February 16, 2014 at 5:32 pm #43863
Hi, i just want to share my experience with (ZeroShell + Privatetunnel – IE OpenVPN), please excuse my English.
Private tunnel (https://www.privatetunnel.com) is a service that provide access to US, UK and others GEO based IP addresses, i like the service because they are not restricting users by Bandwidth, instead, they are restricting them by Down/up Quota (Which is in my situation it is the exact service that i need), plus you can use unlimited number of clients and devices.
To use the service you can download a client (Windows, MAC, Android and IOS), or you can download an OpenVPN config file, the client is the best solution for novice users, but for advanced users the config file will allow them to manipulate the settings pushed by the server.
My goal was to build;
1. Router with load balancing (between three internet connections – 3 ISPs).
2. QoS to shape the traffic between 7 different subsets.
3. I live in Iraq and my 3 ISP’s are all Iraq based IP addresses, one of the requirement is to route one of the sub-nets to a US based IP address (Were Privatetunnnel connection is needed).
4. Proxy server (future deployment).
5. Vlan for each sub-net.
The setup went fine except for the VPN, i spent days trying to make it work and trying to use the default gateway passed by the privatetunnel VPN server, i always get (Fault) under the load balancing gateway section, to setup the connection i did the following:
1. downloaded the config file.
2. crate a new Lan-Lan VPN connection.
3. Set the remote IP address using the one in the config file.
3. Set the port.
4. Set the rule to Client.
5. Set the authentication to x.509.
6. Copy the Config file to Zeroshell (using tftp – the fastest way I’ve found, i’m a windows user) and saved it in /Database/etc/ssl/private/ (to make sure the file will be available after the reboot).
7. Pass a Parameters (–config /Database/etc/ssl/private/xxxFilename), the config file includes the CA, Cert, Key and all the other required certificates needed for establishing x.509 authentication based tunnel.
After saving the configuration, i received an error (bind – nobind – sorry i don’t have the full error txt), checking the config file found a line to “nobind” and zeroshell will try to use “bind”, i removed the “nobind” from the config file and tried establishing the connection again, boom, green connection text which means i’m fully connected to to the other side.
logged in into the console to do some ping test, i was able to ping, checking my routing table i was able to see some new entries. after confirming that i’m connected i tried to assign routes and load balance based rule to my new interface (VPN00), what mater i did, i was not able to accomplish anything.
After reading and testing for three days and after applying many different settings i could not route any thing to VPN00, then i’ve found the following post (https://www.zeroshell.org/forum/viewtopic.php?p=4810&sid=309a6678111ae5324eb06464273b37e2) cyboc (the post author) was talking about Zeroshell tun drive support and why the distro is not using the tun drive, checking my ifconfig i’ve found a new interface (tun0) which is the actual VPN’s interface, VPN00 was the TAP interface created by the vpn’s scripts and it is not related to the tun0 interface.
I was forced to use the tun drive (the other end is using it), so i followed “fulvio” instructions in the end of the above post, i changed all the TAP drive in the scripts to TUN and i created the pre boot script to copy the files, boom i have a working VPN00 which now using the tun drive (thank you very much Fulvio).
FYI, for my setup i had to edit OpenVPN file as follows:
1. nobind – deleted
2. route-nopull – added
3. dev tun – deleted
4. dev-type tun – deleted
one more thing, i will try to document my work so that others can benefit.
TammarMay 7, 2016 at 5:53 am #53197
I just need to know if there is anyway that I can look at your notes for the progress you made on this post regarding using zeroshell and OpenVPN with Private Tunnel for making a home connection. I have 1 computer a windows desktop and would like to know how to set up this connection to stream the internet in total private. 8) 8) 8) 8)May 7, 2016 at 6:59 am #53198
I will look for my notes, i have them saved on one of my many external hard drives 😀
Please be patent, it is been almost two years… by the way, it worth it, the connection is very stable and very fast.
You must be logged in to reply to this topic.