VPN Manager for OpenVPN

  • I set up pi-hole this week and to my surprise discovered that my Pi running Libreelec is not using the IVPN DNS that I expect. So for a few years now I did not realize there was DNS leakage. I have tried to read through the troubleshooting documentation and specifically the info from Gijs Withagen regarding LibreELEC installs and up/down.sh scripts, but this is well beyond my knowledge level. Is there any kind soul that can help me understand and break down what needs to be done?

  • Hello,

    Thought i'd add a comment to this thread, i began having trouble with VPNManager connecting to NordVPN, as in it stopped connecting stating unable to authenticate.

    I was running LibreElec v9.2 and decided this version was the problem so updated to v10. However the issue remained.

    After reading this thread and the github issues to find a resolution that has worked at least for me.

    Ultimately Password length i believe is the issue.

    I originally had a password which was 18 characters long containing symbols, numbers etc

    I tried only Characters and numbers still 18 long, still could not authenticate.

    Changed to characters and numbers at 8 long and found this worked.

    Change the passwored and logged out to add a symbol but kept the length at 8 this worked ok.

    I've ended up with a 12 long password (only 1 symbol within) which appears to be working.

    Note, when resetting the Nord Password it states you should have a symbol but doesn't enforce it!

    Hope this helps someone else and safes 6 hours of some one elses life!

  • This is good feedback to share, thanks. The Nord support uses their API, to which I no longer have access to the documentation, so nothing here is getting fixed. I think I've seen issues wtih :

    Multi-factor authentication being enabled

    "Weird" symbols in the password

    And now password length.

    The advice above is good if you want to connect.

  • Hello

    in first thank's for your app.

    in two : i have a vpn with my seedbox, work find on my Ubuntu PC, but no work on my Libreelec HTPC.

    I have download config file for openvpn. but with wizard vpn no work, zomboided connect my htpc with my location and ip of my provider... .

    I have look on log, i have this error :(i have change ip and dns with xxx)

    Code
    SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    2022-04-05 19:26:52.277 T:902      INFO <general>: Tue Apr  5 19:26:50 2022 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS XX.XXX.XXX.X,block-outside-dns,route XX.XXX.XXX.X,topology net30,ping 10,ping-restart 120,ifconfig xx.xxx.xxx.14 xx.xxx.xxx.13,peer-id 2,cipher AES-256-GCM'
    2022-04-05 19:26:52.277 T:902     
     INFO <general>: Tue Apr  5 19:26:50 2022 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.4.10)

    after :

    Code
    5 19:26:50 2022 ERROR: Linux route add command failed: external program exited with error status: 2

    I'm not understand

    Tank's if any one help me :)

  • Hi,

    I have just installed the VPN Manager in LibreELEC 10.0.0.2 and I am using NordVPN. It looks like it is working fine, however the journalctl reports thousands of logs coming from kodi.sh that reports a number:

    Code

    Basically, I cannot use the logs anymore as the logfile stores only a certain amount of rows.

    if I do a ps, I see that 775 is the vpn process

    Code

    Code
    550 root      0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups  
    771 root      0:50 /storage/.kodi/addons/service.tvheadend43/bin/tvheadend -B -C -u root -g video -c /storage/.kodi/userdata/addon_data/service.tvheadend43  
    775 root      0:00 /usr/sbin/openvpn --daemon --config /storage/.config/openvpn.config  
    782 root      0:00 [kworker/u9:1-hc]

    I didn't activate any logs (AFAIK), is there a way to stop this log? It appeared right after I installed the vpn service.

    I would just need to suppress this message that kills all the rest of the relevant logs

    Any idea on where I should look?

    Thanks!

  • Do you only get the flood of messages when you're running openvpn?

    As I said to you on github, this isn't something the add-on is knowingly doing, but you could eliminate openvpn logging by just invaliding all connections or turning off connect on boot.

  • Yes, only when running opevvpn, but if I have installed it it's because I want to use it....

    Basically what I see is that kodi.sh returns the pid of the openvpn command, but the script as such does not do any ps or grep, so maybe it's the kodi.bin reporting this value which is stored somewhere, maybe in some variables? I will try to check the openvpn python scripts, I have lowered the openvpn verbosity to 1 but nothing changes

    It's also strange nobody else is seeing this problem...

  • I have found the problem, it's in the code of the vpn manager.

    I debbuged it and found this line being printed, while at the very same time the kodi log was also printing the PID (at least on a RPI4):

    Code
    2022-05-03 11:05:53.986 T:978      INFO <general>: VPN Mgr : VPN is started on /storage/.kodi/addons/service.vpn.manager/NordVPN/Italy.ovpn requesting
    ...
    2022-05-03 11:06:22.868 T:978      INFO <general>: VPN Mgr : (Linux) Checking VPN task with pidof openvpn
    May 03 11:06:22 LibreELEC kodi.sh[3953]: 774 (This line comes from the journalctl log)
    2022-05-03 11:06:36.799 T:978      INFO <general>: Skipped 2 duplicate messages..
    May 03 11:06:27 LibreELEC kodi.sh[4050]: 774 (This line comes from the journalctl log)
    May 03 11:06:32 LibreELEC kodi.sh[4055]: 774 (This line comes from the journalctl log)
    2022-05-03 11:06:36.799 T:978      INFO <general>: VPN Mgr : (Linux) Checking VPN task with pidof openvpn
    May 03 11:06:36 LibreELEC kodi.sh[4061]: 774 (This line comes from the journalctl log)
    2022-05-03 11:06:50.648 T:978      INFO <general>: Skipped 2 duplicate messages..

