Unable to connect

edited August 13 in Linux VPN Setup Posts: 27
When i try to connect to a server the icon turns grey, stays like that for a few minutes, then turns red again with no errors or other indication. Have tried other servers. i keep reading things to try, but is there a solid checkist of troubleshooting steps anywhere? I'm pretty comfortable with t/s'ing in windows, but not so much with linux. I haven't been able to find one page with all of the basic t/sing. the info seems scattered among different pages and forums..This is a really common problem and i've tried a lot of the t/s steps, but Isn't there anything that will tell me what the problem is instead of just randomly trying things out to see what will happen? Isn't there a log that will say what is happening or not happening internally so at least i have a clue? 

The help pages i've seen so far are either too basic or way over my head. The support reps keep responding to my emails with what looks like form a copy of their web pages, except the last letter i sent they didn't respond to, probably because i asked how i can cancel pia, i haven't been able to use it for a few months now.

Thanks!
.
Post edited by Blablablabla on
«1

Comments

  • Posts: 233
    Hi there, @Blablablabla,

    I've just checked in our support system, and the only recent ticket I can find is in regards to a Windows machine. Have you sent in a ticket using another email? Please DM me the ticket number that references this linux issue and I'll be happy to help you.
  • edited August 13 Posts: 27
    Yeah i am on linux, i thought this was a linux section.. i told them that in the email but they must not have read it, the help they kept sending were copies of what is already in your web pages for windows, and i had already spent a lot of time with that before i installed linux. Are you saying i need to start this over again and make a new ticket? When they finally responded it was literally weeks later, i had given up and installed linux. It makes sense if i need to, to make sure it goes to a linux queue, but i'm not sure what good it will do if they just copy and paste what's already in your pages, i've already tried that, maybe i did something wrong but have repeated much of it.

    I'm pretty comfortable with t/s'ing in windows, but not so much with linux. I haven't been able to find one page with all of the basic t/sing. the info seems scattered among different pages and forums..This is a really common problem and i've tried a lot of the t/s steps, but Isn't there anything that will tell me what the problem is instead of just randomly trying things out to see what will happen? Isn't there a log that will say what is happening or not happening internally so at least i have a clue? 

    The help pages i've seen so far are either too basic or way over my head. The support reps keep responding to my emails with what looks like form a copy of their web pages, except the last letter i sent they didn't respond to, probably because i asked how i can cancel pia, i haven't been able to use it for a few months now.
    Post edited by Blablablabla on
  • Posts: 5
    Knowing what distro you're running would help.
  • Posts: 298
    you use very many words to say only a little. this forum category repeatedly instructs troubleshooting should being with openvpn operated manually using the PIA-prepared ovpn files.
  • edited August 14 Posts: 27
    I installed the lubuntu distro, 17.04. I picked that one because it's less resource intensive so will run on slower systems, so far it's been decent on a core2 duo.

    Other info- I'm using wifi on a laptop, no connectivity problems when not using PIA. I've only installed the pia software (latest), no other net utilities (so no openVPN or anything similar. Have tried other servers, have tried disabling/enabling other options in PIA, changing port etc, all of them give same results mentioned. As soon as i exit pia, connectivity is back.

    Martouf- Ok, i didn't know there were so many rules. Most of that letter was to the PIA rep.

    I did a google search originally, which got me to this page: https://www.privateinternetaccess.com/forum/categories/linux-vpn-setup

    Then i looked for awhile for a thread that might be similar, i found a few things that seemed close, tried some things. I didn't see anything about it being an openVPN forum. I still wasn't able to fix it so i decided to make a new forum post. I didn't spend any time at all reading the TOS or fine print but never saw openVPN anywhere.

    I copied and pasted some of that from the original because they were asking about things that i already typed, rather than have to type it again, i've already typed it so many times in emails. At some point i'd like to use openVPN but i'd just like to get the basic VPN working first. 
    Post edited by Blablablabla on
  • I did all of the steps here:
    https://www.privateinternetaccess.com/forum/discussion/23747/pia-on-ubuntu-17-04#latest

    (TL;DR Move pia_manager to /opt/, Install net-tools, modify run.sh, reboot..)

