Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN connection to PIA keeps dropping with "unable to contact daemon" error

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 5 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mouseskowitz
      last edited by

      I'm running 2.3.3-Realease-p1. My OpenVPN connection has been dropping more and more frequently. I had to restart it twice today. When I search this probable there is no recent info on it. Is there a way to have the connection restart automatically if dropped? Or is there some way to fix this shy of doing a fresh install?

      1 Reply Last reply Reply Quote 0
      • A
        aptalca
        last edited by

        I'm having a similar issue. Mine restarts due to "ping-restart" and when it does, it gets an auth error and the service shuts down. Initial/manual connections are all fine, but the auto restarts all fail. Happens about every 8 hours.

        Here's a log:

        openvpn	16926	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
        openvpn	16926	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
        openvpn	16926	/sbin/ifconfig ovpnc1 10.36.10.6 10.36.10.5 mtu 1500 netmask 255.255.255.255 up
        openvpn	16926	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1561 10.36.10.6 10.36.10.5 init
        openvpn	16926	/sbin/route add -net 208.167.254.111 192.168.1.1 255.255.255.255
        openvpn	16926	/sbin/route add -net 0.0.0.0 10.36.10.5 128.0.0.0
        openvpn	16926	/sbin/route add -net 128.0.0.0 10.36.10.5 128.0.0.0
        openvpn	16926	/sbin/route add -net 10.36.10.1 10.36.10.5 255.255.255.255
        openvpn	16926	Initialization Sequence Completed
        openvpn	16926	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
        openvpn	16926	MANAGEMENT: CMD 'state 1'
        openvpn	16926	MANAGEMENT: CMD 'status 2'
        openvpn	16926	MANAGEMENT: Client disconnected
        openvpn	16926	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
        openvpn	16926	MANAGEMENT: CMD 'state 1'
        openvpn	16926	MANAGEMENT: CMD 'status 2'
        openvpn	16926	MANAGEMENT: Client disconnected
        openvpn	16926	[280d648bae0fd4232f23a0c03abc6cd7] Inactivity timeout (--ping-restart), restarting
        openvpn	16926	SIGUSR1[soft,ping-restart] received, process restarting
        openvpn	16926	Restart pause, 2 second(s)
        openvpn	16926	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
        openvpn	16926	Socket Buffers: R=[42080->42080] S=[57344->57344]
        openvpn	16926	UDPv4 link local (bound): [AF_INET]192.168.1.33
        openvpn	16926	UDPv4 link remote: [AF_INET]208.167.254.45:1198
        openvpn	16926	TLS: Initial packet from [AF_INET]208.167.254.45:1198, sid=05b542bf abe6867f
        openvpn	16926	VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
        openvpn	16926	Validating certificate key usage
        openvpn	16926	++ Certificate has key usage 00a0, expects 00a0
        openvpn	16926	VERIFY KU OK
        openvpn	16926	Validating certificate extended key usage
        openvpn	16926	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
        openvpn	16926	VERIFY EKU OK
        openvpn	16926	VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=044b0ce49dedfef245eb64592438882a, name=044b0ce49dedfef245eb64592438882a
        openvpn	16926	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
        openvpn	16926	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
        openvpn	16926	Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
        openvpn	16926	Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
        openvpn	16926	Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
        openvpn	16926	Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
        openvpn	16926	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
        openvpn	16926	[044b0ce49dedfef245eb64592438882a] Peer Connection Initiated with [AF_INET]208.167.254.45:1198
        openvpn	16926	SENT CONTROL [044b0ce49dedfef245eb64592438882a]: 'PUSH_REQUEST' (status=1)
        openvpn	16926	AUTH: Received control message: AUTH_FAILED
        openvpn	16926	/sbin/route delete -net 10.36.10.1 10.36.10.5 255.255.255.255
        openvpn	16926	/sbin/route delete -net 208.167.254.111 192.168.1.1 255.255.255.255
        openvpn	16926	/sbin/route delete -net 0.0.0.0 10.36.10.5 128.0.0.0
        openvpn	16926	/sbin/route delete -net 128.0.0.0 10.36.10.5 128.0.0.0
        openvpn	16926	Closing TUN/TAP interface
        openvpn	16926	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.36.10.6 10.36.10.5 init
        openvpn	16926	SIGTERM[soft,auth-failure] received, process exiting
        
        

        Can you check your openvpn log (under system log / openvpn) and see if you have the same issue?

        I used the following guide from PIA to set it up: https://www.privateinternetaccess.com/pages/client-support/pfsense

        Thanks

        1 Reply Last reply Reply Quote 0
        • M
          mouseskowitz
          last edited by

          I have some of they same stuff in my error log but not all of it. I'm pretty sure that my problem is related to the pfSense loosing connection with the ISP. It would be nice to find a way to get the VPN tunnel to automatically start back up.

          1 Reply Last reply Reply Quote 0
          • M
            mouseskowitz
            last edited by

            I just installed Service_Watchdog. We'll have to see if that fixes my issue.

            1 Reply Last reply Reply Quote 0
            • M
              mickebo
              last edited by

              I have same issue, installed service watchdog some day ago
              Didnt help me :(

              1 Reply Last reply Reply Quote 0
              • E
                enforcerviper
                last edited by

                I'm still having the same problem. I can't figure it out. PIA has been no help. They reset my username/password already.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  An auth error is considered a hard failure by the OpenVPN daemon and it shuts down.

                  Try adding this to the custom options in the client's advanced config:

                  auth-retry nointeract;

                  Service watchdog should also work.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.