I’ll look into that, I thought maybe someone had some premade rules already, i’ll most likely shut my entire network off when I start with iptables but it’s worth to try haha.
The vpn worked great, until today, it keeps dropping and I can’t find a proper log for this and there is nothing in log dirs i’m familiar and since we don’t use network-manager-openvpn doing grep VPN /var/log/syslog shows up nothing either but either way nothing seems to get resolved after being on for a few hours of being online.
A reboot instantly fixes it.
osmc@osmc:~$ wget http://ipecho.net/plain -O - -q ; echo
osmc@osmc:~$ curl ipinfo.io/ip
curl: (6) Could not resolve host: ipinfo.io
osmc@osmc:~$ curl ipinfo.io/ip
curl: (6) Could not resolve host: ipinfo.io
osmc@osmc:~$
some extra info about the service
sudo systemctl status openvpn
- openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2018-04-12 01:57:20 CEST; 2h 27min ago
Process: 397 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 397 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvpn.service
Apr 12 01:57:20 osmc systemd[1]: Starting OpenVPN service…
Apr 12 01:57:20 osmc systemd[1]: Started OpenVPN service.
:~$ ps -ef|grep [o]penvpn
root 390 1 0 01:57 ? 00:00:01 /usr/sbin/openvpn --daemon ovpn-FR --status /run/openvpn/FR.status 10 --cd /etc/openvpn --config /etc/openvpn/FR.conf --writepid /run/openvpn/FR.pid
If you run sudo journalctl -t ovpn-FR
you should see everything for your openvpn connection to FR.conf
. And make sure you’re using verb 3
or there’ll probably be insufficient diagnostic information.
To upload the log, run:
sudo journalctl -t ovpn-FR | paste-log
and tell us the URL.
Pastelog never works because of the connectivity issue
This is on verb 1, I changed it to 3 in another ovpn but forgot to do it in this one, there are some clear errors so maybe it helps.
If it’s not enough I’ll add the log again once it builds up.
-- Logs begin at Thu 2018-04-12 01:57:19 CEST, end at Thu 2018-04-12 13:17:45 CEST. --
Apr 12 01:57:20 osmc ovpn-FR[355]: OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Apr 12 01:57:20 osmc ovpn-FR[355]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Apr 12 01:57:20 osmc ovpn-FR[390]: RESOLVE: Cannot resolve host address: ro.privateinternetaccess.com:1198 (Name or service not known)
Apr 12 01:57:20 osmc ovpn-FR[390]: RESOLVE: Cannot resolve host address: ro.privateinternetaccess.com:1198 (Name or service not known)
Apr 12 01:57:20 osmc ovpn-FR[390]: Could not determine IPv4/IPv6 protocol
Apr 12 01:57:20 osmc ovpn-FR[390]: SIGUSR1[soft,init_instance] received, process restarting
Apr 12 01:57:25 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.102:1198
Apr 12 01:57:25 osmc ovpn-FR[390]: UDP link local: (not bound)
Apr 12 01:57:25 osmc ovpn-FR[390]: UDP link remote: [AF_INET]185.210.218.102:1198
Apr 12 01:57:25 osmc ovpn-FR[390]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 12 01:57:25 osmc ovpn-FR[390]: [92d4cf93163cbb7626e9da30184ced63] Peer Connection Initiated with [AF_INET]185.210.218.102:1198
Apr 12 01:57:41 osmc ovpn-FR[390]: TUN/TAP device tun0 opened
Apr 12 01:57:41 osmc ovpn-FR[390]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 12 01:57:41 osmc ovpn-FR[390]: /sbin/ip link set dev tun0 up mtu 1500
Apr 12 01:57:41 osmc ovpn-FR[390]: /sbin/ip addr add dev tun0 local 10.99.10.6 peer 10.99.10.5
Apr 12 01:57:41 osmc ovpn-FR[390]: Initialization Sequence Completed
Apr 12 02:41:10 osmc ovpn-FR[390]: [92d4cf93163cbb7626e9da30184ced63] Inactivity timeout (--ping-restart), restarting
Apr 12 02:41:10 osmc ovpn-FR[390]: SIGUSR1[soft,ping-restart] received, process restarting
Apr 12 02:41:15 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.102:1198
Apr 12 02:41:15 osmc ovpn-FR[390]: UDP link local: (not bound)
Apr 12 02:41:15 osmc ovpn-FR[390]: UDP link remote: [AF_INET]185.210.218.102:1198
Apr 12 02:42:15 osmc ovpn-FR[390]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 12 02:42:15 osmc ovpn-FR[390]: TLS Error: TLS handshake failed
Apr 12 02:42:15 osmc ovpn-FR[390]: SIGUSR1[soft,tls-error] received, process restarting
Apr 12 02:42:20 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.101:1198
Apr 12 02:42:20 osmc ovpn-FR[390]: UDP link local: (not bound)
Apr 12 02:42:20 osmc ovpn-FR[390]: UDP link remote: [AF_INET]185.210.218.101:1198
Apr 12 02:43:20 osmc ovpn-FR[390]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 12 02:43:20 osmc ovpn-FR[390]: TLS Error: TLS handshake failed
Apr 12 02:43:20 osmc ovpn-FR[390]: SIGUSR1[soft,tls-error] received, process restarting
Apr 12 02:43:25 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.105:1198
Apr 12 02:43:25 osmc ovpn-FR[390]: UDP link local: (not bound)
Apr 12 02:43:25 osmc ovpn-FR[390]: UDP link remote: [AF_INET]185.210.218.105:1198
Apr 12 02:44:25 osmc ovpn-FR[390]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 12 02:44:25 osmc ovpn-FR[390]: TLS Error: TLS handshake failed
Apr 12 02:44:25 osmc ovpn-FR[390]: SIGUSR1[soft,tls-error] received, process restarting
Apr 12 02:44:30 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.99:1198
Apr 12 02:44:30 osmc ovpn-FR[390]: UDP link local: (not bound)
Apr 12 02:44:30 osmc ovpn-FR[390]: UDP link remote: [AF_INET]185.210.218.99:1198
Apr 12 02:45:30 osmc ovpn-FR[390]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 12 02:45:30 osmc ovpn-FR[390]: TLS Error: TLS handshake failed
Apr 12 02:45:30 osmc ovpn-FR[390]: SIGUSR1[soft,tls-error] received, process restarting
