Unable to connect
When i try to connect to a server the icon turns grey, stays like that for a few minutes, then turns red again with no errors or other indication. Have tried other servers. i keep reading things to try, but is there a solid checkist of troubleshooting steps anywhere? I'm pretty comfortable with t/s'ing in windows, but not so much with linux. I haven't been able to find one page with all of the basic t/sing. the info seems scattered among different pages and forums..This is a really common problem and i've tried a lot of the t/s steps, but Isn't there anything that will tell me what the problem is instead of just randomly trying things out to see what will happen? Isn't there a log that will say what is happening or not happening internally so at least i have a clue?
The help pages i've seen so far are either too basic or way over my head. The support reps keep responding to my emails with what looks like form a copy of their web pages, except the last letter i sent they didn't respond to, probably because i asked how i can cancel pia, i haven't been able to use it for a few months now.
Thanks!
.
The help pages i've seen so far are either too basic or way over my head. The support reps keep responding to my emails with what looks like form a copy of their web pages, except the last letter i sent they didn't respond to, probably because i asked how i can cancel pia, i haven't been able to use it for a few months now.
Thanks!
.
Comments
I've just checked in our support system, and the only recent ticket I can find is in regards to a Windows machine. Have you sent in a ticket using another email? Please DM me the ticket number that references this linux issue and I'll be happy to help you.
I'm pretty comfortable with t/s'ing in windows, but not so much with linux. I haven't been able to find one page with all of the basic t/sing. the info seems scattered among different pages and forums..This is a really common problem and i've tried a lot of the t/s steps, but Isn't there anything that will tell me what the problem is instead of just randomly trying things out to see what will happen? Isn't there a log that will say what is happening or not happening internally so at least i have a clue?
The help pages i've seen so far are either too basic or way over my head. The support reps keep responding to my emails with what looks like form a copy of their web pages, except the last letter i sent they didn't respond to, probably because i asked how i can cancel pia, i haven't been able to use it for a few months now.
Other info- I'm using wifi on a laptop, no connectivity problems when not using PIA. I've only installed the pia software (latest), no other net utilities (so no openVPN or anything similar. Have tried other servers, have tried disabling/enabling other options in PIA, changing port etc, all of them give same results mentioned. As soon as i exit pia, connectivity is back.
Martouf- Ok, i didn't know there were so many rules. Most of that letter was to the PIA rep.
I did a google search originally, which got me to this page: https://www.privateinternetaccess.com/forum/categories/linux-vpn-setup
Then i looked for awhile for a thread that might be similar, i found a few things that seemed close, tried some things. I didn't see anything about it being an openVPN forum. I still wasn't able to fix it so i decided to make a new forum post. I didn't spend any time at all reading the TOS or fine print but never saw openVPN anywhere.
I copied and pasted some of that from the original because they were asking about things that i already typed, rather than have to type it again, i've already typed it so many times in emails. At some point i'd like to use openVPN but i'd just like to get the basic VPN working first.
https://www.privateinternetaccess.com/forum/discussion/23747/pia-on-ubuntu-17-04#latest
(TL;DR Move pia_manager to /opt/, Install net-tools, modify run.sh, reboot..)
Thanks to aghorler for summarizing everything. I had done most of that at other times though.
I also tried filling in the wrong password- that didn't change anything surprisingly- the icon still stayed grey and it just went on trying to connect until (i iguess) it times out and disconnected, no password error.
I'm not familiar with the logs but looking through them i don't see anything that suggests any problems, though i'm not sure which file i should be looking at- i looked at them all, i don't see a way to see a timestamp for the files, the file manager says they were all modified today.
rules? i said nothing about rules. in case you are unaware: this forum provides a search function. the topic of someone with connectivity problems comes up again and again.
to address your issue: what is the content of your resolv.conf file
1. before you activate the VPN ?
2. after you activate the VPN ?
the help on offer is the way forward with information gained from properly testing and reporting what occurs. if one cannot learn the importance of resolv.conf nor where it is located in the file system, then there is no hope for assistance from a remote location.
nameserver 127.0.0.53
i guess it's safe to assume if something is supposed to modify it, that can't happen while it's open so i closed resolve.conf, loaded the pia software and after it said it was trying to connect i reloaded resolv, it still only has:
nameserver 127.0.0.53
.
Good on you for figuring out something is supposed to update resolv.conf .. the something is OpenVPN when activated, and then the contents are supposed to be restored when the VPN is deactivated.
You report you can access network resources (like google.com) when the VPN is down/deactivated.
Next is to get you to the point where you can do the same with the VPN up/activated.
Make sure the openvpn and net-tools packages are installed.
