PIA VPN keeps giving Connecting error

[Stevie]

Hi Guys

I'm new here and just wanted some assistance in fixing why I can't connect to PIA VPN.
Asus Merlin AC68U with Firmware 384.3

I would appreciate your assistance.
This is the system log output.

NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
ovpn-client4[4269]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1198
ovpn-client4[4269]: UDP link local: (not bound)
ovpn-client4[4269]: UDP link remote: [AF_INET]x.x.x.x:1198
ovpn-client4[4269]: VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=ad916f8a241eddbcc3b472f01f1a297a, name=ad916f8a241eddbcc3b472f01f1a297a
ovpn-client4[4269]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
ovpn-client4[4269]: TLS_ERROR: BIO read tls_read_plaintext error
ovpn-client4[4269]: TLS Error: TLS object -> incoming plaintext read error
ovpn-client4[4269]: TLS Error: TLS handshake failed
ovpn-client4[4269]: SIGUSR1[soft,tls-error] received, process restarting

 

[pusb87]

no username ?
check your certificates are from latest PIA config files and fully pasted in
set Accept DNS configuration to Exclusive

 

[Stevie]

no username ?
check your certificates are from latest PIA config files and fully pasted in
set Accept DNS configuration to Exclusive

I left username out just for posting purposes.
Thanks I will try the latest certificates

 

[Stevie]

Ok, thanks. I used the latest config which fixed it.
Thnaks again

 

[CaptainSTX]

I left username out just for posting purposes.
Thanks I will try the latest certificates

ADVANCED SETTINGS: (Ones different from yours)

Cipher Disabled
AES-128-CBC
TLS-1
Connection Retry 30
Verify Cert NO
Redirect Internet Traffic : Policy

I think the last one may be your problem. You have it set to NO which means nothing is going to be routed using VPN.





CUSTOM SETTINGS:
tls-client
remote-cert-tls server
auth-nocache
mute-replay-warnings
disable-occ
pull-filter ignore "auth-token"
pull-filter ignore "ipconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 2
ifconfig-nowarn
persist-key
fast-io
sndbuf 524288
rcvbuf 524288

 

[Stevie]

ADVANCED SETTINGS: (Ones different from yours)

Cipher Disabled
AES-128-CBC
TLS-1
Connection Retry 30
Verify Cert NO
Redirect Internet Traffic : Policy

I think the last one may be your problem. You have it set to NO which means nothing is going to be routed using VPN.





CUSTOM SETTINGS:
tls-client
remote-cert-tls server
auth-nocache
mute-replay-warnings
disable-occ
pull-filter ignore "auth-token"
pull-filter ignore "ipconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 2
ifconfig-nowarn
persist-key
fast-io
sndbuf 524288
rcvbuf 524288

Ok, I've tried your settings, it connects with only local ip and not giving a public ip, any reason why

 

[CaptainSTX]

Ok, I've tried your settings, it connects with only local ip and not giving a public ip, any reason why

I missed giving you one setting;

Set Accept DNS to exclusive

Sorry, had it written down just neglected to type it in.

 

[Stevie]

I missed giving you one setting;

Set Accept DNS to exclusive

Sorry, had it written down just neglected to type it in.

Thanks, but if I disable Cipher, I cannot get a public ip. If enabled it works fine and get a public ip

 

[CaptainSTX]

Thanks, but if I disable Cipher, I cannot get a public ip. If enabled it works fine and get a public ip

I don't have the cipher disabled. I have the cipher negotiation disabled. I set the client to use AES-128-CBC.

The setting I have work fine for me and the client is very stable. I might have to restart occasionally but it only every 2 -3 weeks if that often.

 

[Stevie]

Weird though, I tried other regions, but same issue. When I turn off cipher negotiation it does not want to give public ip. All,other settings in your posts work all fine.

I only get a local and public ip when cipher negotiation is turned on.

Any explanation?

 

[CaptainSTX]

Only thing I can offer is download the ovpn files from PIA.

Upload them into the router directly

Make the changes to the configuration to match what I'm doing.

If it still isn't working search this site as there are long threads about setting up PIA which is where I started from.

 

[Stevie]

Only thing I can offer is download the ovpn files from PIA.

Upload them into the router directly

Make the changes to the configuration to match what I'm doing.

If it still isn't working search this site as there are long threads about setting up PIA which is where I started from.

That is exactly what I did, download from PIA and upload them. Interesting thing is I can set the to disable, but when I choose a fallback cipher it does not want to give a public ip. It only works now when putting it to default with cipher negotiation disabled.

Will it be an issue if I do leave it on default, meaning it will choose the best or defaukt setting to work.