Linux Mint 16 “Petra” MATE RC (64-bit) now install on one of my laptop's partitions. 'PIA VPN App - Linux Beta' installed as well with no issues and works. Well 'works' when NetworkManager is working. Needless to say this lm16 RC is still a bit buggy at the moment. .
As a quick update I know you are all paranoid for good reason about fake downloads etc So i'm going to seed it as a torrent, Feel free to check it etc.
I'm seeding for around an hour because friends said they are going to do it on there 100mbps linux servers.
I corrected the encryption with the default just in case, but is not that. It looks it's related with the program not being able to use the TUN devices:
------
Mon Nov 18 17:59:11 2013 Linux ifconfig failed: external program exited with error status: 1
Mon Nov 18 17:59:11 2013 Exiting
Mon Nov 18 17:59:28 2013 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Oct 27 2013
Mon Nov 18 17:59:28 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Nov 18 17:59:28 2013 LZO compression initialized
Mon Nov 18 17:59:28 2013 Attempting to establish TCP connection with 199.193.117.84:443 [nonblock]
Mon Nov 18 17:59:32 2013 TCP connection established with 199.193.117.84:443
Mon Nov 18 17:59:32 2013 TCPv4_CLIENT link local: [undef]
Mon Nov 18 17:59:32 2013 TCPv4_CLIENT link remote: 199.193.117.84:443
Mon Nov 18 17:59:32 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Nov 18 17:59:33 2013 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1544'
Mon Nov 18 17:59:33 2013 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Mon Nov 18 17:59:33 2013 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Nov 18 17:59:33 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 18 17:59:33 2013 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Nov 18 17:59:33 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 18 17:59:33 2013 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Nov 18 17:59:33 2013 [server] Peer Connection Initiated with 199.193.117.84:443
Mon Nov 18 17:59:35 2013 Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Mon Nov 18 17:59:35 2013 /sbin/ifconfig 10.30.1.18 pointopoint 10.30.1.17 mtu 1500
SIOCSIFADDR: Operation not permitted
: ERROR while getting interface flags: No such device
SIOCSIFDSTADDR: Operation not permitted
: ERROR while getting interface flags: No such device
SIOCSIFMTU: Operation not permitted
Mon Nov 18 17:59:35 2013 Linux ifconfig failed: external program exited with error status: 1
You're missing the TUN module - did you manually create the device node? Without the kernel module, the ioctls won't work. Creating the device node will only help if the module is loaded but the devfs manager failed to create the device itself.
You're missing the TUN module - ... Without the kernel module, the ioctls won't work.
I have to ask. What's the 'TUN module' called? Right know as I type on Linux Mint 16 “Petra” MATE RC (64-bit) with working 'PIA VPN App - Linux Beta' and run:
Yeah, it's called "tun" in lsmod. The file is "tun.ko", usually found somewhere in /lib/modules-$KERNELVERSION. It could also be compiled into the kernel directly, in which case it would not show up in either of those places.
I currently don't know of a sure way to verify TUN/TAP support in the kernel without the module being explicitely loaded. If /proc/config.gz is available, "zcat /proc/config.gz | grep CONFIG_TUN" should work...
Most distributions put nearly all drivers into modules, so it's a good indicator if it's not there. It's also often missing from mobile or embedded linux systems sometimes, because they have a need to preserve space and/or memory.
Would you include the version number of the latest version on the post listing the update? Sometimes it's hard to remember whether I have the latest version installed :-)
@iOn, strictly speaking, the installer does not need a special packet management backend. The only calls to apt are to install dependencies. You could install these dependencies on your own, and either edit the installer script to skip the apt calls or "ln -s /usr/local/bin/apt-get `which true`", which should give you a nice way to make these calls do nothing.
We've previously (scroll...) tried to convince PIA to directly provide distribution specific packages or at least an installer with less bundled stuff to make it easier to integrate PIA Manager into distribution package management. No reaction so far.
@VPN, there are no packages libjpeg62, libxss1, libappindicator1, libgail18 in fedora's repo. The easiest would be to skip then, but would that create any problems in the usability of the app?
Check for packages with similar names, or use a library search to find the right package. You may not need libgail at all.
If you skip installing dependencies, the app will not run correctly. You'll notice, check some of the error messages in this thread and the alpha thread.
