gluetun: Bug: AUTH_FAILED on new PIA, works fine on PIA Old

openvpn: AUTH: Received control message: AUTH_FAILED when using PIA. Same creds work fine on PIA Old.

  1. Is this urgent?

    • Yes
    • No

  2. What VPN service provider are you using?

    • PIA
    • Mullvad
    • Windscribe
    • Surfshark
    • Cyberghost

  3. What’s the version of the program?

Running version latest built on 2020-10-20T18:14:45Z (commit bf92008)

  1. What are you using to run the container?

    • Docker run
    • Docker Compose
    • Kubernetes
    • Docker stack
    • Docker swarm
    • Podman
    • Other:

  2. Extra information

Logs:

2020-10-21T16:42:49.760Z        INFO    OpenVPN version: 2.4.9
2020-10-21T16:42:49.798Z        INFO    Unbound version: 1.10.1
2020-10-21T16:42:49.828Z        INFO    IPtables version: v1.8.4
2020-10-21T16:42:49.925Z        INFO    TinyProxy version: 1.10.0
2020-10-21T16:42:49.926Z        INFO    Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 1
|--Run as root: no
|--Private Internet Access settings:
 |--Network protocol: udp
 |--Regions: us west
 |--Encryption preset: strong
 |--Port forwarding: off
System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone:
|--IP Status filepath: /tmp/gluetun/ip
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: disabled
 |--Block ads: disabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--169.254.0.0/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--Allowed subnets: 192.168.0.0/24
 |--VPN input ports:
 |--Input ports:
TinyProxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
 |--Listening port: 8000
 |--Logging: true
Public IP check period: 12h0m0s
Version information: enabled
Updater: disabled

2020-10-21T16:42:49.927Z        INFO    storage: Merging by most recent 6398 hardcoded servers and 0 servers read from /gluetun/servers.json
2020-10-21T16:42:49.972Z        INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-10-21T16:42:49.972Z        INFO    routing: local subnet found: 172.17.0.0/16
2020-10-21T16:42:49.972Z        INFO    openvpn configurator: checking for device /dev/net/tun
2020-10-21T16:42:49.972Z        WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-10-21T16:42:49.972Z        INFO    openvpn configurator: creating /dev/net/tun
2020-10-21T16:42:49.973Z        INFO    firewall: enabling...
2020-10-21T16:42:50.052Z        INFO    firewall: enabled successfully
2020-10-21T16:42:50.052Z        INFO    firewall: setting allowed subnets through firewall...
2020-10-21T16:42:50.054Z        INFO    routing: adding 192.168.0.0/24 as route via 172.17.0.1 eth0
2020-10-21T16:42:50.147Z        INFO    http server: listening on 0.0.0.0:8000
2020-10-21T16:42:50.147Z        INFO    Launching standard output merger
2020-10-21T16:42:50.147Z        INFO    dns over tls: falling back on plaintext DNS at address 1.1.1.1
2020-10-21T16:42:50.147Z        INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-10-21T16:42:50.147Z        INFO    dns configurator: using DNS address 1.1.1.1 system wide
2020-10-21T16:42:50.198Z        INFO    firewall: setting VPN connection through firewall...
2020-10-21T16:42:50.254Z        INFO    openvpn configurator: starting openvpn
2020-10-21T16:42:50.256Z        INFO    openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-10-21T16:42:50.256Z        INFO    openvpn: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-10-21T16:42:50.296Z        INFO    openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2020-10-21T16:42:50.297Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]184.170.241.67:1197
2020-10-21T16:42:50.297Z        INFO    openvpn: UDP link local: (not bound)
2020-10-21T16:42:50.297Z        INFO    openvpn: UDP link remote: [AF_INET]184.170.241.67:1197
2020-10-21T16:42:51.020Z        WARN    openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
2020-10-21T16:42:51.020Z        WARN    openvpn: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
2020-10-21T16:42:51.020Z        WARN    openvpn: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
2020-10-21T16:42:51.020Z        WARN    openvpn: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2020-10-21T16:42:51.020Z        INFO    openvpn: [phoenix407] Peer Connection Initiated with [AF_INET]184.170.241.67:1197
2020-10-21T16:42:52.546Z        INFO    openvpn: AUTH: Received control message: AUTH_FAILED
2020-10-21T16:42:52.546Z        INFO    openvpn: SIGUSR1[soft,auth-failure] received, process restarting
2020-10-21T16:43:02.547Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]184.170.241.67:1197
2020-10-21T16:43:02.548Z        INFO    openvpn: UDP link local: (not bound)
2020-10-21T16:43:02.548Z        INFO    openvpn: UDP link remote: [AF_INET]184.170.241.67:1197
2020-10-21T16:43:03.653Z        WARN    openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
2020-10-21T16:43:03.653Z        WARN    openvpn: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
2020-10-21T16:43:03.653Z        WARN    openvpn: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
2020-10-21T16:43:03.653Z        WARN    openvpn: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2020-10-21T16:43:03.653Z        INFO    openvpn: [phoenix407] Peer Connection Initiated with [AF_INET]184.170.241.67:1197
2020-10-21T16:43:04.763Z        INFO    openvpn: AUTH: Received control message: AUTH_FAILED
2020-10-21T16:43:04.763Z        INFO    openvpn: SIGUSR1[soft,auth-failure] received, process restarting

