VPN Manager for OpenVPN

  • I'm using AirVPN via the User Defined mechanism because I want to specify specific servers. This is working wonderfully (except for the last two updates nuked my certs somehow.)


    Question is: Does VPN Manager do any kind of failover, meaning if connection 1 is unavailable will it try connection 2?


    I could not find anything in the wiki or over on the openelec forums regarding this.


    What I'm trying to do is setup a few ovpn files each with a set of remote directives. Supposedly openvpn will do a failover with multiple remote IPs if you leave out the remote-random directive. Problem is I think I would need to set the resolv-retry to something other than "infinite" in order to do so.


    What I'm wondering is what happens if I have 3 remote entries in the ovpn file for connection 1 with resolv-retry=60, what happens if all 3 fail. Am I correct in assuming that VPN manager would report connection failed and I would need to manually switch to connection 2?

    Tomato X96 s905x 2G/16G - 8.0.1i
    OTT MXQ s805 1G/8G - HD18Q.arm-7.0.3.2
    MythTV Backend w/HDhomerun PRIME

  • I'll look at user configs being wiped out - providing you're putting everything in the userdata directories it should just repopulate? Is it just the user key/cert that were the problem?


    There's no failover to different connections within the add-on. You're on the right path using multiple remotes within the ovpn. You'd need to read then openvpn docs to work out what parameters to use...the one thing to bear in mind is that after a period (30 seconds or so) VPN Mgr will get bored waiting for the connection to work and I think will shoot the task.


    Really tho, if your provider is so unreliable that you expect server connections to fail that often, get a new provider. I don't think I've had any connectivity issues with mine in over a year.


  • I'll look at user configs being wiped out - providing you're putting everything in the userdata directories it should just repopulate? Is it just the user key/cert that were the problem?


    It notified that all connections would need to be re-validated. Went into settings and tried to re-validate the 1st connection and it errored/timed out on every server I tried. I only glanced at the log, but it looked like it couldn't find the certs/key. I nuked everything and used the import wizard after both updates. If it happens next time I will be sure to document it as thoroughly as I can.



    after a period (30 seconds or so) VPN Mgr will get bored waiting for the connection to work and I think will shoot the task.


    Question is does the addon re-start the waiting period when openvpn failovers to the second remote line? Maybe setting resolv-retry to something very low like 10 would work.


    Really tho, if your provider is so unreliable that you expect server connections to fail that often, get a new provider. I don't think I've had any connectivity issues with mine in over a year.


    1 out of the 5 servers I like to rotate very occasionally flakes out lately. Unfortunately it's also the fastest by far, so I always try to use it. I just switch servers with the remote, but it's not wife-friendly enough around here. I'm sure the server issue will get worked out, but it can never hurt to futureproof.

    Tomato X96 s905x 2G/16G - 8.0.1i
    OTT MXQ s805 1G/8G - HD18Q.arm-7.0.3.2
    MythTV Backend w/HDhomerun PRIME

    Edited once, last by Jaaxx ().

  • VPN Mgr spends ~30 seconds waiting for openvpn regardless of what it's doing before giving up. It'll then try again a bit later up to a dozen times or so with increasing periods of time between the attempts (think it waits a minute then retries and it that fails it doubles the wait time up to an hour before trying again). Doesn't help you tho as it'll just do the same thing on the same connection.


    I guess I could look at moving to the next connection on failure, but I'm not sure that'd work with filtering well (unless the user sets it up properly)


    If you want to hand craft something with explicit failover behaviour then one of the APIs could be used. I'd go bitch at my VPN provider about fixing their service rather than spend the effort doing this.


  • /usr/sbin/openvpn "/storage/.kodi/addons/service.vpn.manager/PIA/US West (UDP).ovpn" > /run/openvpn.log


    This is the command that starts the vpn you can see the location of the ovpn. You can try running it directly on he command line and see what happens. Everything looks normal to me in the log apart from the connection failing. I use PIA and I'm not seeing this issue (on a Pi running LE 7) so it could be platform or LE 8 related I guess but nobody else is reporting it.


    For the second attempt without force ping it looks like you're getting a different error that is typically caused by dodgy connectivity (server doesn't respond to TLS handshake). Maybe the lack of ping working too in the previous example also suggests this


    So i have done some more testing.
    I switched my router to modem mode and connected via ethernet, same problem.
    I created a hotspot from the modem mode router and connected my LE to that, same problem.
    I installed LE on my raspberry pi 3, same problem.


    I have been able to get a VPN connection working when using AirVPN, but just no luck with PIA.


    Maybe the issue is with my provider, Virgin Media. Can't think of any other reason.


