You are not logged in.
Hi All,
I downloaded PIA configuration files from their website. It looks like this:
client
dev tun
proto udp
remote us-newyorkcity.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass pia.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
I added a file name with my PIA username and password to the line auth-user-pass. This is the openvpn result:
# openvpn US-New-York-City.ovpn
Fri Jul 13 05:31:57 2018 WARNING: file 'pia.txt' is group or others accessible
Fri Jul 13 05:31:57 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Fri Jul 13 05:31:57 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Fri Jul 13 05:31:58 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]209.95.50.69:1198
Fri Jul 13 05:31:58 2018 UDP link local: (not bound)
Fri Jul 13 05:31:58 2018 UDP link remote: [AF_INET]209.95.50.69:1198
Fri Jul 13 05:31:58 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 13 05:31:58 2018 [ef64f717b4baea6d2363eadb3fc7e5d2] Peer Connection Initiated with [AF_INET]209.95.50.69:1198
Fri Jul 13 05:31:59 2018 TUN/TAP device tun0 opened
Fri Jul 13 05:31:59 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jul 13 05:31:59 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Jul 13 05:31:59 2018 /usr/bin/ip addr add dev tun0 local 10.63.10.6 peer 10.63.10.5
Fri Jul 13 05:31:59 2018 Initialization Sequence Completed
This is the /etc/resolv.conf:
$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 8.8.8.8
nameserver 192.168.4.1
It is the same as before openvpn is ran. I'm unable to connect to anything with Firefox or curl:
$ curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection timed out
Then I download the file /etc/openvpn/update-resolv-conf from https://github.com/masterkorp/openvpn-u … esolv-conf and append these 3 lines to US-New-York-City.ovpn
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Now the /etc/resolv.conf is updated with the DNS server names from PrivateInternetAccess:
# openvpn US-New-York-City.ovpn
Fri Jul 13 05:49:29 2018 WARNING: file 'pia.txt' is group or others accessible
Fri Jul 13 05:49:29 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Fri Jul 13 05:49:29 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Fri Jul 13 05:49:29 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 13 05:49:30 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]209.95.50.199:1198
Fri Jul 13 05:49:30 2018 UDP link local: (not bound)
Fri Jul 13 05:49:30 2018 UDP link remote: [AF_INET]209.95.50.199:1198
Fri Jul 13 05:49:30 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 13 05:49:30 2018 [e892be7937b1fdc07f5439f1c3d82d10] Peer Connection Initiated with [AF_INET]209.95.50.199:1198
Fri Jul 13 05:49:31 2018 TUN/TAP device tun0 opened
Fri Jul 13 05:49:31 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jul 13 05:49:31 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Jul 13 05:49:31 2018 /usr/bin/ip addr add dev tun0 local 10.7.10.6 peer 10.7.10.5
Fri Jul 13 05:49:31 2018 /etc/openvpn/update-resolv-conf tun0 1500 1558 10.7.10.6 10.7.10.5 init
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
Fri Jul 13 05:49:31 2018 Initialization Sequence Completed
$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 209.222.18.222
nameserver 209.222.18.218
However I'm unable to access anything
$ curl https://www.google.com
curl: (6) Could not resolve host: www.google.com
There is no iptables rule on my machine
# iptables -nvL
Chain INPUT (policy ACCEPT 775 packets, 142K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 812 packets, 455K bytes)
pkts bytes target prot opt in out source destination
Now I run out of idea of what needs to try. Does anybody have any idea?
Thanks.
Last edited by dxxvi (2018-07-13 09:59:32)
Offline
Check you routes. In provided connection log I see that there is only route that was added is for the peer address 10.7.10.5.
Run from terminal:
ip ro sh
and post it there.
Also there vpn-server pushed DNS servers so it also should push routes for accessing them via the tunnel. If you expecting that all traffic should go through the tunnel there must be pushed default route option in connection logs.
You can add this option on your openvpn config-file at the very end by yourself:
redirect-gateway def1
Last edited by sincomil (2018-07-13 10:46:34)
Offline
What solved it for me was installing package openvpn-update-resolv-conf
Tim
Offline
Use this instead:
https://www.privateinternetaccess.com/h … nvpn-setup
it says fedora but the script also supports Arch and it uses the native NetworkManager vpn configs. Very simple setup and extremely reliable.
Offline
redirect-gateway def
Before connecting to PIA:
$ ip ro sh
default via 192.168.4.1 dev wlp2s0 proto dhcp src 192.168.4.244 metric 302
192.168.4.0/24 dev wlp2s0 proto dhcp scope link src 192.168.4.244 metric 302
After connecting to PIA:
$ ip ro sh
0.0.0.0/1 via 10.78.10.5 dev tun0
default via 192.168.4.1 dev wlp2s0 proto dhcp src 192.168.4.244 metric 302
10.78.10.1 via 10.78.10.5 dev tun0
10.78.10.5 dev tun0 proto kernel scope link src 10.78.10.6
128.0.0.0/1 via 10.78.10.5 dev tun0
192.168.4.0/24 dev wlp2s0 proto dhcp scope link src 192.168.4.244 metric 302
209.95.50.199 via 192.168.4.1 dev wlp2s0
What solved it for me was installing package openvpn-update-resolv-conf
I tried that. That package installed this file /etc/openvpn/update-resolv-conf. And we have to append
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
to the .ovpn file manually, don't we? I did that and the result is the same.
Use this instead:
https://www.privateinternetaccess.com/h … nvpn-setupit says fedora but the script also supports Arch and it uses the native NetworkManager vpn configs. Very simple setup and extremely reliable.
That creates some NetworkManager profiles for me. I ran a profile with
$ nmcli connection up "PIA - US New York City" --ask
A password is required to connect to 'PIA - US New York City'.
Password (vpn.secret.password): ••••••••••
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
but the result was the same as other approaches.
Offline