PIA OLD Logs:

2020-10-21T16:39:34.307Z        INFO    TinyProxy version: 1.10.0
2020-10-21T16:39:34.442Z        INFO    OpenVPN version: 2.4.9
2020-10-21T16:39:34.487Z        INFO    Unbound version: 1.10.1
2020-10-21T16:39:34.632Z        INFO    IPtables version: v1.8.4
2020-10-21T16:39:34.632Z        INFO    Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 1
|--Run as root: no
|--Private Internet Access Old settings:
 |--Network protocol: udp
 |--Regions: us west
 |--Encryption preset: strong
 |--Port forwarding: off
System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone:
|--IP Status filepath: /tmp/gluetun/ip
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: disabled
 |--Block ads: disabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--169.254.0.0/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--Allowed subnets: 192.168.0.0/24
 |--VPN input ports:
 |--Input ports:
TinyProxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
 |--Listening port: 8000
 |--Logging: true
Public IP check period: 12h0m0s
Version information: enabled
Updater: disabled

2020-10-21T16:39:34.635Z        INFO    storage: Merging by most recent 6398 hardcoded servers and 0 servers read from /gluetun/servers.json
2020-10-21T16:39:34.660Z        INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-10-21T16:39:34.660Z        INFO    routing: local subnet found: 172.17.0.0/16
2020-10-21T16:39:34.660Z        INFO    openvpn configurator: checking for device /dev/net/tun
2020-10-21T16:39:34.660Z        WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-10-21T16:39:34.660Z        INFO    openvpn configurator: creating /dev/net/tun
2020-10-21T16:39:34.661Z        INFO    firewall: enabling...
2020-10-21T16:39:34.687Z        INFO    firewall: enabled successfully
2020-10-21T16:39:34.687Z        INFO    firewall: setting allowed subnets through firewall...
2020-10-21T16:39:34.689Z        INFO    routing: adding 192.168.0.0/24 as route via 172.17.0.1 eth0
2020-10-21T16:39:34.801Z        INFO    http server: listening on 0.0.0.0:8000
2020-10-21T16:39:34.802Z        INFO    dns over tls: falling back on plaintext DNS at address 1.1.1.1
2020-10-21T16:39:34.802Z        INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-10-21T16:39:34.802Z        INFO    dns configurator: using DNS address 1.1.1.1 system wide
2020-10-21T16:39:34.802Z        INFO    Launching standard output merger
2020-10-21T16:39:34.825Z        INFO    firewall: setting VPN connection through firewall...
2020-10-21T16:39:34.875Z        INFO    openvpn configurator: starting openvpn
2020-10-21T16:39:34.878Z        INFO    openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-10-21T16:39:34.878Z        INFO    openvpn: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-10-21T16:39:34.910Z        INFO    openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2020-10-21T16:39:34.910Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]184.170.242.199:1197
2020-10-21T16:39:34.910Z        INFO    openvpn: UDP link local: (not bound)
2020-10-21T16:39:34.910Z        INFO    openvpn: UDP link remote: [AF_INET]184.170.242.199:1197
2020-10-21T16:39:37.399Z        WARN    openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
2020-10-21T16:39:37.399Z        WARN    openvpn: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
2020-10-21T16:39:37.399Z        WARN    openvpn: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
2020-10-21T16:39:37.399Z        WARN    openvpn: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2020-10-21T16:39:37.399Z        INFO    openvpn: [95b1453874f8eee848378fb9f7e7abb3] Peer Connection Initiated with [AF_INET]184.170.242.199:1197
2020-10-21T16:39:38.952Z        INFO    openvpn: TUN/TAP device tun0 opened
2020-10-21T16:39:38.952Z        INFO    openvpn: /sbin/ip link set dev tun0 up mtu 1500
2020-10-21T16:39:38.953Z        INFO    openvpn: /sbin/ip addr add dev tun0 local 10.31.14.6 peer 10.31.14.5
2020-10-21T16:39:38.955Z        INFO    openvpn: UID set to nonrootuser
2020-10-21T16:39:38.955Z        INFO    openvpn: Initialization Sequence Completed
2020-10-21T16:39:38.955Z        INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-10-21T16:39:38.955Z        INFO    VPN routing IP address: 184.170.242.199
2020-10-21T16:39:38.956Z        INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-10-21T16:39:40.443Z        INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-10-21T16:39:40.731Z        INFO    dns configurator: generating Unbound configuration
2020-10-21T16:39:41.919Z        INFO    dns configurator: 61358 hostnames blocked overall
2020-10-21T16:39:41.919Z        INFO    dns configurator: 2581 IP addresses blocked overall
2020-10-21T16:39:42.089Z        INFO    dns configurator: starting unbound
2020-10-21T16:39:42.090Z        INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-10-21T16:39:42.090Z        INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-10-21T16:39:42.346Z        INFO    unbound: init module 0: validator
2020-10-21T16:39:42.346Z        INFO    unbound: init module 1: iterator
2020-10-21T16:39:42.360Z        INFO    unbound: start of service (unbound 1.10.1).
2020-10-21T16:39:42.680Z        INFO    unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2020-10-21T16:39:44.853Z        INFO    dns over tls: DNS over TLS is ready
2020-10-21T16:39:46.012Z        INFO    You are running on the bleeding edge of latest!
2020-10-21T16:39:46.881Z        INFO    ip getter: Public IP address is 184.170.242.199

