VPN connection not working

  • Hi,

    I am having a problem with the VPN Manager with PureVPN connection. Login details and First VPN Connection (UDP) are set and is valid, but very slow connection in the add-ons I have excluded and no streams found in the addons I want to use the VPN connection for.
    As soon as I delete the VPN Manager, everything is smooth and working again.

    I have Installed VPN Manager on top of my existing LE 7.0.2 (add-ons already installed) System
    Network setup is Router(DD-WRT) behind Router/Modem (Cisco from ISP)

    Anyone an idea what cause these problems?

  • When I look at my openvpn.log I notice 3 things:

    • Why is UDP port 53 used and not 1194 (manual openvpn tutorials)
    • On the PureVPN server list on their site "nl1-ovpn-udp.pointtoserver.com" is mentioned for the Netherlands but from the VPN Manager is "nl1-ovpn-udp.purevpn.net" selected...Why?
    • ERROR: Linux route add command failed: external program exited with error status: 2

    Edited once, last by gschmidt (December 17, 2016 at 2:08 PM).

  • The two URLs resolve to the same IP address. And you can change the UDP port to whatever you want using the interface. They were both correct when I added PureVPN.
    As I already told you though on Github though, you're able to connect. The issue is either going to be your network, your ISP or the VPN provider. Or you can prove me wrong and demonstrate that it works on your system via the command line.


  • When I look at my openvpn.log I notice 3 things:

    • Why is UDP port 53 used and not 1194 (manual openvpn tutorials)
    • On the PureVPN server list on their site "nl1-ovpn-udp.pointtoserver.com" is mentioned for the Netherlands but from the VPN Manager is "nl1-ovpn-udp.purevpn.net" selected...Why?
    • ERROR: Linux route add command failed: external program exited with error status: 2

    do you get a dutch IP if you are connected? Could you do a reproducable speedtest while connected to the server? I could then try to reproduce your results and see if can confirm your bottleneck.

    UDP is always 53 at PureVPN. They chose it, I don't see an issue with this.
    As zomboided said already, there is no difference in using nl1-ovpn-udp.pointtoserver.com or nl1-ovpn-udp.purevpn.net.

    Your dutch nl1-ovpn-udp.pointtoserver.com has the following servers behind it:213.5.69.62
    206.123.147.2
    188.72.98.130
    138.99.211.130
    213.5.64.38
    79.142.68.125
    213.5.64.37
    185.2.29.191

    You can take your *.ovpn configuration file and substitute the Server with one of these IP's

    example:

    from this

    Code
    remote nl1-ovpn-udp.pointtoserver.com 53

    to that:

    Code
    remote 213.5.69.62 53

    PureVPN connects you randomly to one of those 7 Servers, if you use the default "nl1-ovpn-udp.pointtoserver.com". Your problem might be, that you get connected to a slow or overloaded server randomly. Try to pic those servers one by one. If that is really the problem, then finding picking the right one will solve your bandwitch issue. (I do the same with switzerland... there are 4 Servers. Some of them are slow, so I prefer mostly 2 of them).


  • Could you do a reproducable speedtest while connected to the server?

    Oh I found a speedtest.py on the Github.
    I will test the VPN connection (tomorrow I hope)
    But this my speed without OpenVPN

    Code
    /storage$ python speedtest.py
    Retrieving speedtest.net configuration...
    Testing from Ziggo (xxx.xx.xxx.xxx)... (I've hide the IP)
    Retrieving speedtest.net server list...
    Selecting best server based on ping...
    Hosted by IP Visie Networking BV (Rotterdam) [36.86 km]: 17.476 ms
    Testing download speed................................................................................
    Download: 90.14 Mbit/s
    Testing upload speed....................................................................................................
    Upload: 15.26 Mbit/s

    Edited once, last by gschmidt (December 18, 2016 at 9:05 AM).

  • OK I have performed some speed tests.

    The first one I did with: remote nl1-ovpn-udp.purevpn.net 53
    This came back with:

    This was the best result. After that I tried some of your IP's, which all came back with rubbish connections download speeds of less than 4mbits and zero upload.

