mschewe/ArchLinux VyprVpn OpenVPN Setup

## ArchLinux VyprVpn OpenVPN Setup
I am having some problems connecting with Giganews VyprVPN service.
As you can see in the output.txt it all seems to work.

Some services like speedtest.net use the correct VPN location.
Others like Google Analaystics can still detect my real location.

I believe this have something to do with my setup:

ArchLinux - 4.7.5-1-ARCH
openvpn --version                                                                                                                                                                                           1 ↵
OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
library vexplenationersions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no```

Have a look at my ifconfig output.

In the router the internet provider gives me an IPv4 and IPv6 address.
I have tried to set the client.conf to the udp6 protocoll that should provide both but it failed resolving the vpn gateway.

Does anybody have a working setup with dual stack and vyprvpn?

## client.conf
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun

# Use udp
proto udp

# Server connecting to
remote pa1.vpn.giganews.com 443

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# SSL/TLS parms
ca /etc/openvpn/ca.vyprvpn.com.crt

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
link-mtu 1570
auth SHA256

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3

# Ask for username and password
auth-user-pass

# Don't cache the password
auth-nocache

## ifconfig
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.178.30  netmask 255.255.255.0  broadcast 192.168.178.255
        inet6 2001:XXXX:4044:dc01:XXXX:76ff:fe37:XXXX  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::XXXX:XXXX:fe37:XXXX  prefixlen 64  scopeid 0x20<link>
        ether c8:5b:76:37:XX:XX  txqueuelen 1000  (Ethernet)
        RX packets 15575  bytes 18449143 (17.5 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 11316  bytes 1595784 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xe1300000-e1320000

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 245  bytes 81360 (79.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 245  bytes 81360 (79.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.3.41.76  netmask 255.255.255.0  destination 10.3.41.76
        inet6 fe80::db16:c86c:2293:1a64  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 298  bytes 176361 (172.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 721  bytes 79038 (77.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

## output.txt
sudo openvpn /etc/openvpn/client.conf
Fri Sep 30 22:06:25 2016 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
Fri Sep 30 22:06:25 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Enter Auth Username: *******
Enter Auth Password: ************
Fri Sep 30 22:06:31 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Sep 30 22:06:32 2016 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Sep 30 22:06:32 2016 UDPv4 link local: [undef]
Fri Sep 30 22:06:32 2016 UDPv4 link remote: [AF_INET]209.99.109.41:443
Fri Sep 30 22:06:32 2016 TLS: Initial packet from [AF_INET]209.99.109.41:443, sid=0b4a313f 0165764a
Fri Sep 30 22:06:32 2016 VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=admin@goldenfrog.com
Fri Sep 30 22:06:32 2016 Validating certificate key usage
Fri Sep 30 22:06:32 2016 ++ Certificate has key usage  00a0, expects 00a0
Fri Sep 30 22:06:32 2016 VERIFY KU OK
Fri Sep 30 22:06:32 2016 Validating certificate extended key usage
Fri Sep 30 22:06:32 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Sep 30 22:06:32 2016 VERIFY EKU OK
Fri Sep 30 22:06:32 2016 VERIFY OK: depth=0, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=pa1.vpn.giganews.com, emailAddress=admin@goldenfrog.com
Fri Sep 30 22:06:33 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Sep 30 22:06:33 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Sep 30 22:06:33 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Sep 30 22:06:33 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Sep 30 22:06:33 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 30 22:06:33 2016 [pa1.vpn.giganews.com] Peer Connection Initiated with [AF_INET]209.99.109.41:443
Fri Sep 30 22:06:35 2016 SENT CONTROL [pa1.vpn.giganews.com]: 'PUSH_REQUEST' (status=1)
Fri Sep 30 22:06:36 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.3.41.1,explicit-exit-notify 5,rcvbuf 524288,route-gateway 10.3.41.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.3.41.76 255.255.255.0'
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Sep 30 22:06:36 2016 Socket Buffers: R=[212992->425984] S=[212992->212992]
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: route options modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: route-related options modified
Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Sep 30 22:06:36 2016 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=enp0s31f6 HWADDR=c8:5b:76:37:8d:6a
Fri Sep 30 22:06:36 2016 TUN/TAP device tun0 opened
Fri Sep 30 22:06:36 2016 TUN/TAP TX queue length set to 100
Fri Sep 30 22:06:36 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 30 22:06:36 2016 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Sep 30 22:06:36 2016 /usr/bin/ip addr add dev tun0 10.3.41.76/24 broadcast 10.3.41.255
Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 209.99.109.41/32 via 192.168.178.1
Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 0.0.0.0/1 via 10.3.41.1
Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 128.0.0.0/1 via 10.3.41.1
Fri Sep 30 22:06:36 2016 GID set to nobody
Fri Sep 30 22:06:36 2016 UID set to nobody
Fri Sep 30 22:06:36 2016 Initialization Sequence Completed
	I am having some problems connecting with Giganews VyprVPN service.
	As you can see in the output.txt it all seems to work.