Apr 12 02:45:35 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.99:1198
Apr 12 02:45:35 osmc ovpn-FR[390]: UDP link local: (not bound)
Apr 12 02:45:35 osmc ovpn-FR[390]: UDP link remote: [AF_INET]185.210.218.99:1198
Apr 12 02:46:35 osmc ovpn-FR[390]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 12 02:46:35 osmc ovpn-FR[390]: TLS Error: TLS handshake failed
Apr 12 02:46:35 osmc ovpn-FR[390]: SIGUSR1[soft,tls-error] received, process restarting
Apr 12 02:46:40 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.101:1198
Apr 12 02:46:40 osmc ovpn-FR[390]: UDP link local: (not bound)
and after that it’s just filled with
Apr 12 07:31:36 osmc ovpn-FR[390]: RESOLVE: Cannot resolve host address: ro.privateinternetaccess.com:1198 (Name or service not known)
Apr 12 07:32:57 osmc ovpn-FR[390]: RESOLVE: Cannot resolve host address: ro.privateinternetaccess.com:1198 (Name or service not known)
Apr 12 07:32:57 osmc ovpn-FR[390]: Could not determine IPv4/IPv6 protocol
Apr 12 07:32:57 osmc ovpn-FR[390]: SIGUSR1[soft,init_instance] received, process restarting
Apr 12 07:39:17 osmc ovpn-FR[390]: RESOLVE: Cannot resolve host address: ro.privateinternetaccess.com:1198 (Name or service not known)
Apr 12 07:40:37 osmc ovpn-FR[390]: RESOLVE: Cannot resolve host address: ro.privateinternetaccess.com:1198 (Name or service not known
so it looks like the main issue is resolving because there are hundreds of Cannot resolve host address issues but it also seems to have some TLS issues.
Which DNS server do you have configured? If it is the one from your ISP it might block requests when you are connected via VPN. In that case you might want to use a public one like google.
Those are the static ones from PIA also used in their DD-WRT guide.
Neither have I.
I set them through the OSMC app so I think that should be fine.
I doubt both servers have been down since they are the static PIA DNS servers used by everyone with a router config that followed their websites guide.
Surely you can try to disconnect before uploading the log. Running sudo systemctl stop openvpn
should be enough.
It doesn’t look like a DNS problem. It seems that your connection is dropping and failing to reconnect. It even tries four IP addresses that it has previously used:
Apr 12 01:57:25 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.102:1198
Apr 12 02:41:15 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.102:1198
Apr 12 02:42:20 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.101:1198
Apr 12 02:43:25 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.105:1198
Apr 12 02:44:30 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.99:1198
Apr 12 02:45:35 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.99:1198
Apr 12 02:46:40 osmc ovpn-FR[390]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.101:1198
but each one fails to connect. So that doesn’t look like a DNS issue.
It’s difficult to say where the problem lies. It could be a problem with PIA’s Romania servers, your ISP causing problems or something on OSMC.
For now, I’d suggest you (a) point to a different country and (b) try to connect using TCP, instead of UDP. You can get the config files for TCP here.
Please also remember to use verb 3
.
I can have a months worth of uptime in windows without the server ever dropping so I doubt that my ISP is an issue same thing on android.
Could it be too hard to handle multiple vpns for my router? The thing is pretty old.
I doubt its what causes it but I have no idea what else it could be.
This might be nothing to do with openvpn and could, for example, be some kind of networking issue between the Vero4K and your router. Even a bad cable could be the culprit.
I think we really do need full logs if we’re to make any progress. Run sudo systemctl stop openvpn
, check that you have an internet connection and, if so, run grab-logs -A
.
I have internet connection, I used this same cable for a year without a vpn and it never dropped NFS or normal internet and that was on for a year (not counting crashes).
It also says I have internet connection in my router and in the OSMC app.
But if you look right above you can see a succesful connection after a sudo systemctl stop vpn and sudo systemctl start vpn in my edit.
Well, the cable was simply used as an illustration of the sort of possibilities to consider.
Nice to see verb 3 is set. So about those logs…
That was the end of the log it connected without an issue.
I’m waiting for it to screw up now… I hope it doesn’t happen but we all know it will lol.
“Full logs” means grab-logs -A
.
I went through it 20 times but I couldn’t find anything useful in the openvpn documentation or in the logs, did you find anything useful?
VPN is still up and running by the way after 22 hours.
It might be caused by an Out-Of-Memory situation when I added multiple bluray seasons of shows while it does a full library update on each episode which triggers a full trakt sync of the library on each scan (really annoying} then my Kodi freezes and ssh gets 5-10 seconds delay when i try to restart the service. The key held in memory might expire for the control channel which causes it to fail connections. After a number of times retrying it then switches to can’t resolve because PIA temporarily removes the gateway and dns servers blocking all traffic. Stopping ovpn returns it to it’s default state allowing a new connection to succeed .
Just a working theory.