My Vero 4K + gave me a green screen today, I restarted my Vero but after that the time showed as Nov 4 2021 at 3PM.
Because of this it can’t connect to my VPN so I no longer have internet access. I tried to upload a log file but that doesn’t work because there is no internet while other devices do have internet and the correct date.
LAN does work, I can play content without issues.

I’m connected with a cable directly to the Ethernet port of the Vero, there are no other devices connected to the Vero.
I tried restarting the device.
I tried to restarting ntp with sudo systemctl restart ntp but neither work.
I also tried to sudo systemctl disable systemd-timesyncd but it said it was masked and ignored.

When I check the service status of the ntp this is the log.

* ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2021-11-04 03:43:10 CET; 12min ago
     Docs: man:ntpd(8)
  Process: 2942 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
 Main PID: 2958 (ntpd)
    Tasks: 2 (limit: 1620)
   Memory: 1.7M
   CGroup: /system.slice/ntp.service
           `-2958 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:107

Nov 04 03:52:51 osmc ntpd[2958]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:53:11 osmc ntpd[2958]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:53:31 osmc ntpd[2958]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:53:51 osmc ntpd[2958]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:54:11 osmc ntpd[2958]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:54:31 osmc ntpd[2958]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:54:51 osmc ntpd[2958]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:55:11 osmc ntpd[2958]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:55:31 osmc ntpd[2958]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Nov 04 03:55:51 osmc ntpd[2958]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)

Help!

I also have a net-persist error every update. I have had a long time but keep forgetting to mention, it’s off topic but the updater tells me to mention it here everytime I update so I’m mentioning it now

To get a better understanding of the problem you are experiencing we need more information from you. The best way to get this information is for you to upload logs that demonstrate your problem. You can learn more about how to submit a useful support request here.

Depending on the used skin you have to set the settings-level to standard or higher, in summary:

• enable debug logging at settings->system->logging

• reboot the OSMC device twice(!)

• reproduce the issue

• upload the log set (all configs and logs!) either using the Log Uploader method within the My OSMC menu in the GUI or the ssh method invoking command grab-logs -A

• publish the provided URL from the log set upload, here

Thanks for your understanding. We hope that we can help you get up and running again shortly.

OSMC skin screenshot:

image960×539 41.4 KB

I can’t upload logs, I already tried. There is no connection and I get an error.
I first need to fix the ntp so it can connect to the internet again, else I can’t produce a log except copy and paste things I get out of SSH.

Hi,

I think its the other way around, I think you need to fix network/internet connection and then ntp should work as expected.

Are using wired or wifi?

If wired try a different network cable.

if wifi double check the connection in MyOSMC.

Thanks Tom.

I’m using wired but I’m able to stream all my LAN content so there is nothing wrong with the cable.
I think the problem is that the ntp reset to a wrong date after it crashed, then it didn’t allow me to connect to my VPN anymore so it blocks all networking since the time and date are incorrect.

Trying to get the log on my device so I can copy and paste gives me this error.

grab-logs -A -C
Unable to write temporary log to /var/tmp/uploadlog.txt
Failed

Hi,

Are using a vpn kill switch with iptables?

If so try setting the date manually. So for example the the I would set the local time here with:

sudo date -s "16 NOV 2021 16:18:00"

Try connecting to the VPN and then restarting ntp.

Thanks Tom.

Yes it is. I set the time manually but it’s still not resolving curl https://ipinfo.io/ip
so I don’t think the VPN is connecting and I don’t know how to get into the debug log of that so I don’t know what’s wrong with it.

Only this but it doesn’t show a log>

sudo systemctl status openvpn

• openvpn.service - OpenVPN service
  Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset:
  Active: active (exited) since Tue 2021-11-16 17:28:44 CET; 11min ago
  Process: 2403 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
  Main PID: 2403 (code=exited, status=0/SUCCESS)

Nov 16 17:28:44 osmc systemd[1]: Starting OpenVPN service…
Nov 16 17:28:44 osmc systemd[1]: Started OpenVPN service.