    Then I used instead of "remote nl1-ovpn-udp.purevpn.net"-->"206.123.147.102", because this gave the best connection.
    And then I suddenly got:

    Ziggo is actually my ISP and the "83.82.xxx.xxx" is my WAN Ip address?!?!
    I performed the speed test on "206.123.147.102" 3x and 3x I got a different Ziggo Server with the same connetion speeds.
    This confuses me...Can I use my own ISP to make a VPN Connection?
    And if so is the internet traffic still anonymous?

    Update: I saw that The VPN connection was not established with this IP address, OpenVPN was not started

    Edited once, last by gschmidt (December 18, 2016 at 11:02 AM).


  • Then I used instead of "remote nl1-ovpn-udp.purevpn.net"-->"206.123.147.102", because this gave the best connection.
    And then I suddenly got:

    Ziggo is actually my ISP and the "83.82.xxx.xxx" is my WAN Ip address?!?!
    I performed the speed test on "206.123.147.102" 3x and 3x I got a different Ziggo Server with the same connetion speeds.
    This confuses me...Can I use my own ISP to make a VPN Connection?
    And if so is the internet traffic still anonymous?

    Update: I saw that The VPN connection was not established with this IP address, OpenVPN was not started

    Exactly... you didn't establish a VPN connection, because you tried to use your own external PureVPN IP as the server IP. That cannot work.

    Explanation:
    You were assigned the external IP 206.123.147.102 by PureVPN, when you connected to the server 206.123.147.2. Apparently this was the one of the 7 servers, which PureVPN assigned you, when you connected to nl1-ovpn-udp.purevpn.net. When you connect to one of PureVPNs servers, you are getting an external IP matching the first three positions and the last one makes it your personal external IP. PureVPN doesn't share IP's between users, which is by the way extremely dangerous for your system and probably your entire home LAN, because PureVPN passes all connections (unwanted) into your direction directly to your LibreELEC machine.. bear that in mind, if you enabled SSH (hardcoded user "root" and pass "libreelec") and the webserver with its port 8080 (necessary for Yatse remote, for example).

    I highly recommend to read my thread here regarding PureVPN (and other VPN providers): LibreELEC


    So, you found out that server 206.123.147.2 was the only one with reasonable bandwidth. Perhaps it is just temporary, because the others were loaded for some temporary reason, but it could be worth a try to set this ip in your *.ovpn file instead of the nl1-ovpn-udp.purevpn.net address and just use this one server. And make a second *.ovpn with the default address nl1-ovpn-udp.purevpn.net to cycle to it, if 206.123.147.2 is overloaded. That is at least how I do it for a year now.

    EDIT:
    Here are my speedtests for those 7 servers: [Bash] PureVPN Netherlands Speedtest - Pastebin.com

    Turns out that server 206.123.147.2 was the only one which cut my bandwidth down to max 1Mbit Down, less than 1Mbit up. All others had nearly full speed of my 50/10 (max 40/10 synced) internet connection.

    And it turns out that the external PureVPN IP's are not always matching the corresponding server IP's (except for the fourth position). Netherlands servers are the first where I see totally different assigned external IP's than the actual servers IP you connect to. Anyways, perhaps this all helps. Perhaps there is one particular of those 7 servers, which you should avoid. I made the above linked speedtests at ~2am from germany, so there might be no load on servers during this time, hence it's not a good comparison for your measurements.

    Edited once, last by infinity85 (December 19, 2016 at 1:13 AM).


  • EDIT:
    Here are my speedtests for those 7 servers: [Bash] PureVPN Netherlands Speedtest - Pastebin.com

    Turns out that server 206.123.147.2 was the only one which cut my bandwidth down to max 1Mbit Down, less than 1Mbit up. All others had nearly full speed of my 50/10 (max 40/10 synced) internet connection.

    And it turns out that the external PureVPN IP's are not always matching the corresponding server IP's (except for the fourth position). Netherlands servers are the first where I see totally different assigned external IP's than the actual servers IP you connect to. Anyways, perhaps this all helps. Perhaps there is one particular of those 7 servers, which you should avoid. I made the above linked speedtests at ~2am from germany, so there might be no load on servers during this time, hence it's not a good comparison for your measurements.

