PIA version 78 Linux Mint 18.3 Cinnamon: Cannot Connect to VPN

MrSelfDestructMrSelfDestruct
in Linux VPN Setup
This was also happening in version 77, but I couldn't find any info on this at all, so I was waiting for the next version, but it is still happening. It is happening on two different PCs running the same version of Mint as the title, and I have tried running it with both the stock openvpn, the updated stable openvpn, and the updated testing openvpn. None of which work, neither for version 78 or 77. 

As for how it's not working, it will launch and allow me to access the menus, but if I try to connect, it will softlock on the connecting stage. I can get the program to open another menu or such, but I cannot disconnect it manually at this point as it is just stuck. 

I am more than happy to help out someone who is a bit more experienced with diagnosing problems with this program and openvpn so just tell me what you need and I'll get it to you (logs, etc.)

Comments

  • martoufmartouf
    manually test using the first line in
      https://www.privateinternetaccess.com/forum/discussion/comment/49793/#Comment_49793

    (use the PIA-prepared 'ovpn' files found at https://www.privateinternetaccess.com/openvpn/openvpn.zip )

    for more information, go to the "Download & Support" page at PIA and expand the "Advanced OpenVPN SSL Usage Guides" section

  • MrSelfDestructMrSelfDestruct
    edited April 2018
    The manual connection via terminal works:  

    Thu Apr  5 15:46:03 2018 OpenVPN 2.4.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar  1 2018
    Thu Apr  5 15:46:03 2018 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
    Enter Auth Username: p*********
    Enter Auth Password: ********************************
    Thu Apr  5 15:46:33 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]64.237.52.136:1198
    Thu Apr  5 15:46:33 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
    Thu Apr  5 15:46:33 2018 UDP link local: (not bound)
    Thu Apr  5 15:46:33 2018 UDP link remote: [AF_INET]64.237.52.136:1198
    Thu Apr  5 15:46:33 2018 TLS: Initial packet from [AF_INET]64.237.52.136:1198, sid=49027086 4d5bf76b
    Thu Apr  5 15:46:33 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Thu Apr  5 15:46:33 2018 VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
    Thu Apr  5 15:46:33 2018 VERIFY KU OK
    Thu Apr  5 15:46:33 2018 Validating certificate extended key usage
    Thu Apr  5 15:46:33 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Thu Apr  5 15:46:33 2018 VERIFY EKU OK
    Thu Apr  5 15:46:33 2018 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=17d3d801bb31dc1e4998cf4e0b8e5958, name=17d3d801bb31dc1e4998cf4e0b8e5958
    Thu Apr  5 15:46:34 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Thu Apr  5 15:46:34 2018 [17d3d801bb31dc1e4998cf4e0b8e5958] Peer Connection Initiated with [AF_INET]64.237.52.136:1198
    Thu Apr  5 15:46:35 2018 SENT CONTROL [17d3d801bb31dc1e4998cf4e0b8e5958]: 'PUSH_REQUEST' (status=1)
    Thu Apr  5 15:46:35 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.82.10.1,topology net30,ifconfig 10.82.10.6 10.82.10.5,auth-token'
    Thu Apr  5 15:46:35 2018 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Apr  5 15:46:35 2018 OPTIONS IMPORT: compression parms modified
    Thu Apr  5 15:46:35 2018 OPTIONS IMPORT: --ifconfig/up options modified
    Thu Apr  5 15:46:35 2018 OPTIONS IMPORT: route options modified
    Thu Apr  5 15:46:35 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Thu Apr  5 15:46:35 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
    Thu Apr  5 15:46:35 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Apr  5 15:46:35 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
    Thu Apr  5 15:46:35 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Apr  5 15:46:35 2018 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp2s0 HWADDR=44:1c:a8:aa:5b:49
    Thu Apr  5 15:46:35 2018 TUN/TAP device tun0 opened
    Thu Apr  5 15:46:35 2018 TUN/TAP TX queue length set to 100
    Thu Apr  5 15:46:35 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Thu Apr  5 15:46:35 2018 /sbin/ip link set dev tun0 up mtu 1500
    Thu Apr  5 15:46:35 2018 /sbin/ip addr add dev tun0 local 10.82.10.6 peer 10.82.10.5
    Thu Apr  5 15:46:35 2018 /sbin/ip route add 64.237.52.136/32 via 192.168.1.1
    Thu Apr  5 15:46:35 2018 /sbin/ip route add 0.0.0.0/1 via 10.82.10.5
    Thu Apr  5 15:46:35 2018 /sbin/ip route add 128.0.0.0/1 via 10.82.10.5
    Thu Apr  5 15:46:35 2018 /sbin/ip route add 10.82.10.1/32 via 10.82.10.5
    Thu Apr  5 15:46:35 2018 Initialization Sequence Completed

    Immediately testing afterward, the PIA client still does not connect and hangs completely on the "connecting" stage.
  • martoufmartouf
    ummm.. ouch, my eyes. it is possible to edit your post - click on the 'gear' to the right of "Flag" at the top of the post.
    left-justify, please...

    okay. it appears the basic level of your tech is functional.  it would seem the PIA install is busted in some way.
    when running the PIA install: *do not* run it as root or with sudo .

    refer to this for how to remove previous/busted installs
      https://www.privateinternetaccess.com/forum/discussion/comment/55026/#Comment_55026

  • MrSelfDestructMrSelfDestruct
    Edited the last post to fix the format issue.

    Followed your suggestion from that forum. It still does not connect even after wiping the data completely from both /opt/ and from ~

    Also, I have never installed it as root (and only give it sudo when it asks for it during its dependency check with apt.)

