Ok so here is my openvpn config:
config openvpn 'PIA_VPN'
option dev 'tun'
option nobind '1'
option comp_lzo 'yes'
option persist_tun '1'
option persist_key '1'
option client '1'
list remote 'swiss.privateinternetaccess.com'
option resolv_retry 'infinite'
option auth 'SHA1'
option cipher 'AES-128-CBC'
option mute_replay_warnings '1'
option tls_client '1'
option auth_nocache '1'
option remote_cert_tls 'server'
option auth_user_pass '/etc/openvpn/credentials.txt'
option crl_verify '/etc/openvpn/crl.rsa.2048.pem'
option reneg_sec '0'
option ca '/etc/openvpn/ca.rsa.2048.crt'
option log '/tmp/openvpn.log'
option port '502'
option proto 'tcp-client'
option verb '4'
And here is the openvpn log up to the point where it starts again:
Sun May 26 11:32:13 2019 us=299080 OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun May 26 11:32:13 2019 us=303746 library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.10
Sun May 26 11:32:13 2019 us=598553 LZO compression initializing
Sun May 26 11:32:13 2019 us=642623 Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun May 26 11:32:13 2019 us=729060 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Sun May 26 11:32:13 2019 us=734150 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun May 26 11:32:13 2019 us=734605 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun May 26 11:32:13 2019 us=738221 TCP/UDP: Preserving recently used remote address: [AF_INET]185.230.125.50:502
Sun May 26 11:32:13 2019 us=738917 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sun May 26 11:32:13 2019 us=739388 Attempting to establish TCP connection with [AF_INET]185.230.125.50:502 [nonblock]
Sun May 26 11:32:14 2019 us=740381 TCP connection established with [AF_INET]185.230.125.50:502
Sun May 26 11:32:14 2019 us=740837 TCP_CLIENT link local: (not bound)
Sun May 26 11:32:14 2019 us=741301 TCP_CLIENT link remote: [AF_INET]185.230.125.50:502
Sun May 26 11:33:14 2019 us=524073 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun May 26 11:33:14 2019 us=524503 TLS Error: TLS handshake failed
Sun May 26 11:33:14 2019 us=530464 Fatal TLS error (check_tls_errors_co), restarting
Sun May 26 11:33:14 2019 us=531320 TCP/UDP: Closing socket
Sun May 26 11:33:14 2019 us=532043 SIGUSR1[soft,tls-error] received, process restarting
I am also showing the TLS attempts with higher verb which shows that apparently I never hear back from the server:
Sun May 26 11:39:28 2019 us=14819 Attempting to establish TCP connection with [AF_INET]185.156.175.90:502 [nonblock]
Sun May 26 11:39:29 2019 us=30819 TCP connection established with [AF_INET]185.156.175.90:502
Sun May 26 11:39:29 2019 us=31283 TCP_CLIENT link local: (not bound)
Sun May 26 11:39:29 2019 us=31746 TCP_CLIENT link remote: [AF_INET]185.156.175.90:502
Sun May 26 11:39:29 2019 us=33063 TCP_CLIENT WRITE [14] to [AF_INET]185.156.175.90:502: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Sun May 26 11:39:31 2019 us=334144 TCP_CLIENT WRITE [14] to [AF_INET]185.156.175.90:502: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Sun May 26 11:39:35 2019 us=923840 TCP_CLIENT WRITE [14] to [AF_INET]185.156.175.90:502: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Sun May 26 11:39:43 2019 us=613742 TCP_CLIENT WRITE [14] to [AF_INET]185.156.175.90:502: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Sun May 26 11:40:00 2019 us=77619 TCP_CLIENT WRITE [14] to [AF_INET]185.156.175.90:502: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Sun May 26 11:40:29 2019 us=745674 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun May 26 11:40:29 2019 us=746103 TLS Error: TLS handshake failed
I have double checked the 3 files you mention, they are indeed in /etc/openvpn
the ca.rsa.2048.crt and crl.rsa.2048.pem have a permission -777
the credentials.txt has permission -400
about this file, since my computer is running windows and the PIA procedure is more than unclear about "proper formatting" with the command
tr -d '\15\32' < /etc/openvpn/credentials.txt > /etc/openvpn/credentials.txt
I ignored that and just created the file through command line with
cat > /etc/openvpn/credentials.txt << EOF
p-login
p@ssW0rd
EOF
and set the permission, so it's a UNIX (LF) formatted file
Sorry for the long post, I tried to give you all relevant info
Than you so much for looking into this