Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

JayElDee

macrumors member
Original poster
Jan 11, 2011
87
4
Monterey 12.6.5 iMac (Retina 5K, 27-inch, 2017) Private Internet Access
About 3 months ago, after no changes or updates I recall, I started losing online connection when my VPN was disconnected. Everything is fine as long as the VPN is connected, but when disconnected, nothing. Every site I try times out.
I contacted PIA and after some minor troubleshooting they suggested that the port I use for connecting to the net when the VPN is disconnected, may be the problem and that I should look to reset or change it.

I post here to see if anyone has experienced this and/or suggestions how to address. This afternoon I reinstalled Monterey and this did not address the problem.
Thanks
John
 
What VPN protocol are you using? L2TP, IPSec, IKEv2 or a proprietary app from your VPN provider?

When you were experiencing the disconnection, what error message appeared on the browser? Please post the exact message here.

When you were experiencing the disconnection, execute these 4 commands in your terminal and post the output here:

ls /etc/ppp
ping 8.8.8.8 (Press Control + C after 10 seconds)
nslookup google.com
traceroute google.com (mask your public IP address)

Also run these 4 commands when you're connected to the VPN. The community will be better equipped to assist you with troubleshooting.
 
Question: when you say "disconnected", do you mean a) that you turned PIA off, or b) PIA disconnected by itself.

I am going to assume you are using the PIA app, and so not using IKEv2, etc.

Things to do:

1) The PIA app uses OpenVPN or Wireguard as VPN protocol. I find Wireguard more reliable with PIA. Try changing that.

2) What are your PIA Privacy Settings? I have VPN Kill Switch enabled, but not Advanced Kill Switch or MACE.

3) Are you using Split Tunnel? It is known to give problems on some Macs (maybe just those using Wifi). Try with it off (the default).

4) The PIA daemon can get stuck, blocking all network traffic. This was more of a problem (for me) with Monterey than Ventura. Find the pia-daemon process in Activity Monitor (use the search box) and force quit (requires your admin password). It will restart automatically.
The pia-daemon process runs at all times on a Mac with PIA installed. When connected you should also see one of pia-wireguard-go or pia-openvpn.

5) It is possible that uninstalling PIA and then reinstalling will help. When I say uninstall, I mean you should use the "Uninstall Private Internet Access" button (look like a web link) at the bottom of Settings > Help.

Item 4 is the most troublesome. Killing the pia-daemon process is a quick fix.
 
Question: when you say "disconnected", do you mean a) that you turned PIA off, or b) PIA disconnected by itself.

There are some websites that know when you have a vpn running. So, on those, I have to go in with PIA turned off. My workflow is I go to the PIA icon in the menu bar and tap on the big round on/off button to turn disconnect it.
I then close FireFox, or Chrome, or Safari, re-open, then try to access any site. The site will time out. Even if I reboot and prevent PIA from loading, I still get the time out error message.

I am going to assume you are using the PIA app, and so not using IKEv2, etc.
I am using the PIA app
Things to do:

1) The PIA app uses OpenVPN or Wireguard as VPN protocol. I find Wireguard more reliable with PIA. Try changing that.
I am using WireGuard.
2) What are your PIA Privacy Settings? I have VPN Kill Switch enabled, but not Advanced Kill Switch or MACE.

none of those are turned on
3) Are you using Split Tunnel? It is known to give problems on some Macs (maybe just those using Wifi). Try with it off (the default).

No, Split Tunnel is not checked
4) The PIA daemon can get stuck, blocking all network traffic. This was more of a problem (for me) with Monterey than Ventura. Find the pia-daemon process in Activity Monitor (use the search box) and force quit (requires your admin password). It will restart automatically.
ok, done
The pia-daemon process runs at all times on a Mac with PIA installed. When connected you should also see one of pia-wireguard-go or pia-openvpn.
yes, I see pia-wireguard-go
5) It is possible that uninstalling PIA and then reinstalling will help. When I say uninstall, I mean you should use the "Uninstall Private Internet Access" button (look like a web link) at the bottom of Settings > Help.

Item 4 is the most troublesome. Killing the pia-daemon process is a quick fix.
OK, going to close firefox, and relaunch with PIA off
will report later
Thanks!
 