    Thanks to aghorler for summarizing everything. I had done most of that at other times though.

    I also tried filling in the wrong password- that didn't change anything surprisingly- the icon still stayed grey and it just went on trying to connect until (i iguess) it times out and disconnected, no password error.

    I'm not familiar with the logs but looking through them i don't see anything that suggests any problems, though i'm not sure which file i should be looking at- i looked at them all, i don't see a way to see a timestamp for the files, the file manager says they were all modified today.


  • I even didn't face that kind of issue yet. So no idea on that. Thank you!
  • I read a good article here. If you would like to recover your router password you can take a look here http://19216811.guru/blog/a-how-to-guide-for-setting-up-any-router

  • Posts: 298
    out of the entire post, this:
    As soon as i exit pia, connectivity is back.

    Martouf- Ok, i didn't know there were so many rules.

    rules? i said nothing about rules. in case you are unaware: this forum provides a search function. the topic of someone with connectivity problems comes up again and again.

    to address your issue: what is the content of your resolv.conf file

    1. before you activate the VPN  ?

    2. after you activate the VPN   ?

  • I don't know what resolv.conf is or where it's located, i'll try to work this out another way, thanks
  • Posts: 1
    martouf said:
    you use very many words to say only a little. this forum category repeatedly instructs troubleshooting should being with openvpn operated manually using the PIA-prepared ovpn files.
    If you have no help to offer, move along;  don't harass people with real problems looking for solutions. Use the time to improve your English.
  • Posts: 298
    @hatebadCS you attempt to critique perfectly formed English. tosser.

    the help on offer is the way forward with information gained from properly testing and reporting what occurs. if one cannot learn the importance of resolv.conf nor where it is located in the file system, then there is no hope for assistance from a remote location.
  • edited August 15 Posts: 27
    I mentioned i'm new with linux, so don't know what that file is, anyone can google it to find out, but then what is the point of asking for help here on PIA's own forum. I've already been educating myself for a few weeks- mostly with things that didn't help the original problem, which is fine, i learned a lot. i just want to get the vpn working, i can learn about how important that file is another time.
    Post edited by Blablablabla on
  • edited August 16 Posts: 27
    Apparently the location of that file changes depending, eventually a found it. I don't know what you mean by activating the vpn- this is the original problem, i can't get it to work. But i opened resolve.conf (in /etc/) and it only had:

    nameserver 127.0.0.53 

    i guess it's safe to assume if something is supposed to modify it, that can't happen while it's open so i closed resolve.conf, loaded the pia software and after it said it was trying to connect i reloaded resolv, it still only has:

    nameserver 127.0.0.53

    .
    Post edited by Blablablabla on
  • edited August 16 Posts: 27
    I still can't find anything that says i need to have openVPN to ask for help here, can you paste a link to where it says that? Thanks!
    Post edited by Blablablabla on
  • edited August 16 Posts: 298
    @Blablablabla ; the PIA service and PIA-supplied software makes use of OpenVPN.

    Good on you for figuring out something is supposed to update resolv.conf .. the something is OpenVPN when activated, and then the contents are supposed to be restored when the VPN is deactivated.

    You report you can access network resources (like google.com) when the VPN is down/deactivated.
    Next is to get you to the point where you can do the same with the VPN up/activated.

    Make sure the openvpn and net-tools packages are installed.

