Just can't figure this out!

flowrider

HI thanks for trying to help!
Here's what I get when I look at Status>Services

OpenVPN log

stephenw10

Need to see more log or your OpenVPN settings. Something you have set is preventing it from even starting.

Steve

flowrider

I appreciate all the help.
Here are the last 50 entries

| Apr 6 00:00:26 openvpn[9047]: push_ifconfig_ipv6_defined = DISABLED
Apr 6 00:00:26 openvpn[9047]: push_ifconfig_ipv6_local = ::/0
Apr 6 00:00:26 openvpn[9047]: push_ifconfig_ipv6_remote = ::
Apr 6 00:00:26 openvpn[9047]: enable_c2c = DISABLED
Apr 6 00:00:26 openvpn[9047]: duplicate_cn = DISABLED
Apr 6 00:00:26 openvpn[9047]: cf_max = 0
Apr 6 00:00:26 openvpn[9047]: cf_per = 0
Apr 6 00:00:26 openvpn[9047]: max_clients = 1024
Apr 6 00:00:26 openvpn[9047]: max_routes_per_client = 256
Apr 6 00:00:26 openvpn[9047]: auth_user_pass_verify_script = '[UNDEF]'
Apr 6 00:00:26 openvpn[9047]: auth_user_pass_verify_script_via_file = DISABLED
Apr 6 00:00:26 openvpn[9047]: port_share_host = '[UNDEF]'
Apr 6 00:00:26 openvpn[9047]: port_share_port = 0
Apr 6 00:00:26 openvpn[9047]: client = ENABLED
Apr 6 00:00:26 openvpn[9047]: pull = ENABLED
Apr 6 00:00:26 openvpn[9047]: auth_user_pass_file = '/etc/openvpn-password.txt'
Apr 6 00:00:26 openvpn[9047]: OpenVPN 2.3.6 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Feb 13 2015
Apr 6 00:00:26 openvpn[9047]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
Apr 6 00:00:26 openvpn[9047]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Apr 6 00:00:26 openvpn[9177]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 6 00:00:26 openvpn[9177]: LZO compression initialized
Apr 6 00:00:26 openvpn[9177]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Apr 6 00:00:26 openvpn[9177]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Apr 6 00:00:26 openvpn[9177]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 6 00:00:26 openvpn[9177]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Apr 6 00:00:26 openvpn[9177]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Apr 6 00:00:26 openvpn[9177]: Local Options hash (VER=V4): '41690919'
Apr 6 00:00:26 openvpn[9177]: Expected Remote Options hash (VER=V4): '530fdded'
Apr 6 00:00:26 openvpn[9177]: UDPv4 link local (bound): [AF_INET]207.81.126.205
Apr 6 00:00:26 openvpn[9177]: UDPv4 link remote: [AF_INET]104.207.136.67:1194
Apr 6 00:00:26 openvpn[9177]: TLS: Initial packet from [AF_INET]104.207.136.67:1194, sid=88ace726 1b15bcb8
Apr 6 00:00:26 openvpn[9177]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Apr 6 00:00:26 openvpn[9177]: VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Apr 6 00:00:26 openvpn[9177]: Validating certificate key usage
Apr 6 00:00:26 openvpn[9177]: ++ Certificate has key usage 00a0, expects 00a0
Apr 6 00:00:26 openvpn[9177]: VERIFY KU OK
Apr 6 00:00:26 openvpn[9177]: Validating certificate extended key usage
Apr 6 00:00:26 openvpn[9177]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Apr 6 00:00:26 openvpn[9177]: VERIFY EKU OK
Apr 6 00:00:26 openvpn[9177]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
Apr 6 00:00:26 openvpn[9177]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 6 00:00:26 openvpn[9177]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 6 00:00:26 openvpn[9177]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 6 00:00:26 openvpn[9177]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 6 00:00:26 openvpn[9177]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 6 00:00:26 openvpn[9177]: [Private Internet Access] Peer Connection Initiated with [AF_INET]104.207.136.67:1194
Apr 6 00:00:28 openvpn[9177]: SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Apr 6 00:00:28 openvpn[9177]: AUTH: Received control message: AUTH_FAILED
Apr 6 00:00:28 openvpn[9177]: TCP/UDP: Closing socket
Apr 6 00:00:28 openvpn[9177]: SIGTERM[soft,auth-failure] received, process exiting |

stephenw10

AUTH: Received control message: AUTH_FAILED

You have the wrong set of login credentials / certificates.
Has it expired since you last used it?

Steve

flowrider

Which is strange because other than the password it hasn't changed. I'll try and fix that and update you.

flowrider

@stephenw10:

AUTH: Received control message: AUTH_FAILED

You have the wrong set of login credentials / certificates.
Has it expired since you last used it?

Steve

Nope I just checked the username and password and no go. The /etc/openvpn-password.txt is correct and I've even reset the password with no change in result.

Here's some screens of my OpenVPN Client screen

Derelict

AUTH: Received control message: AUTH_FAILED

Not sure what is ambiguous about that log.

Also, why are people insistent on using auth-user-pass files when 2.2 added the authentication fields in the GUI?

flowrider

Not ambiguous at all. I'm just not well versed but I'm learning. Reason why I used what I did is because I followed the guide. I'd happily follow another updated guide!

Derelict

I just don't get it.  The log clearly says auth failed, yet you insist your credentials are correct.

flowrider

@Derelict:

I just don't get it.  The log clearly says auth failed, yet you insist your credentials are correct.

No idea what's going on. The Same user name and password works in the PIA app.

Derelict

Sure you don't have any extra characters in that file?

Do this:

Delete the following line from the Advanced settings: auth-user-pass /etc/openvpn-userpass.txt;

Enter your PIA username and password in the client config under User Authentication Settings

flowrider

Solved!
I worked with PIA's tech support and they issued me a new username and password which seemed to do the trick. Not too sure what went wrong but it's working now. Thank you everyone for the help!!

Derelict

I would still eliminate the (now) unnecessary admin overhead and config complexity of the credential text file.

flowrider

I will do that as soon as I figure out how. I'm guessing that I can't delete anything from the /etc/ folder via the gui?

Derelict

Use the same method you used to create the file.

Deleting the file is not as important as removing it from the gui config for the client as I described above.  Deleting the file will occur naturally next time you reinstall or something.

Or, after the new config is confirmed working, use Diagnostics > Command Prompt and run rm /etc/openvpn-userpass.txt

flowrider

Thanks I will try that.

And thank you for all your help. It's greatly appreciated.