Network problems following OpenVPN instal / system update

client
dev tun
proto udp
remote uk-london.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
log-append openvpn.log

the config file is as provided by PIA, I had to change the name to remove spaces in the file name and avoid associated issues. The las line added as per you suggestion today

HI,

This probably won’t make any difference, but going by pia’s instructions (https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219458787-How-can-I-make-OpenVPN-remember-my-username-and-password-)

sudo mv login.conf pass.txt

in your conf change this line:

auth-user-pass login.conf

to

auth-user-pass pass.txt

Also if you haven’t already, you should the change the autostart in /etc/default/openvpn:

sudo nano /etc/default/openvpn

 #AUTOSTART="all"
 #AUTOSTART="none"
 #AUTOSTART="home office"

add a new AUTOSTART line after these, AUTOSTART= the name with of conf file with .conf. So in my case my conf is called vpn.conf, so my new line is:

AUTOSTART=“vpn”

Thanks Tom.

The errors you’re seeing might be a result of network block fragmentation, though it’s impossible to be sure. We can try out a few things in the .conf file. Add this line and see if the issue disappears:

mssfix 1300

Tom,

Not sure changing password file name will make much difference, it seems to be authenticating ok anyway.
I’ll add dillthedog’s suggestion and check if makes difference before going your route.

my autostart setting looks like:

AUTOSTART=pia_london

I notice yours is in “”, not sure if it makes difference

Hi,

From reading various guides and including what dillthedog has previously advised on the forums, I believe the quotation marks are required; so it should be:

AUTOSTART=“pia_london”

If you have already restarted the vpn, for now just check the logs after adding dillthedog’s suggestion to the vpn.conf and see if that has helped.

I would consider changing the autostart if it drops again.

Thanks Tom.

Well, the log following addition of Dillthedog’s line to the config las night is:

Mon May 15 22:36:43 2017 event_wait : Interrupted system call (code=4)
Mon May 15 22:36:43 2017 ERROR: Linux route delete command failed: external program did not exit normally
Mon May 15 22:36:43 2017 /sbin/ip addr del dev tun0 local 10.68.10.6 peer 10.68.10.5
Mon May 15 22:36:43 2017 SIGTERM[hard,] received, process exiting
Mon May 15 22:36:44 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Mon May 15 22:36:44 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Mon May 15 22:36:44 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Mon May 15 22:36:44 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Mon May 15 22:36:49 2017 UDPv4 link local: [undef]
Mon May 15 22:36:49 2017 UDPv4 link remote: [AF_INET]104.238.169.106:1198
Mon May 15 22:36:49 2017 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon May 15 22:36:49 2017 [411ccc1b4df2d9e984313c2d771166b0] Peer Connection Initiated with [AF_INET]104.238.169.106:1198
Mon May 15 22:37:07 2017 TUN/TAP device tun0 opened
Mon May 15 22:37:07 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon May 15 22:37:07 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon May 15 22:37:07 2017 /sbin/ip addr add dev tun0 local 10.1.10.6 peer 10.1.10.5
Mon May 15 22:37:07 2017 Initialization Sequence Completed

Seems like most problems have been solved, thank you very much. I will still add to “” to the autostart and see what happens.

There are still couple of errors in the log, so any suggestions most welcomed.

Hi Bart,

I’m may be wrong, but I think the error messages before this are down to the fact openvpn is starting, before your network is up. So as long as it stays up after sequence completed, happy days

Ignore above. I was miss-reading the log, its openvpn restarting rather the pi. Its openvpn is reconnecting/restarting when an issue occurs, which is good. Dillthedog has just reminded me that:

Mon May 15 22:36:43 2017 /sbin/ip addr del dev tun0 local 10.68.10.6 peer 10.68.10.5
Mon May 15 22:36:43 2017 SIGTERM[hard,] received, process exiting

Is showing openvpn restart, rather than PI restart. All looks good to me though, unless @dillthedog thinks otherwise?

Thanks Tom.

Thanks Tom.

The saga continues …

The issue reappeared, OpenVPN logs are showing issues with packets as before and following that that it can not connect to PIA, assuming due to lack of network connection.
I tried copying log but am struggling with downloading the file to my computer as can only access it through mac terminal and SSH.

