Unidentified Network; No Internet Access?
Hello,
I've been using PIA for just a few days, and I've been getting disconnected from the internet a lot. When I diagnose this issue, I always see "DHCP not enabled." I let the computer fix that, but the error always comes back.
I think that my network settings are a little messed up.
The "Unidentified network" only showed up after using PIA. I tried disabling that and the "Local area connection 2," but then I would get no internet connection at all, despite it saying that I was connected to my home network.
What should I do?
Comments
The problem is that most OSes are painfully stupid about DHCP and will automatically use anything without ever prompting you for permission, nor even informing you that the connection you had was lost.
So the only way to be certain to stop this is to kill off DHCP altogether. What firewall do you use? Some of them can be told what IP ranges to allow outgoing packets to, and by making a rule for the VPN's 10.* IP range you can effectively have the benefits of the Kill Switch without having to lose DHCP and fix it repeatedly.
Others can tell you about how to do this. I will look for the articles where it was posted if someone does not post it here soon. (Time for me to sleep though. If it is not done by whenever I get up, I will start looking for the details.)
If it can be done for you, this would prevent the problem you are having, and still protect you from the chance of traffic slipping out over your unencrypted Internet connection. But do note that it will not mean you do not lose the connection if you lose contact to the VPN even for the briefest of moments. That is very intentional. It prevents a person from getting between you and the VPN and pretending to be the VPN or even relaying traffic through as if they were the VPN. (This sort of attack is generally called a "Man in the Middle" attack, and can defeat most security.)
*Edit* I tried searching for threads with "kill switch firewall IP" minus the quotes and read most everything back through late August. Anyone know what keywords I should be using to find the threads that discuss this?
The "Unidentified Network" is the TAP driver used by the VPN to tunnel encrypted information out to their servers. And this problem happens often, and for many reasons. There is no real good explanation that covers all cases where it happens though.
But you are right that the proxy alone would be more than enough if all you want disconnected from you is torrent activity. Just make sure your torrent client actually obeys the proxy rules. Some do not. I use qBittorrent and can tell you that it does, but half the time I cannot get it to work for some reason. (I have a rather atypical network, and I am convinced my ISP is owned and operated by nazis, so I tend not to worry about it.)
Hopefully one of the other regulars will have an idea what I need to search for to find the threads discussing how to implement a firewall rule to work like the VPN kill switch so it can fix at least that much of the problem.
And yes, I should have mentioned that earlier. Sorry. I guess I forgot to mention it.
I'm running Windows 7 32bit.
If you have any problems with "unidentified network" and "no internet access", I suggest you output your network route in your message, using command prompt (cmd.exe) and type the following: route print
It's possible that you also have the same problem I have.
So what might get wrong? From my analyses (using the killswitch feature):
- Default physical gateway is removed from the route, hence, no internet connection available, thus the pia client (and inherently openvpn.exe) cannot connect. How can you see this?
0.0.0.0 (network destination) is missing, thus not routed to your (physical) nic's gateway (the ethernet adapter you receive and send data over the internet).
0.0.0.0 simply means any address (i.e. internet addresses).
To resolve this, make sure your pia client is not running and type (with admin rights in cmd): route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
192.168.1.1 the gateway you have set
- Multiple private pia ip addresses that are not in the same class subnet, trying to use the same gateway on your vpn tap adapter, which also results in the same symptons, ala "unidentified network" and "no internet access".
To remedy this, simply remove all pia routes, using: route delete [pia Network Destination]
- Sometimes the client is really messed up and the tap adapter seems connected when the client is not even running (which includes openvpn.exe), as seen in Control Panel\Network and Internet\Network Connections. Then you need to reinstall pia... and make sure you have an internet connection that is working (check step 1, if 0.0.0.0 is bound to the gateway of your physical nic).
In summary, from my observations and solving forementioned problems:
- The client does not readd the default gateway of the physical nic on startup, as proven in pia_manager.log, even when it's correctly set in C:\Program Files\pia_manager\data\settings.json
Thus, if you have no internet connection, you won't be able to connect to pia's vpn server(s) in the first place.
- Sometimes, out of a sudden, there is no internet connection and from observation of network routing, the client has not updated those settings to reflect the changes. The client needs to be restarted to solve this problem. This may also be the reason why there is out of class range ip's connected to the same gateway in network routing, hence you cannot get an internet connection, even when the tray icon is light green.
To conclude, I've got a suspicion it got to do with pia_manager.exe not (re)setting the routes correctly. The killswitch simply just removes 0.0.0.0 from your routing to your physical nic's default gateway, that's all.
You can either use openvpn.exe with pia config, which works stable or you perform manually, from time to time, the neccessary route add/delete to get it working.
I prefer to get the killswitch on, although I can create a script that does exacrlt this for me + isolate the os using comodo's free firewall.
You might wonder what the route table means, so I'll give a quick example and explanation:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.10.5 10.0.10.6 21
10.0.10.1 255.255.255.255 10.0.10.5 10.0.10.6 20
10.0.10.4 255.255.255.252 On-link 10.0.10.6 276
10.0.10.6 255.255.255.255 On-link 10.0.10.6 276
10.0.10.7 255.255.255.255 On-link 10.0.10.6 276
46.165.210.17 255.255.255.255 192.168.1.1 192.168.1.24 6
Metric = The lower the number, the first it gets prioritized, although on a lower to hardware level (still managed by the os), the order in which the network adapters are set go first in case of data traffic, as specified in Control Panel\Network and Internet\Network Connections -> Advanced -> Advanced Settings -> Adapters and Binding.
So, in this example, your default gateway 192.168.1.1 gets binded with pia's to connectable location server 46.165.210.17. Since PIA adapter goes first and your NIC goes second (see adapters and bindings), traffic will flow through the TAP adapter (with assigned ip 10.0.10.6). The gateway from pia's internal ip is 10.0.10.5, which lets all data go in and out, which is signified by 0.0.0.0.
I hope this helps someone out, as it took me some time to test, observe, analyze and fix it myself.
Most people probably give up after having no internet connection, whether with the use of pia or not, after it messes it up and I understand it is frustrating.
Just check if 0.0.0.0 is binded with your gateway, using: route print
For the devs:
It would be nice if you can reproduce my steps, as in to fix the routes being properly added and deleted, as it won't fix itself at startup, hence it's a matter of time before issues arrive, during or after being connected.