PIA stuck connecting on Ubuntu 17.10
This is a fresh Ubuntu install along with any updates the release. PIA is stuck Connecting and never succeeds. When I look in the looks I see various connection refused errors.
From pia_manager.log
openvpn.log is empty. And no openvpn pid file
This is using version p75 which is the same I have on another Ubuntu 17.10 where it works fine. (This machine is a new install of 17.10)
Any ideas on whats going on and how to fix?
Thanks
From pia_manager.log
[2017-12-03T03:53:23.586Z] <debug> #28789/9018500 |OpenvpnManager| Connecting to OpenVPN^@ [2017-12-03T03:53:23.586Z] <debug> #28789/9018500 |OpenvpnManager| #<Errno::ECONNREFUSED: Connection refused - connect(2)> /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1334:in `initialize' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1334:in `open' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1334:in `block (2 levels) in cmd' /home/svasan/.pia_manager/pia_manager/pia_common.rb:314:in `timeout' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1332:in `block in cmd' <internal:prelude>:10:in `synchronize' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1328:in `cmd' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1295:in `block (2 levels) in wait_management' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1293:in `loop' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1293:in `block in wait_management' /home/svasan/.pia_manager/pia_manager/pia_common.rb:314:in `timeout' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:1292:in `wait_management' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:42:in `block (3 levels) in resume_from_old_state' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:189:in `ipv6leak_ignore_disconnect' /home/svasan/.pia_manager/pia_manager/openvpn_manager.rb:41:in `block (2 levels) in resume_from_old_state'^@From pia_nw.log
[2017-12-03T03:53:26.082Z] <error> |daemon| Command error {"code":"ECONNREFUSED","errno":"ECONNREFUSED","syscall":"connect","address":"127.0.0.1","port":31743}
[2017-12-03T03:53:26.082Z] <info> |daemon| Command failed {"cmd":"status","params":{}}
[2017-12-03T03:53:26.082Z] <debug> |daemon| Giving up
[2017-12-03T03:53:26.083Z] <error> |error| Error: connect ECONNREFUSED 127.0.0.1:31743
at Object.exports._errnoException (util.js:890:11)
at exports._exceptionWithHostPort (util.js:913:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1061:14)
[2017-12-03T03:53:26.083Z] <debug> |status| Error getting subscription {"code":"ECONNREFUSED","errno":"ECONNREFUSED","syscall":"connect","address":"127.0.0.1","port":31743}
openvpn.log is empty. And no openvpn pid file
This is using version p75 which is the same I have on another Ubuntu 17.10 where it works fine. (This machine is a new install of 17.10)
Any ideas on whats going on and how to fix?
Thanks
Comments
I still see the same issue though after following those instructions. I moved .pia_manager out $HOME and into /opt. (The full install is not encrypted. Just my home dir).
Anything else I should try?
EDIT: Rephrase. Also, I did a fresh install of pia just to be sure and moved it to /opt. Didn't help.
I'm using Ubuntu 17.10 (PIA v75)
Before I've even attempted to connect to the VPN pia_manager.log is getting filled with these errors.
https://gist.github.com/anonymous/a3e1ba5b4dcd591d38ce556bdcac259c
Then here is the log once I attempt to connect (includes previous errors)
https://gist.github.com/anonymous/a47eed4108d549e161eed3859351ffe1
openvpn.log is always empty
If I run ~/.pia_manager/pia_manager/run.sh and attempt to connect it just says "security error", and when I exit the application it displays these errors
#### this is where I exit the application ####
I may have misunderstood what you mean.
that would be chmod u+s root.owned.executable.file or chmod 4751 root.owned.executable.file
what you did is equivalently chmod 0777 user.owned.executable.file
(do not set g+w nor o+rw on a root owned suid file - it is quite unwise)
see https://en.wikipedia.org/wiki/Setuid
Below is the log from running ~/.pia_manager/pia_manager/run.sh (Just to clarify I have kill-switch off, I don't know why it should be trying to do anything with that.)
If it still doesn't work there's likely something wrong with your /tmp mount or the filesystem your home directory lives on. The SUID binary is necessary for PIA to operate otherwise it won't escalate privileges properly. If the SUID launcher detects anything it doesn't like that could potentially allow the user to edit the root code, it immediately aborts with "security error". So you're failing an integrity check and we need to find out why.
Since you mentioned /tmp it's probably relevant that to reduce writes to my SSD I have a separate HDD partition mounted at /tmp, since I've started using this setup I've reinstalled my operating system multiple times, I suspect the permissions have been corrupted over time.
