support for ARM (Raspberry pi)

[bennyb0y]

Any chance you could publish an ARM version?

standard_init_linux.go:211: exec user process caused "exec format error"

[Joentje]

I will take a look. Give me some time :)

[pipja]

@bennyb0y Hey there, After a lot of messing around, I made a dockerhub account, downloaded Docker Desktop, built and uploaded the docker containers for ARM at https://hub.docker.com/repository/docker/pipja/nordvpn-proxy Otherwise, you could also pull @Joentje 's git repo and build it directly on the pi, it will work as well.

Cheers.

[bennyb0y]

@pipja,

I just pulled it, and it looks like its working! Seems like the whole world is going arm anyway so I'm sure its good practice.

-b

[pipja]

I'm still trying to figure out how to specify the architectures for automated builds on dockerhub, but I doubt they have that atm.

[bennyb0y]

@pipja , Have you been able to get it to work? It looks like there are some cert issues now.

Tue Jun 30 17:40:51 2020 OpenVPN 2.4.7 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  5 2019,
Tue Jun 30 17:40:51 2020 library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.10,
Tue Jun 30 17:40:51 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit,
Tue Jun 30 17:40:51 2020 NOTE: --fast-io is disabled since we are not using UDP,
Tue Jun 30 17:40:51 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
Tue Jun 30 17:40:51 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
Tue Jun 30 17:40:51 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]179.61.196.27:443,
Tue Jun 30 17:40:51 2020 Socket Buffers: R=[131072->131072] S=[16384->16384],
Tue Jun 30 17:40:51 2020 Attempting to establish TCP connection with [AF_INET]179.61.196.27:443 [nonblock],
Tue Jun 30 17:40:52 2020 TCP connection established with [AF_INET]179.61.196.27:443,
Tue Jun 30 17:40:52 2020 TCP_CLIENT link local: (not bound),
Tue Jun 30 17:40:52 2020 TCP_CLIENT link remote: [AF_INET]179.61.196.27:443,
Tue Jun 30 17:40:52 2020 TLS: Initial packet from [AF_INET]179.61.196.27:443, sid=af73303f a5d166da,
Tue Jun 30 17:40:52 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this,
Tue Jun 30 17:40:52 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA,

From here it breaks:

Tue Jun 30 17:40:52 2020 VERIFY ERROR: depth=1, error=certificate has expired: C=PA, O=NordVPN, CN=NordVPN CA4,
Tue Jun 30 17:40:52 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed,
Tue Jun 30 17:40:52 2020 TLS_ERROR: BIO read tls_read_plaintext error,
Tue Jun 30 17:40:52 2020 TLS Error: TLS object -> incoming plaintext read error,
Tue Jun 30 17:40:52 2020 TLS Error: TLS handshake failed,
Tue Jun 30 17:40:52 2020 Fatal TLS error (check_tls_errors_co), restarting,
Tue Jun 30 17:40:52 2020 SIGUSR1[soft,tls-error] received, process restarting,
Tue Jun 30 17:40:52 2020 Restart pause, 5 second(s),**

[pipja]

yeah I get that too, I guess that is a NordVPN's certificate expiry problem.

EDIT: I just looked at the ovpn files, looks like NordVPN updated them last night, they have modified timestamp of 30/06/2020 8:43am UTC. That might be the reason why it's broken.

[pipja]

They tweetted about it here: https://twitter.com/NordVPN/status/1278141880220487680

[bennyb0y]

@pipja

Ahh, looks like a much bigger issue.

[Joentje]

@bennyb0y @pipja It should be fixed now

[Joentje]

I'm still trying to figure out how to specify the architectures for automated builds on dockerhub, but I doubt they have that atm.

I could not find that option, I think the only way is to use a thirdparty tool or build locally. Now I use automated triggers based on branches and tags.

[Joentje]

@bennyb0y You can now try the latest tag. I'm trying to fix it in #34