Restarted ntp and it gives me this

ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-11-16 17:47:56 CET; 4s ago
     Docs: man:ntpd(8)
  Process: 3501 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
 Main PID: 3517 (ntpd)
    Tasks: 2 (limit: 1620)
   Memory: 1.0M
   CGroup: /system.slice/ntp.service
           `-3517 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:107

Nov 16 17:47:56 osmc ntpd[3517]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash signature
Nov 16 17:47:56 osmc ntpd[3517]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, expire=2022-06-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
Nov 16 17:47:56 osmc ntpd[3517]: Listen and drop on 0 v6wildcard [::]:123
Nov 16 17:47:56 osmc ntpd[3517]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Nov 16 17:47:56 osmc ntpd[3517]: Listen normally on 2 lo 127.0.0.1:123
Nov 16 17:47:56 osmc ntpd[3517]: Listen normally on 3 eth0 192.168.1.114:123
Nov 16 17:47:56 osmc ntpd[3517]: Listen normally on 4 lo [::1]:123
Nov 16 17:47:56 osmc ntpd[3517]: Listening on routing socket on fd #21 for interface updates
Nov 16 17:47:56 osmc ntpd[3517]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Nov 16 17:47:56 osmc ntpd[3517]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Nov 16 17:48:57 osmc ntpd[3517]: error resolving pool 2.debian.pool.ntp
Nov 16 17:49:17 osmc ntpd[3517]: error resolving pool 3.debian.pool.ntp
Nov 16 17:49:37 osmc ntpd[3517]: error resolving pool 1.debian.pool.ntp
Nov 16 17:49:57 osmc ntpd[3517]: error resolving pool 0.debian.pool.ntp
Nov 16 17:50:17 osmc ntpd[3517]: error resolving pool 2.debian.pool.ntp
Nov 16 17:50:37 osmc ntpd[3517]: error resolving pool 3.debian.pool.ntp
Nov 16 17:50:57 osmc ntpd[3517]: error resolving pool 1.debian.pool.ntp
Nov 16 17:51:17 osmc ntpd[3517]: error resolving pool 0.debian.pool.ntp
Nov 16 17:51:37 osmc ntpd[3517]: error resolving pool 2.debian.pool.ntp
Nov 16 17:51:57 osmc ntpd[3517]: error resolving pool 3.debian.pool.ntp

This is my iptables output

sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -o eth0 -j DROP

Warning: iptables-legacy tables present, use iptables-legacy to see them

Hi,

Have you tried restarting openvpn?

Also you could temporarily remove the drop rule for eth0:

sudo iptables -D OUTPUT -o eth0 -j DROP

Once ntp and openvpn issues have been resolved, you can re-add the rule:

sudo iptables -A OUTPUT -o eth0 -j DROP

It is possible, that your openvpn provider is having issues. Have you tried a different server?

Thanks Tom.

Yes I tried restarting the openvpn service, and restarting the device multiple times
Do you think that temporarily removing them would fix the issue?

And how do you remove them and re-add the rules?
I set this up so long ago and i’m not that good with iptables or SSH.

I had a issue with failed to start netfilter persistent configuration error for a while, I don’t know what causes it but I get it on every boot and when I update. Something went wrong setting it up but that was months ago and it never caused any problems but it did tell me to report it here every time, which I kept forgetting because you don’t restart boxes that often.

I tried the same server range on different devices since it uses a dynamic host name, no problems on any other devices, just on the vero and only since the screen went green and I had to restart into the wrong time and date.

Hi,

Following the instructions in this post, will probably resolve that:

First off I would save the current rules:

sudo netfilter-persistent save

Then I would disable iptables-restore:

sudo systemctl disable netfilter-persistent

Then reboot. Hopefully openvpn and ntp are now up.

If that is the case, you can now restore iptables:

sudo systemctl enable netfilter-persistent
sudo systemctl start netfilter-persistent

Thanks Tom.

Can’t @MarchHare just reset the date manually?

Already tried that see posts 6 & 7.

How did I miss that?

I will try what you said today, I just read on reddit that PIA changed their default port for udp

https://www.reddit.com/r/PrivateInternetAccess/comments/qu15n9/port_1197_no_longer_used/

I don’t know if this is true and I don’t know how to change everything if it is but if so that could cause the VPN to no longer connect, which would mean that my IPtable rules aren’t correct anymore either so that might have caused the ntp to longer work.

Hi,

Also the openvpn configuration files will need updating aswell. I’ve just downloaded the latest configs and 1198 & 1197 are still their. Perhaps PIA are having issues their end. All I can say I’m using 501 TCP with no issues here with PIA.

Thank Tom.

I started with the netfilter fix

 sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
  1            /usr/sbin/iptables-legacy   10        manual mode
* 2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode

Then I rebooted and it seems the FAILED netfilter problem is gone.

Iptables show this

sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -o eth0 -j DROP

I used

sudo netfilter-persistent save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save

then disabled sudo systemctl disable netfilter-persistent

sudo systemctl disable netfilter-persistent
Synchronizing state of netfilter-persistent.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable netfilter-persistent
Removed /etc/systemd/system/multi-user.target.wants/netfilter-persistent.service.

