Posts by zomboided

    This is an add-on that makes it easy to use VPN connections from within Kodi

    Features are :
    - Manage Private Internet Access, IPVanish, VyprVPN, Invisible Browsing VPN, tigerVPN, Hide My Ass!, LiquidVPN, AirVPN, CyberGhost, Perfect Privacy, TorGuard, HideIPVPN, LimeVPN, VPN Unlimited, BTGuard VPN, ExpressVPN, SaferVPN, Celo VPN.ht, TotalVPN, WiTopia, proXPN, Windscribe Pro, VPN.ac, VPNSecure, BulletVPN, NordVPN, Mullvad, IVPN (untested), SecureVPN.to (untested), RA4W (untested), VPNArea (untested), VanishedVPN (untested) and PrivateVPN (untested)
    - Import .ovpn files for other VPN providers not supported
    - Connect to VPN when Kodi starts and reconnect when necessary
    - Connect to VPN before Kodi starts (LibreELEC only)
    - Automatically switch to different VPN profiles/locations (or disconnect entirely) depending on add-on or Kodi window ID in use
    - Switch VPN profiles/locations from within TV Guide Fullscreen depending on channel (add-on) in use
    - Supports both UDP and TCP connections where available, using the default or user defined port
    - Easy display and switching of profiles from a single button/remote key
    - Display screen overlay of current system information from a single button/remote key
    - Remote interaction via API
    - Third party add-on API (for integration with TV guides, etc)
    - Supported on LibreELEC, OpenELEC 5 onwards, OSMC, other Linux based Kodi installs and Windows (see words in the installation and trouble shooting wiki pages)
    - Android not supported. It doesn't work and will just give you an error message.

    Install the repo and following the installation guide.

    These three pages cover the basics
    Download and installation
    VPN configuration and connection
    Filter VPN connection depending on add-on being used

    If you want to add a VPN that's not supported then see these pages

    User Defined VPNs

    Debugging VPNs

    If you're confused about something then READ THE WIKI. I didn't write it because I was bored. If you're genuinely having trouble then try and help yourself first by reviewing the trouble shooting page. Then upgrade to the latest version and recreate the issue from boot, getting a FULL log with debug enabled, put it on pastebin (as I won't open random internet attachments) and post up your issue in this thread. Please don't expect support without a problem description and a full log.

    Please don't PM me directly about problems you're having with this add-on, you'll not get an answer


    Hi
    I've got VPN Unlimited working with VPN Manager, but not all the servers that are available through the VPN Unlimited windows app appear to be available via VPN Manager.
    Does anyone know why this is?

    Because they've added/changed stuff since it was added.

    See here
    DD-WRT OpenVPN configuration guide for VPN Unlimited users
    Ask support for the set of .ovpn files for OpenVPN because you want to configure it manually and then PM me what they send you and I'll update it.

    I've done some checking and IPVanish and VyprVPN were added when they were using tls-remote so it's just these two that will be affected. I can see they've both moved on since then but I'd like to verify that IPVanish works because when I tried to use the verify-x509-name parameter when I was fixing IPVanish recently, it didn't work.

    Are you using VPN manager, if so what version thereof?

    I'm guessing this is caused by LE moving to a newer version of openvpn (2.4.0?) in the latest build and I'm wondering if the problem is that tls-remote has been removed (was deprecated). #848062 - Warn users of removed tls-remote option - Debian Bug report logs

    However, when I updated IPVanish for 2.4.1 of my add-on, I could not get verify-x509-name (the thing that replaced it) to work. I'm also worried that this will affect more than just IPVanish

    smoutc, if you wanna help debug it, please ensure you're at 2.4.1 of VPN manager and PM me

    I was just gonna post that because someone else posted a similar issue to GitHub. Did you download one of the packaged releases or did you go and fetch directly from GitHub itself? Just want to know if I should check the last build I put out

    Someone else has mentioned the Pure connections are out of date, so I'll update them. I'm still not thinking this is the issue though.
    I don't think the encryption type is the issue on the RPi, you should see way more than what you're getting (I do on the same device).
    I think plugging your RPi into your cable modem directly using an ethernet cable and seeing what you get would eliminate the issue of going through some additional modem hops.