    Any other suggestions for what I could try? I already have a yearly sub to PIA and don't really wanna have to pay for a sub to another but don't see any way of getting this working otherwise.


    #edit


    ok, i use PIA on windows with their software, just tried to connect to to VIA with OpvenVPN software and it gives the same issues as LE. same issue on OSMC on my RBPi3. so it must be a problem with my router or ISP.


    ## Edit 2


    Fixed.
    My GF setup up our internet account when we first moved in years ago, well it turns out that our Virgin Media account had a virus protection filter applied to our connection, which is what has been preventing the connection. I disabled it and that allowed the connection to go through.


    Thanks for your help zomboided, sorry for wasting your time with the logs, just happy to have this thing working now :) ... just wish i didn't have to waste an entire saturday to figure this out!

    Edited once, last by DMG ().

  • Try googling your router make and vpn or PIA. There might be some funkiness with some settings, or you might need to use a different port maybe. Or there's some firewall nonsense going on? Put your kodi box in a dmz to test this.

  • Hi zomboided2,


    i would like to setup a "UserDefined VPN" in the vpn manager app for Kodi but unfortunatelly i'm facing with a problem during the setup process. I'm using the latest 8.0.1 version of LE on a RPI3.
    I had copied the ovpn and ca.crt files to the /storage/.kodi/addons/service.vpn.manager/UserDefined directory than i started the User defined import wizard. Unfortunately i only saw the following source option when i have to pickup a folder or open the files which are needed for the vpn setup. Could you please tell me how can provide the files which are needed to setup the VPN connection.


    Picture


    Regards, Daniel

    Edited once, last by schrackin ().


  • Could you please tell me how can provide the files which are needed to setup the VPN connection.


    Go to Kodi's file manager and add /storage/.kodi/addons/service.vpn.manager/UserDefined as a source.

    Tomato X96 s905x 2G/16G - 8.0.1i
    OTT MXQ s805 1G/8G - HD18Q.arm-7.0.3.2
    MythTV Backend w/HDhomerun PRIME

  • That won't work because he's putting the files in the wrong place. They'll be wiped out if the add-on changes - the problem that you saw that I've just fixed.

  • Hello everyone
    Trying to make my expressvpn account works with kodi through this add-on .
    I fails to connect
    log shows format error in certificate verification.
    I imported ovpn with embedded keys and tried also directly client.crt and client.key
    With both methods same format error..
    Edit: this is the error : error=format error in certificate's not after field:...

    Edited once, last by jotenakis ().

  • Hi,


    I am having problems connecting to my VPN via the VPN manager for OpenVPN on
    my Raspberry Pi. All was working fine until today but now it wont connect.
    I have updated to the latest version of VPN manager for OpenVPN 4.0.1, but
    it still wont work.


    If I try to set my First VPN profile, I just get the following screen with two options;


    [ Select first VPN profile ]
    > Switch between location and server views <
    > Cancel connection attempt <




    I have waited for a while just to see if anything happens, but it does nothing,
    so I just have to click Cancel.


    I have also reset all the settings within to DEFAULT, and the rebooted my Pi.
    Then used the WIZARD to input my Username and Password. After that it
    started downloading the *.ovpn files, but then went to the same screen as mentioned above.


    FYI.
    I can use my NordVPN app on my mobile, so I dont think there is a problem
    with Nord.



    Version Info
    VPN provider: NordVPN
    VPN manager for OpenVPN: 4.0.1
    Libreelec: 8.0.1
    Kodi: 17.1


    Do you know how I can fix this?


    Thanks in advance.


  • @ last 2 posters, go and read the first post and get a full log.


    Hi again,


    OK, I managed to get it working, by doing the following:


    Settings / Utilities
    1. Reset all VPN provider files to default
    2. Remove all downloaded VPN provider files


    Settings / Debug
    3. Enable debug for just VPN Manager, (I enabled this so as I could post the log if/when it failed).



    4. Then I restarted my Raspberry Pi.


    5. Then used the Wizard to configure my VPN.


    6. It then started to download all the *.ovpn files


    7. Once it had finished, it then stated that it was 'Setting my up VPN', (this did not happen previously).


    8. This time I was able to select my 'First VPN Profile' that I wanted to use, and it then connected successfully. :)



    Not sure why it worked this time, as the only thing I did different was Enable the Debugging. :-/


    Anyway hopefully it's all sorted now.

  • Ok good...this empty list bug is frustrating me as a few people have seen it. I've pushed out 4.0.3 on the repo with better debug and a potential fix. Get me a log if you see it again

  • OK if it happens again I will post up a log for you.


    BTW.
    Thanks for all your work to bring us this add-on, it's much appreciated.