Rebooted but I still do not have a connection. NTP was turned off, I tried to start that but it can’t resolve hosts. I removed PIA’s DNS servers 209.222.18.222 209.222.18.218 from the OSMC addon then checked NTP and restarted Openvpn

* ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-11-17 16:10:44 CET; 52s ago
     Docs: man:ntpd(8)
  Process: 3192 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
 Main PID: 3198 (ntpd)
    Tasks: 2 (limit: 1620)
   Memory: 1.0M
   CGroup: /system.slice/ntp.service
           `-3198 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:107

Nov 17 16:10:44 osmc ntpd[3198]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Nov 17 16:10:45 osmc ntpd[3198]: Soliciting pool server 213.239.154.12
Nov 17 16:10:46 osmc ntpd[3198]: Soliciting pool server 94.228.220.14
Nov 17 16:10:47 osmc ntpd[3198]: Soliciting pool server 5.39.184.5
Nov 17 16:10:48 osmc ntpd[3198]: Soliciting pool server 213.239.154.12
Nov 17 16:11:17 osmc ntpd[3198]: Deleting interface #4 tun0, 10.12.110.28#123, interface stats: received=0, sent=4, dropped=0, active_time=33 secs
Nov 17 16:11:17 osmc ntpd[3198]: Deleting interface #6 tun0, fe80::4020:a04f:a3a6:a52b%4#123, interface stats: received=0, sent=0, dropped=0, active_time=33 secs
Nov 17 16:11:19 osmc ntpd[3198]: Listen normally on 7 tun0 10.1.100.1:123
Nov 17 16:11:19 osmc ntpd[3198]: Listen normally on 8 tun0 [IPV6 deleted this]:123
Nov 17 16:11:19 osmc ntpd[3198]: new interface(s) found: waking up resolver

It looks like VPN is up after checking ipinfo.io/ip

I used sudo systemctl enable netfilter-persistent

sudo systemctl enable netfilter-persistent
Synchronizing state of netfilter-persistent.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable netfilter-persistent
Created symlink /etc/systemd/system/multi-user.target.wants/netfilter-persistent.service → /lib/systemd/system/netfilter-persistent.service.

and started it.
The iptables output is now

sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -o eth0 -j DROP

I restarted my Vero and everything seems to be up but I don’t know how to check if my IP leaks or if my DNS leaks since the DNS leak addon doesn’t work anymore in the latest version of Kodi.

I added PIA’s DNS Resolvers again 209.222.18.222 209.222.18.218 but it looks like those are down, I don’t know what to do now. I don’t know what DNS servers to use in the addon without them leaking.
I don’t think I have dnsmasq or connman installed and I do not know how it works. Maybe you can help me with that.
I do have this at the bottom of my openvpn config.

disable-occ
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

I also do not know how or what I would have to update in the VPN config as you mentioned.

Hi,

PIA’s dns servers are down, I suggest contacting them and finding out when they’ll be back up (I don’t use them my self, use DNSoverTLS instead). In the
mean time all I can suggest, is to use non logging name servers such as cloudflare (1.1.1.1 & 1.0.0.1)

If you’r entering the PIA’s nameservers in the MyOSMC addons, these lines are not required.

Thanks Tom.

I’m not using them either I had them as a fail-safe because I need something to connect with. I have NextDNS on my router so I could let it use the routers DNS.

If I set the DNS to auto detect from my router and use the NextDNS to connect, will it start using PIA’s DNS servers matching the IP, like with the windows client, and prevent leaking once connected with the update-resolv-conf? I think someone on here told me that’s how it worked in the past but I don’t know for sure. So that if my VPN disconnects it won’t leak DNS or IP with the iptables settings I have but will reconnect to the VPN again and use their DNS.

Whatever I have to do I don’t mind doing it if you can explain how, but I want it to use PIA’s DNS pushed by the OpenVPN client to match with my IP. I don’t know what I have to change to get this but this is how it has always worked and it never leaked so I would like that again. What would I have to do to make it only use a different DNS to connect to PIA and nothing else, even if the VPN disconnects I don’t want it to leak but block.
I use PIA DNS on all my windows devices and none of them ever have issues connecting.

Hi,

Once PIA’s dns servers are working, the easiest way to use them is by adding the the DNS servers in MyOSMC. Being as you have setup openvpn to always be on, on your vero4k; their is no need to set them to auto switch.

Have you updated the openvpn config, so the 3 lines have been removed?

Thanks Tom.

PIA’s DNS servers are online because they work on every other platform. Only the 2 static DNS servers they used to have seem to not work anymore but they don’t use those on apple or windows. They push a DNS once you connect so I don’t think the old DNS servers will come back, they aren’t listed on the website anymore either so I don’t have a DNS server, that is the problem right now.

No because I currently have no DNS server. I had these 3 lines for a long time and I never had leaks.
Maybe they changed something in the latest ovpn files that makes you always use their DNS by default?