    Any thoughts on how to proceed from here? There's definitely some issue because it affects two completely separate computers of mine running the same version of Linux Mint.
  • martoufmartouf
    missing prerequisite, then, it would seem. hmm. package or GUI module? i think it's time for @Max-P to weigh in..
  • martoufmartouf
    while you're waiting on Max, the log files which should show where the one system is falling down and the other is not will be found in ~/.pia_manager/log/...
  • MrSelfDestructMrSelfDestruct
    @martouf I have the logs prepared, waiting for further help. Still haven't been able to get it to work at all so far.
  • martoufmartouf
    where is the one set of logs different than the other set?  (see sdiff )
  • Max-PMax-P
    That's rather strange. Does the whole app lock up, or does the menu just stop responding to actions on it?

    What's your debug log ID?
  • MrSelfDestructMrSelfDestruct
    @Max-P Sorry for the delay. 

    The debug log on what I will call laptop #2 (since I have two Linux Mint 18.3 laptops with the same issue) is D 5 E D 1

    Updating to version version 79 also had no effect, but I don't think this version changed anything in Linux anyway. 

    As for what is going on, it just stays on the "connecting" phase of the notification widget and never connects. I can interact with even after it gets to the connecting phase, but the only thing it won't let me do at that point is disconnect from the connecting phase. It just stays there until I exit it (that also works properly). 
  • MrSelfDestructMrSelfDestruct
    Laptop #1's debug log is A 4 F A B
  • MrSelfDestructMrSelfDestruct
    Not meaning to be pushy or impolite, but what is the progress on a solution? These two laptops I use very often on Linux Mint, and it's pretty bad that neither of them can run PIA properly anymore no matter what I do. If you need anymore information, I am very willing to provide it in order to make a solution more possible.
  • martoufmartouf
    but you can run a PIA VPN properly, since you have the additional options of: NetworkManager, manually, and scripted (the latter two using openvpn directly)
  • MrSelfDestructMrSelfDestruct
    I would really prefer to continue using the official application, but I will continue the other method until I find a solution to fix the application. I might take a look at the unofficial client for Linux Mint too, but I can't say for its quality until I try it.
  • [Deleted User][Deleted User]
    @MrSelfDestruct Ah, sorry for the delay - Max has been really busy with other projects recently, but I'm betting I can help you with this. I'm seeing a lot of security errors in your log, which probably means that there are permissions issues at play. Any chance you could post the output of the following?
    mount
    ls -ld /opt/pia
    ls -l /opt/pia/
  • MrSelfDestructMrSelfDestruct
    edited May 2018
    @PIAColleen

    $ mount
    sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
    proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
    udev on /dev type devtmpfs (rw,nosuid,relatime,size=1930044k,nr_inodes=482511,mode=755)
    devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
    tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=391896k,mode=755)
    /dev/sda6 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
    securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
    tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
    tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
    tmpfs on /sys/fs/cgroup type tmpfs (rw,mode=755)
    cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
    pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
    cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,clone_children)
    cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
    cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids)
    cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb)
    cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event)
    cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
    cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
    cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
    cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
    cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
    cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma)
    systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=28,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13652)
    debugfs on /sys/kernel/debug type debugfs (rw,relatime)
    hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
    mqueue on /dev/mqueue type mqueue (rw,relatime)
    configfs on /sys/kernel/config type configfs (rw,relatime)
    fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)

  • MrSelfDestructMrSelfDestruct
    $ ls -ld /opt/pia
    drwxr-xr-x 10 root root 4096 Apr 19 14:33 /opt/pia
  • MrSelfDestructMrSelfDestruct
    $ ls -l /opt/pia/
    total 13392
    drwxr-xr-x 5 root root    4096 Apr 11 12:20 frontend
    drwxr-xr-x 4 root root    4096 Apr 11 12:20 nwjs
    drwxr-xr-x 2 root root    4096 Apr 11 12:20 openvpn-32
    drwxr-xr-x 2 root root    4096 Apr 11 12:20 openvpn-64
    -rwsr-xr-x 1 root root 6833380 Apr 11 12:20 openvpn_launcher.32
    -rwsr-xr-x 1 root root 6839296 Apr 11 12:20 openvpn_launcher.64
    drwxr-xr-x 3 root root    4096 Apr 11 12:20 pia_manager
    drwxr-xr-x 2 root root    4096 Apr 11 12:20 rgloader
    drwxr-xr-x 2 root root    4096 Apr 11 12:20 root_runner
    drwxr-xr-x 4 root root    4096 Apr 19 14:33 ruby
    -rwxr-xr-x 1 root root     167 Apr 11 12:20 run.sh
  • martoufmartouf
    the filesystem mount at /dev/sda6 looks ordinary. and the /opt/pia stuff looks the same as mine.
  • Max-PMax-P
    edited May 2018
    Sorry for the delays, as Colleen said I was quite busy last week.

    #<OpenvpnManager::RootRunnerError: /opt/pia/root_runner/boot.rb:16: warning: Insecure world writable dir /opt in LOAD_PATH, mode 040777

    Sounds like it's the /opt directory itself that's the issue and not just /opt/pia. Try these:

    sudo chmod 0755 /opt
    sudo chown root:root /opt

    This should set permissions to something the root runner likes more.
  • MrSelfDestructMrSelfDestruct
    @Max-P

    Yep that solved it. I must have messed up the permissions when trying to put TOR in there (I don't think I reverted what I did to try to solve that so that must have caused the problem.) And no worries about the delay—I just wanted to know that I was left forgotten with this issue, haha.

    Thank you for the help. Very much appreciated @Max-P @martouf and @PIAColleen
Sign In or Register to comment.