Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

impossible to do container VPN #132

Open
titou4307 opened this issue Mar 28, 2022 · 8 comments
Open

impossible to do container VPN #132

titou4307 opened this issue Mar 28, 2022 · 8 comments

Comments

@titou4307
Copy link

Hello

I'm trying this config file under docker compose in Portainer (Host = Pi4 8Gb)

version: "3"
services:
vpn:
image: azinchen/nordvpn:latest
container_name: nordvpn-user-pass # Nom donné au container
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- [USER=XXXXXXXXXXXXXXX # Adresse mail du compte
- PASS=XXXXXXXXXXXXX # Mot de passe du compte
- COUNTRY=France
- GROUP=Standard VPN servers
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 /3 * * *
- CHECK_CONNECTION_CRON="/5 * * * *" -e CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion Internet
- NETWORK=192.168.1.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 5800:5800 # Port des autres containers susceptibles d’utiliser cet accès VPN
restart: unless-stopped

Is anyone can "read" this config and say me where is the BUG
@neildeadman
Copy link

neildeadman commented Mar 28, 2022
edited
Loading

  • [USER should be just - USER

  • CHECK_CONNECTION_CRON="/5 * * * *" -e CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion

should be

plus missing a * in CRON.

Try this:

version: "3"

services:
  vpn:
  image: azinchen/nordvpn:latest
  container_name: nordvpn-user-pass # Nom donné au container
  cap_add:
    - net_admin
  devices:
    - /dev/net/tun
  environment:
    - USER=XXXXXXXXXXXXXXX # Adresse mail du compte
    - PASS=XXXXXXXXXXXXX # Mot de passe du compte
    - COUNTRY=France
    - GROUP=Standard VPN servers
    - RANDOM_TOP=10
    - RECREATE_VPN_CRON=5 */3 * * *
    - CHECK_CONNECTION_CRON="/5 * * * *"
    - CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion Internet
    - NETWORK=192.168.1.0/24
    - OPENVPN_OPTS=--mute-replay-warnings
  ports:
    - 5800:5800 # Port des autres containers susceptibles d’utiliser cet accès VPN
  restart: unless-stopped

@titou4307
Copy link
Author

Hi @neildeadman

Many thanks for your first help, I have mod the stack

version: "3"
services:
vpn:
image: azinchen/nordvpn:latest
container_name: nordvpn-v4 # Nom donné au container
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=XXXXXXXXXXXX # Adresse mail du compte
- PASS=XXXXXXXXXXXX # Mot de passe du compte
- COUNTRY=France
- GROUP=Standard VPN servers
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */3 * * * *
- CHECK_CONNECTION_CRON="/5 * * * * "
- CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion Internet
- NETWORK=192.168.1.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 8080:80 # Port des autres containers susceptibles d’utiliser cet accès VPN
- 5800:5800
restart: unless-stopped

Impossible to have access to internet....
I'm using other container (jdownloader under port 5800.....)

In the container VPN here :
curl ifconfig.me give no information (like if it impossible, no response....)

@neildeadman
Copy link

Can you post the logs of the container?

@titou4307
Copy link
Author

Here the copy of the logs :

2022-03-28 20:57:00 TLS Error: TLS handshake failed
2022-03-28 20:57:00 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 20:57:00 Restart pause, 5 second(s)
2022-03-28 20:57:05 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 20:57:05 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 20:57:05 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 20:57:05 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 20:57:05 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 20:57:05 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 20:57:05 UDP link local: (not bound)
2022-03-28 20:57:05 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 20:58:05 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 20:58:05 TLS Error: TLS handshake failed
2022-03-28 20:58:05 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 20:58:05 Restart pause, 10 second(s)
2022-03-28 20:58:15 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 20:58:15 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 20:58:15 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 20:58:15 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 20:58:15 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 20:58:15 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 20:58:15 UDP link local: (not bound)
2022-03-28 20:58:15 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 20:59:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 20:59:16 TLS Error: TLS handshake failed
2022-03-28 20:59:16 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 20:59:16 Restart pause, 20 second(s)
2022-03-28 20:59:36 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 20:59:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 20:59:36 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 20:59:36 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 20:59:36 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 20:59:36 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 20:59:36 UDP link local: (not bound)
2022-03-28 20:59:36 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 21:00:36 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 21:00:36 TLS Error: TLS handshake failed
2022-03-28 21:00:36 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 21:00:36 Restart pause, 40 second(s)
2022-03-28 21:01:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 21:01:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 21:01:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:01:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:01:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 21:01:16 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 21:01:16 UDP link local: (not bound)
2022-03-28 21:01:16 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 21:02:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 21:02:16 TLS Error: TLS handshake failed
2022-03-28 21:02:16 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 21:02:16 Restart pause, 80 second(s)
2022-03-28 21:03:36 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 21:03:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 21:03:36 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:03:36 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:03:36 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 21:03:36 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 21:03:36 UDP link local: (not bound)
2022-03-28 21:03:36 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 21:04:36 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 21:04:36 TLS Error: TLS handshake failed
2022-03-28 21:04:36 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 21:04:36 Restart pause, 160 second(s)
/bin/ash: *: not found
2022-03-28 21:07:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 21:07:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 21:07:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:07:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:07:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 21:07:16 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 21:07:16 UDP link local: (not bound)
2022-03-28 21:07:16 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 21:08:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 21:08:16 TLS Error: TLS handshake failed
2022-03-28 21:08:16 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 21:08:16 Restart pause, 300 second(s)
2022-03-28 21:13:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 21:13:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 21:13:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:13:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:13:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 21:13:16 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 21:13:16 UDP link local: (not bound)
2022-03-28 21:13:16 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 21:14:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 21:14:16 TLS Error: TLS handshake failed
2022-03-28 21:14:16 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 21:14:16 Restart pause, 300 second(s)
2022-03-28 21:19:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 21:19:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 21:19:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:19:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 21:19:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194
2022-03-28 21:19:16 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 21:19:16 UDP link local: (not bound)
2022-03-28 21:19:16 UDP link remote: [AF_INET]178.249.212.15:1194
2022-03-28 21:20:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-28 21:20:16 TLS Error: TLS handshake failed
2022-03-28 21:20:16 SIGUSR1[soft,tls-error] received, process restarting
2022-03-28 21:20:16 Restart pause, 300 second(s)

