VPN connection on Linux

Warning!!! Commands which start from '#' should be executed by root-user. '$' sign means that command should be executed by common user.

Downloading VPN configs of DeepWebVPN

Make sure that the directory /etc/openvpn exists or create it:
# mkdir /etc/openvpn
Go to /etc/openvpn.
# cd /etc/openvpn
Download configs to /etc/openvpn. Downloading via clearnet:
# wget https://cabinet.deepwebvpn.net/downloads/openvpn/all.zip
Use utility torsocks to download via Tor.

Installing torsocks on RH-based Linux

# yum install torsocks -y

Installing torsocks on Debian-based Linux

$ sudo apt-get install torsocks

Downloading configs via torsocks

# torsocks wget http://deepwebvpnvvotmw.onion/downloads/openvpn/all.zip

Unpacking the archive of configs

# unzip all.zip
Make sure that configs is downloaded and unzipped to /etc/openvpn:
# ls /etc/openvpn
all.zip                 DoubleECC_GB1_FR1.ovpn  DoubleRSA_FR1_GB1.ovpn  SingleECC_DE1.ovpn  SingleECC_NL1.ovpn  SingleRSA_FR1.ovpn  SingleRSA_RU2.ovpn
DoubleECC_DE1_NL1.ovpn  DoubleECC_NL1_DE1.ovpn  DoubleRSA_GB1_FR1.ovpn  SingleECC_FR1.ovpn  SingleECC_RU2.ovpn  SingleRSA_GB1.ovpn
DoubleECC_FR1_GB1.ovpn  DoubleRSA_DE1_NL1.ovpn  DoubleRSA_NL1_DE1.ovpn  SingleECC_GB1.ovpn  SingleRSA_DE1.ovpn  SingleRSA_NL1.ovpn
...

Connection

ALWAYS use root to connect to VPN.
# openvpn /etc/openvpn/<selected VPN chain>.ovpn
Mon Jan  8 01:29:25 2018 OpenVPN 2.3.14 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  7 2016
Mon Jan  8 01:29:25 2018 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.08
Enter Auth Username: ********
Enter Auth Password: ********
Mon Jan  8 01:29:32 2018 Control Channel Authentication: tls-auth using INLINE static key file
Mon Jan  8 01:29:32 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jan  8 01:29:32 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jan  8 01:29:32 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Jan  8 01:29:32 2018 Attempting to establish TCP connection with [AF_INET]104.238.177.127:255 [nonblock]
Mon Jan  8 01:29:42 2018 TCP: connect to [AF_INET]104.238.177.127:255 failed, will try again in 5 seconds: Connection timed out
Mon Jan  8 01:29:42 2018 SIGUSR1[soft,init_instance] received, process restarting
Mon Jan  8 01:29:42 2018 Restart pause, 5 second(s)
Mon Jan  8 01:29:47 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Jan  8 01:29:47 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]104.238.177.127:255
Mon Jan  8 01:29:47 2018 Attempting to establish TCP connection with [AF_INET]104.238.177.127:255 [nonblock]
Mon Jan  8 01:29:48 2018 TCP connection established with [AF_INET]104.238.177.127:255
Mon Jan  8 01:29:48 2018 TCPv4_CLIENT link local: [undef]
Mon Jan  8 01:29:48 2018 TCPv4_CLIENT link remote: [AF_INET]104.238.177.127:255
Mon Jan  8 01:29:48 2018 TLS: Initial packet from [AF_INET]104.238.177.127:255, sid=445a6902 d3ec551d
Mon Jan  8 01:29:48 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan  8 01:29:49 2018 VERIFY OK: depth=1, CN=de1-ecc
Mon Jan  8 01:29:49 2018 Validating certificate key usage
Mon Jan  8 01:29:49 2018 ++ Certificate has key usage  00a0, expects 00a0
Mon Jan  8 01:29:49 2018 VERIFY KU OK
Mon Jan  8 01:29:49 2018 Validating certificate extended key usage
Mon Jan  8 01:29:49 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jan  8 01:29:49 2018 VERIFY EKU OK
Mon Jan  8 01:29:49 2018 VERIFY OK: depth=0, CN=de1-ecc-server
Mon Jan  8 01:29:59 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jan  8 01:29:59 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jan  8 01:29:59 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jan  8 01:29:59 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jan  8 01:29:59 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384
Mon Jan  8 01:29:59 2018 [de1-ecc-server] Peer Connection Initiated with [AF_INET]104.238.177.127:255
Mon Jan  8 01:30:01 2018 SENT CONTROL [de1-ecc-server]: 'PUSH_REQUEST' (status=1)
Mon Jan  8 01:30:02 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.101.0.1,redirect-gateway def1,route-gateway 10.111.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.111.0.2 255.255.255.0,peer-id 0'
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: route options modified
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: route-related options modified
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: peer-id set
Mon Jan  8 01:30:02 2018 OPTIONS IMPORT: adjusting link_mtu to 1607
Mon Jan  8 01:30:02 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp3s0 HWADDR=44:6d:57:b7:8e:7e
Mon Jan  8 01:30:02 2018 TUN/TAP device tun0 opened
Mon Jan  8 01:30:02 2018 TUN/TAP TX queue length set to 100
Mon Jan  8 01:30:02 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jan  8 01:30:02 2018 /usr/sbin/ip link set dev tun0 up mtu 1500
Mon Jan  8 01:30:02 2018 /usr/sbin/ip addr add dev tun0 10.111.0.2/24 broadcast 10.111.0.255
Mon Jan  8 01:30:02 2018 /usr/sbin/ip route add 104.238.177.127/32 via 192.168.0.1
Mon Jan  8 01:30:02 2018 /usr/sbin/ip route add 0.0.0.0/1 via 10.111.0.1
Mon Jan  8 01:30:02 2018 /usr/sbin/ip route add 128.0.0.0/1 via 10.111.0.1
Mon Jan  8 01:30:02 2018 Initialization Sequence Completed
You may need to configure DNS after the successful connect. Read more about DNS.