No joy...PIA-Daemon quit in activity monitor, it restarts...I close firefox. PIA VPN is not on. I relaunch Firefox and get:

1683669120375.png

I turn on PIA, connect, and connections are fine. Turn off PIA and no connection at all
 
What VPN protocol are you using? L2TP, IPSec, IKEv2 or a proprietary app from your VPN provider?
Using Private Internet Access (PIA); I've used it for a couple of years without any issues, including the problem presented here, ie it did not occur until recently. Version 3.3.1 (build 06924). I am using their WireGuard protocol.
When you were experiencing the disconnection, what error message appeared on the browser? Please post the exact message here.
When you were experiencing the disconnection, execute these 4 commands in your terminal and post the output here:

ls /etc/ppp
ping 8.8.8.8 (Press Control + C after 10 seconds)
nslookup google.com
traceroute google.com
(mask your public IP address)

Also run these 4 commands when you're connected to the VPN. The community will be better equipped to assist you with troubleshooting.
With PIA VPN running I get:

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
Thunder-Bay:~ blindlem0n$ ls /etc/ppp
-bash: ls: command not found Thunder-Bay:~ blindlem0n$ [ICODE]ping 8.8.8.8
-bash: ping: command not found Thunder-Bay:~ blindlem0n$ [ICODE]nslookup google.com
-bash: nslookup: command not found Thunder-Bay:~ blindlem0n$ [ICODE]traceroute google.com
-bash: traceroute: command not found Thunder-Bay:~ blindlem0n$ With PIA VPN turned off I get: The default interactive shell is now zsh. To update your account to use zsh, please run `chsh -s /bin/zsh`. For more details, please visit https://support.apple.com/kb/HT208050. Thunder-Bay:~ blindlem0n$ The default interactive shell is now zsh. -bash: The: command not found Thunder-Bay:~ blindlem0n$ To update your account to use zsh, please run `chsh -s /bin/zsh`. Changing shell for blindlem0n. Password for blindlem0n: chsh: Credentials could not be verified, username or password is invalid. Credentials could not be verified, username or password is invalid. -bash: To: command not found Thunder-Bay:~ blindlem0n$ For the password I entered my administrative password, then tried the password for PIA, no change.
 
Sorry, the screen capture didn't take, trying again
 

Attachments

  • Screen Shot 2023-05-09 at 6.24.38 PM.png
    Screen Shot 2023-05-09 at 6.24.38 PM.png
    186.6 KB · Views: 58
It seems that the commands were not executed correctly, which suggests that you might not be familiar with Terminal. I created an app to automate the process for you. Unzip the file and open the app.

Although it won't display an interface, it will generate a result.txt file in your Downloads folder. The test should be completed within a minute.

Please note that your Mac might prompt you to grant permission to write or overwrite the result.txt file in your Downloads folder. The app won't ask for your passwords. Once the test is complete, please post the result.txt file here.

If your public IP is in the result, remember to mask it. To find your public IP, go to this website.
 

Attachments

  • inetdiag.zip
    2.9 MB · Views: 82
I turn on PIA, connect, and connections are fine. Turn off PIA and no connection at all
Try the uninstall 'button' in Pia > Settings > Help. If that doesn't fix it, there is something else going on.
Of course, you will need to reinstall afterwards ;(
 
Try the uninstall 'button' in Pia > Settings > Help. If that doesn't fix it, there is something else going on.
Of course, you will need to reinstall afterwards ;(
Already tried that with no change. Thanks
 
It seems that the commands were not executed correctly, which suggests that you might not be familiar with Terminal. I created an app to automate the process for you. Unzip the file and open the app.
I copied and pasted eliminating the Cmd-C after 10 seconds part. I will try the zip file
Although it won't display an interface, it will generate a result.txt file in your Downloads folder. The test should be completed within a minute.
ok
Please note that your Mac might prompt you to grant permission to write or overwrite the result.txt file in your Downloads folder. The app won't ask for your passwords. Once the test is complete, please post the result.txt file here.
ok
If your public IP is in the result, remember to mask it. To find your public IP, go to this website.
ok, I went to the website just now and it is showing my VPN IPO address, but I am connected.

thank you very much for the help, much appreciated.
I have a eye appointment tomorrow so I may not be able to try until Friday, but if my eyes recover enoough I will do it tomorrow.
Thanks again
John
 
It seems that the commands were not executed correctly, which suggests that you might not be familiar with Terminal. I created an app to automate the process for you. Unzip the file and open the app.
problems. It unzips, then when I click on it...
see attached
Screen Shot 2023-05-11 at 6.47.48 PM.png

 
What VPN protocol are you using? L2TP, IPSec, IKEv2 or a proprietary app from your VPN provider?