I always had trouble using the net Internet after the VPN was connected via network-manager. Now with the app even still in beta mode, everything works flawlessly.
Hey. I installed linux mint 16 cinnamon when it came out and I am having trouble getting this app to work on it. It installs fine but it will not connect. It tries to connect, but then four seconds later, it turns red again. It worked fine on linux mint 15 cinnamon. Any advice or idea of what is wrong? I checked the username and password like 10 times.
Edit (Dec 09, 2013 11:41 (CST)) @support __Nevermind__ Now that I take a look at the PIA VPN client on Win7 I see it has a DNS leak protect option whereas the Linux Beta does not.
So I guess _without_ the DNS leak protection turned on, the PIA VPN client defaults to google's DNS servers or I guess whatever is available on the client's network? .
@martywd, You're absolutely right! Thanks for catching that. I have just released a fixed version which will use the correct nameservers.
@support, just downloaded and installed (Update Tue Dec 10 00:07:45 UTC 2013) on lm16 MATE 64-bit. My '/etc/resolv.conf' now automagically configure to PIA DNS when the beta linux client reconnected. Thanks very much! .
Comments
.
[01:40:31:834] [Ti.API] [Information] more than 5 connections in under 3 mins, wont reconnect
[01:40:31:838] [Ti.API] [Information] sent cmd: 15: {"region":"us_california","user":"XXXXXXX","pass":"","proto":"openvpn_udp","lport":"","rport":"auto","symmetric_cipher":"aes-128-cbc","symmetric_auth":"sha1","handshake_enc":"rsa2048","cmd":"connect"}
[01:40:31:839] [Ti.API] [Information] setup polling: connection_status 500
[01:40:31:840] [Ti.API] [Information] stop polling connection_status
[01:40:32:641] [Ti.API] [Information] sent cmd: 16: {"cmd":"keepalive"}
Looking for more places
What does "lsmod" give you?
Without the kernel module, the ioctls won't work. Creating the device node will only help if the module is loaded but the devfs manager failed to create the device itself.
'lsmod | grep -i tun'
in a terminal window. I get nothing?
.
It could also be compiled into the kernel directly, in which case it would not show up in either of those places.
I currently don't know of a sure way to verify TUN/TAP support in the kernel without the module being explicitely loaded. If /proc/config.gz is available, "zcat /proc/config.gz | grep CONFIG_TUN" should work...
Most distributions put nearly all drivers into modules, so it's a good indicator if it's not there. It's also often missing from mobile or embedded linux systems sometimes, because they have a need to preserve space and/or memory.
You could install these dependencies on your own, and either edit the installer script to skip the apt calls or "ln -s /usr/local/bin/apt-get `which true`", which should give you a nice way to make these calls do nothing.
We've previously (scroll...) tried to convince PIA to directly provide distribution specific packages or at least an installer with less bundled stuff to make it easier to integrate PIA Manager into distribution package management. No reaction so far.
If you skip installing dependencies, the app will not run correctly. You'll notice, check some of the error messages in this thread and the alpha thread.
Thanks!
BTW: Ubuntu 12.04 LTS 64bit, not a fresh install.
OS : Linux mint 16 cinnamon 64 bits
Error : Authorization failure
Update Sun Dec 8 22:07:53 UTC 2013
v.35 update. Installer link has been updated.
at the top of this post. Downloaded v.35 and installed over top of v.34 with no issues or errors with the install.
Still seeing leaking DNS though when testing at http://dnsleak.com ? As noted over in the 'IPv6 Leak • DNS Leak • E-Mail IP Leak' post.
.
I just noticed that the PIA VPN Beta Linux client, once connected, is configuring my '/etc/resolv.conf' to:
nameserver 8.8.8.8
nameserver 8.8.4.4
Is this right?
I thought to prevent DNS leaks it would be:
nameserver 209.222.18.222
nameserver 209.222.18.218
as mentioned here: https://www.privateinternetaccess.com/pages/client-support/ under the heading 'DNS Leak Protection' ?
.
Edit (Dec 09, 2013 11:41 (CST))
@support
__Nevermind__
Now that I take a look at the PIA VPN client on Win7 I see it has a DNS leak protect option whereas the Linux Beta does not.
So
I guess _without_ the DNS leak protection turned on, the PIA VPN client
defaults to google's DNS servers or I guess whatever is available on
the client's network?
.
.