Network problems following OpenVPN instal / system update

I have recently installed OpenVPN, connecting through PIA, following some issues but made it work with help of this forum. All was working well for few days, as far as I understood and after few days OSMC run an automatic update, which was about a week ago.

Since then I noticed that network does not seem to be working correctly, sybu remote will not connect, ssh does not find the IP address, same for couchpotato, sickrage and transmission webUI. Restarting Pi solves the issue for a while, I can log in straight after but not later on.

OSMC appears to work as expected and shows it is connected to the local network and assigned correct, static IP address by the router. I do not think, however, it connects to internet as none of my usual stuff downloaded for a week now and transmission client on OSMC shows one download stuck.

I suspect the problem is rather with OpenVPN than system update, however as these happened close by I’d not rule out any. Right now I do not even know how to test what is the problem, so any advice would be highly appreciated. Thanks

Hi Bart,

systemctl status openvpn

If you the above, the output should tell you whether openvpn is running correctly.

curl ipinfo.io/ip

If your connected, you should an IP back from the VPN server; this should be different to your routers public IP.

It may be worth setting up a log for openvpn client:

sudo nano nano /etc/openvpn/*.conf (* the name of your conf file, mine is vpn.conf)

add

log-append openvpn.log

systemctl restart openvpn

now when openvpn restarts, it will produce a log file; which will now be located /etc/openvpn/openvpn.log. Reviewing this should advise what the issue.

Thanks Tom.

1 Like

Tom,

Thanks for a quick response. I assume I’d like to run the checks once problem exists, i.e. not right after reboot when I can connect to PI. I usually connect to osmc through ssh, which does not work now.
I can connect a keyboard direct to PI, but how do I go to command line in osmc?

Bart

Hi Bart,

Logging in locally

If you have a keyboard connected, you can log in locally by exiting Kodi:

Navigate to the power icon in Kodi
Select Exit/Quit
Wait for the OSMC splash screen to appear
Press ESC on your keyboard
Login to your device using osmc for the username and password.

from: Accessing the command line - General - OSMC.

Something isn’t right if ssh isn’t working, It may be worth providing debugging logs. So we can try and work out whats going on:

Thanks Tom.

Ok, sorry for the delay, I’ve been away for few days.

I’ve just added the log line to the config, let’s see that it will come up with.

I have inadvertently restarted the Pi and have been able to connect to it for 10 mins now. I assume the problem arises at some later point once the machine is running for a little while.

OpenVPN seems to be working correctly, I think. Status check returns:

* openvpn.service - OpenVPN service

   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)

   Active: active (exited) since Mon 2017-05-15 19:42:55 BST; 5min ago

  Process: 3070 ExecStart=/bin/true (code=exited, status=0/SUCCESS)

 Main PID: 3070 (code=exited, status=0/SUCCESS)

   CGroup: /system.slice/openvpn.service

And the IP address is of the PIA, not internal network one or my ISP’s. Which makes me think - how am I supposed to be able to log into Pi through the local IP address if OpenVPN changes the address to an external one? I do not quite understand it

HI,

Openvpn only changes the pi’s external Public IP, your pi will still retain the local lan IP, so you should still ssh on the same local IP.

Thanks Tom.

Ok, more finding now.

Connection gets lost after about 10 mins, I suspect of inactivity, as long as I was playing with it after reboot it was all fine.

Once connection is gone, openvpn status seems fine, but curl will not connect to ipinfo.io

openvpn.log shows a great number of errors when connecting to PIA.

Ha, the key word is “should”, seems once it goes, it goes completely

Hi Kosa,

Can you please post your the .conf file, something doesn’t look right here.

Thanks Tom.

client
dev tun
proto udp
remote uk-london.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
log-append openvpn.log

the config file is as provided by PIA, I had to change the name to remove spaces in the file name and avoid associated issues. The las line added as per you suggestion today

HI,

This probably won’t make any difference, but going by pia’s instructions (https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219458787-How-can-I-make-OpenVPN-remember-my-username-and-password-)

sudo mv login.conf pass.txt

in your conf change this line:

auth-user-pass login.conf

to

auth-user-pass pass.txt

Also if you haven’t already, you should the change the autostart in /etc/default/openvpn:

sudo nano /etc/default/openvpn

 #AUTOSTART="all"
 #AUTOSTART="none"
 #AUTOSTART="home office"

add a new AUTOSTART line after these, AUTOSTART= the name with of conf file with .conf. So in my case my conf is called vpn.conf, so my new line is:

AUTOSTART=“vpn”

Thanks Tom.

