PIA VPN App - Linux Beta

2456719

Comments

  • Linux Mint 16 “Petra” MATE RC (64-bit) now install on one of my laptop's partitions.  'PIA VPN App - Linux Beta' installed as well with no issues and works.  Well 'works' when NetworkManager is working.  Needless to say this lm16 RC is still a bit buggy at the moment.
    .

  • Linux Mint 15 cinnamon 64 bit, out of the box install.

    It gets installed but seems to fail to connect.

    If i launch it from terminal I get:

    [01:40:31:832] [Ti.API] [Information] connect()
    [01:40:31:834] [Ti.API] [Information] more than 5 connections in under 3 mins, wont reconnect
    [01:40:31:838] [Ti.API] [Information] sent cmd: 15: {"region":"us_california","user":"XXXXXXX","pass":"","proto":"openvpn_udp","lport":"","rport":"auto","symmetric_cipher":"aes-128-cbc","symmetric_auth":"sha1","handshake_enc":"rsa2048","cmd":"connect"}
    [01:40:31:839] [Ti.API] [Information] setup polling: connection_status 500
    [01:40:31:840] [Ti.API] [Information] stop polling connection_status
    [01:40:32:641] [Ti.API] [Information] sent cmd: 16: {"cmd":"keepalive"}


    XXXXX is not my user obviusly.

    PD: does it conflict If I install openvpn? Is to be able to use the vpn while I get replies.


    Thank a lot!


  • Any chance of an ARM version? Or just the program without ruby bundled.
  • edited November 2013 Posts: 125
    As a quick update I know you are all paranoid for good reason about fake downloads etc So i'm going to seed it as a torrent, Feel free to check it etc.

    I'm seeding for around an hour because friends said they are going to do it on there 100mbps linux servers.

    Post edited by MoreBandwidth on
  • I got this error over and over:

    Mon Nov 18 17:53:26 2013 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Oct 27 2013
    Mon Nov 18 17:53:26 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mon Nov 18 17:53:26 2013 ******* WARNING *******: null cipher specified, no encryption will be used
    Mon Nov 18 17:53:26 2013 ******* WARNING *******: null MAC specified, no authentication will be used
    Mon Nov 18 17:53:26 2013 LZO compression initialized
    Mon Nov 18 17:53:26 2013 Attempting to establish TCP connection with 209.222.15.230:443 [nonblock]
    Mon Nov 18 17:53:31 2013 TCP connection established with 209.222.15.230:443
    Mon Nov 18 17:53:31 2013 TCPv4_CLIENT link local: [undef]
    Mon Nov 18 17:53:31 2013 TCPv4_CLIENT link remote: 209.222.15.230:443
    Mon Nov 18 17:53:31 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Nov 18 17:53:33 2013 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1508', remote='link-mtu 1544'
    Mon Nov 18 17:53:33 2013 WARNING: 'cipher' is used inconsistently, local='cipher [null-cipher]', remote='cipher BF-CBC'
    Mon Nov 18 17:53:33 2013 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
    Mon Nov 18 17:53:33 2013 WARNING: 'keysize' is used inconsistently, local='keysize 0', remote='keysize 128'
    Mon Nov 18 17:53:33 2013 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384, secp521r1 ECDSA
    Mon Nov 18 17:53:33 2013 [Private_Internet_Access] Peer Connection Initiated with 209.222.15.230:443
    Mon Nov 18 17:53:35 2013 Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
    Mon Nov 18 17:53:35 2013 /sbin/ifconfig  10.30.1.22 pointopoint 10.30.1.21 mtu 1500
    SIOCSIFADDR: Operation not permitted
    : ERROR while getting interface flags: No such device
    SIOCSIFDSTADDR: Operation not permitted
    : ERROR while getting interface flags: No such device
    SIOCSIFMTU: Operation not permitted
    Mon Nov 18 17:53:35 2013 Linux ifconfig failed: external program exited with error status: 1
    Mon Nov 18 17:53:35 2013 Exiting

