I Connect To Trust Connect But Then I Can't Surf?

I’m using TrustConnect with Linux, here’s the files I have;

root[at]slackware:/etc/openvpn# ls
certs free_client.conf keys

root[at]slackware:/etc/openvpn/certs# ls
ca.crt
root[at]slackware:/etc/openvpn/certs#

I start the connection like this;

openvpn --auth-nocache --config /etc/openvpn/free_client.conf --ca /etc/openvpn/certs/ca.crt --comp-lzo yes

Here’s the output I get when connecting;

Fri Dec 3 21:12:48 2010 OpenVPN 2.1.3 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 3 2010
Enter Auth Username:
Enter Auth Password:
Fri Dec 3 21:12:53 2010 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Dec 3 21:12:53 2010 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Fri Dec 3 21:12:53 2010 LZO compression initialized
Fri Dec 3 21:12:53 2010 Attempting to establish TCP connection with 91.212.12.68:443 [nonblock]
Fri Dec 3 21:12:54 2010 TCP connection established with 91.212.12.68:443
Fri Dec 3 21:12:54 2010 TCPv4_CLIENT link local: [undef]
Fri Dec 3 21:12:54 2010 TCPv4_CLIENT link remote: 91.212.12.68:443
Fri Dec 3 21:13:01 2010 [ComodoVPNS-3] Peer Connection Initiated with 91.212.12.68:443
Fri Dec 3 21:13:04 2010 TUN/TAP device tap0 opened
Fri Dec 3 21:13:04 2010 /sbin/ifconfig tap0 172.20.2.41 netmask 255.255.255.0 mtu 1500 broadcast 172.20.2.255
Fri Dec 3 21:13:04 2010 Initialization Sequence Completed

Now I’m connected as you can see then I open up Firefox and try to surf and I can’t make any connections online.

I simply get in the browser a page saying;

Server not found
Firefox can’t find the server at www.google.com.

So what’s going on why can’t I surf after I connect?

THANKS

P.S. I have a hardware firewall and running a iptables firewall and I took them both off line to check this and it’s not a firewall issue.

Here’s also the output of ifconfig;

tap0 Link encap:Ethernet HWaddr 6a:ba:70:b4:37:98
inet addr:172.20.2.113 Bcast:172.20.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3487 (3.4 KiB) TX bytes:4140 (4.0 KiB)

Try to add the following line into /etc/openvpn/free_client.conf:

route DNS_IP 255.255.255.255 DEF_ROUTE_IP

where DNS_IP - your DNS server’s IP (see /etc/resolv.conf)
and DEF_ROUTE_IP - IP of your default router.

example:
route 192.168.1.77 255.255.255.255 192.168.1.1

Also you may add in this file the line:
log /var/log/openvpn.log
to log the openvpn’s messages.

I’m using Comodo’s DNS so make this then like

route 156.154.70.22 255.255.255.255 192.168.1.4

By the way, why does this have to be done? I’ve never had to do this with any other VPN service I’ve used before?

THANKS

P.S. I also tried it with my ISP_DNS 255.255.255.255 192.168.1.4 and still no go… :frowning:

Still not working, I connect and go no where and can’t ping…

Here’s my free_client.conf;
http://pastebin.com/0dvr2ZHP

Here’s the log;
http://pastebin.com/LHvTG2CY

Here’s the ifconfig;
http://pastebin.com/id7M0P4L

THANKS

Your config file is ok. And I don’t see errors in your log.
Do you use some kind of firewall? If so, I recommended you to check your firewall configuration.

I said in the post already;

P.S. I have a hardware firewall and running a iptables firewall and I took them both off line to check this and it’s not a firewall issue.

You miss that? :wink:

What’s up with Comodo I have submitted two trouble tickets, don’t they support this at all?

Really sad I’ve submitted two tickets and no reply back… :frowning:

By the way this is not a problem on my end, there’s nothing to getting a VPN connection going in Linux, it’s actually very simple.

Drop your config file where it goes:

root[at]slackware:/etc/openvpn# ls
certs free_client.conf keys

Drop you cert where it goes:

root[at]slackware:/etc/openvpn/certs# ls
ca.crt

Then start the connection from the cmd line like this:

openvpn --auth-nocache --config /etc/openvpn/free_client.conf --ca /etc/openvpn/certs/ca.crt --comp-lzo yes

Bingo, that’s it. :slight_smile:

I haven’t used VPN services that much, this is only my third one, but the other two I used in the past, just like how I said you make it work, worked just fine for the other two, so I know it’s not an issue with me, it looks like Comodo has a routing issue and if they aren’t going to answer trouble tickets there’s nothing I can do.

Can you please contact them and ask them if they are looking into this and are going to respond back over this?

THANKS

P.S. Port 443 is also open on the hardware and software firewall, but as I said I’ve tried running with no firewalls and that still didn’t help any…

You could give the GeekBuddy 60 day free trial a go and see if they can make it work…

Well it looks someone somewhere has seen this problem because now I can finally get online with the firewalls off, where as before I couldn’t, but I have opened 443 in both directions and when I put my firewalls back online I can’t get online…

So now when I try to ping I’m getting some action showing a block, BUT what port do I need open now?

PING any-fp.wa1.b.yahoo.com (72.30.2.xx) 56(84) bytes of data.
From 172.20.2.xx icmp_seq=1 Destination Host Unreachable

I also noticed that if I try to use Comodo’s Secure DNS;

For the Primary and Secondary that when I’m connected I can’t go anywhere also. That seems a bit odd that Comodo offers a VPN service that you can’t use the DNS, what’s with that?

Comodo only says you need 443 open and I have that, but that’s not working…

So now I’m finally down to needing to know what port(s) do I need open and why can’t I use the Comodo DNS? I’ve used the Comodo DNS with other VPN services…

THANKS

It seems your problem is in the firewall rules. Probably, you use some kind of restrictions on the output interfaces.
Maybe you use some Iptables rules in addition to your firewall. You may check Iptables rules using command: iptables -L

My firewall rules are fine…

If this was true then I’d have problems with all the VPN connections I’ve used in the past and I haven’t.

I only have problems with Comodo and as I’ve said already, that MEANS I need to know what Comodo needs open in the firewall otherwise I’m guessing here to what it is…

Here’s the firewall log with what appears to be the problem;

Dec 9 19:12:00 slackware Shorewall:OUTPUT:REJECT: IN= OUT=tap0 MAC= SRC=172.20.2.87 DST=156.154.71.22 LEN=63 TOS=00 PREC=0x00 TTL=64 ID=54385 CE DF PROTO=UDP SPT=40519 DPT=53 LEN=43

That’s DNS being rejected on 53 but I shouldn’t need to open DNS and I did just to try and it didn’t matter.

From these your messages I can assume that you have firewall restrictions on the TAP interface. Maybe, some restrictions on the output interfaces.

TrustConnect uses only 443 TCP port.

My bad I APOLOGIZE I didn’t have tap0 defined…

All good except can’t use now Comodo’s DNS to surf with, that’s another post…

THANKS