:32:26 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri May 11 17:32:26 2012 NOTE: --mute triggered...
Fri May 11 17:32:26 2012 2 variation(s) on previous 2 message(s) suppressed by --mute
Fri May 11 17:32:26 2012 Fatal TLS error (check_tls_errors_co), restarting
Fri May 11 17:32:26 2012 SIGTERM[soft,tls-error] received, process exiting

As you can see in the above log I am able to connect 91.212.12.68:443. I have also tried everything this WIKI had to offer and several times. And each time I get the exact same errors. I am afraid I am missing something or doing something wrong.  Can you please take a look at it? Help me understand the issue and please guide me to the solution.

THANKS

[fantab]

I got it working.

Code:

Sat May 12 21:25:06 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan  3 2012
Sat May 12 21:25:17 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sat May 12 21:25:17 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat May 12 21:25:17 2012 LZO compression initialized
Sat May 12 21:25:18 2012 Attempting to establish TCP connection with 91.212.12.68:443 [nonblock]
Sat May 12 21:25:19 2012 TCP connection established with 91.212.12.68:443
Sat May 12 21:25:19 2012 TCPv4_CLIENT link local: [undef]
Sat May 12 21:25:19 2012 TCPv4_CLIENT link remote: 91.212.12.68:443
Sat May 12 21:25:19 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat May 12 21:25:24 2012 [ComodoVPNS-3] Peer Connection Initiated with 91.212.12.68:443
Sat May 12 21:25:26 2012 TUN/TAP device tap0 opened
Sat May 12 21:25:26 2012 /usr/sbin/ip link set dev tap0 up mtu 1500
Sat May 12 21:25:26 2012 /usr/sbin/ip addr add dev tap0 xxx.xx.2.8/24 broadcast xxx.xx.2.255
Sat May 12 21:25:26 2012 Initialization Sequence Completed

I had to create and execute update-resolv-conf and also redownloaded and replaced free_client.conf and ca.crt.

So, CTC free works on ArchLinux too.

[Tags:]