OpenVPN connection to PIA keeps dropping with "unable to contact daemon" error

mouseskowitz

I'm running 2.3.3-Realease-p1. My OpenVPN connection has been dropping more and more frequently. I had to restart it twice today. When I search this probable there is no recent info on it. Is there a way to have the connection restart automatically if dropped? Or is there some way to fix this shy of doing a fresh install?

aptalca

I'm having a similar issue. Mine restarts due to "ping-restart" and when it does, it gets an auth error and the service shuts down. Initial/manual connections are all fine, but the auto restarts all fail. Happens about every 8 hours.

Here's a log:

openvpn	16926	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
openvpn	16926	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
openvpn	16926	/sbin/ifconfig ovpnc1 10.36.10.6 10.36.10.5 mtu 1500 netmask 255.255.255.255 up
openvpn	16926	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1561 10.36.10.6 10.36.10.5 init
openvpn	16926	/sbin/route add -net 208.167.254.111 192.168.1.1 255.255.255.255
openvpn	16926	/sbin/route add -net 0.0.0.0 10.36.10.5 128.0.0.0
openvpn	16926	/sbin/route add -net 128.0.0.0 10.36.10.5 128.0.0.0
openvpn	16926	/sbin/route add -net 10.36.10.1 10.36.10.5 255.255.255.255
openvpn	16926	Initialization Sequence Completed
openvpn	16926	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
openvpn	16926	MANAGEMENT: CMD 'state 1'
openvpn	16926	MANAGEMENT: CMD 'status 2'
openvpn	16926	MANAGEMENT: Client disconnected
openvpn	16926	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
openvpn	16926	MANAGEMENT: CMD 'state 1'
openvpn	16926	MANAGEMENT: CMD 'status 2'
openvpn	16926	MANAGEMENT: Client disconnected
openvpn	16926	[280d648bae0fd4232f23a0c03abc6cd7] Inactivity timeout (--ping-restart), restarting
openvpn	16926	SIGUSR1[soft,ping-restart] received, process restarting
openvpn	16926	Restart pause, 2 second(s)
openvpn	16926	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn	16926	Socket Buffers: R=[42080->42080] S=[57344->57344]
openvpn	16926	UDPv4 link local (bound): [AF_INET]192.168.1.33
openvpn	16926	UDPv4 link remote: [AF_INET]208.167.254.45:1198
openvpn	16926	TLS: Initial packet from [AF_INET]208.167.254.45:1198, sid=05b542bf abe6867f
openvpn	16926	VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
openvpn	16926	Validating certificate key usage
openvpn	16926	++ Certificate has key usage 00a0, expects 00a0
openvpn	16926	VERIFY KU OK
openvpn	16926	Validating certificate extended key usage
openvpn	16926	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn	16926	VERIFY EKU OK
openvpn	16926	VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=044b0ce49dedfef245eb64592438882a, name=044b0ce49dedfef245eb64592438882a
openvpn	16926	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
openvpn	16926	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
openvpn	16926	Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
openvpn	16926	Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn	16926	Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
openvpn	16926	Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn	16926	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
openvpn	16926	[044b0ce49dedfef245eb64592438882a] Peer Connection Initiated with [AF_INET]208.167.254.45:1198
openvpn	16926	SENT CONTROL [044b0ce49dedfef245eb64592438882a]: 'PUSH_REQUEST' (status=1)
openvpn	16926	AUTH: Received control message: AUTH_FAILED
openvpn	16926	/sbin/route delete -net 10.36.10.1 10.36.10.5 255.255.255.255
openvpn	16926	/sbin/route delete -net 208.167.254.111 192.168.1.1 255.255.255.255
openvpn	16926	/sbin/route delete -net 0.0.0.0 10.36.10.5 128.0.0.0
openvpn	16926	/sbin/route delete -net 128.0.0.0 10.36.10.5 128.0.0.0
openvpn	16926	Closing TUN/TAP interface
openvpn	16926	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.36.10.6 10.36.10.5 init
openvpn	16926	SIGTERM[soft,auth-failure] received, process exiting

Can you check your openvpn log (under system log / openvpn) and see if you have the same issue?

I used the following guide from PIA to set it up: https://www.privateinternetaccess.com/pages/client-support/pfsense

Thanks

mouseskowitz

I have some of they same stuff in my error log but not all of it. I'm pretty sure that my problem is related to the pfSense loosing connection with the ISP. It would be nice to find a way to get the VPN tunnel to automatically start back up.

mouseskowitz

I just installed Service_Watchdog. We'll have to see if that fixes my issue.

mickebo

I have same issue, installed service watchdog some day ago
Didnt help me :(

enforcerviper

I'm still having the same problem. I can't figure it out. PIA has been no help. They reset my username/password already.

Derelict

An auth error is considered a hard failure by the OpenVPN daemon and it shuts down.

Try adding this to the custom options in the client's advanced config:

auth-retry nointeract;

Service watchdog should also work.