NordVPN stopped working

[Arathonk]

Since today NordVPN stopped working, I reinstalled and correctly filled in my login, but its giving me an message saying it can't connect. Logfile: https://paste.kodi.tv/uqopeqagad

[Zomboided]

Thanks for the debug, I can see that it doesn't connect with an auth error. I have no idea why this is and I don't have a Nord subscription to know if something has changed so I'm not sure I can add anything to this right now.

On Mon, Apr 3, 2023 at 2:12 PM Arathonk @.***> wrote:

Since today NordVPN stopped working, I reinstalled and correctly filled in my login, but its giving me an message saying it can't connect. Logfile: https://paste.kodi.tv/uqopeqagad

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZL54U3FLAZV3LT466DW7LEEPANCNFSM6AAAAAAWRJYDNA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[Arathonk]

Is there anything I can do to help you fix it? By the way I just tried the User Defined option, and that way I actually can login for some reason.. Logfile: https://paste.kodi.tv/kunihemepi

[Zomboided]

You're failing to log into the Nord API service to be able to get the 'best' server based on your location. This will return an ovpn file, which is then used to log into the VPN. You're "just" manually doing the last piece...the issue is the with the Nord API piece. This is your best approach for now, but Nord change servers often so you'll be changing this semi-regularly.

I'd need to know what Nord has changed and see their new API, I'm not sure that's something you can help with.

On Mon, Apr 3, 2023 at 2:42 PM Arathonk @.***> wrote:

Is there anything I can do to help you fix it? By the way I just tried the User Defined option, and that way I actually can login for some reason.. Logfile: https://paste.kodi.tv/kunihemepi

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1494347592, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZPGCSF4XE3KYKAKLC3W7LHUJANCNFSM6AAAAAAWRJYDNA . You are receiving this because you commented.Message ID: @.***>

[peno64]

I am also using NordVPN on kodi with this addon and I just tried it and I have no problem. I tried two times to connect and disconnect and that worked ok. @Arathonk Did you change something to your NordVPN account? Change password, enable two factor auth or something like that?

[Arathonk]

No not at all, I checked and two factor auth is off and password has been the same for a long time, I can login on other devices no problem, so that's what makes it weird. Also because the user defined works, and that also uses the login info, password and two factor shouldn't be the issue.

[peno64]

From your log file I see you are have a simular configuration as me with quite the same addons. I also use LibreElec with kodi 20.1. I run this on a rpi4. I guess you are from The Netherlands, I am from Belgium. I will try to connect to a Dutch vpn.

[Arathonk]

Belgium vpn is the same, I doesn't get passed the login from api stage..

[peno64]

Just tried it. Netherlands and Belgium works without a problem here. No special characters in your password? Not to long or to short? Maybe something changed that these don't work anymore... On the other had you do say that it works with user defined. Have you tried editing settings.xml from the zomboided addon and look there if the password is really as you expect it?

[peno64]

Isn't this strange in the log:

2023-04-03 14:54:06.862 T:1069 info : 2023-04-03 14:52:46 WARNING: file '/storage/.kodi/addons/service.vpn.manager/NordVPN/pass.txt' is group or others accessible 2023-04-03 14:54:06.862 T:1069 info : 2023-04-03 14:52:46 OpenVPN 2.5.8 armv8a-libreelec-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD] built on Mar 18 2023 2023-04-03 14:54:06.862 T:1069 info : 2023-04-03 14:52:46 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10 2023-04-03 14:54:06.863 T:1069 info : 2023-04-03 14:52:46 Error reading username from Auth authfile: /storage/.kodi/addons/service.vpn.manager/NordVPN/pass.txt 2023-04-03 14:54:06.863 T:1069 info : 2023-04-03 14:52:46 Exiting due to fatal error

And then it says:

2023-04-03 14:54:15.679 T:1210 error : VPN Mgr : (alternativeNord.py) Couldn't authenticate with NordVPN 2023-04-03 14:54:15.679 T:1210 error : VPN Mgr : (alternativeNord.py) API call was https://api.nordvpn.com/v1/users/tokens, username=wvannoort%40hotmail.com&password=**** 2023-04-03 14:54:15.679 T:1210 error : VPN Mgr : (alternativeNord.py) Response was 401 Unauthorized

It really looks like an issue with the password

[Zomboided]

Oh well spotted, I noticed that it was failing it's original authorisation, but missed the fact it wasn't reading the file. Maybe delete /storage/.kodi/addons/service.vpn.manager/NordVPN/pass.txt and enter your details again. Bad SD card maybe?