Configuration file:

version: "3"
services:
  pia:
    build: https://github.com/qdm12/private-internet-access-docker.git
    image: qmcgaw/private-internet-access:latest
    container_name: pia
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    ports:
      - 8888:8888/tcp #pia
      - 8388:8388/tcp #pia-proxy
      - 8388:8388/udp #pia-proxy
    environment:
      - VPNSP=private internet access old
      - USER=xxxxxx
      - PASSWORD=xxxxxx
      - REGION=US West
      - EXTRA_SUBNETS=192.168.0.0/24
    restart: always

Host OS: synology DSM 6.2.3-25426 Update 2 Also saw it on antiX-17.4

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 16 (7 by maintainers)

Commits related to this issue

Most upvoted comments

Let me reopen the issue. I’ll add a log line about this when you use piav4 and get AUTH_FAILED as this seems like a popular issue now! 😄

+3
qdm12 on Oct 21, 2020

Thanks for updating the servers.json in container.

But I get the BAD AUTH Error now.

I switched to Nextgen Configs and it doesn’t seem to work on all locations.

I am using the Pia Username starting with “p” looking like p1234567 and the normal Pia Password. On some locations I get Bad Auth Error also on my OpenVPN Client on Windows/Linux and Mac. Its an Privateinternetaccess issue. I am actually escalating this at the Support Level. And I will keep up here with the Result of the Pia Support.

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️ by github.com/qdm12 ====
=========================================

Running version latest built on 2020-11-14T22:21:52Z (commit 6896cf4)

📣 Support for Privado

🔧 Need help? https://github.com/qdm12/gluetun/issues/new
💻 Email? quentin.mcgaw@gmail.com
☕ Slack? Join from the Slack button on Github
💸 Help me? https://github.com/sponsors/qdm12
2020-11-15T17:20:26.874Z INFO IPtables version: v1.8.4
2020-11-15T17:20:26.877Z INFO OpenVPN version: 2.4.9
2020-11-15T17:20:26.881Z INFO Unbound version: 1.10.1
2020-11-15T17:20:26.882Z INFO Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 1
|--Run as root: no
|--Private Internet Access settings:
|--Network protocol: udp
|--Regions: de berlin
|--Encryption preset: strong
|--Port forwarding: off
System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone:
|--IP Status filepath: /tmp/gluetun/ip
DNS over TLS settings:
|--DNS over TLS provider:
|--cloudflare
|--Caching: enabled
|--Block malicious: enabled
|--Block surveillance: disabled
|--Block ads: disabled
|--Allowed hostnames:
|--
|--Private addresses:
|--127.0.0.1/8
|--10.0.0.0/8
|--172.16.0.0/12
|--192.168.0.0/16
|--169.254.0.0/16
|--::1/128
|--fc00::/7
|--fe80::/10
|--::ffff:0:0/96
|--Verbosity level: 1/5
|--Verbosity details level: 0/4
|--Validation log level: 0/2
|--IPv6 resolution: disabled
|--Update: every 24h0m0s
|--Keep nameserver (disabled blocking): no
Firewall settings:
|--VPN input ports:
|--Input ports:
|--Outbound subnets:
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
|--Listening port: 8000
|--Logging: true
Public IP check period: 12h0m0s
Version information: enabled
Updater: disabled