  • I corrected the encryption with the default just in case, but is not that. It looks it's related with the program not being able to use the TUN devices:
    ------
    Mon Nov 18 17:59:11 2013 Linux ifconfig failed: external program exited with error status: 1
    Mon Nov 18 17:59:11 2013 Exiting
    Mon Nov 18 17:59:28 2013 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Oct 27 2013
    Mon Nov 18 17:59:28 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mon Nov 18 17:59:28 2013 LZO compression initialized
    Mon Nov 18 17:59:28 2013 Attempting to establish TCP connection with 199.193.117.84:443 [nonblock]
    Mon Nov 18 17:59:32 2013 TCP connection established with 199.193.117.84:443
    Mon Nov 18 17:59:32 2013 TCPv4_CLIENT link local: [undef]
    Mon Nov 18 17:59:32 2013 TCPv4_CLIENT link remote: 199.193.117.84:443
    Mon Nov 18 17:59:32 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Nov 18 17:59:33 2013 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1544'
    Mon Nov 18 17:59:33 2013 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mon Nov 18 17:59:33 2013 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Nov 18 17:59:33 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Nov 18 17:59:33 2013 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Nov 18 17:59:33 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Nov 18 17:59:33 2013 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Mon Nov 18 17:59:33 2013 [server] Peer Connection Initiated with 199.193.117.84:443
    Mon Nov 18 17:59:35 2013 Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
    Mon Nov 18 17:59:35 2013 /sbin/ifconfig  10.30.1.18 pointopoint 10.30.1.17 mtu 1500
    SIOCSIFADDR: Operation not permitted
    : ERROR while getting interface flags: No such device
    SIOCSIFDSTADDR: Operation not permitted
    : ERROR while getting interface flags: No such device
    SIOCSIFMTU: Operation not permitted
    Mon Nov 18 17:59:35 2013 Linux ifconfig failed: external program exited with error status: 1
    Mon Nov 18 17:59:35 2013 Exiting

  • VPNVPN
    Posts: 795
    So what's the output of "ls -la /dev/net/tun"?
    What does "lsmod" give you?
  • @brahams:~$ ls -la /dev/net/tun
    crw-rw-rw- 1 root root 10, 200 Oct 18 09:50 /dev/net/tun
    -------------
    brahams:~$ lsmod
    Module                  Size  Used by
    isofs                  39815  0 
    udf                    89404  0 
    crc_itu_t              12707  1 udf
    nfnetlink_queue        18117  0 
    nfnetlink_log          17908  0 
    nfnetlink              14606  2 nfnetlink_log,nfnetlink_queue
    serpent_sse2_x86_64    50408  6 
    serpent_generic        29823  1 serpent_sse2_x86_64
    twofish_generic        16635  0 
    ablk_helper            13597  1 serpent_sse2_x86_64
    cryptd                 20329  4 ablk_helper
    twofish_x86_64_3way    27146  3 
    lrw                    13257  2 serpent_sse2_x86_64,twofish_x86_64_3way
    glue_helper            13990  2 serpent_sse2_x86_64,twofish_x86_64_3way
    twofish_x86_64         12907  1 twofish_x86_64_3way
    twofish_common         21113  3 twofish_generic,twofish_x86_64_3way,twofish_x86_64
    rtl8192cu              67723  0 
    rtl_usb                18448  1 rtl8192cu
    rtlwifi                63229  2 rtl_usb,rtl8192cu
    rtl8192c_common        48877  1 rtl8192cu
    mac80211              596969  3 rtl_usb,rtlwifi,rtl8192cu
    cfg80211              479757  2 mac80211,rtlwifi
    nls_iso8859_1          12713  1 
    usb_storage            62062  0 
    arc4                   12608  0 
    md4                    12595  0 
    nls_utf8               12557  0 
    cifs                  435684  0 
    fscache                58475  1 cifs
    btrfs                 815968  0 
    raid6_pq               97812  1 btrfs
    zlib_deflate           26885  1 btrfs
    xor                    21411  1 btrfs
    ufs                    74590  0 
    qnx4                   13317  0 
    hfsplus               102646  0 
    hfs                    54590  0 
    minix                  36111  0 
    ntfs                   96882  0 
    msdos                  17332  0 
    jfs                   180909  0 
    xfs                   884143  0 
    libcrc32c              12615  2 xfs,btrfs
    reiserfs              245794  0 
    pci_stub               12622  1 
    vboxpci                23194  0 
    vboxnetadp             25670  0 
    vboxnetflt             27613  0 
    vboxdrv               320455  3 vboxnetadp,vboxnetflt,vboxpci
    nvidia              11309674  54 
    coretemp               13435  0 
    kvm_intel             138538  0 
    kvm                   431315  1 kvm_intel
    gpio_ich               13476  0 
    dell_wmi               12761  0 
    sparse_keymap          13948  1 dell_wmi
    ppdev                  17671  0 
    rfcomm                 69070  0 
    bnep                   19564  2 
    dcdbas                 14847  0 
    snd_hda_codec_analog    94059  1 
    bluetooth             371874  10 bnep,rfcomm
    psmouse                97626  0 
    microcode              23518  0 
    snd_hda_intel          48171  4 
    snd_hda_codec         188738  2 snd_hda_intel,snd_hda_codec_analog
    serio_raw              13413  0 
    snd_hwdep              13602  1 snd_hda_codec
    snd_pcm               102033  3 snd_hda_codec,snd_hda_intel
    lpc_ich                21080  0 
    snd_page_alloc         18710  2 snd_pcm,snd_hda_intel
    snd_seq_midi           13324  0 
    snd_seq_midi_event     14899  1 snd_seq_midi
    snd_rawmidi            30095  1 snd_seq_midi
    snd_seq                61560  2 snd_seq_midi_event,snd_seq_midi
    snd_seq_device         14497  3 snd_seq,snd_rawmidi,snd_seq_midi
    mei_me                 18421  0 
    snd_timer              29433  2 snd_pcm,snd_seq
    snd                    69141  17 snd_hwdep,snd_timer,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec,snd_hda_intel,snd_seq_device,snd_hda_codec_analog,snd_seq_midi
    mei                    77692  1 mei_me
    soundcore              12680  1 snd
    wmi                    19070  1 dell_wmi
    parport_pc             32701  1 
    mac_hid                13205  0 
    lp                     17759  0 
    parport                42299  3 lp,ppdev,parport_pc
    binfmt_misc            17468  1 
    ext2                   72832  1 
    xts                    12885  6 serpent_sse2_x86_64,twofish_x86_64_3way
    gf128mul               14951  2 lrw,xts
    dm_crypt               22728  11 
    hid_generic            12548  0 
    usbhid                 53014  0 
    hid                   101512  2 hid_generic,usbhid
    e1000                 144870  0 
    ahci                   25819  2 
    libahci                31898  1 ahci
    e1000e                250025  0 
    ptp                    18580  1 e1000e
    pps_core               19027  1 ptp