    Edit: Pure updated in 2.3.0

    Well the security hole is an issue because you're using a VPN who elect not to give you any sort of firewall unless you pay extra. It's not because you're using my addon, which is just doing the work to create a VPN connection for you.

    infinity85, do I need to update the Pure connection list? I can't think why the DNS name would make a difference as both resolve to the same IP. I can believe that Pure workload balance, which maybe what's happening here?

    The two URLs resolve to the same IP address. And you can change the UDP port to whatever you want using the interface. They were both correct when I added PureVPN.
    As I already told you though on Github though, you're able to connect. The issue is either going to be your network, your ISP or the VPN provider. Or you can prove me wrong and demonstrate that it works on your system via the command line.

    You're right, I had forgotten the headline "#!/bin/sh", now the up.sh is like this:

    Bash
    #!/bin/sh
    iptables -F
    iptables -A INPUT -i tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i tun0 -j DROP

    And it does work indeed now. The rules are set after successful connection. But I took a look into OpenVPN.log and saw these to last lines (although VPN tunnel works):

    Code
    ERROR: Linux router add command failed: external program exited with error status: 2
    Initialization Sequence completed

    Anyway...after ignoring it, I played around a bit:

    • Disconnecting the VPN does not flush the rules. They stay if I do "iptables -nvL". So flushing would be the purpose of a down.sh? If yes, then down.sh should be made the way that it only deletes the rules, which were introduced by up.sh upon connection attempt.
    • Then I reverted the chmod +x up.sh, to see if it would work without this command.
    • Result (without chmod +x up.sh) is this error again:
      Code
      Options Error: --up script fails with '/storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/up.sh': Permission denied


    So the script needs to be marked as executable. I'm no linux guy... is that possible to be done automatically without user interaction?

    Yes, that's the purpose of down.sh. You can put whatever you want in either script. I've not tested whether down.sh runs - it doesn't on Windows (my test environment) as I was killing the task too hard. I think it might work on Linux. If you introduce down, you'll need to reset the ovpn files again or you can add in the command yourself.

    The route command can fail if a route is already set, which would be my guess as to what's happening. You can check the iptable before and after to see if you're happy with the contents. If you are, don't worry about it. If you think the routing is wrong, then try and work out what your modifications are doing to break it (assuming the VPN provider isn't pushing crap at you on connection)

    chmod changes the permissions of a file. It you don't give it permission to run, then it won't, that's the way Linux works. Set it to the correct permission and leave it alone. You shouldn't need to do it more than once.

    Your script should run in isolation...you should be able to type up.sh and it execute. If you can't then this is a large part of the problem you're having. For Pure, there does seem to be some issues I'll need to look at. script-security 2 should be added with the up option but I can look and see why it's not happening.

    As for a risky solution....maybe if you were being port scanned at DoS levels of activity. This is the way that openvpn expects to be used from what I can tell though so I'm not going to worry about this.

    EDIT : Just noticed I did write the script-security 2 line, but the previous line (the one you deleted didn't have a line end). You can fix this by finding the template.txt file in the PureVPN directory in the addon directory and adding a return at the end of the last line. Then go delete the .ovpns and you'll be back to your final step which is your script failing. I've fixed this now, but will hold off rolling out another release until I've done some more testing myself.

    hollol, I was thinking the same thing, but I'm not far enough along with that thinking and my understanding of how to manipulate the tables to know if this is possible. If you want to do some testing yourself, then see below, we might have a mechanism to do this...

    infinity85, I've just upload version 2.2.4 which adds support for up/down scripts. I've only tested up scripts on Windows and it'll be a while before I get to test this on my LibreELEC boxes. If you want to create an 'up.sh' in your UserDefined directory, then reset the .ovpn files, then it should detect that you want to use an up script and update your user defined .ovpn files to include the right parameter to cause the script to run after the connection has been established. I think within this script you're wanting to put the iptable modifications you mentioned previously in this thread.

    On Windows, the down script is not run. I think this is because of how I'm killing the task. On Linux, I use a more appropriate method of terminating the task which *may* allow the down script to run. As I said, I need to test on my LibreELEC box to know if this is the case.

    There's a small amount of doc here Home · Zomboided/service.vpn.manager Wiki · GitHub but it pretty much covers what you know/I've just told you.

    If this does work, then I might look to roll it out to all VPN providers, but to be honest I have no idea how many of them don't do some amount of firewalling/blocking for you. I might just be a handful that let everything in like you're seeing with Pure.