Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

[frooty]

Hmmm....I now seem to be having another issue - I'm seeing this constant error in my logs:

Jun 13 09:56:10 openvpn[1486]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 13 09:56:10 openvpn[1486]: TLS Error: TLS handshake failed
Jun 13 09:56:10 openvpn[1486]: SIGUSR1[soft,tls-error] received, process restarting
Jun 13 09:56:10 openvpn[1486]: Restart pause, 300 second(s)
Jun 13 10:02:10 openvpn[1486]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 13 10:02:10 openvpn[1486]: TLS Error: TLS handshake failed
Jun 13 10:02:10 openvpn[1486]: SIGUSR1[soft,tls-error] received, process restarting
Jun 13 10:02:10 openvpn[1486]: Restart pause, 300 second(s)

Not sure if this is a PIA issue or a router issue - is anyone else seeing this in their logs?

Edit: I found the problem. PIA have dropped their German server at Leaseweb due to security concerns:

https://www.privateinternetaccess.c...-discontinuing-its-german-exit-gateway#latest

...and one of my clients was aimed at it. Changed the country & all is good again.

 

[yorgi]

great

 

[Rick Mathes]

I setup my Asus router exactly as posted and it works fine but everyday I have to reboot router or go in to web gui to get it working again as it disconnects daily. Connecting through Silicon Valley with PIA as my vip provider. Any advice.

 

[CaptainSTX]

I setup my Asus router exactly as posted and it works fine but everyday I have to reboot router or go in to web gui to get it working again as it disconnects daily. Connecting through Silicon Valley vpn.Any advice.

Some providers may require you reverify your credentials daily so they can knock off stale connections. I have never had any problems with either Astrill or StrongVPN and have had VPN connections up for months at a time.

Also look if the time your connection is dropping corresponds with when your ISP renews your IP. Check your logs.

Then verify you don't have a script or timer set to reboot your router daily. Also be sure that you have checked the box for your VPN to start with the WAN. This might help if you have momentary disconnections from the WWW.

Finally be sure you have stable power. Connect your router to a UPS if it is not already.

 

[Rick Mathes]

Ok I do have it set to reboot daily and also start with lan. Will check to see when my connection is dropping if I can figure that out. Only comment is it never happened before with same provider and same router until a few weeks ago. Who knows. I know just enough to be dangerous so will try and find the logs and figure it out. Thanks for comment.

 

[CaptainSTX]

Ok I do have it set to reboot daily and also start with lan. Will check to see when my connection is dropping if I can figure that out. Only comment is it never happened before with same provider and same router until a few weeks ago. Who knows. I know just enough to be dangerous so will try and find the logs and figure it out. Thanks for comment.

Hopefully you meant set to start with WAN.

While you check to see what the root cause of the problem might be, why don't you cancel restarting the router daily. ASUS routers are very stable and even more so if you are running Merlin's configuration. I can go for days without needing to reboot my router and then it is only because I have made some change to my network. If rebooting isn't fixing/ clearing some issue for you why bother.

 

[Rick Mathes]

Well unlike probably most people on this site I am not very experienced with vpn setup on my RT-AC68u router though I have read a lot about setup. I couldn't figure out by my log what was gong on. I was running 380_66_6 firmware and every morning I was disconnected from PIA vpn. I did finally resolved my problem by going back to 380_66_2 and have not had any problems the last 3 days with disconnecting. Just have no idea why the latest firmware caused my problems. For now things are going great.

 

[yorgi]

Well unlike probably most people on this site I am not very experienced with vpn setup on my RT-AC68u router though I have read a lot about setup. I couldn't figure out by my log what was gong on. I was running 380_66_6 firmware and every morning I was disconnected from PIA vpn. I did finally resolved my problem by going back to 380_66_2 and have not had any problems the last 3 days with disconnecting. Just have no idea why the latest firmware caused my problems. For now things are going great.

I had a similar issue where PIA would disconnect everyday and wouldn't re connect as you had. I was on 380.66.2 when I updated to 380.66.4 I had no more issues. I didn't have to reboot the router all I had to do was disconnect the VPN service and re connect. I just upgraded to 380.66.6 I will let you know if I have any issues with daily drops and not being able to reconnect. I do however have an 87U maybe a difference between the routers.

