What's new

PIA VPN keeps giving Connecting error

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Stevie

Occasional Visitor
Hi Guys

I'm new here and just wanted some assistance in fixing why I can't connect to PIA VPN.
Asus Merlin AC68U with Firmware 384.3

I would appreciate your assistance.
This is the system log output.

NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
ovpn-client4[4269]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1198
ovpn-client4[4269]: UDP link local: (not bound)
ovpn-client4[4269]: UDP link remote: [AF_INET]x.x.x.x:1198
ovpn-client4[4269]: VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=ad916f8a241eddbcc3b472f01f1a297a, name=ad916f8a241eddbcc3b472f01f1a297a
ovpn-client4[4269]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
ovpn-client4[4269]: TLS_ERROR: BIO read tls_read_plaintext error
ovpn-client4[4269]: TLS Error: TLS object -> incoming plaintext read error
ovpn-client4[4269]: TLS Error: TLS handshake failed
ovpn-client4[4269]: SIGUSR1[soft,tls-error] received, process restarting

upload_2018-3-7_20-15-56.png

upload_2018-3-7_20-16-58.png

upload_2018-3-7_20-18-8.png
 
no username ?
check your certificates are from latest PIA config files and fully pasted in
set Accept DNS configuration to Exclusive
 
no username ?
check your certificates are from latest PIA config files and fully pasted in
set Accept DNS configuration to Exclusive

I left username out just for posting purposes.
Thanks I will try the latest certificates
 
I left username out just for posting purposes.
Thanks I will try the latest certificates

ADVANCED SETTINGS: (Ones different from yours)

Cipher Disabled
AES-128-CBC
TLS-1
Connection Retry 30
Verify Cert NO
Redirect Internet Traffic : Policy

I think the last one may be your problem. You have it set to NO which means nothing is going to be routed using VPN.





CUSTOM SETTINGS:
tls-client
remote-cert-tls server
auth-nocache
mute-replay-warnings
disable-occ
pull-filter ignore "auth-token"
pull-filter ignore "ipconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 2
ifconfig-nowarn
persist-key
fast-io
sndbuf 524288
rcvbuf 524288
 
ADVANCED SETTINGS: (Ones different from yours)

Cipher Disabled
AES-128-CBC
TLS-1
Connection Retry 30
Verify Cert NO
Redirect Internet Traffic : Policy

I think the last one may be your problem. You have it set to NO which means nothing is going to be routed using VPN.





CUSTOM SETTINGS:
tls-client
remote-cert-tls server
auth-nocache
mute-replay-warnings
disable-occ
pull-filter ignore "auth-token"
pull-filter ignore "ipconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 2
ifconfig-nowarn
persist-key
fast-io
sndbuf 524288
rcvbuf 524288

Ok, I've tried your settings, it connects with only local ip and not giving a public ip, any reason why
 
Ok, I've tried your settings, it connects with only local ip and not giving a public ip, any reason why

I missed giving you one setting;

Set Accept DNS to exclusive

Sorry, had it written down just neglected to type it in.
 
I missed giving you one setting;

Set Accept DNS to exclusive

Sorry, had it written down just neglected to type it in.

Thanks, but if I disable Cipher, I cannot get a public ip. If enabled it works fine and get a public ip
 
Thanks, but if I disable Cipher, I cannot get a public ip. If enabled it works fine and get a public ip
I don't have the cipher disabled. I have the cipher negotiation disabled. I set the client to use AES-128-CBC.

The setting I have work fine for me and the client is very stable. I might have to restart occasionally but it only every 2 -3 weeks if that often.
 
Weird though, I tried other regions, but same issue. When I turn off cipher negotiation it does not want to give public ip. All,other settings in your posts work all fine.

I only get a local and public ip when cipher negotiation is turned on.

Any explanation?
 
Only thing I can offer is download the ovpn files from PIA.

Upload them into the router directly

Make the changes to the configuration to match what I'm doing.

If it still isn't working search this site as there are long threads about setting up PIA which is where I started from.
 
Only thing I can offer is download the ovpn files from PIA.

Upload them into the router directly

Make the changes to the configuration to match what I'm doing.

If it still isn't working search this site as there are long threads about setting up PIA which is where I started from.

That is exactly what I did, download from PIA and upload them. Interesting thing is I can set the to disable, but when I choose a fallback cipher it does not want to give a public ip. It only works now when putting it to default with cipher negotiation disabled.

Will it be an issue if I do leave it on default, meaning it will choose the best or defaukt setting to work.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top