VU+ Box und OpenVPN

Youmad

New Member
Hallo Leute,

ich bin gerade dabei meine neue vu+ zero aufzusetzen. Ich habe mir mal das vti image drauf gehauen und wollte nun OpenVPN einrichten. Nach ner ärgerlichen Stunde, habe ich die Scheiße dann zum laufen gebracht. Ich bin mir aber jetzt nicht sicher ob ich wirklich alles abgesichert bzw richtig eingerichtet habe.
Hier mal meine Configs:

Code:
proto udp
tun-mtu 1500
fragment 1300
mssfix
cipher AES-256-CBC
remote amsterdam1.perfect-privacy.com 149
remote amsterdam1.perfect-privacy.com 1151
remote amsterdam1.perfect-privacy.com 1150
remote amsterdam1.perfect-privacy.com 1149
remote amsterdam1.perfect-privacy.com 151
remote amsterdam1.perfect-privacy.com 150
remote amsterdam1.perfect-privacy.info 149
remote amsterdam1.perfect-privacy.org 1151
remote amsterdam1.perfect-privacy.org 150
remote amsterdam1.perfect-privacy.org 151
remote amsterdam1.perfect-privacy.info 150

auth SHA512
auth-user-pass password.txt
client
comp-lzo
dev tun
#float
hand-window 120
inactive 604800
mute-replay-warnings
nobind
ns-cert-type server
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
tls-timeout 5
verb 4

ca ca.crt
cert Amsterdam_cl.crt
key Amsterdam_cl.key
tls-auth Amsterdam_ta.key 1
# This updates the resolvconf with dns settings
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.sh

Code:
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'

## You might need to set the path manually here, i.e.
RESOLVCONF=/etc/network/if-down.d/resolvconf

case $script_type in

up)
  for optionname in ${!foreign_option_*} ; do
    option="${!optionname}"
    echo $option
    part1=$(echo "$option" | cut -d " " -f 1)
    if [ "$part1" == "dhcp-option" ] ; then
      part2=$(echo "$option" | cut -d " " -f 2)
      part3=$(echo "$option" | cut -d " " -f 3)
      if [ "$part2" == "DNS" ] ; then
        IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
      fi
      if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
        IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
      fi
    fi
  done
  R=""
  if [ "$IF_DNS_SEARCH" ]; then
    R="search "
    for DS in $IF_DNS_SEARCH ; do
      R="${R} $DS"
    done
  R="${R}
"
  fi

  for NS in $IF_DNS_NAMESERVERS ; do
    R="${R}nameserver $NS
"
  done
  #echo -n "$R" | $RESOLVCONF -p -a "${dev}"
  echo -n "$R" | $RESOLVCONF -a "${dev}.inet"
  ;;
down)
  $RESOLVCONF -d "${dev}.inet"

Damit bekomme ich auf jeden Fall mal die IP von PP-Amsterdam und DNS von PP-Deutschland(IP: 217.114.218.1). Was passiert aber wenn die Verbindung abbricht? Wird damit wirklich der komplette Traffic durch den VPN gezogen. Oder gibt es noch andere Leaks die ich beachten muss?

Für jeden Hinweis bzw. Hilfe bin ich sehr dankbar!
 
Top