2020-11-15T17:20:26.985Z INFO storage: Merging by most recent 6734 hardcoded servers and 6733 servers read from /gluetun/servers.json
2020-11-15T17:20:26.986Z INFO storage: Using Private Internet Access servers from file (18h12m51s more recent)
2020-11-15T17:20:27.094Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2020-11-15T17:20:27.094Z INFO routing: local subnet found: 172.17.0.0/16
2020-11-15T17:20:27.095Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2020-11-15T17:20:27.096Z INFO routing: adding route for 0.0.0.0/0
2020-11-15T17:20:27.096Z INFO firewall: firewall disabled, only updating allowed subnets internal list
2020-11-15T17:20:27.097Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2020-11-15T17:20:27.097Z INFO openvpn configurator: checking for device /dev/net/tun
2020-11-15T17:20:27.097Z WARN TUN device is not available: open /dev/net/tun: no such file or directory
2020-11-15T17:20:27.097Z INFO openvpn configurator: creating /dev/net/tun
2020-11-15T17:20:27.098Z INFO firewall: enabling...
2020-11-15T17:20:27.111Z INFO firewall: enabled successfully
2020-11-15T17:20:27.111Z INFO healthcheck: listening on 127.0.0.1:9999
2020-11-15T17:20:27.112Z INFO Launching standard output merger
2020-11-15T17:20:27.113Z INFO firewall: setting VPN connection through firewall...
2020-11-15T17:20:27.114Z INFO dns over tls: falling back on plaintext DNS at address 1.1.1.1
2020-11-15T17:20:27.114Z INFO dns configurator: using DNS address 1.1.1.1 internally
2020-11-15T17:20:27.114Z INFO dns configurator: using DNS address 1.1.1.1 system wide
2020-11-15T17:20:27.114Z INFO http server: listening on 0.0.0.0:8000
2020-11-15T17:20:27.117Z INFO openvpn configurator: starting openvpn
2020-11-15T17:20:27.120Z INFO openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-11-15T17:20:27.120Z INFO openvpn: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-11-15T17:20:27.122Z INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2020-11-15T17:20:27.122Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]154.13.1.119:1197
2020-11-15T17:20:27.122Z INFO openvpn: UDP link local: (not bound)
2020-11-15T17:20:27.123Z INFO openvpn: UDP link remote: [AF_INET]154.13.1.119:1197
2020-11-15T17:20:33.373Z INFO openvpn: [berlin423] Peer Connection Initiated with [AF_INET]154.13.1.119:1197
2020-11-15T17:20:34.414Z ERROR openvpn: AUTH: Received control message: AUTH_FAILED

(IF YOU ARE USING PIA servers, MAYBE CHECK OUT https://github.com/qdm12/gluetun/issues/265)

2020-11-15T17:20:34.414Z INFO openvpn: SIGUSR1[soft,auth-failure] received, process restarting
2020-11-15T17:20:44.415Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]154.13.1.119:1197
2020-11-15T17:20:44.415Z INFO openvpn: UDP link local: (not bound)
2020-11-15T17:20:44.416Z INFO openvpn: UDP link remote: [AF_INET]154.13.1.119:1197
2020-11-15T17:20:48.809Z INFO openvpn: [berlin423] Peer Connection Initiated with [AF_INET]154.13.1.119:1197
+2
0xE232FE on Nov 15, 2020

I just pushed something to match the settings they have on their openvpn configuration files more closely (removed ping instructions, added disable-occ). If it continues failing (repull latest), I guess their server or their configuration files would be at fault 🤔

+1
qdm12 on Apr 1, 2021
Read more comments on GitHub
← gluetun: Bug: AUTH_FAILED for fastestvpn
gluetun: Bug: AUTH_FAILED out of the blue →