	Some services like speedtest.net use the correct VPN location.
	Others like Google Analaystics can still detect my real location.

	I believe this have something to do with my setup:

	ArchLinux - 4.7.5-1-ARCH
	openvpn --version 1 ↵
	OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
	library vexplenationersions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
	Originally developed by James Yonan
	Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
	Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no```

	Have a look at my ifconfig output.

	In the router the internet provider gives me an IPv4 and IPv6 address.
	I have tried to set the client.conf to the udp6 protocoll that should provide both but it failed resolving the vpn gateway.

	Does anybody have a working setup with dual stack and vyprvpn?
	# Specify that we are a client and that we
	# will be pulling certain config file directives
	# from the server.
	client

	# Use the same setting as you are using on
	# the server.
	# On most systems, the VPN will not function
	# unless you partially or fully disable
	# the firewall for the TUN/TAP interface.
	dev tun

	# Use udp
	proto udp

	# Server connecting to
	remote pa1.vpn.giganews.com 443

	# Keep trying indefinitely to resolve the
	# host name of the OpenVPN server. Very useful
	# on machines which are not permanently connected
	# to the internet such as laptops.
	resolv-retry infinite

	# Most clients don't need to bind to
	# a specific local port number.
	nobind

	# Downgrade privileges after initialization (non-Windows only)
	user nobody
	group nobody

	# Try to preserve some state across restarts.
	persist-key
	persist-tun

	# SSL/TLS parms
	ca /etc/openvpn/ca.vyprvpn.com.crt

	# Verify server certificate by checking that the
	# certicate has the correct key usage set.
	# This is an important precaution to protect against
	# a potential attack discussed here:
	# http://openvpn.net/howto.html#mitm
	#
	# To use this feature, you will need to generate
	# your server certificates with the keyUsage set to
	# digitalSignature, keyEncipherment
	# and the extendedKeyUsage to
	# serverAuth
	# EasyRSA can do this for you.
	remote-cert-tls server

	# Select a cryptographic cipher.
	# If the cipher option is used on the server
	# then you must also specify it here.
	cipher AES-256-CBC
	link-mtu 1570
	auth SHA256

	# Enable compression on the VPN link.
	comp-lzo

	# Set log file verbosity.
	verb 3

	# Ask for username and password
	auth-user-pass

	# Don't cache the password
	auth-nocache
	enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
	inet 192.168.178.30 netmask 255.255.255.0 broadcast 192.168.178.255
	inet6 2001:XXXX:4044:dc01:XXXX:76ff:fe37:XXXX prefixlen 64 scopeid 0x0<global>
	inet6 fe80::XXXX:XXXX:fe37:XXXX prefixlen 64 scopeid 0x20<link>
	ether c8:5b:76:37:XX:XX txqueuelen 1000 (Ethernet)
	RX packets 15575 bytes 18449143 (17.5 MiB)
	RX errors 0 dropped 2 overruns 0 frame 0
	TX packets 11316 bytes 1595784 (1.5 MiB)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
	device interrupt 16 memory 0xe1300000-e1320000

	lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
	inet 127.0.0.1 netmask 255.0.0.0
	inet6 ::1 prefixlen 128 scopeid 0x10<host>
	loop txqueuelen 1 (Local Loopback)
	RX packets 245 bytes 81360 (79.4 KiB)
	RX errors 0 dropped 0 overruns 0 frame 0
	TX packets 245 bytes 81360 (79.4 KiB)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
	inet 10.3.41.76 netmask 255.255.255.0 destination 10.3.41.76
	inet6 fe80::db16:c86c:2293:1a64 prefixlen 64 scopeid 0x20<link>
	unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
	RX packets 298 bytes 176361 (172.2 KiB)
	RX errors 0 dropped 0 overruns 0 frame 0
	TX packets 721 bytes 79038 (77.1 KiB)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
	sudo openvpn /etc/openvpn/client.conf
	Fri Sep 30 22:06:25 2016 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
	Fri Sep 30 22:06:25 2016 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
	Enter Auth Username: *******
	Enter Auth Password: ************
	Fri Sep 30 22:06:31 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
	Fri Sep 30 22:06:32 2016 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
	Fri Sep 30 22:06:32 2016 UDPv4 link local: [undef]
	Fri Sep 30 22:06:32 2016 UDPv4 link remote: [AF_INET]209.99.109.41:443
	Fri Sep 30 22:06:32 2016 TLS: Initial packet from [AF_INET]209.99.109.41:443, sid=0b4a313f 0165764a
	Fri Sep 30 22:06:32 2016 VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=admin@goldenfrog.com
	Fri Sep 30 22:06:32 2016 Validating certificate key usage
	Fri Sep 30 22:06:32 2016 ++ Certificate has key usage 00a0, expects 00a0
	Fri Sep 30 22:06:32 2016 VERIFY KU OK
	Fri Sep 30 22:06:32 2016 Validating certificate extended key usage
	Fri Sep 30 22:06:32 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
	Fri Sep 30 22:06:32 2016 VERIFY EKU OK
	Fri Sep 30 22:06:32 2016 VERIFY OK: depth=0, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=pa1.vpn.giganews.com, emailAddress=admin@goldenfrog.com
	Fri Sep 30 22:06:33 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
	Fri Sep 30 22:06:33 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
	Fri Sep 30 22:06:33 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
	Fri Sep 30 22:06:33 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
	Fri Sep 30 22:06:33 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
	Fri Sep 30 22:06:33 2016 [pa1.vpn.giganews.com] Peer Connection Initiated with [AF_INET]209.99.109.41:443
	Fri Sep 30 22:06:35 2016 SENT CONTROL [pa1.vpn.giganews.com]: 'PUSH_REQUEST' (status=1)
	Fri Sep 30 22:06:36 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.3.41.1,explicit-exit-notify 5,rcvbuf 524288,route-gateway 10.3.41.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.3.41.76 255.255.255.0'
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: timers and/or timeouts modified
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: explicit notify parm(s) modified
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
	Fri Sep 30 22:06:36 2016 Socket Buffers: R=[212992->425984] S=[212992->212992]
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --ifconfig/up options modified
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: route options modified
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: route-related options modified
	Fri Sep 30 22:06:36 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
	Fri Sep 30 22:06:36 2016 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=enp0s31f6 HWADDR=c8:5b:76:37:8d:6a
	Fri Sep 30 22:06:36 2016 TUN/TAP device tun0 opened
	Fri Sep 30 22:06:36 2016 TUN/TAP TX queue length set to 100
	Fri Sep 30 22:06:36 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
	Fri Sep 30 22:06:36 2016 /usr/bin/ip link set dev tun0 up mtu 1500
	Fri Sep 30 22:06:36 2016 /usr/bin/ip addr add dev tun0 10.3.41.76/24 broadcast 10.3.41.255
	Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 209.99.109.41/32 via 192.168.178.1
	Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 0.0.0.0/1 via 10.3.41.1
	Fri Sep 30 22:06:36 2016 /usr/bin/ip route add 128.0.0.0/1 via 10.3.41.1
	Fri Sep 30 22:06:36 2016 GID set to nobody
	Fri Sep 30 22:06:36 2016 UID set to nobody
	Fri Sep 30 22:06:36 2016 Initialization Sequence Completed