 

[frooty]

I'm having connection issues using 380.66.6 - Authentication failed.

Jul 3 18:07:43 openvpn[28264]: AUTH: Received control message: AUTH_FAILED
Jul 3 18:07:43 openvpn[28264]: vpnrouting.sh tun13 1500 1622 10.19.10.6 10.19.10.5 init
Jul 3 18:07:43 openvpn-routing: Configuring policy rules for client 3
Jul 3 18:07:43 openvpn-routing: Removing rule 10501 from routing policy
Jul 3 18:07:43 openvpn-routing: Tunnel down - VPN client access blocked
Jul 3 18:07:43 openvpn-routing: Adding route for 192.168.1.8 to 0.0.0.0 through VPN client 3
Jul 3 18:07:43 openvpn-routing: Completed routing policy configuration for client 3
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 10.19.10.1/32
Jul 3 18:07:43 openvpn[28264]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 37.221.166.146/32
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 0.0.0.0/1
Jul 3 18:07:43 openvpn[28264]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 128.0.0.0/1
Jul 3 18:07:43 openvpn[28264]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 3 18:07:43 openvpn[28264]: Closing TUN/TAP interface

Nothing changed since upgrading, so I'm going back to 380.66.4

 

[Xentrk]

I'm having connection issues using 380.66.6 - Authentication failed.

Jul 3 18:07:43 openvpn[28264]: AUTH: Received control message: AUTH_FAILED
Jul 3 18:07:43 openvpn[28264]: vpnrouting.sh tun13 1500 1622 10.19.10.6 10.19.10.5 init
Jul 3 18:07:43 openvpn-routing: Configuring policy rules for client 3
Jul 3 18:07:43 openvpn-routing: Removing rule 10501 from routing policy
Jul 3 18:07:43 openvpn-routing: Tunnel down - VPN client access blocked
Jul 3 18:07:43 openvpn-routing: Adding route for 192.168.1.8 to 0.0.0.0 through VPN client 3
Jul 3 18:07:43 openvpn-routing: Completed routing policy configuration for client 3
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 10.19.10.1/32
Jul 3 18:07:43 openvpn[28264]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 37.221.166.146/32
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 0.0.0.0/1
Jul 3 18:07:43 openvpn[28264]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 3 18:07:43 openvpn[28264]: /usr/sbin/ip route del 128.0.0.0/1
Jul 3 18:07:43 openvpn[28264]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 3 18:07:43 openvpn[28264]: Closing TUN/TAP interface

Nothing changed since upgrading, so I'm going back to 380.66.4

Are you a PIA customer? If so, try this solution:
https://www.snbforums.com/threads/b...eta-is-now-available.39854/page-5#post-333055

 

[frooty]

Are you a PIA customer? If so, try this solution:
https://www.snbforums.com/threads/b...eta-is-now-available.39854/page-5#post-333055

Yes, I'm a PIA customer & I already have "auth-nocache" in my config as a safety precaution.

Since going back to 380.66.4 everything is working great again, so maybe there's a change in the latest openvpn client?

 

[yorgi]

anyone get this error?

/usr/sbin/ip route del 10.74.10.1/32
Jul 11 06:22:49 openvpn[16262]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip route del 172.98.67.29/32
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip route del 0.0.0.0/1
Jul 11 06:22:49 openvpn[16262]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip route del 128.0.0.0/1
Jul 11 06:22:49 openvpn[16262]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 11 06:22:49 openvpn[16262]: Closing TUN/TAP interface
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip addr del dev tun11 local 10.74.10.6 peer 10.74.10.5
Jul 11 06:22:49 openvpn[16262]: updown.sh tun11 1500 1558 10.74.10.6 10.74.10.5 init
Jul 11 06:22:49 rc_service: service 22854:notify_rc updateresolv

 

[RMerlin]

anyone get this error?

