PIA can't work with OpenVPN but Wireguard. [Cannot resolve host address]

[Ferdinand-Wu]

Hi,

First of all, Vopono is amazing, and I am to use it on VPS.

Wireguard works well, but OpenVPN get stuck when launching with an error at: RESOLVE: Cannot resolve host address: france.privacy.network:502 (Temporary failure in name resolution)

I tried to change the ovpn file and replace the sever name with an ip address, OpenVPN successfully lunched but no ping response.

The following arguments have been tried: --no-killswitch, --firewall iptables

Thanks for your work in advance!

[jamesmcm]

Can you post the logs with vopono -v and also connect normally with OpenVPN and compare them?

It seems like a DNS issue, probably the server should set the DNS at some point with something like:

dhcp-option DNS x.x.x.x

[Ferdinand-Wu]

Can you post the logs with vopono -v and also connect normally with OpenVPN and compare them?

It seems like a DNS issue, probably the server should set the DNS at some point with something like:

dhcp-option DNS x.x.x.x

Thanks for the quick reply. Will post the full log later, I'm running ProtonVPN free plan now with OpenVPN and it runs smoothly, probably this could be an inspiration??

😃

[Ferdinand-Wu]

I hope this log helps!

 2024-05-28T16:36:59.803Z DEBUG vopono_core::util                       > Assigned IPs: []
 2024-05-28T16:36:59.803Z DEBUG vopono_core::network::netns             > ip netns exec vo_pi_nl ip addr add 127.0.0.1/8 dev lo
 2024-05-28T16:36:59.806Z DEBUG vopono_core::network::netns             > ip netns exec vo_pi_nl ip link set lo up
 2024-05-28T16:36:59.810Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2024-05-28T16:36:59.810Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2024-05-28T16:36:59.810Z DEBUG vopono_core::util                       > ip link add vo_pi_nl_d type veth peer name vo_pi_nl_s
 2024-05-28T16:36:59.814Z DEBUG vopono_core::util                       > ip link set vo_pi_nl_d up
 2024-05-28T16:36:59.816Z DEBUG vopono_core::util                       > ip link set vo_pi_nl_s netns vo_pi_nl up
 2024-05-28T16:36:59.860Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev vo_pi_nl_d
 2024-05-28T16:36:59.863Z DEBUG vopono_core::network::netns             > ip netns exec vo_pi_nl ip addr add 10.200.1.2/24 dev vo_pi_nl_s
 2024-05-28T16:36:59.866Z DEBUG vopono_core::network::netns             > ip netns exec vo_pi_nl ip route add default via 10.200.1.1 dev vo_pi_nl_s
 2024-05-28T16:36:59.870Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2024-05-28T16:36:59.870Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2024-05-28T16:36:59.870Z DEBUG vopono_core::util                       > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o eth0 -j MASQUERADE
 2024-05-28T16:36:59.871Z DEBUG vopono_core::util                       > iptables -I FORWARD -i vo_pi_nl_d -o eth0 -j ACCEPT
 2024-05-28T16:36:59.873Z DEBUG vopono_core::util                       > iptables -I FORWARD -o vo_pi_nl_d -i eth0 -j ACCEPT
 2024-05-28T16:36:59.875Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2024-05-28T16:36:59.876Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/lynir/.config
 2024-05-28T16:36:59.876Z INFO  vopono_core::util                       > Chosen config: /home/lynir/.config/vopono/pia/openvpn/netherlands-nl.ovpn
 2024-05-28T16:36:59.876Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/lynir/.config
 2024-05-28T16:36:59.876Z DEBUG vopono_core::config::vpn                > Read auth file: /home/lynir/.config/vopono/pia/openvpn/auth.txt
 2024-05-28T16:36:59.876Z DEBUG vopono_core::network::dns_config        > Setting namespace vo_pi_nl DNS server to 209.222.18.222, 209.222.18.218
 2024-05-28T16:36:59.884Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/lynir/.config
