You are not logged in.
Hi,
I've decided to mix things up a bit and try out using connman/cmst instead of networkmanager/network-manager-applet (at least in part because the latter shows the 'disconnected' icon when connected to a VPN most of the time).
However, I've been having issues getting the PIA servers to work with connman-vpn - at least, for any server other than the AU_Sydney one. I can't see any issue with the configs as they're all identical (other than the URLs/ones that obviously vary from server to server). I've verified that it is in fact 'working' for this one server and not the others, by both using dnsleaktest.com, as well as using traceroute on random websites (google.com, bbs.archlinux.org) and seeing that when connected to the AU_Sydney VPN server, the traceroute follows a completely different route, whereas for any other VPN server, despite cmst and connmanctl vpntechnologies showing them in a 'Ready' state, results in an identical traceroute to as if I hadn't connected through the VPN at all.
Another minor (but related) point is that for all the VPN servers that don't work, the CMST icon remains the cone-shape Wifi icon, whereas for the AU_Sydney one, the icon is replaced with a lock.
To illustrate working vs non-working configs, here are the AU_Sydney and US_Silicon_Valley connman-vpn and openvpn configs/confs respectively.
AU_Sydney.config (connman-vpn)
[global]
Name = AU Sydney
Description = OpenVPN configuration
[provider_openvpn]
Type = OpenVPN
Name = AU Sydney_VPN
Host = aus.privateinternetaccess.com
Domain = privateinternetaccess.com
OpenVPN.Port = 1198
OpenVPN.CACert = /etc/openvpn/client/ca.rsa.2048.crt
OpenVPN.CompLZO = yes
OpenVPN.RemoteCertTls = server
OpenVPN.AuthNoCache = 0
OpenVPN.ConfigFile = /etc/openvpn/client/AU_Sydney.conf
OpenVPN.Cipher = aes-128-cbc
OpenVPN.Auth = sha1US_Silcon_Valley.config (connman-vpn)
[global]
Name = US Silicon Valley
Description = OpenVPN configuration
[provider_openvpn]
Type = OpenVPN
Name = US Silicon Valley_VPN
Host = us-siliconvalley.privateinternetaccess.com
Domain = privateinternetaccess.com
OpenVPN.Port = 1198
OpenVPN.CACert = /etc/openvpn/client/ca.rsa.2048.crt
OpenVPN.CompLZO = yes
OpenVPN.RemoteCertTls = server
OpenVPN.AuthNoCache = 0
OpenVPN.ConfigFile = /etc/openvpn/client/US_Silicon_Valley.conf
OpenVPN.Cipher = aes-128-cbc
OpenVPN.Auth = sha1AU_Sydney.conf (openvpn)
client
dev tun
proto udp
remote aus.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass /etc/private-internet-access/login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/client/crl.rsa.2048.pem
ca /etc/openvpn/client/ca.rsa.2048.crt
disable-occ
auth-nocache
script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.shUS_Silicon_Valley.conf (openvpn)
client
dev tun
proto udp
remote us-siliconvalley.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass /etc/private-internet-access/login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/client/crl.rsa.2048.pem
ca /etc/openvpn/client/ca.rsa.2048.crt
disable-occ
auth-nocache
script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.shAny pointers to start troubleshooting this would be greatly appreciated. Thanks!
Offline
Maybe removing the parameters used in conman-vpn config that are already in openvpn conf, my configs of connman-vpn only have these lines and works ok:
[global]
Name = xyz
Description = OpenVPN configuration
[provider_openvpn]
Type = OpenVPN
Name = Xyz_VPN
Host = xyz
Domain = xyz
OpenVPN.Port = 1198
OpenVPN.ConfigFile = /etc/openvpn/client/xyz.confOffline
Thanks for the reply.
Gave that a go - changing one that previously didn't work to only use the options unique to the connman *.config as described, no luck - and changing one that worked as well, which ended up not working, except after changing it back to the previous config, it still didn't work...getting connman and openvpn to work together seems to require a lot more effort than one would assume it should need, or perhaps it's just my bias from it working without a hitch with networkmanager without any workarounds/manual setup needed in comparison.
I just noticed that a a single other one that didn't previously work (AU_Melbourne.config) now does, without me having changed anything related to that particular server - whether one works with connman or not is starting to feel totally random at this point (despite me knowing that's not the case).
Last edited by coinpouch (2017-07-20 01:32:31)
Offline