@neildeadman
Copy link

you could try adding the environment variable - DEBUG=trace to get more info, but this looks like a TLS handshake error and something to do with using UDP, but it is a little beyond my knowledge. Sorry.

@titou4307
Copy link
Author

I have had the line in the stack and restart all...

Here the logs :

2022-03-28 22:05:52 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-03-28 22:05:52 OpenVPN 2.5.4 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022-03-28 22:05:52 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-03-28 22:05:52 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-03-28 22:05:52 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-03-28 22:05:52 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 22:05:52 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-03-28 22:05:52 TCP/UDP: Preserving recently used remote address: [AF_INET]138.199.16.37:1194
2022-03-28 22:05:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-28 22:05:52 UDP link local: (not bound)
2022-03-28 22:05:52 UDP link remote: [AF_INET]138.199.16.37:1194
2022-03-28 22:05:52 TLS: Initial packet from [AF_INET]138.199.16.37:1194, sid=e1350179 9f8538ff
2022-03-28 22:05:52 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2022-03-28 22:05:52 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
2022-03-28 22:05:52 VERIFY KU OK
2022-03-28 22:05:52 Validating certificate extended key usage
2022-03-28 22:05:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-03-28 22:05:52 VERIFY EKU OK
2022-03-28 22:05:52 VERIFY OK: depth=0, CN=fr795.nordvpn.com
2022-03-28 22:05:54 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-03-28 22:05:54 [fr795.nordvpn.com] Peer Connection Initiated with [AF_INET]138.199.16.37:1194
2022-03-28 22:05:55 SENT CONTROL [fr795.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2022-03-28 22:05:55 AUTH: Received control message: AUTH_FAILED
2022-03-28 22:05:55 SIGTERM[soft,auth-failure] received, process exiting