    Get the PIA-prepared ovpn files using
    wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
    or just use your browser to grab the collection at
      https://www.privateinternetaccess.com/openvpn/openvpn.zip
    and unzip them into a convenient directory.

    cd /path/to/convenient/directory

    Commands to use are:
    sudo openvpn --config name_of_pia_server_site.ovpn --verb 3
    or
    sudo openvpn --config LocationNameOfServer.ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --verb 3


    Post edited by martouf on
  • edited August 16 Posts: 27
    I had already downloaded/extracted that, but i couldn't get it to work, the instructions i found were similar to yours. The filename i need has spaces in it, none of these seemed to work:

    sudo openvpn --config 'US\ City.ovpn' --verb 3 (space after \)
    sudo openvpn --config US\_City.ovpn --verb 3
    sudo openvpn --config 'US\_City.ovpn' --verb 3

    All of them gave the error:

    Options error: In [CMD-LINE]:1: Error opening configuration file: (City.ovpn)

    Heck with it, i renamed it to take the space out after working out how to launch the filemanager as root. Now it's asking for auth username, eventually found that it's not a default password, it's just the linux login, now i have a few lines that say:

    Socket Buffers: (...)
    Tue Aug 15 20:04:18 2017 UDP link local: (not bound)
    Tue Aug 15 20:04:18 2017 UDP link remote: [AF_INET] (...)

    The pia page still says "You are not protected". No errors so i take it this is expected, but I don't know what to do from here

    thanks
    Post edited by Blablablabla on
  • Posts: 298
    progress!

    you needed double quotes around the filename with the space in it. plus points for renaming the file as a workaround. good instinct.

    the 'auth username' and password are those for your PIA account.

    your distro being an Ubuntu type, there should be a /etc/openvpn/update-resolv-conf file. That being the case, the second openvpn command is the one for you.
  • Ok. there were errors:

    Tue Aug 15 21:18:05 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Tue Aug 15 21:18:05 2017 TCP/UDP: Preserving recently used remote address: [AF_INET](ip address:port)
    (etc...)
    Tue Aug 15 21:19:05 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Tue Aug 15 21:19:05 2017 TLS Error: TLS handshake failed
    Tue Aug 15 21:19:05 2017 SIGUSR1[soft,tls-error] received, process restarting
    Tue Aug 15 21:19:05 2017 Restart pause, 5 second(s)
    Tue Aug 15 21:19:10 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    It repeats after that. 

    I realized i had the pia client loaded, i exited it then retried, same. I haven't rebooted anytime recently, will do that..



  • Seems to be the same after reboot. I don't know what i'm looking for so i wait until it times out and an error happens. Is something colorful supposed to happen right away?
  • edited August 16 Posts: 298
    so when you installed the openvpn package, how exactly did you do it?

    and please do post the whole command line when you start up the VPN plus the whole console log.
    Post edited by martouf on
  • It was the same thing you said- downloaded it, extracted it, but i ran the first option-

    sudo openvpn --cityname.ovpn --verb 3

    But i don't think the instructions had the --verb 3 on the end. That was where i stopped, i couldn't get it to run because of the space, i didn't have time at the time to figure it out so i gave up easy. In windows you can rip out the tcpip stack or take the registry back to before the install, is there something similar here? I'm guessing i can't just remove the files to start over.. Hopefully it's not going to be a OS reinstall..

    Just last night i read that the pia software isn't open source, and i like your idea better- the whole point of switching to linux was to use all open source software. i guess anyone can find out if they spend more time, but it would be good if they mention it's not open source on the dl page..

  • I looked through the downloads- the openvpn i had was from the same link as you had, i don't see any differences except for the openVPN command i used.
  • Posts: 298
    sudo openvpn --config "Name of City with Spaces.ovpn" --verb 3
    (the verbosity level is set to 3. the level set in the ovpn file isn't helpful enough)

    as I wrote, though, you have a Ubuntu distro and I am fairly certain you have the /etc/opevpn/update-resolv-conf script. Use the file browser or ls /etc/openvpn to confirm. If that is the case, you should be using the second command because that's how the content of resolv.conf will get updated when the VPN is activated. You need proper content in that file to be able to resolve a name like "google.com" to the actual Internet address. Without this working, you will have no apparent 'connectivity'.

    find the package manager in your distro and dredge up the package version of openvpn on your system. or try openvpn --version and don't leave anything out when you paste the results, please.
  • Posts: 298
    oh, and no, you won't have to do anything silly like reinstall the entire OS to fix some 'factory install' braindamage.
  • I do see update-resolv-conf in that folder.