 2024-05-28T16:36:59.884Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/lynir/.config
 2024-05-28T16:36:59.884Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/lynir/.config
 2024-05-28T16:36:59.886Z INFO  vopono_core::network::openvpn           > Launching OpenVPN...
 2024-05-28T16:36:59.886Z DEBUG vopono_core::network::openvpn           > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable
 2024-05-28T16:36:59.887Z DEBUG vopono_core::network::openvpn           > Found remotes: [Remote { host: Hostname("nl-amsterdam.privacy.network"), port: 1198, protocol: UDP }]
 2024-05-28T16:36:59.887Z DEBUG vopono_core::network::netns             > ip netns exec vo_pi_nl openvpn --config /home/lynir/.config/vopono/pia/openvpn/netherlands-nl.ovpn --machine-readable-output --log /home/lynir/.config/vopono/logs/vo_pi_nl_openvpn.log --auth-user-pass /home/lynir/.config/vopono/pia/openvpn/auth.txt --connect-retry-max 1 --pull-filter ignore block-outside-dns
 2024-05-28T16:36:59.893Z DEBUG vopono_core::network::openvpn           > 1716914219.893804 40 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
 2024-05-28T16:36:59.895Z DEBUG vopono_core::network::openvpn           > 1716914219.895307 40 WARNING: file '/home/lynir/.config/vopono/pia/openvpn/auth.txt' is group or others accessible
 2024-05-28T16:36:59.895Z DEBUG vopono_core::network::openvpn           > 1716914219.895325 1 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
 2024-05-28T16:36:59.895Z DEBUG vopono_core::network::openvpn           > 1716914219.895346 1 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > 1716914219.896860 1 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > 9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
 2024-05-28T16:36:59.896Z DEBUG vopono_core::network::openvpn           > 5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
 2024-05-28T16:36:59.897Z DEBUG vopono_core::network::openvpn           > MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
 2024-05-28T16:36:59.897Z DEBUG vopono_core::network::openvpn           > -----END X509 CRL-----
 2024-05-28T16:36:59.897Z DEBUG vopono_core::network::openvpn           >
 2024-05-28T16:37:30.089Z DEBUG vopono_core::network::openvpn           > 1716914250.089619 4000021 RESOLVE: Cannot resolve host address: nl-amsterdam.privacy.network:1198 (Temporary failure in name resolution)
 2024-05-28T16:38:10.120Z DEBUG vopono_core::network::openvpn           > 1716914290.120022 4000021 RESOLVE: Cannot resolve host address: nl-amsterdam.privacy.network:1198 (Temporary failure in name resolution)
 2024-05-28T16:38:10.120Z DEBUG vopono_core::network::openvpn           > 1716914290.120075 40 Could not determine IPv4/IPv6 protocol
 2024-05-28T16:38:10.120Z DEBUG vopono_core::network::openvpn           > 1716914290.120165 1 SIGUSR1[soft,init_instance] received, process restarting
 2024-05-28T16:38:15.127Z DEBUG vopono_core::network::openvpn           > 1716914295.127704 10 All connections have been connect-retry-max (1) times unsuccessful, exiting
 2024-05-28T16:38:15.127Z DEBUG vopono_core::network::openvpn           > 1716914295.127751 1 Exiting due to fatal error

[jamesmcm]

Are 209.222.18.222, 209.222.18.218 the expected DNS servers?

If you know the IP address of the VPS does it work if you just put that in the config?

[Ferdinand-Wu]

Just made a search and found these two DNS are PIA's, sounds not of good reputation (slow, not working...) from the internet feedback. I will ask PIA for this problem. Currently, I am using Wireguard happily.

btw, do you have any plan to include NordVPN's Obfuscated servers??

:-)

[Ferdinand-Wu]

Update

I have contacted PIA about problematic DNS, unfortunately the answer is to simply use their app instead of using OVPN profiles. Quite frustrating customer service.... :-(