On 21/02/2017 16:13, Ed Greshko wrote:
On 02/21/17 12:43, Stephen Morris wrote:
Thanks Ed. After sending the email I went to that site and their site
has changed. I downloaded the .ovpn files their links were pointing at
for Singapore and Miami and imported them into Networkmanager which
set everything up, including pointing the CA Certificates entry at an
external location URL to get the certificate, which is a different
location for each server and is pointing at a .pem file. I found via
this method that their Australian servers still don't work and neither
does their Indian Server, and their Hong Kong server wants a pin in
order to connect.
Well, you certainly are seeing things different from what I'm seeing.
The openVPN config file for Singapore (gw1.sin1.slickvpn.com) contains....
# host/port of vpn server
remote gw1.sin1.slickvpn.com 443 udp
# prompt for authentication
auth-user-pass
# equivalent to pull, tls-client
client
# redirect all outgoing traffic to the vpn gateway
redirect-gateway
# verify the server certificate for authenticity
remote-cert-tls server
cipher AES-256-CBC
proto udp
dev tun
keepalive 10 120
nobind
persist-key
persist-tun
# ssl certificate / key used for tls
#ca certs/ca.crt
<ca>
-----BEGIN CERTIFICATE-----
MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x
DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq
hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK
EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x
EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6
zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv
vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV
HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn
u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM
MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE
AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p
Ur0KMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoB0kOuGvrzPBTIRX
IDHCCxBMdny+3sKAOllmH4+51j2aWhAJ4Pyc/yBTYyQGNoriABjmNzp+R05oiaxA
D3vTgR80juKDPtQb8LoGLBF18gL7Vtc3+hJXcJasXZaDSSoyh5f+TtGvytIT+ece
JWIrKnFXzlHOvKlyLkcZn15gwKQ=
-----END CERTIFICATE-----
</ca>
I see no pointer towards an external URL. The ca CERT is in the file
itself. Also the Miami file contains the same CA.cert as does the file
SlickVPNcrt referenced in the Ubuntu setup.
Sorry Ed, I thought the first time I did the import it has
http://gw1.sin1.slickvpn.com-ca.pen in the CA Certificates entry, but
creating new entries no longer does that, so I'm not sure if there is
different behaviour when the import function has never been used before
to what happens when it has already been used once, as I can't reproduce it.
I was setting these definitions up under Gnome as I have found that if a
definition is set up under KDE, with KDE storing the SSID password in
Kwallet I think, when that definition is first used under Gnome I get
prompted to re-enter the password before I can connect to my router. If
he definition is created under Gnome it is usable under KDE without
prompting. I am assuming this is because Gnome stores the password in
the definition whereas KDE doesn't.
I also could see no difference in the Hong Kong, Miami, or Singapore
setups other than the name of the openVPN server. Nothing to indicate a
PIN of any sort is needed.
Sorry Ed, my stupidity, I thought it was saying a pin was required but
having retried the connection again now it is actually prompting for a
password. I've checked the password I have in the definition and it is
correct and the same as the password in the other connections that do work.
I'll re-talk to the vendor about these issues. I have already spoken to
them once about not being able to use the Australian servers and just
get the response to not use them because of the expensive cost of
networking in Australia, so I am assuming at the moment that they have
not been set up properly.
[egreshko@meimei ~]$ ll gw1.*
-rw-rw-r--. 1 egreshko egreshko 1634 Feb 21 14:03 gw1.hkg2.slickvpn.com.ovpn
-rw-rw-r--. 1 egreshko egreshko 1634 Feb 21 13:44 gw1.mia4.slickvpn.com.ovpn
-rw-rw-r--. 1 egreshko egreshko 1634 Feb 20 15:50 gw1.sin1.slickvpn.com.ovpn
[egreshko@meimei ~]$ diff gw1.hkg2.slickvpn.com.ovpn
gw1.mia4.slickvpn.com.ovpn
2c2
< remote gw1.hkg2.slickvpn.com 443 udp
---
remote gw1.mia4.slickvpn.com 443 udp
[egreshko@meimei ~]$ diff gw1.mia4.slickvpn.com.ovpn
gw1.sin1.slickvpn.com.ovpn
2c2
< remote gw1.mia4.slickvpn.com 443 udp
---
remote gw1.sin1.slickvpn.com 443 udp
I wouldn't compare what is being done on the Windows side since they
seem to have their own client.
In any event, since you are their customer you may want to contact them
for support.
Sorry Ed, I wasn't trying to get you to resolve the issues I am getting,
I was just querying if you noticed any performance degradation with your
vpn to try to determine whether it was an issue with the vendor or an
issue at my end with my setup. I've already spoken to my son who is on a
30Mbps link and he is saying he does not suffer any performance
degradation at all, but he is also saying that before he decided on a
vpn provider he made sure that the one he decided on was not going to
provide a performance degradation with the vpn, which is something I
didn't do.
The only reason I was comparing the windows client functionality was
because the servers the windows client won't connect to, Linux won't
connect to either. I'll need to talk to the vendor about that as it may
be to do with the plan I'm on, given that my userid may be indicating I
can only use their "core" servers. This means that I have to be careful
about which .opvn files I download from their location site, and make
sure I only download definitions for their "core" servers, but their
location site doesn't make it as obvious which is which as their windows
client does.
regards,
Steve
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