    The second option you had was:

    sudo openvpn --config LocationNameOfServer.ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --verb 3

    That was what i used (with the right filename). But i should type:

    sudo openvpn --config "Name of City with Spaces.ovpn" --verb 3

    instead? Maybe i am reading it wrong. i used the long version, i'll try the short one. I just did, but has the same errors.

    i don't know what i should be seeing, so i'm using pia's homepage to tell if the VPN is active (where it says "not protected").

    That data is ok to post public? i don't know enough about linux to know what's good for public and what's not. Here's the 1st few lines with the versions- 

    OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 22 2017
    library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
    Originally developed by James Yonan
    Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>

    I am reading other pages meanwhile,  if it helps, someone with similar errors says:

    It was a problem with the port forwarding rule I created on my gateway. OpenVPN is configured to use UDP, and I forgot to switch from TCP to UDP on the gateway as I usually don't use that protocol. The forwarding rule now uses UDP, and my VPN is functional."

    I might be able to work out what it says in a few days..

    From: https://serverfault.com/questions/709860/fix-tls-error-tls-handshake-failed-on-openvpn-client

  • I tried what i did with the pia software- i entered the wrong log/pass. and that still gives the same output.

    Changing the options last time i used the pia software- does that change variables in the system, could that be causing a problem..

    I verified the FW isn't active

    Logged into the pia main page with l/p to verify i'm using the right login.

    I followed the directions here:
    https://www.privateinternetaccess.com/pages/client-support/ubuntu-openvpn

    But i think the only thing that did was let me use a gui to get the same results, only it doesn't show me the errors so there are even fewer clues.. I can use the VPN connections in task bar to try to connect to pia servers, but they always timeout. I tried using an invalid pw again, and it responds exactly the same way- the network icon alternates between the circle of dots it has when it's trying to connect, and a tiny lock.
  • edited August 17 Posts: 298
    okay, so you've got a quite recent version of openvpn installed (2.4.0).  good. you really could have posted all the output from openvpn --version but at least you posted enough to be sure you hadn't managed to grab ahold of some ancient version.

    you really must post everything output on the console after making the attempt to activate the VPN manually. Use the PIA account name and the password for that account when prompted by openvpn.
    All the lines after you enter the password have importance but are not sensitive.
    cat /etc/resolv.conf will dump the contents of resolv.conf on the console so you can post it, too.

    ps: if your firewall is configured in a normal way, it should not be the cause of any problems. you are establishing a VPN by reaching out to a distant server, which is little different than reaching out to load a web page.
    Post edited by martouf on
  • The only thing in resolv is: nameserver 127.0.0.53 with a few ignored (#) lines on top

    I posted the output before i just changed an ip address i think- i just ran it again tho: sudo openvpn --config "cityname.ovpn" --verb 3

    The output:

    Thu Aug 17 12:56:01 2017 TCP/UDP: Preserving recently used remote address: [AF_INET](ip address):1198
    Thu Aug 17 12:56:01 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
    Thu Aug 17 12:56:01 2017 UDP link local: (not bound)
    Thu Aug 17 12:56:01 2017 UDP link remote: [AF_INET](ip address):1198

    It paused for a bit, then:

    Thu Aug 17 12:57:01 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Thu Aug 17 12:57:01 2017 TLS Error: TLS handshake failed
    Thu Aug 17 12:57:01 2017 SIGUSR1[soft,tls-error] received, process restarting
    Thu Aug 17 12:57:01 2017 Restart pause, 5 second(s)

    And it just repeats after that until i ctrl-C.

    I'm still not sure if you want me to use the openvpn command i did above, the 2nd option you listed originally was much longer:

    sudo openvpn --config "cityname.ovpn" --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --verb 3

    But they both have the same output.
  • I still have the pia software installed on another laptop- i just checked, it still works fine, i don't remember if i set any of the options but at least i can see what it's set to if that helps.
Sign In or Register to comment.