The errors you’re seeing might be a result of network block fragmentation, though it’s impossible to be sure. We can try out a few things in the .conf file. Add this line and see if the issue disappears:

mssfix 1300

Tom,

Not sure changing password file name will make much difference, it seems to be authenticating ok anyway.
I’ll add dillthedog’s suggestion and check if makes difference before going your route.

my autostart setting looks like:

AUTOSTART=pia_london

I notice yours is in “”, not sure if it makes difference

Hi,

From reading various guides and including what dillthedog has previously advised on the forums, I believe the quotation marks are required; so it should be:

AUTOSTART=“pia_london”

If you have already restarted the vpn, for now just check the logs after adding dillthedog’s suggestion to the vpn.conf and see if that has helped.

I would consider changing the autostart if it drops again.

Thanks Tom.

Well, the log following addition of Dillthedog’s line to the config las night is:

Mon May 15 22:36:43 2017 event_wait : Interrupted system call (code=4)
Mon May 15 22:36:43 2017 ERROR: Linux route delete command failed: external program did not exit normally
Mon May 15 22:36:43 2017 /sbin/ip addr del dev tun0 local 10.68.10.6 peer 10.68.10.5
Mon May 15 22:36:43 2017 SIGTERM[hard,] received, process exiting
Mon May 15 22:36:44 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Mon May 15 22:36:44 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Mon May 15 22:36:44 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Mon May 15 22:36:44 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Mon May 15 22:36:49 2017 UDPv4 link local: [undef]
Mon May 15 22:36:49 2017 UDPv4 link remote: [AF_INET]104.238.169.106:1198
Mon May 15 22:36:49 2017 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon May 15 22:36:49 2017 [411ccc1b4df2d9e984313c2d771166b0] Peer Connection Initiated with [AF_INET]104.238.169.106:1198
Mon May 15 22:37:07 2017 TUN/TAP device tun0 opened
Mon May 15 22:37:07 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon May 15 22:37:07 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon May 15 22:37:07 2017 /sbin/ip addr add dev tun0 local 10.1.10.6 peer 10.1.10.5
Mon May 15 22:37:07 2017 Initialization Sequence Completed

Seems like most problems have been solved, thank you very much. I will still add to “” to the autostart and see what happens.

There are still couple of errors in the log, so any suggestions most welcomed.

Hi Bart,

I’m may be wrong, but I think the error messages before this are down to the fact openvpn is starting, before your network is up. So as long as it stays up after sequence completed, happy days

Ignore above. I was miss-reading the log, its openvpn restarting rather the pi. Its openvpn is reconnecting/restarting when an issue occurs, which is good. Dillthedog has just reminded me that:

Mon May 15 22:36:43 2017 /sbin/ip addr del dev tun0 local 10.68.10.6 peer 10.68.10.5
Mon May 15 22:36:43 2017 SIGTERM[hard,] received, process exiting

Is showing openvpn restart, rather than PI restart. All looks good to me though, unless @dillthedog thinks otherwise?

Thanks Tom.

Thanks Tom.

The saga continues …

The issue reappeared, OpenVPN logs are showing issues with packets as before and following that that it can not connect to PIA, assuming due to lack of network connection.
I tried copying log but am struggling with downloading the file to my computer as can only access it through mac terminal and SSH.

I managed to save system logs to SD card with Kodi logging running. I’m not sure which file is the log, so have a look at all files on FAT partition:

HI Bart,

Your logs not on here, this the boot partition.

The logs will be on the ext4 partition. you download this log via sftp. I use Filezilla.

https://www.one.com/en/support/faq/how-do-i-connect-to-an-sftp-server-with-filezilla

replace sftp.example.com with sftp://ip.of.pi.

Thanks Tom.

A few more things to try:

1 If PIA have them, try a TCP connection, rather than UDP.
2 Try a different server, preferably one close by.
3 Use a wired connection, not WiFi.
4 This is only valid for UDP connections, but you could try adding this to the .conf file:

replay-window 512 15