/usr/sbin/ip route del 10.74.10.1/32
Jul 11 06:22:49 openvpn[16262]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip route del 172.98.67.29/32
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip route del 0.0.0.0/1
Jul 11 06:22:49 openvpn[16262]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip route del 128.0.0.0/1
Jul 11 06:22:49 openvpn[16262]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 11 06:22:49 openvpn[16262]: Closing TUN/TAP interface
Jul 11 06:22:49 openvpn[16262]: /usr/sbin/ip addr del dev tun11 local 10.74.10.6 peer 10.74.10.5
Jul 11 06:22:49 openvpn[16262]: updown.sh tun11 1500 1558 10.74.10.6 10.74.10.5 init
Jul 11 06:22:49 rc_service: service 22854:notify_rc updateresolv

This is normal as these are routes that were removed by vpnrouting.sh. OpenVPN does not know it, so on shutdown it will try to re-delete them again. You can ignore those messages.

 

[yorgi]

This is normal as these are routes that were removed by vpnrouting.sh. OpenVPN does not know it, so on shutdown it will try to re-delete them again. You can ignore those messages.

Ok good to know. I put my verb to 5 so I could see more info.
thanks

 

[Dref]

Thanks

whilst I don't have PIA (I have Nord and Pure) I think this will help me a lot. I have 1Q - my Pure uses PPTP for my dedicated IP through a router (L2TP from the device)- actually I'm not happy with this as I understand PPTP is not very secure and when my contract expires I will move. Anyway my question is, can I mix PPTP and open vpn in the router (using different devices on the lan)

 

[yorgi]

Thanks

whilst I don't have PIA (I have Nord and Pure) I think this will help me a lot. I have 1Q - my Pure uses PPTP for my dedicated IP through a router (L2TP from the device)- actually I'm not happy with this as I understand PPTP is not very secure and when my contract expires I will move. Anyway my question is, can I mix PPTP and open vpn in the router (using different devices on the lan)

I don't see why you cannot have PPTP and OpenVPN working at the same time, they are separate services so it should work.
but even though your contract is not over for the price you are going to save I would just switch over to another VPN provider. I have been with PIA for over 2 years and I am happy with the service. I wish I could find a way to get Netflix to show me USA stuff but that wont happen anytime soon with VPN

 

[Dref]

I have been with PIA for over 2 years and I am happy with the service. I wish I could find a way to get Netflix to show me USA stuff but that wont happen anytime soon with VPN[/QUOTE]
I was with PIA for a couple of years a few years ago but when the NETFLIX issue occurred I dropped them NOT because of the Netflix issue (everybody was in the same boat) BUT because of the unhelpful way they dealt with it with their customers, especially after the way they had previously used Netflix access in their advertising

 

[yorgi]

I have been with PIA for over 2 years and I am happy with the service. I wish I could find a way to get Netflix to show me USA stuff but that wont happen anytime soon with VPN

I was with PIA for a couple of years a few years ago but when the NETFLIX issue occurred I dropped them NOT because of the Netflix issue (everybody was in the same boat) BUT because of the unhelpful way they dealt with it with their customers, especially after the way they had previously used Netflix access in their advertising[/QUOTE]
I hear you but like you said everyone was in the same boat, their service is good and fast thats why I stayed with them.
There are a lot of other companies that are good, check them out and get off PPTP its not safe you are better off with OpenVPN.
let me know how it goes

 

[frooty]

I find the customer support quite abysmal with PIA tbh. Out of the 2 support tickets I created while I've been with them, only 1 was answered - & that took 3 weeks & didn't provide an answer.....I expect a bit more when paying a yearly subscription. I'll be looking for a new provider when my subscrption runs out - anyone got any good suggestions?

 

[yorgi]

I find the customer support quite abysmal with PIA tbh. Out of the 2 support tickets I created while I've been with them, only 1 was answered - & that took 3 weeks & didn't provide an answer.....I expect a bit more when paying a yearly subscription. I'll be looking for a new provider when my subscrption runs out - anyone got any good suggestions?

At the prices that PIA charges I don't doubt that the support is crappy. but the service is great. so more money better support. there are a lot of companies out there.
read reviews and do 30 day trial for free. its the only way you are going to find a company you like.