  • VPNVPN
    Posts: 795
    You're missing the TUN module - did you manually create the device node?
    Without the kernel module, the ioctls won't work. Creating the device node will only help if the module is loaded but the devfs manager failed to create the device itself.
  • edited November 2013 Posts: 12
    Nop.
    I haven't done anything manual on that matter.
    Let me check my system (blacklisted maybe?) and see if i can activate that module.
    Thanks for the tip

    If you have an article to point me out, it'll be appreciated!

    Dan.-
    Post edited by dgarciam on
  • Just confirming works on ubuntu 13.10 fresh install: 

    image

    image

    image

    image

    image
  • Hmm.. Mine wasn't a fresh install. I Updated from 13.04, and i don't remember messing with TUN/TAP. 

    I'll try w/ Kali linux to check.
  • Hmm.. Mine wasn't a fresh install. I Updated from 13.04, and i don't remember messing with TUN/TAP. 

    I'll try w/ Kali linux to check.
    I recommend clean installing Ubuntu because we know it works
  • You're missing the TUN module - ...
    Without the kernel module, the ioctls won't work.
    I have to ask.  What's the 'TUN module' called?  Right know as I type on Linux Mint 16 “Petra” MATE RC (64-bit) with working 'PIA VPN App - Linux Beta' and run:

      'lsmod | grep -i tun'

    in a terminal window.  I get nothing?
    .

  • VPNVPN
    edited November 2013 Posts: 795
    Yeah, it's called "tun" in lsmod. The file is "tun.ko", usually found somewhere in /lib/modules-$KERNELVERSION.
    It could also be compiled into the kernel directly, in which case it would not show up in either of those places.

    I currently don't know of a sure way to verify TUN/TAP support in the kernel without the module being explicitely loaded. If /proc/config.gz is available, "zcat /proc/config.gz | grep CONFIG_TUN" should work...

