Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PIA VPN drops randomly, does not auto rebuild until OpenVPN service restarted

    Scheduled Pinned Locked Moved
    OpenVPN
    openvpn pia
    2
    2
    372
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eds89
      last edited by eds89

      Hi There,

      For a while now, my Private Internet Access client in OpenVPN on PFsense, has been dropping randomly, and then not auto rebuilding.
      The only way to get this to correctly rebuild, is to restart the OpenVPN service in PFsense.

      This seems to be the set of logs that repeats during attempted rebuild:

      Jun 11 13:12:49	openvpn	2576	SIGUSR1[soft,auth-failure] received, process restarting
Jun 11 13:14:09	openvpn	2576	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 11 13:14:09	openvpn	2576	TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.188.245:1198
Jun 11 13:14:09	openvpn	2576	UDPv4 link local (bound): [AF_INET]82.11.231.186:0
Jun 11 13:14:09	openvpn	2576	UDPv4 link remote: [AF_INET]46.166.188.245:1198
Jun 11 13:14:09	openvpn	2576	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Jun 11 13:14:09	openvpn	2576	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Jun 11 13:14:09	openvpn	2576	[11d76880eec1db91df156e6462cbd782] Peer Connection Initiated with [AF_INET]46.166.188.245:1198
Jun 11 13:14:15	openvpn	2576	AUTH: Received control message: AUTH_FAILED
Jun 11 13:14:15	openvpn	2576	SIGUSR1[soft,auth-failure] received, process restarting

      One thing that I have spotted, after restarting the service, is the VPN gateway IP seems to change. Here are the first few log entries after a process restart:

      Jun 11 13:35:29	openvpn	2576	SIGUSR1[soft,auth-failure] received, process restarting
Jun 11 13:35:44	openvpn	2576	/usr/local/sbin/ovpn-linkdown ovpnc1 0 0 10.30.10.6 10.30.10.5 init
Jun 11 13:35:44	openvpn	2576	SIGTERM[hard,init_instance] received, process exiting
Jun 11 13:35:44	openvpn	21923	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
Jun 11 13:35:44	openvpn	21923	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Jun 11 13:35:44	openvpn	21923	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jun 11 13:35:44	openvpn	22184	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 11 13:35:44	openvpn	22184	Initializing OpenSSL support for engine 'cryptodev'
Jun 11 13:35:44	openvpn	22184	TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.44.34:1198
Jun 11 13:35:44	openvpn	22184	UDPv4 link local (bound): [AF_INET]82.11.231.186:0
Jun 11 13:35:44	openvpn	22184	UDPv4 link remote: [AF_INET]185.107.44.34:1198
Jun 11 13:35:44	openvpn	22184	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 11 13:35:44	openvpn	22184	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Jun 11 13:35:44	openvpn	22184	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Jun 11 13:35:44	openvpn	22184	[04134aa54058b865589304ac9f8351c3] Peer Connection Initiated with [AF_INET]185.107.44.34:1198
Jun 11 13:35:45	openvpn	22184	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 11 13:35:45	openvpn	22184	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jun 11 13:35:45	openvpn	22184	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jun 11 13:35:45	openvpn	22184	Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jun 11 13:35:45	openvpn	22184	TUN/TAP device ovpnc1 exists previously, keep at program end
Jun 11 13:35:45	openvpn	22184	TUN/TAP device /dev/tun1 opened
Jun 11 13:35:45	openvpn	22184	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jun 11 13:35:45	openvpn	22184	/sbin/ifconfig ovpnc1 10.18.10.6 10.18.10.5 mtu 1500 netmask 255.255.255.255 up
Jun 11 13:35:45	openvpn	22184	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.18.10.6 10.18.10.5 init
Jun 11 13:35:45	openvpn	22184	Initialization Sequence Completed

      Is this enough info to help me determine why it doesn't auto rebuild? At this stage I'm not concerned as to why it's dropping, as long as it rebuilds correctly.
      Note, the time between drops is normally in the order of days or a couple of weeks.

      Cheers
      Eds

      1 Reply Last reply Reply Quote 0
      • B
        bcruze
        last edited by bcruze

        This is one of many reasons I dropped pia and nord.

        Either way I suggest reading up on the remote host command
        https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post