OpenVPN connection to PIA keeps dropping with "unable to contact daemon" error



  • I'm running 2.3.3-Realease-p1. My OpenVPN connection has been dropping more and more frequently. I had to restart it twice today. When I search this probable there is no recent info on it. Is there a way to have the connection restart automatically if dropped? Or is there some way to fix this shy of doing a fresh install?



  • I'm having a similar issue. Mine restarts due to "ping-restart" and when it does, it gets an auth error and the service shuts down. Initial/manual connections are all fine, but the auto restarts all fail. Happens about every 8 hours.

    Here's a log:

    openvpn	16926	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    openvpn	16926	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    openvpn	16926	/sbin/ifconfig ovpnc1 10.36.10.6 10.36.10.5 mtu 1500 netmask 255.255.255.255 up
    openvpn	16926	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1561 10.36.10.6 10.36.10.5 init
    openvpn	16926	/sbin/route add -net 208.167.254.111 192.168.1.1 255.255.255.255
    openvpn	16926	/sbin/route add -net 0.0.0.0 10.36.10.5 128.0.0.0
    openvpn	16926	/sbin/route add -net 128.0.0.0 10.36.10.5 128.0.0.0
    openvpn	16926	/sbin/route add -net 10.36.10.1 10.36.10.5 255.255.255.255
    openvpn	16926	Initialization Sequence Completed
    openvpn	16926	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    openvpn	16926	MANAGEMENT: CMD 'state 1'
    openvpn	16926	MANAGEMENT: CMD 'status 2'
    openvpn	16926	MANAGEMENT: Client disconnected
    openvpn	16926	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    openvpn	16926	MANAGEMENT: CMD 'state 1'
    openvpn	16926	MANAGEMENT: CMD 'status 2'
    openvpn	16926	MANAGEMENT: Client disconnected
    openvpn	16926	[280d648bae0fd4232f23a0c03abc6cd7] Inactivity timeout (--ping-restart), restarting
    openvpn	16926	SIGUSR1[soft,ping-restart] received, process restarting
    openvpn	16926	Restart pause, 2 second(s)
    openvpn	16926	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    openvpn	16926	Socket Buffers: R=[42080->42080] S=[57344->57344]
    openvpn	16926	UDPv4 link local (bound): [AF_INET]192.168.1.33
    openvpn	16926	UDPv4 link remote: [AF_INET]208.167.254.45:1198
    openvpn	16926	TLS: Initial packet from [AF_INET]208.167.254.45:1198, sid=05b542bf abe6867f
    openvpn	16926	VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
    openvpn	16926	Validating certificate key usage
    openvpn	16926	++ Certificate has key usage 00a0, expects 00a0
    openvpn	16926	VERIFY KU OK
    openvpn	16926	Validating certificate extended key usage
    openvpn	16926	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    openvpn	16926	VERIFY EKU OK
    openvpn	16926	VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=044b0ce49dedfef245eb64592438882a, name=044b0ce49dedfef245eb64592438882a
    openvpn	16926	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    openvpn	16926	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    openvpn	16926	Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    openvpn	16926	Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    openvpn	16926	Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    openvpn	16926	Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    openvpn	16926	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    openvpn	16926	[044b0ce49dedfef245eb64592438882a] Peer Connection Initiated with [AF_INET]208.167.254.45:1198
    openvpn	16926	SENT CONTROL [044b0ce49dedfef245eb64592438882a]: 'PUSH_REQUEST' (status=1)
    openvpn	16926	AUTH: Received control message: AUTH_FAILED
    openvpn	16926	/sbin/route delete -net 10.36.10.1 10.36.10.5 255.255.255.255
    openvpn	16926	/sbin/route delete -net 208.167.254.111 192.168.1.1 255.255.255.255
    openvpn	16926	/sbin/route delete -net 0.0.0.0 10.36.10.5 128.0.0.0
    openvpn	16926	/sbin/route delete -net 128.0.0.0 10.36.10.5 128.0.0.0
    openvpn	16926	Closing TUN/TAP interface
    openvpn	16926	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.36.10.6 10.36.10.5 init
    openvpn	16926	SIGTERM[soft,auth-failure] received, process exiting
    
    

    Can you check your openvpn log (under system log / openvpn) and see if you have the same issue?

    I used the following guide from PIA to set it up: https://www.privateinternetaccess.com/pages/client-support/pfsense

    Thanks



  • I have some of they same stuff in my error log but not all of it. I'm pretty sure that my problem is related to the pfSense loosing connection with the ISP. It would be nice to find a way to get the VPN tunnel to automatically start back up.



  • I just installed Service_Watchdog. We'll have to see if that fixes my issue.



  • I have same issue, installed service watchdog some day ago
    Didnt help me :(



  • I'm still having the same problem. I can't figure it out. PIA has been no help. They reset my username/password already.


  • LAYER 8 Netgate

    An auth error is considered a hard failure by the OpenVPN daemon and it shuts down.

    Try adding this to the custom options in the client's advanced config:

    auth-retry nointeract;

    Service watchdog should also work.


Log in to reply