OpenVPN profiles not connecting in Linux

verlyn13

I like to use the Gnome desktop (in Ubuntu and Arch Linux) where the beta linux app does not work.  I have network-manager-openvpn installed and when I try to load the OpenVPN profiles (eg netherlands.ovpn) as provided in the OpenVPN.zip for Ubuntu 12.04 here:
https://www.privateinternetaccess.com/pages/client-support/#linux_ubuntu_openvpn_12_04
with the ca.cert file provided, the connection times out. 

I have tried on several different computers (and virtual machines) and different desktop environments, where I get the same error.  However, the linux app works fine when I am using Unity or Cinnamon in Linux Mint or Ubuntu.  Searching the internet doesn't show many people with the same problem, what am I doing wrong?

Thanks in advance for any advice/help

Synopsis

Hello! May I ask if you've tried to connect over different remote ports openVPN can use? It should be possible to try TCP ports 80, 110 and 443 as well as UDP ports 53, 1194, 8080 and 9201. You can edit the connection in the network manager's advanced settings to use different remote ports to connect over, and it may be that one allows a connection while it's failing on this one right now.

verlyn13

Thanks for the reply.  I tried the ports you have suggested here but I still get "Error: Connection activation failed: the connection attempt timed out."

I am using the username and password provided by PIA, the same that I would use to log into the client support or the linux app.  Here are a couple screen shots of my settings. 

http://imgur.com/kunmowg,Za1JCJG#0
http://imgur.com/kunmowg,Za1JCJG#1

rainmakerraw

You also need to install network-manager-openvpn-gnome on Ubuntu (not on Arch). Then change back to UDP on 8080 and try again. The app should work under Gnome3 btw, but the icon will be stashed in the crappy new notification area (shove your mouse into the bottom right corner hard and fast and it'll pop up).

You're better just sticking to network-manager anyway imho, it works just as well. Go ahead and install network-manager-openvpn-gnome (it pulls in openvpn, network-manager-openvpn etc as dependencies anyway so it's the only package you ever need install on a new machine). Then change to UDP (by unchecking the TCP option) and port 443 and see how you get along. I'll bet it works.

verlyn13

Thanks rainmakerraw, i would really prefer to use the gnome network manager to connect.  I should mention that I am running Ubuntu-Gnome 15.04 x86_64.  I suppose this could be the cause of some issues, but I had the same problem with 14.04 and 14.10 when I tried it there so I doubt it.  (I had to change some things for plex server to run because of systemd)

Strange thing, I had previously installed the linux_installer.sh app and had it set to automatically log into PIA Netherlands.  When I booted up this time, sure enough I had a Netherlands public IP.  I don't see any access to the app (even in the notification area) unless I run the installer again. 

I have network-manager-openvpn-gnome installed, and with the pia app turned off I still get the same error when trying to connect via UDP on port 443.

My current settings:
http://imgur.com/nD07L9R

rainmakerraw

Sorry, I'm afraid I've misled you a little there. I have VPN accounts with almost half a dozen no-log providers worldwide plus one of my own on a VPS, so I've mixed up my ports there. Unfortunately PIA don't allow UDP connections to 443, only TCP. So actually that config you just entered SHOULD error out. Change it to UDP 8080 and try again.

With Ubuntu alpha/beta/RC releases there are always issues, usually unfortunately breaking openvpn in the process. I'm over on Fedora 21 and 22 alpha atm and working a-ok, thankfully (not the PIA closed source app) but if it's anything like previous years 15.04 will be half-baked at best. They're starting to unify the codebase (supposedly) and move towards MIR also, which won't help.

Ensure you have libappindicator1 and libgnutls26 (or gnutls 2.6) installed just in case. They're called different things in different distros but you should find them easily enough in synaptic.

At any rate try again with UDP 8080. If not you could try from the shell:

sudo openvpn /path/to/the/pia/file.ovpn

You may have to change the ovpn file from

ca ca.crt

to

ca /etc/openvpn/ca.crt (or wherever you put it)

Also ensure your permissions are set OK so that everyone can read AND write the files, else network-manager errors out in weird ways. Good luck.

verlyn13

It worked!  UDP on 8080 did it.  This has been a thorn in my side for a while, thanks a lot. 

rainmakerraw

Glad to hear you got it sorted. The requirement for network-manager-openvpn-gnome (rather than just network-manager-openvpn) is pretty fundamental on *buntu and Debian variants. I'm surprised @Synopsis missed it in their reply.  To be fair though customer support are like that generally, it doesn't seem any (or many?) of them are actual *nix admins. At any rate I'm happy I helped you fix it so quickly and easily. Enjoy.

bigcity

The PIA Linux Client is Garbage. It doesn't work fortunately you can still use OpenVpn to connect. Here are the instructions


Make sure your package list is up to date
=============================================
Open Terminal and update apt-get
    sudo apt-get update
    - then press [enter]

Install network-manager-openvpn and its dependencies
=============================================
    sudo apt-get install network-manager-openvpn network-manager network-manager-gnome network-manager-openvpn-gnome
    - then press [enter]

*{For Debian and Kali only}
    Enabling Interface Management
    sudo nano /etc/NetworkManager/NetworkManager.conf
    - then press [enter]
        - edit the line "managed=false" to be...
            "managed=true"
        - Save the file and exit by...
            - Press "Ctrl+x"
            - then press "y"
            - then press the [Enter] key

Reboot the computer now!


* After rebooting the computer continue with the following steps...

   
Make a directory and download the crt and pem files
=============================================
In Terminal - Make a directory to store the setup files
    mkdir ~/OpenVPN-setup-PIA
    - then press [enter]

Move into that directory
    cd ~/OpenVPN-setup-PIA
    - then press [enter]

Download the openvpn.zip from privateinternetaccess.com with...
    wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
    - then press [enter]

Extract the files from the zip with...
    unzip openvpn.zip
    - then press [enter]

You can now exit the terminal with...
    exit
    - then press [enter]
  
Import the PIA OpenVPN config file
=============================================
- Right click the Network Manager on the menu bar
    - and click "Edit Connections..."
    - then click "Add"
    - choose "Import a saved VPN configuration..." for the connection type from the drop down menu
    - then click "Create..."
    - double click to go into "OpenVPN-setup-PIA" folder
    - choose which server you would like to setup and connect to
    - then click "Open"
    - Remove only the ":1198" from the "Gateway:" ( if present ) as only the domain name should be in this box
    - for the "User name:" type in your "p1234567" username
    - for the "Password:" type in the password that goes with your "p-xxxxx" username
    - Then click "Advanced..."
    - Check "Use custom gateway port:" and set it to "1198"
    - Click on the "Security" tab
    - Set the "Cipher:" to "AES-128-CBC"
    - Set the "HMAC Authentication:" to "SHA-1"
    - Click "OK"
    - Click "Save"
Reboot the computer now! (optional but recommended )

Now connect to the VPN
=============================================
- Now Left click the Network Manager on the menu bar
    - click "VPN Connections"
    - click Ex. "Mexico" {This will be the name of the server you chose to setup}
    - wait for it to connect

bigcity

If you have your firewall enabled you will have to allow ports for OpenVpn and PIA. A quick Google Search will give you the ports necassary to allow connection.