    Thanx for helping me out here.
    So resume to understand VPN Connections:

    • With a "default" PureVPN connection setup in VPN Manager be aware that there is an unbelievably massive security issue, because all ports are open (including SSH 22)


    • I have tested your Speedtest IP's (How do you get/know these IP's anyway?) from 9:00 AM to 12:00 AM, the fastest one had a 25 Mbit/s. 3 of them had a 1 or 2 time >23 Mbit/s hit, but later tests on the same IP's came up with 0-5 Mbit/s. The selected host at "Hosted by" was quite of influence in the tests.


    • When I just used "nl1-ovpn-udp.purevpn.net" instead of an IP, 90% of the tested speeds were less than 4 Mbit/s


    • So 70% of the times the RPi makes a VPN connection, the speed does not hit above 4 Mbit/s.....I would say that VPN is not working for me? Or are there other settings (Routers, DNS) which are influencing the poor VPN Connection speed?
  • Well the security hole is an issue because you're using a VPN who elect not to give you any sort of firewall unless you pay extra. It's not because you're using my addon, which is just doing the work to create a VPN connection for you.

    infinity85, do I need to update the Pure connection list? I can't think why the DNS name would make a difference as both resolve to the same IP. I can believe that Pure workload balance, which maybe what's happening here?

    Edited once, last by zomboided (December 19, 2016 at 12:36 PM).


  • Well the security hole is an issue because you're using a VPN who elect not to give you any sort of firewall unless you pay extra. It's not because you're using my addon, which is just doing the work to create a VPN connection for you.

    infinity85, do I need to update the Pure connection list? I can't think why the DNS name would make a difference as both resolve to the same IP. I can believe that Pure workload balance, which maybe what's happening here?

    Hi zomboided,

    Your addon works fine, I only need to figure out why the connections are so slow.
    I just had a live chat (on my Laptop) with a PureVPN guy, which advised me to try the speedtest without firewalls on both my routers, but no difference.
    Maybe my issue is Network/Router related...If I connect the Pi straight to my ISP Router, I can exclude my DD-WRT router from issues?
    [hr]
    Also strange is that if I perform a Python Speedtest to a connected VPN Server on the RPi (LAN connected) with Putty on my LAPTOP (Which has no VPN connection) the internet signal is lost for a while.....is this an indication that there might be an issue with the ISP Router because i still have a working local network connection?

    Edited once, last by gschmidt (December 19, 2016 at 7:10 PM).

  • I thought let's install a spare Windows 10 PC with a PureVPN connection on my Home Network. Established the VPN connection on the selected the dutch server (no other choice) and did a speedtest on Ookla: and Boooommmm...90mbps...several times

    Why is this so fast?

  • Thanx for helping me out here.
    So resume to understand VPN Connections:

    • With a "default" PureVPN connection setup in VPN Manager be aware that there is an unbelievably massive security issue, because all ports are open (including SSH 22)


    Correct, but the solution is simple and the Iptables rules/solutions are all mentioned in my thread I linked in my last post, so if you follow it, you should have no concerns about security.

    • I have tested your Speedtest IP's (How do you get/know these IP's anyway?) from 9:00 AM to 12:00 AM, the fastest one had a 25 Mbit/s. 3 of them had a 1 or 2 time >23 Mbit/s hit, but later tests on the same IP's came up with 0-5 Mbit/s. The selected host at "Hosted by" was quite of influence in the tests.