Get the PIA-prepared ovpn files using
wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
or just use your browser to grab the collection at
https://www.privateinternetaccess.com/openvpn/openvpn.zip
and unzip them into a convenient directory.
cd /path/to/convenient/directory
Commands to use are:
sudo openvpn --config name_of_pia_server_site.ovpn --verb 3
or
sudo openvpn --config LocationNameOfServer.ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --verb 3
sudo openvpn --config 'US\ City.ovpn' --verb 3 (space after \)
sudo openvpn --config US\_City.ovpn --verb 3
sudo openvpn --config 'US\_City.ovpn' --verb 3
All of them gave the error:
Options error: In [CMD-LINE]:1: Error opening configuration file: (City.ovpn)
Heck with it, i renamed it to take the space out after working out how to launch the filemanager as root. Now it's asking for auth username, eventually found that it's not a default password, it's just the linux login, now i have a few lines that say:
The pia page still says "You are not protected". No errors so i take it this is expected, but I don't know what to do from here
thanks
you needed double quotes around the filename with the space in it. plus points for renaming the file as a workaround. good instinct.
the 'auth username' and password are those for your PIA account.
your distro being an Ubuntu type, there should be a /etc/openvpn/update-resolv-conf file. That being the case, the second openvpn command is the one for you.
I realized i had the pia client loaded, i exited it then retried, same. I haven't rebooted anytime recently, will do that..
and please do post the whole command line when you start up the VPN plus the whole console log.
sudo openvpn --cityname.ovpn --verb 3
But i don't think the instructions had the --verb 3 on the end. That was where i stopped, i couldn't get it to run because of the space, i didn't have time at the time to figure it out so i gave up easy. In windows you can rip out the tcpip stack or take the registry back to before the install, is there something similar here? I'm guessing i can't just remove the files to start over.. Hopefully it's not going to be a OS reinstall..
Just last night i read that the pia software isn't open source, and i like your idea better- the whole point of switching to linux was to use all open source software. i guess anyone can find out if they spend more time, but it would be good if they mention it's not open source on the dl page..
(the verbosity level is set to 3. the level set in the ovpn file isn't helpful enough)
as I wrote, though, you have a Ubuntu distro and I am fairly certain you have the /etc/opevpn/update-resolv-conf script. Use the file browser or ls /etc/openvpn to confirm. If that is the case, you should be using the second command because that's how the content of resolv.conf will get updated when the VPN is activated. You need proper content in that file to be able to resolve a name like "google.com" to the actual Internet address. Without this working, you will have no apparent 'connectivity'.
find the package manager in your distro and dredge up the package version of openvpn on your system. or try openvpn --version and don't leave anything out when you paste the results, please.
The second option you had was:
sudo openvpn --config LocationNameOfServer.ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --verb 3
That was what i used (with the right filename). But i should type:
sudo openvpn --config "Name of City with Spaces.ovpn" --verb 3
instead? Maybe i am reading it wrong. i used the long version, i'll try the short one. I just did, but has the same errors.
i don't know what i should be seeing, so i'm using pia's homepage to tell if the VPN is active (where it says "not protected").
That data is ok to post public? i don't know enough about linux to know what's good for public and what's not. Here's the 1st few lines with the versions-
I am reading other pages meanwhile, if it helps, someone with similar errors says:
It was a problem with the port forwarding rule I created on my gateway. OpenVPN is configured to use UDP, and I forgot to switch from TCP to UDP on the gateway as I usually don't use that protocol. The forwarding rule now uses UDP, and my VPN is functional."
I might be able to work out what it says in a few days..
From: https://serverfault.com/questions/709860/fix-tls-error-tls-handshake-failed-on-openvpn-client
Changing the options last time i used the pia software- does that change variables in the system, could that be causing a problem..
I verified the FW isn't active
Logged into the pia main page with l/p to verify i'm using the right login.
I followed the directions here:
https://www.privateinternetaccess.com/pages/client-support/ubuntu-openvpn
But i think the only thing that did was let me use a gui to get the same results, only it doesn't show me the errors so there are even fewer clues.. I can use the VPN connections in task bar to try to connect to pia servers, but they always timeout. I tried using an invalid pw again, and it responds exactly the same way- the network icon alternates between the circle of dots it has when it's trying to connect, and a tiny lock.
you really must post everything output on the console after making the attempt to activate the VPN manually. Use the PIA account name and the password for that account when prompted by openvpn.
All the lines after you enter the password have importance but are not sensitive.
cat /etc/resolv.conf will dump the contents of resolv.conf on the console so you can post it, too.
ps: if your firewall is configured in a normal way, it should not be the cause of any problems. you are establishing a VPN by reaching out to a distant server, which is little different than reaching out to load a web page.
I posted the output before i just changed an ip address i think- i just ran it again tho: sudo openvpn --config "cityname.ovpn" --verb 3
The output:
It paused for a bit, then:
And it just repeats after that until i ctrl-C.
I'm still not sure if you want me to use the openvpn command i did above, the 2nd option you listed originally was much longer:
sudo openvpn --config "cityname.ovpn" --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --verb 3
But they both have the same output.