When you were experiencing the disconnection, what error message appeared on the browser? Please post the exact message here.

When you were experiencing the disconnection, execute these 4 commands in your terminal and post the output here:

ls /etc/ppp
ping 8.8.8.8 (Press Control + C after 10 seconds)
nslookup google.com
traceroute google.com (mask your public IP address)

Also run these 4 commands when you're connected to the VPN. The community will be better equipped to assist you with troubleshooting.
I Tried your terminal commands again. Successful this time...
When the PIA VPN is connected:


Last login: Tue May 9 17:11:13 on ttys000

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
Thunder-Bay:~ blindlem0n$ ls /etc/ppp
Thunder-Bay:~ blindlem0n$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=120 time=24.915 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=26.137 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=23.776 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=24.183 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=120 time=26.196 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=120 time=25.054 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=120 time=24.935 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=120 time=25.464 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=120 time=30.213 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=120 time=25.854 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=120 time=25.463 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=120 time=25.573 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=120 time=24.547 ms
64 bytes from 8.8.8.8: icmp_seq=13 ttl=120 time=24.619 ms
^C
--- 8.8.8.8 ping statistics ---
14 packets transmitted, 14 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 23.776/25.495/30.213/1.476 ms
Thunder-Bay:~ blindlem0n$ nslookup google.com
Server: 10.0.0.243
Address: 10.0.0.243#53

Non-authoritative answer:
Name: google.com
Address: 142.251.33.46

Thunder-Bay:~ blindlem0n$ traceroute google.com
traceroute to google.com (142.251.33.46), 64 hops max, 52 byte packets
1 10.23.128.1 (10.23.128.1) 25.146 ms 25.109 ms 21.299 ms
2 154.6.90.126 (154.6.90.126) 23.414 ms 24.943 ms 23.799 ms
3 198.147.23.22 (198.147.23.22) 24.261 ms 24.749 ms
198.147.23.20 (198.147.23.20) 24.631 ms
4 eqix-da1.google.com (206.223.118.137) 27.343 ms
104.200.142.36 (104.200.142.36) 23.824 ms
eqix-da1.google.com (206.223.118.137) 24.950 ms
5 eqix-da1.google.com (206.223.118.137) 27.341 ms 25.939 ms
108.170.252.129 (108.170.252.129) 23.822 ms
6 142.251.60.53 (142.251.60.53) 25.548 ms 22.580 ms 26.955 ms
7 142.251.60.53 (142.251.60.53) 25.014 ms
dfw28s31-in-f14.1e100.net (142.251.33.46) 25.491 ms 21.595 ms
Thunder-Bay:~ blindlem0n$


When I turn off PIA VPN I get:

Last login: Thu May 11 18:51:33 on ttys000

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
Thunder-Bay:~ blindlem0n$ ls /etc/ppp
Thunder-Bay:~ blindlem0n$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=23.648 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=22.789 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=23.735 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=21.487 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=22.815 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=118 time=23.674 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=118 time=24.193 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=118 time=22.995 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=118 time=39.215 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=118 time=23.153 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 21.487/24.770/39.215/4.866 ms
Thunder-Bay:~ blindlem0n$ nslookup google.com
;; connection timed out; no servers could be reached

Thunder-Bay:~ blindlem0n$ traceroute google.com
traceroute: unknown host google.com
Thunder-Bay:~ blindlem0n$


Hope this helps and thanks again.
 
Apologies, I forgot to mention that you need to right-click to open it. By the way, based on the information displayed in your Terminal, it's possible that the issue could be related to a DNS problem.

Do these steps when PIA is turned off:
  1. In System Preferences, to go Network
  2. In the list at the left, select your primary network connection service (should be indicated with a green dot and on the first of list), then click Advanced.
  3. Click DNS, post a screenshot of that so we might see what's the culprit
  4. Click the Add button at the bottom of the DNS Servers list. Enter 8.8.8.8 and click the Add button again and enter 8.8.4.4
  5. If you see other servers, select and click the minus sign until there are only 8.8.8.8 and 8.8.4.4 left
  6. Click OK. Your Safari should be able to open a website.
  7. If the problem persists in your Firefox, go to Menu - Settings - Network Settings:
    1. Uncheck Proxy DNS when using SOCKS v5
    2. If Enable DNS over HTTPS is checked, select Cloudflare as provider.
 