    I obtain the IPs by resolving the DNS (nl1-ovpn-udp.purevpn.net) with Convert Host Name to IP Address or Find IP address of a host - e.g. find IP address of host name of. When I had the same issues a year ago, the pureVPN live chat support suggested me this site and to use the direct server IPs instead of the DNS. That is why I came around with this proposal for solution. You should be aware that no cheap VPN provider will guarantee you perfect unlimited speed. There will always be limits... I mostly don't hit the limit with my 40MBit ISP speed, but you will hit it quite often with your 90MBit connection. Though, 25Mbit is still not so slow and you saw that I get more than 30 MBit with my speedtests (okay, it was night time, and perhaps the routing is somehow different in germany for some providers). It is certainly shit that you have 23MBit at one time and later only a very limited connection on the same server :/. This is something I would try to bother their support over and over again. Apparently netherland servers are used pretty frequently hmmm... You have 7 servers, I hope you can find one, which is more reliable than the others. Besides this, I have also my favourite swiss server as primary connection and it gets sometimes slow when streaming IPTV, and for this case I have specified the other IP's as additional 2nd, 3rd, 4th connections to cycle between then for this particular case. VPN Manager offers you all these possibilities with its great featureset.
    I don't know about the influence of the "Hosted by" providers -_-. Again something the PureVPN Chat could help you with, or answer it.

    • When I just used "nl1-ovpn-udp.purevpn.net" instead of an IP, 90% of the tested speeds were less than 4 Mbit/s


    I assume that this is because nl1-ovpn-udp.purevpn.net assigns you in 90% of the time one of the slower servers. As I showed in my yesterdays speed test, there was one server (206.123.147.2), which was extremely slow no matter how many speed tests I did. In your case it is apparently in 90% of you connection attempts with nl1-ovpn-udp.purevpn.net that pureVPN decides to resolve it to 206.123.147.2 for your connection and then you end up with a slow connection. This was just an example. It is likely that my slow 206.123.147.2 is in your case one of the other 7 servers, may be even at the same time... who knows what the reason is... perhaps it is my ISPs routing, or the daytime of your connection attempt, which results in one or the other server being slower (more loaded with users/transfers) than the other servers --> Cycle the VPN connection to another server to avoid being limited.

    • So 70% of the times the RPi makes a VPN connection, the speed does not hit above 4 Mbit/s.....I would say that VPN is not working for me? Or are there other settings (Routers, DNS) which are influencing the poor VPN Connection speed?


    You said that you had connections respectively speedtests which exceeded 25MBit. So there might be no issue on your side at all. It might be just the simple reason, that PureVPN has too many people at the same time transferring big amount of data on the servers you want to use. It can be just as simple as it is... like a shared internet connection. Perhaps you should simply choose another VPN provider (at least for a testing period).
    I am no network guy, though I think it is surely possible that routers / firewalls etc. influence the speed of a VPN connection. But in your case you had connections of 25MBit, so that means your setup is able to handle at least these speeds with OpenVPN... I don't know why the same setup would limit you to 1MBit some minutes later... sure... everything is possible and troubleshooting can be a pain in the ass, but it soulds more like an issue on PureVPNs side. And I can tell you that I also had speed issues... And I do also have sometimes speed issues without a VPN connection, because my ISP has technical issues... same things can happen to PureVPN servers. But especially the additional layer (VPN tunnel and VPN Provider) in your internet connection can obviously become an additional factor of bandwidth limitation. This is something you cannot avoid, but ideally you could lower the risk of bandwidth limitation by using a business 1000€/month VPN provider who is specialized on fast and reliable VPN connections for companies or so. PureVPN, IPVanish etc. are quite cheap for the service they provide you, and still they are quite fast and reliable... everything is a matter of reasonability or proportionality (not sure which expression is the correct one for this in english ;) )


    infinity85, do I need to update the Pure connection list? I can't think why the DNS name would make a difference as both resolve to the same IP. I can believe that Pure workload balance, which maybe what's happening here?


    No I don't think there is anything you should update as long as the servers list is up-to-date (I do get successful connections if using your default PureVPN list, so there is no general problem. Perhaps some countries are down, but in this case the people who use those countries could/would mention it to you).