When I reinstall my system in the future I'll wipe the /tmp partition to hopefully fix any conflicts.
As mentioned in my edit above from yesterday, I did try a fresh install. There are two reports here. dang reported the other failure and has been trying out chmod/chown above. I haven't. I have the encrypted fs, and following your previous message moved the install to /opt but that didn't help. I've tried a fresh install too.
My steps for the fresh install (I tried again):
Permissions of /opt/pia_manager: drwxr-xr-x (owner:group is my user and group)
Permissions of openvpn_launcher.64: -rwsrwxr-x (owner is root; group is my group)
Both are the defaults from the install. I didn't change them.
At this point, run ~/.pia.sh; put in username/password. PIA still gets stuck connecting.
I do get the 'security error' by running the command for openvpn_launcher.64 from pia_manager.log on the commandline. Though no logs to pin point what it is complaining about. It would help if that error was more descriptive.
What else do I check for?
EDIT: /tmp permissions: drwxrwxrwt and my home dir permissions: drwx------
Started happening again shortly after saying it was working, tried loads of stuff and no success, time to try a fresh install I guess...
--
Formatted my /tmp partition, deleted configuration files on my home partition (.config, .cache, .local etc, basically everything except documents & media), formatted system partition, reinstalled Ubuntu, installed PIA, didn't work...
--
Going to try disabling my tmp partition... I'll update
--
Didn't work, going to try disabling my home partition, eek!
--
Worked when I disabled home partition, I'll investigate!
--
Wow I feel like a world-class ball sack... home partition was mounted with nosuid mount option...
Ha, happens to the best of us. In all fairness, /home isn't quite meant to contain suid root binaries in the user's home directory and PIA really shouldn't be installing there... It only does so for legacy reasons and it will be fixed, but we're kinda stuck with it for now.
Glad you got it working!
I don't believe I messed with the home dir permissions. (Its only been a week or so since the install though its possible that I messed it up and forgot. But I don't see any chmod for this in my history for this and it seems to go all the way back.)
If you expected this to be 0755, is it possible that this is mounted this way by ecryptfs?
I can try changing it but have another question: since pia/openvpn are both running either as me or root do the group permissions matter?
EDIT : Yea, looks like thats from ecryptfs per the answer https://askubuntu.com/questions/82538/is-my-encrypted-home-folder-open-to-other-users-when-i-am-logged-in (unless it changed after that I guess
are you in the same situation as dang? encrypted home dir? home filesystem mounted with nosuid option?
I started this thread and do have a encrypted home directory and I did try the /opt method pointed out by @Max-P. @dang has a similar problem but does *not* have an encrytped filesystem per his first message.
I detailed my steps above in my Dec 5th message - I have an encrypted home dir; have tried moving pia install to /opt with no success; folder permissions are listed.
hth to clear any confusion. Any help to debug is appreciated. It would be nice if the openvpn_launcher binary actually printed out what check is failing instead of just saying security error.
I didn't reinstall pia since or change anything else for it except I did edit the .desktop file today to point directly to /opt/pia_manager. But it works either way now and also via ~/pia.sh which is using the symlink.
So don't know whats different. I did a restart in the last couple of days after some updates. It could be the updates changed something else that was related or maybe I needed a restart after the pia reinstall?
In any case, pia works for me too now.
sudo mv ~/.pia_manager /opt/
ln -s /opt/.pia_manager/ ~/.pia_manager
then...
cd ~/.pia_manager/pia_manager
./run.sh
then... same error as before
$ ./run.sh
kill: (1984): No such process
pia_nw: no process found
[0111/151229.518048:WARNING:chrome_main_delegate.cc(586)] final extension:
[3442:3442:0111/151230.120741:ERROR:browser_main_loop.cc(264)] GLib-GObject: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
security error
security error
security error
security error
then... <ctrl-c>
^C
<me>@<;computer>:~/.pia_manager/pia_manager$ iptables v1.6.1: Couldn't load target `PIA_KILLSWITCH_OUTPUT_RULES':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.6.1: Couldn't load target `PIA_KILLSWITCH_OUTPUT_RULES':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.6.1: Couldn't load target `PIA_KILLSWITCH_OUTPUT_RULES':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
pia_nw: no process found
Moving the directory is not sufficient. The bug also causes PIA to create a file in /tmp with the wrong permissions, and it will continue failing until that file is removed as well.