How to install Astrill VPN in Bazzite
I need to install astrill VPN. I tried distrobox, but the VPN needs real root privileges so that didn't work. I tried rpm-ostree, but at first I got SELINUX key errors, then I fixed that. Selinux was disabled for some reason but I get it enabled. Now the install fails at checkout. It days the local directory doesn't exist. I think this is because local is a symlink.
Now after a reboot the installation did create files in the var/local folder, so something worked. It starts and I can login, it even says it is connecting, but then all I get in Firefox are DNS errors and can't access websites as it fails the HSTS check. This doesn't happen on any other systems so I'm at a loss.
I need this specific VPN as it is the only one that works reliably in China.
At this point I'm trying to open my bazzite installation up via vmware while booted into windows so I can just use the windows VPN.
7 Replies
Solved!
Nice, glad you figured it out! Would you mind changing the title to "How to install Astril VPN in Bazzite" and put together instructions on how you solved it? I think it will help a bunch of others that need the same VPN software.
SOLVED- Instructions
So if you are reading this you need to run Astrill VPN on your device, almost 100% certainly because you are in China. Cool. Same problem I faced. Let me lay out how I fixed it.
1. Go to astrill.com and sign in with your account information. You need to download the Astrill rpm for 64 bit systems. That should be named Astrill-setup-linux64.rpm
Just download it to your downloads folder.
2. using dolphin, the file browser that is pre-installed in bazzit, just navigate to your downloads folder.
3. Right click in the downloads folder and choose to open the terminal there.
4. Use the following command
rpm-ostree install astrill-setup-linux64.rpm
(you can also right click on the rpm file in your file browser and paste it into the terminal after rpm-ostree install, some guides online suggest that rpm-ostree install functions better if you use the full file path)
Now here you might hit a few bugs.
A. 1st bug I hit? a missing Metadata key which mentioned selinux. (sorry I don't have the exact output available for you at the time of writing)
Selinux is a kind of security feature that a lot of Linux distros enable by default. Bazzite should have it enabled by default, but if you get this Metadata key error then it is because SELINUX isn't enabled on your system.
Navigate to your root directory, then open the etc folder then open the selinux folder. There is a file there named config. That file tells your system what selinux is supposed to be doing. Scroll to the bottom
and make sure that it says this
SELINUX=permissive
if it says anything else just change it to SELINUX=permissive, it should be on line 22 of the file.
B. second issue, directory checkout fails, says that /usr/local is missing or doesn't exist. you can ignore this.
5. After all this you should be able to open your base directory bazzite-deck_fedora and open the var folder, then open the usrlocal folder
/var/usrlocal
in there should be an Astrill folder. Don't mess with it for now. if it is there reboot your device and then open your desktop mode again.
6.
Now if you go back to that astrill folder in /var/usrlocal/astrill you should see an astrill.desktop file. You can link this to your desktop by dragging and dropping it and selecting link here. I also dragged and dropped it to my Taskbar. Up to you.
Now we have to make sure it will actually work.
You can open it and log in now but it won't function. it will connect and log in but if you open Google it will give you an HTTP HSTS error because your DNS isn't right.
Turns out fedora does something with DNs that astrill doesn't like.
7. Go back to your bazzite-deck_fedora folder (it's your root directory) and open the etc folder. Here you will find a file named resolv.conf it should have a little two arrow symbol on it. that means it is a symlink. it's not a real file but a link that points at a real file.
open your terminal (called ptyxis in bazzite) and use this command
systemctl disable systemd-resolved
and
systemctl stop systemd-resolved
8. After doing that go back to where we found that resolv.conf
right click on resolv.conf and select "Show target" this will take you to where the real files are. In your new location right click on the file browser winder and choose "open as administrator". now choose both resolv.cnf and resolve.conf stub and make backups of them both. You can copy and paste them to your desktop. Then delete them. Go back to the resolv.conf symlink and delete that too.
9. Now, open the network manager folder found at /etc/NetworkManager and open the networkManager.cnf
Go to line 22 where you should see [main] in brackets just like that.
Make a new line and put (on line 23)
dns=default
then save. You may need to use administrator privileges.
then go back to /etc/NetworkManager and open the conf.d folder
/etc/NetworkManager/conf.d
and make a new text file.
Type in
[main]
dns=default
then save the file and rename it to dns.cnf
10. Finally, reboot your system again.
Now networking might be slightly glitchy. I had to disconnect and reconnect to my wifi for it to work, but at this point you should be able to log in to Astrill and use it in stealth VPN mode. If it doesn't work disconnect from wifi and reconnect again.
I haven't tested other modes.
This should persist through reboots, but I don't know if updates will break it or not.
If you have any questions I suppose feel free to ask, I had hell getting this working, I'm a Linux noob, but I feel good since I'm pretty sure I'm the first person to get Astrill running on blazzite. Otherwise I could have gotten some help!
I think this should work for anyone else who wants to try. Sorry, not familiar with formatting in Discord.
This might be the most difficult task I've ever accomplished on a computer. Good though. I started studying IT and this experience in Linux will definitely help.
I believe you should be able to skip the first half of step nine, looks like a drop-in file
Also, I can't help but think that setting SELinux to permissive might be a little overkill
I'm not familiar with configuring it, but I imagine you could set it so your VPN software would work while enforcing
I dont know if my bazzite install had some issues or something, but my selinux was disabled by default. I had to enable it.
UNsure if step 9's first half could be skipped or not. I had to combine info from a lot of locations to get it working.
is that filename in step 9 really
dns.cnf or should it be dns.conf?
BTW in Discord markdown, you can frame text with the ` character to make inline code. `text` becomes textI'll have to go back and check