    I'm sure the DNS name makes no difference. As you say... it resolves to the same IP. But in this case there are simply 7 Servers (7 IP's) behind it and sometimes you simply get assigned to one of those 7 servers, which is quite slow. There's nothing you could do about it, other than to resolve every single country's DNS to its IP's and then to make seperate *.ovpn for every single IP. Afaik there are more than 140 countries listed at PureVPN... and If some of them have 7 or 10 or 5 seperate IP's behind the DNS', then you end up with up to 500 *.ovpn... that would make no sense at all in your addon :D. Your UserDefined function is totally appropriate to handle it manually, like I described some posts above. It is as you said, the PureVPN workload balance is kind of poor sometimes during establishing a connection.
    [hr]


    I thought let's install a spare Windows 10 PC with a PureVPN connection on my Home Network. Established the VPN connection on the selected the dutch server (no other choice) and did a speedtest on Ookla: and Boooommmm...90mbps...several times

    Why is this so fast?


    Great to hear that! How did you establish the connection? Was it also via OpenVPN, or did you use the PureVPN software client? PureVPN offers the following VPN connection protocols: PPTP, L2TP, SSTP, IKEv2 OpenVPN-UDP and OpenVPN-TCP and some of them might be easier in encryption (less processing load on you Raspberry, that the other). On LibreELEC you do only have the choice to use OpenVPN afaik. The encryption there might load your Raspberries CPU's more, thus the CPU being the limiting factor. But As you said earlier... you achieved 25Mbit with the Raspberry, so the CPU is capable to cope with at least 25Mbit, 90MBit/s would even be too hard to achieve with a Raspberry Pi, because it has only a 100Mbit (theoretical) ethernet speed, and to make it even worse it is hooked up to the USB interface, sharing Ethernet transfers with USB transfers. Though, according to my knowledge the Raspberry Pi2 and especially RPi3 come very close to the theoretical limit of 100Mbit/s. May be the CPU limits a VPN throughbut to 50Mbit/s max, maybe it does more, just a guess.

    When you made the speedtests with your windows machine... did you make comparison speedtests to the same servers at the same time (no matter whether some minutes later) with your raspberry? I could imagine that the raspberry would also have good speeds at the same time and same servers, because I still assume that the sporadic bottleneck is rather on PureVPNs side than on yours.

    Edited once, last by infinity85 (December 19, 2016 at 7:57 PM).

  • I understand....but what about the Windows 10 VPN connection of my PureVPN account which hits 90mbps? Several times over 110....which is even faster than my normal ISP connection speed...I have doubts that by accident and time I 10:10 hit a >90mbps hit, and on openvpn on the raspberry 1:20>20mbps

    Edited once, last by gschmidt (December 19, 2016 at 8:11 PM).


  • I understand....but what about the Windows 10 VPN connection of my PureVPN account which hits 90mbps? Several times over 110....which is even faster than my normal ISP connection speed

    VPN connections are encrypted. Encryption takes some amount of processing power. So the CPU of your Win10 system can cope with decrypting even when the data comes with high throughput, the Raspberry has limited processing power... (I edited my last post, there I explain it also). Depends on your the way you established your VPN on Windows. Perhaps it was PPTP or so, which is faster/easier to decrypt I think. Anyways... At first you should make sure that the VPN was established correctly on your Win10 machine during testing and then you should make a comparison with the raspberry at the same time. Perhaps it turns out that OpenVPN servers are not just harder to decrypt for the raspberry, but may be also PureVPN assigns them less bandwidth compared to PPTP and the other protocols. It would be a question for the PureVPN support chat again.

  • VPN connections are encrypted. Encryption takes some amount of processing power. So the CPU of your Win10 system can cope with decrypting even when the data comes with high throughput, the Raspberry has limited processing power... (I edited my last post, there I explain it also). Depends on your the way you established your VPN on Windows. Perhaps it was PPTP or so, which is faster/easier to decrypt I think. Anyways... At first you should make sure that the VPN was established correctly on your Win10 machine during testing and then you should make a comparison with the raspberry at the same time. Perhaps it turns out that OpenVPN servers are not just harder to decrypt for the raspberry, but may be also PureVPN assigns them less bandwidth compared to PPTP and the other protocols. It would be a question for the PureVPN support chat again.

    It's a downloadable Windows program at PureVPN website and i think it uses PPTP, Thanx to point this out...i will ask them the huge difference

    Edited once, last by gschmidt (December 19, 2016 at 8:19 PM).