Posts tagged: TLS Error

Hide My Ass! and Kubuntu

Hide My Ass! provide an excellent VPN service, which is handy for streaming Netflix in countries other than the USA (not that I condone such an activity). In case you’re wondering why people would want to do that – the USA version of Netflix has a much larger and more contemporary catalogue.

As per most software companies they provide a GUI for Windows. Kubuntu users (and Linux users in general) have the option of manually setting up the VPN connections in NetworkManager, or using an executable shell script. The former option is a bit laborious, and the latter has failed to work for me until this morning.

As per the instructions, I made sure that I had openvpn-2.1 and curl installed (Kubuntu 12.04 uses openvpn-2.2).

sudo apt-get install openvpn curl

Then I downloaded and extracted the shell script, gave it a chmod and moved it to /usr/local/bin. For the lazier amongst you it looks a lot like this:

wget https://vpn.hidemyass.com/hma-vpn-linux-cli.zip
unzip hma-vpn-linux-cli.zip
chmod +x hma-vpn.sh
sudo mv hma-vpn.sh /usr/local/bin

So far so good, but executing hma-vpn.sh “Los Angeles” produces a “TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)” message. Perhaps ipchains is blocking the connection. The manpage for openvpn says that it uses port 1194 and also recommends altering the chain for the tunnel interface.

sudo iptables -A INPUT -i tun+ -j ACCEPT
sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 1194 -j ACCEPT

That changes the ipchains for now. A reboot will cause the changes to be lost so we need to save and restore the chains. To save the chains we execute:
sudo sh -c "iptables-save > /etc/iptables.rules"

Kubuntu 12.04 (and I think all version since 9) use NetworkManager. So we need to restore the chains via NetworkManager. Run the following command:

kdesudo kate /etc/NetworkManager/dispatcher.d/01firewall

(If you’re hardcore you can edit it from the command line using vi)

Then add the following code:

if [ -x /usr/bin/logger ]; then
        LOGGER="/usr/bin/logger -s -p daemon.info -t FirewallHandler"
else
        LOGGER=echo
fi
case "$2" in
        up)
                if [ ! -r /etc/iptables.rules ]; then
                        ${LOGGER} "No iptables rules exist to restore."
                        return
                fi
                if [ ! -x /sbin/iptables-restore ]; then
                        ${LOGGER} "No program exists to restore iptables rules."
                        return
                fi
                ${LOGGER} "Restoring iptables rules"
                /sbin/iptables-restore -c < /etc/iptables.rules                 ;;         down)                 if [ ! -x /sbin/iptables-save ]; then                         ${LOGGER} "No program exists to save iptables rules."                         return                 fi                 ${LOGGER} "Saving iptables rules."                 /sbin/iptables-save -c > /etc/iptables.rules
                ;;
        *)
                ;;
esac

Ok. Now we get a new error message: “TLS Error: client->client or server->server connection attempted”. This message is a bit confusing,  but the solution is an easy one. It just involves adding “-p tcp” to the invocation of hma-vpn.sh. We now invoke it as:

hma-vpn.sh -p tcp "Los Angeles"

It asks for your HMA! username and password, and after a bit of negotiating, you’re surfing via Los Angeles.

Hooray!

Ubuntu reference on ipchains can be found here:

https://help.ubuntu.com/community/IptablesHowTo

You can sign up for Hide My Ass! using this link (and it gives me a little bit of commission):

http://hidemyass.com/vpn/r10785

{lang: 'en-GB'}

WordPress Themes