  • authfile=/tmp/auth
  • ovpnfile=/tmp/nordvpn.ovpn
  • exec sg nordvpn -c 'openvpn --config /tmp/nordvpn.ovpn --auth-user-pass /tmp/auth --auth-nocache --mute-replay-warnings'
    2022-03-28 22:05:55 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
    2022-03-28 22:05:55 OpenVPN 2.5.4 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
    2022-03-28 22:05:55 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
    2022-03-28 22:05:55 WARNING: --ping should normally be used with --ping-restart or --ping-exit
    2022-03-28 22:05:55 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    2022-03-28 22:05:55 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2022-03-28 22:05:55 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2022-03-28 22:05:55 TCP/UDP: Preserving recently used remote address: [AF_INET]138.199.16.37:1194
    2022-03-28 22:05:55 Socket Buffers: R=[212992->212992] S=[212992->212992]
    2022-03-28 22:05:55 UDP link local: (not bound)
    2022-03-28 22:05:55 UDP link remote: [AF_INET]138.199.16.37:1194
    2022-03-28 22:05:55 TLS: Initial packet from [AF_INET]138.199.16.37:1194, sid=87c5c6f1 3179966d
    2022-03-28 22:05:55 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
    2022-03-28 22:05:55 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
    2022-03-28 22:05:55 VERIFY KU OK
    2022-03-28 22:05:55 Validating certificate extended key usage
    2022-03-28 22:05:55 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    2022-03-28 22:05:55 VERIFY EKU OK
    2022-03-28 22:05:55 VERIFY OK: depth=0, CN=fr795.nordvpn.com
    2022-03-28 22:05:58 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
    2022-03-28 22:05:58 [fr795.nordvpn.com] Peer Connection Initiated with [AF_INET]138.199.16.37:1194
    2022-03-28 22:05:59 SENT CONTROL [fr795.nordvpn.com]: 'PUSH_REQUEST' (status=1)
    2022-03-28 22:05:59 AUTH: Received control message: AUTH_FAILED
    2022-03-28 22:05:59 SIGTERM[soft,auth-failure] received, process exiting
  • authfile=/tmp/auth
  • ovpnfile=/tmp/nordvpn.ovpn
  • exec sg nordvpn -c 'openvpn --config /tmp/nordvpn.ovpn --auth-user-pass /tmp/auth --auth-nocache --mute-replay-warnings'
    2022-03-28 22:05:59 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
    2022-03-28 22:05:59 OpenVPN 2.5.4 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
    2022-03-28 22:05:59 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
    2022-03-28 22:05:59 WARNING: --ping should normally be used with --ping-restart or --ping-exit
    2022-03-28 22:05:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    2022-03-28 22:05:59 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2022-03-28 22:05:59 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2022-03-28 22:05:59 TCP/UDP: Preserving recently used remote address: [AF_INET]138.199.16.37:1194
    2022-03-28 22:05:59 Socket Buffers: R=[212992->212992] S=[212992->212992]
    2022-03-28 22:05:59 UDP link local: (not bound)
    2022-03-28 22:05:59 UDP link remote: [AF_INET]138.199.16.37:1194
    2022-03-28 22:05:59 TLS: Initial packet from [AF_INET]138.199.16.37:1194, sid=2c4687e2 8a379e68
    2022-03-28 22:05:59 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
    2022-03-28 22:05:59 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
    2022-03-28 22:05:59 VERIFY KU OK
    2022-03-28 22:05:59 Validating certificate extended key usage
    2022-03-28 22:05:59 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    2022-03-28 22:05:59 VERIFY EKU OK
    2022-03-28 22:05:59 VERIFY OK: depth=0, CN=fr795.nordvpn.com
    2022-03-28 22:06:01 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
    2022-03-28 22:06:01 [fr795.nordvpn.com] Peer Connection Initiated with [AF_INET]138.199.16.37:1194
    2022-03-28 22:06:02 SENT CONTROL [fr795.nordvpn.com]: 'PUSH_REQUEST' (status=1)
    2022-03-28 22:06:02 AUTH: Received control message: AUTH_FAILED
    2022-03-28 22:06:02 SIGTERM[soft,auth-failure] received, process exiting
  • authfile=/tmp/auth
  • ovpnfile=/tmp/nordvpn.ovpn
  • exec sg nordvpn -c 'openvpn --config /tmp/nordvpn.ovpn --auth-user-pass /tmp/auth --auth-nocache --mute-replay-warnings'
    2022-03-28 22:06:02 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
    2022-03-28 22:06:02 OpenVPN 2.5.4 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
    2022-03-28 22:06:02 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
    2022-03-28 22:06:02 WARNING: --ping should normally be used with --ping-restart or --ping-exit
    2022-03-28 22:06:02 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    2022-03-28 22:06:02 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2022-03-28 22:06:02 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2022-03-28 22:06:02 TCP/UDP: Preserving recently used remote address: [AF_INET]138.199.16.37:1194
    2022-03-28 22:06:02 Socket Buffers: R=[212992->212992] S=[212992->212992]
    2022-03-28 22:06:02 UDP link local: (not bound)
    2022-03-28 22:06:02 UDP link remote: [AF_INET]138.199.16.37:1194
    2022-03-28 22:06:02 TLS: Initial packet from [AF_INET]138.199.16.37:1194, sid=3d0fab59 751a7be5
    2022-03-28 22:06:02 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
    2022-03-28 22:06:02 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
    2022-03-28 22:06:02 VERIFY KU OK
    2022-03-28 22:06:02 Validating certificate extended key usage
    2022-03-28 22:06:02 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    2022-03-28 22:06:02 VERIFY EKU OK
    2022-03-28 22:06:02 VERIFY OK: depth=0, CN=fr795.nordvpn.com

@titou4307
Copy link
Author

Hello at all

Does anyone could help me ?

Thanks

@svaningelgem
Copy link 

2022-03-28 22:05:59 AUTH: Received control message: AUTH_FAILED

So your username & password is wrong.
When you go to https://my.nordaccount.com/dashboard/nordvpn/, scroll down you'll see: Service credentials (manual setup).

image

Additionally, I have this set too: TECHNOLOGY=openvpn_tcp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@neildeadman @svaningelgem @titou4307