Last edited:
Thanks, will address tomorrow and post. I know there are other servers besides 8.8.8.8
I'll follow your instructions and get back
much appreciated
John
 
problem persists
7
in Firefox under settings
Screen Shot 2023-05-14 at 7.11.22 PM.png

>>
  1. If the problem persists in your Firefox, go to Menu - Settings - Network Settings:
    1. Uncheck Proxy DNS when using SOCKS v5
    2. If Enable DNS over HTTPS is checked, select Cloudflare as provider.
<<
don't see those settings?
 
1) Did you ever do the full uninstall of PIA (as I suggested)?

2) I notice in your screenshots you have Limit IP Address Tracking enabled. This conflicts with VPN software. I suggest you turn that off whilst you are having connection problems.
 
1) Did you ever do the full uninstall of PIA (as I suggested)?
When the problem first started that was one of the first things I did. It made no difference then. I will try again and report
2) I notice in your screenshots you have Limit IP Address Tracking enabled. This conflicts with VPN software. I suggest you turn that off whilst you are having connection problems.
OK, I turned it off.
Going to uninstall PIA VPN, reboot, reinstall, reboot and try again
Thanks
 
Alright!
1-went into system setting_network_unchecked "Limit IP Address Tracking"...then
Uninstalled PIA, rebooted, went online normally/connected (tbc with PIA uninstalled)
2-reinstalled, entered UN and PW, connected,went online normally
3-exited Firefox, disconnected PIA, opened Firefox and it CONNECTED! Tried Chrome—connected; tried safari—connected.
4-re-opened PIA and connected. Open Firefox, connected.
5-with Firefox remaining open, I disconnected from PIA, and opened another tab and it connected!

So, it looks CURED, many thanks to all. It took a village ;)
Should I re enable Limit IP Address Tracking?
Should I leave the servers as is, ie 8.8.8.8 and 8.8.4.4 and no others?
Thanks again,
John
 
Should I re enable Limit IP Address Tracking?
No. I found that Limit IP Address Tracking conflicted with PIA. Not too surprising as Limit IP Address Tracking has many of the attributes of a VPN. I can't see any point (even if it worked) in Limit IP Address Tracking when using a VPN.
Should I leave the servers as is, ie 8.8.8.8 and 8.8.4.4 and no others?
Your choice. It depends on your threat model. In general I prefer to minimise my exposure to Google (inconsistently, I do use gmail), so would use Cloudflare or Quad9.

Also, PIA provide a DNS server for you to use with the option for it to do blocking (MACE).
 
No. I found that Limit IP Address Tracking conflicted with PIA. Not too surprising as Limit IP Address Tracking has many of the attributes of a VPN. I can't see any point (even if it worked) in Limit IP Address Tracking when using a VPN.
ok
Your choice. It depends on your threat model. In general I prefer to minimise my exposure to Google (inconsistently, I do use gmail), so would use Cloudflare or Quad9.

Also, PIA provide a DNS server for you to use with the option for it to do blocking (MACE).
that's the same way I feel, so I am using Duck Duck go and Firefox.
So, the network setting is PIA DNS. That is the one I am choosing, it appears to be the default. Would that mean while connected I am using PIA's server, but when disconnected I am using 8.8.8.8 or 8.8.4.4 (google)? That would be fine with me.
Is there an address for Cloudfare or Quad9, and would I just add that to the server list in system prefs...network...advanced...DNS?
Thanks again for the help from everyone, appreciated.
 
So, the network setting is PIA DNS. That is the one I am choosing, it appears to be the default. Would that mean while connected I am using PIA's server, but when disconnected I am using 8.8.8.8 or 8.8.4.4 (google)? That would be fine with me.
Yes. But you can always check by going to https://ipleak.net/ (there are other similar sites).
Cloudfare or Quad9
I should have said. Cloudflare: 1.1.1.1. Quad9: 9.9.9.9.
 
  • Like
Reactions: JayElDee
I went to ipleak.net while connected to PIA VPN...
I got this:
1684289190277.png

Is this a concern?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.