I managed to save system logs to SD card with Kodi logging running. I’m not sure which file is the log, so have a look at all files on FAT partition:

HI Bart,

Your logs not on here, this the boot partition.

The logs will be on the ext4 partition. you download this log via sftp. I use Filezilla.

https://filezilla-project.org

https://www.one.com/en/support/faq/how-do-i-connect-to-an-sftp-server-with-filezilla

replace sftp.example.com with sftp://ip.of.pi.

Thanks Tom.

A few more things to try:

1 If PIA have them, try a TCP connection, rather than UDP.
2 Try a different server, preferably one close by.
3 Use a wired connection, not WiFi.
4 This is only valid for UDP connections, but you could try adding this to the .conf file:

replay-window 512 15

I’ve managed to access Linux partition on the card [installed Debian through Parallels :)]

Here are OpenVPN log and 3 files created yesterday and located in var/log/ - hope this is the right stuff, forum threads are a bit confusing as to location.

Dillthedog, I note your suggestions although do not understand no 1. I will try out a different server if the problem persists but using ethernet may be an issue where Pi is located.

Meanwhile, I’d appreciate comments based on those logs.

Thank you for all your support.

Hi Bart,

Wed May 17 21:38:55 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Wed May 17 21:39:35 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Wed May 17 21:40:20 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Wed May 17 21:41:05 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Wed May 17 21:41:50 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname
Wed May 17 21:42:36 2017 RESOLVE: Cannot resolve host address: uk-london.privateinternetaccess.com: No address associated with hostname

We can probably get rid of these, by changing the remote in the conf file to an ip.

ping uk-london.privateinternetaccess.comPING uk-london.privateinternetaccess.com (104.238.169.16) 56(84) bytes of data.
64 bytes from 104-238-169-16.choopa.net (104.238.169.16): icmp_seq=1 ttl=51 time=18.6 ms
64 bytes from 104-238-169-16.choopa.net (104.238.169.16): icmp_seq=2 ttl=51 time=18.4 ms
64 bytes from 104-238-169-16.choopa.net (104.238.169.16): icmp_seq=3 ttl=51 time

sudo nano /etc/openvpn/.conf

change:

remote uk-london.privateinternetaccess.com 1198

to:

remote 104.238.169.16 1198

This will resolve the name resolve issues (recommendation from pia, when I was having a different issue.)

I’m looking at other issues in the log.

Thanks Tom.

P.S

@kosa13

Wed May 17 21:33:35 2017 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #31652 ] -- see the man page entry for 

From looking online, there could be a number reasons for the issue, one of which may relate to the pia server. So the easiest way to test this, is to change this; as dilthedog suggested. I’ve been using the Southampton server for about 3 weeks now, with no issues (I changed from the one you are using.) So:

remote 31.24.226.241 1198

or

remote uk-southampton.privateinternetaccess.com 1198

No 1 is to try a VPN connection over TCP. Although OpenVPN normally uses the UDP protocol, there are some situations where TCP can be useful, such as this one.

According to this page, it is possible to use a TCP connection to PIA. The third post on that thread has a download link for the TCP config files

I have changed to Southampton server using numeric IP address, openvopn has been running for some time now with no problems, log lie is clear as a bell, even initial connection faults do not show.

Thank you for your help, I hope this is the last post on this issue.

Not the last post! :wink: Did you use TCP in the end or stick with UDP? And does the issue reappear if you point to the previous IP address? (It might simply have been a general short-term network problem.)

hehe, meant the last post on the problem.

I’ve gone with standard setting for Southampton, only changed ip address to numeric, thinking it would be neater and added logging to .conf file.
Assume standard setting is UDP.
I’ve not tested pointing to London server yet but will do and report once the current runs for a few days.

Just to give an update to anyone experiencing the same problem, following help I got from this thread the OpenVPN worked fine for some time but I encountered other problems and performance was patchy.
It was all finally cured with setting up port forwarding on the router and changing vpn protocol to tcp in the config file.

Happy VPNing!

Thanks for the useful feedback. So TCP did help after all. Good to hear.

should have listened to you early, but I ignored the advice as I was not sure how to change the protocol. Only later I realised it was as easy as changing 3 letters in the config file. Live and learn …

Care to have a look at my most recent problem? exFat usb drive does not automount

Thanks for all the help.

Bart