    The problem is in this line of the code, in the vpnplatform.py file, LINE 523

    The os.command("getpidof openvpn") which is executed at that line gives two outputs: the exit code (which is stored in the pid variable) and the PID, which is printed to stdout, as you can see from this code:

    A workaround is to change that command by adding a redirection of stdout and stderr to null:

    Code
            try:
                command = getPidofPath() + " openvpn >/dev/null 2>&1" 
                if useSudo() : command = "sudo " + command
                debugTrace("(Linux) Checking VPN task with " + command)         
                pid = os.system(command)  

    This change works for me, now I don't get the PID printed in the logs anymore.

    It would be nice if you could update the code.

    Thanks!

    Luca

  • That's some good work debugging, thanks! I'm running Pi3s most everywhere and haven't been brave enough to upgrade to the new release. Here's the Python 2 behaviour, which is different.

    Code
    >>> import os
    >>> os.system("pidof openvpn")
    256
    >>> pid=os.system("pidof openvpn")
    >>> print pid
    256

    I think the latest version of the add-on requires Python 3, so I think your proposal should work. I'm gonna do some testing in a non-LE environment and see if it's true for 'all' Linux platforms before making the change though. Thanks again.

  • 7.0.1 has the fix mentioned above. I tried it on TwisterOS, which has the older pidof behaviour, and @ciclista71 has tested it on a new LE build which I have not installed myself and it seems to work on both. Any issues, post them up.

  • Just wondering if anyone has fixed potential DNS Leaks in LE 10.0.2. I’ve spent hours in this forum, the troubleshooting guide and tried all suggestions and haven’t had any luck with PIA, Surfshark, or Nord. All posts related to the issue are a year old or more and I would welcome any assistance.

  • Just wondering if anyone has fixed potential DNS Leaks in LE 10.0.2. I’ve spent hours in this forum, the troubleshooting guide and tried all suggestions and haven’t had any luck with PIA, Surfshark, or Nord. All posts related to the issue are a year old or more and I would welcome any assistance.

    Yeah theres a script that fixes this. Ive used it with NordVPN and Surfshark. It works great. I'll add links to the fixes here.

    Edit

    up.sh and down.sh scripts for LibreElec - DNS Leakage · Issue #282 · Zomboided/service.vpn.manager
    Hi Zomboided, I use your VPN manager on my LibreElec raspberry Pi box. The recipe you provide to protect against potential DNS leakage, is not working for this…
    github.com

    That's the script. Remember it needs to be edited with your providers DNS settings and needs to be made executable. So when I'm using with NordVPN I've changed the DNS servers with Nords, changed server 3 to 1.1.1.1.

    Edited once, last by davidsilva (May 11, 2022 at 5:52 PM).

  • Yeah theres a script that fixes this. Ive used it with NordVPN and Surfshark. It works great. I'll add links to the fixes here.

    Edit

    https://github.com/Zomboided/service.vpn.manager/issues/282

    That's the script. Remember it needs to be edited with your providers DNS settings and needs to be made executable. So when I'm using with NordVPN I've changed the DNS servers with Nords, changed server 3 to 1.1.1.1.

    Awesome thanks David I'll keep trying .

  • I somehow got Nord working; however, I have had absolutely zero luck with Surfshark. If anyone has Surfshark working, feel free to send me a message as it's driving me insane and would appreciate any help possible.

  • You can see if openvpn is a running task using ps. VPN Mgr will manage the stopping and starting of that task.

    It'll also redirect the output to a log (/run/openvpn.log maybe?), but I think the log will hang around even after the task dies so just looking for the existence of the log is not enough.

  • Hello,

    Firstly, thank you for this great Add-on.

    I understand that NordVPN is very troubling with this add-on due to Nords constant change of API's.

    Therefore I've created a simple script of my own to download the config file of the recommended UK server with my filters from Nord

    Code
    protocol="udp"
    vpnHostName=$(curl -s -g 'https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22country_id%22:227,%22servers_groups%22:[15],%22servers_technologies%22:[3]}' | jq '.[0].hostname' | tr -d '"' )
    sleep 1
    wget "https://downloads.nordcdn.com/configs/files/ovpn_$protocol/servers/$vpnHostName.$protocol.ovpn" -O "/storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/NordVPN ($protocol).ovpn"
    
    sleep 1
    
    killall openvpn
    
    # PATH SHOULD BE PUT IN E.G.    /storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/NordVPN ($protocol).ovpn

    I've been able to use the file downloaded and import it into VPN Manager, however, when trying to set up a script to replace the file in "

    /storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/", with the newer downloaded file, it seems to not take on the config of the new UserDefined .ovpn file and looks like its holding the old config settings elsewhere to reconnect to it.

    I may be wrong, but should this work in theory?

    I'm looking to cron job this script and update it every couple of hours, or at-least when it matters most to me (upon startup).

    Any tips will help.

    I've had a look at https://github.com/Zomboided/serv…er-Defined-VPNs and other searches, but it does not delve into what I'm trying to do.

    Edited once, last by bhups (May 25, 2022 at 12:34 PM).