    Most distributions put nearly all drivers into modules, so it's a good indicator if it's not there. It's also often missing from mobile or embedded linux systems sometimes, because they have a need to preserve space and/or memory.
    Post edited by VPN on
  • Would you include the version number of the latest version on the post listing the update? Sometimes it's hard to remember whether I have the latest version installed :-)

    I'm assuming 0.33 is the latest...
  • iOniOn
    Posts: 4
    Do you plan a similar installer for rpm-based distributions?
  • VPNVPN
    Posts: 795
    @iOn, strictly speaking, the installer does not need a special packet management backend. The only calls to apt are to install dependencies.
    You could install these dependencies on your own, and either edit the installer script to skip the apt calls or "ln -s /usr/local/bin/apt-get `which true`", which should give you a nice way to make these calls do nothing.

    We've previously (scroll...) tried to convince PIA to directly provide distribution specific packages or at least an installer with less bundled stuff to make it easier to integrate PIA Manager into distribution package management. No reaction so far.
  • iOniOn
    Posts: 4
    @VPN, there are no packages libjpeg62, libxss1, libappindicator1, libgail18 in fedora's repo. The easiest would be to skip then, but would that create any problems in the usability of the app?
  • VPNVPN
    Posts: 795
    Check for packages with similar names, or use a library search to find the right package. You may not need libgail at all.

    If you skip installing dependencies, the app will not run correctly. You'll notice, check some of the error messages in this thread and the alpha thread.
  • I always had trouble using the net Internet after the VPN was connected via network-manager. Now with the app even still in beta mode, everything works flawlessly.

    Thanks!

    BTW: Ubuntu 12.04 LTS 64bit, not a fresh install.
  • x
  • Hey. I installed linux mint 16 cinnamon when it came out and I am having trouble getting this app to work on it. It installs fine but it will not connect. It tries to connect, but then four seconds later, it turns red again. It worked fine on linux mint 15 cinnamon. Any advice or idea of what is wrong? I checked the username and password like 10 times.
  • Posts: 49
    Unable to get it connected for no reason using the Linux beta client but it work fine using normal VPN configuration through network manager.

    OS : Linux mint 16 cinnamon 64 bits
    Error : Authorization failure
  • edited December 2013 Posts: 61
    I noticed the 'Upgrade Available' in the v.34 client and was wondering what's what?  Then I saw the:

    Update Sun Dec 8 22:07:53 UTC 2013
     v.35 update. Installer link has been updated.

    at the top of this post.  Downloaded v.35 and installed over top of v.34 with no issues or errors with the install.

    Still seeing leaking DNS though when testing at http://dnsleak.com ?  As noted over in the 'IPv6 Leak • DNS Leak • E-Mail IP Leak' post.
    .

    Post edited by martywd on
  • edited December 2013 Posts: 61
    @support

    I just noticed that the PIA VPN Beta Linux client, once connected, is configuring my '/etc/resolv.conf' to:
    nameserver 8.8.8.8
    nameserver 8.8.4.4

    Is this right?

    I thought to prevent DNS leaks it would be:
    nameserver 209.222.18.222
    nameserver 209.222.18.218

    as mentioned here:  https://www.privateinternetaccess.com/pages/client-support/ under the heading 'DNS Leak Protection' ?
    .

    Edit (Dec 09, 2013 11:41 (CST))
    @support
    __Nevermind__
    Now that I take a look at the PIA VPN client on Win7 I see it has a DNS leak protect option whereas the Linux Beta does not.

    So
    I guess _without_ the DNS leak protection turned on, the PIA VPN client
    defaults to google's DNS servers or I guess whatever is available on
    the client's network?
    .


    Post edited by martywd on
  • Just installed this on my Linux Mint Debian 64bit without a hitch. 
  • Posts: 171
    @martywd, You're absolutely right!  Thanks for catching that.  I have just released a fixed version which will use the correct nameservers.
  • @martywd, You're absolutely right!  Thanks for catching that.  I have just released a fixed version which will use the correct nameservers.
    @support, just downloaded and installed (Update Tue Dec 10 00:07:45 UTC 2013) on lm16 MATE 64-bit.  My '/etc/resolv.conf' now automagically configure to PIA DNS when the beta linux client reconnected.  Thanks very much!
    .

  • Just wanted to let you know it installed without a glitch, connects like it should and there doens't seem to be any leaking. (Ubuntu 12.04 LTS 64bit)

    Thank you. 
Sign In or Register to comment.