On Mon, Apr 3, 2023 at 5:21 PM peno64 @.***> wrote:

Isn't this strange in the log:

2023-04-03 14:54:06.862 T:1069 info : 2023-04-03 14:52:46 WARNING: file '/storage/.kodi/addons/service.vpn.manager/NordVPN/pass.txt' is group or others accessible 2023-04-03 14:54:06.862 T:1069 info : 2023-04-03 14:52:46 OpenVPN 2.5.8 armv8a-libreelec-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD] built on Mar 18 2023 2023-04-03 14:54:06.862 T:1069 info : 2023-04-03 14:52:46 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10 2023-04-03 14:54:06.863 T:1069 info : 2023-04-03 14:52:46 Error reading username from Auth authfile: /storage/.kodi/addons/service.vpn.manager/NordVPN/pass.txt 2023-04-03 14:54:06.863 T:1069 info : 2023-04-03 14:52:46 Exiting due to fatal error

And then it says:

2023-04-03 14:54:15.679 T:1210 error : VPN Mgr : (alternativeNord.py) Couldn't authenticate with NordVPN 2023-04-03 14:54:15.679 T:1210 error : VPN Mgr : (alternativeNord.py) API call was https://api.nordvpn.com/v1/users/tokens, username=wvannoort% 40hotmail.com&password=**** 2023-04-03 14:54:15.679 T:1210 error : VPN Mgr : (alternativeNord.py) Response was 401 Unauthorized

It really looks like an issue with the password

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1494621207, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZLCZLGCOBYCIR2OUDLW7L2JJANCNFSM6AAAAAAWRJYDNA . You are receiving this because you commented.Message ID: @.***>

[BrodjagaRatnik]

/storage/.kodi/addons/service.vpn.manager/NordVPN/pass.txt is empty after I connected to NordVPN

[kpisacic]

Something has really changed in NordVPN API. My installation also stopped working today. Credentials are correct, tested it from other VPN client and directly on nordaccount.com I also tried through SoapUI - and response is:

HTTP/1.1 401 Unauthorized
Date: Mon, 03 Apr 2023 19:35:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-host-signature: ****
x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
x-digest: *************
x-signature: *************
x-accept-before: 1680593745
CF-Cache-Status: DYNAMIC
Set-Cookie: *******; path=/; expires=Mon, 03-Apr-23 20:05:45 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 7b23c1ac2dddc223-VIE
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

{ "errors": { "code": 100110, "message": "Invalid renew token" } }

It does not return "token" and "renew_token" as authenticateNordVPN expects.

Also tried with "service credentials" instead or real credentials - but behaves the same.

[peno64]

I just tried again and it still worked... I rebooted my device and tried again and now it doesn't work anymore. So something was still in cache that made it still work and now after reboot it doesn't anymore...

[Zomboided]

Yeah, it caches the authentication token so you don't have to sign in each time the API is used....guess this support is dead now, sorry all.

On Mon, Apr 3, 2023 at 10:32 PM peno64 @.***> wrote:

I just tried again and it still worked... I rebooted my device and tried again and now it doesn't work anymore. So something was still in cache that made it still work and now after reboot it doesn't anymore...

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1495013623, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZOC7Y5WQF3TOOI3TCTW7M6XXANCNFSM6AAAAAAWRJYDNA . You are receiving this because you commented.Message ID: @.***>

[peno64]

I am talking with a nordvpn person atm...

[peno64]

I wonder if this is the problem: https://support.nordvpn.com/Connectivity/Linux/1905092252/How-to-log-in-to-NordVPN-on-Linux-with-a-token.htm

[Arathonk]

I wonder if this is the problem: https://support.nordvpn.com/Connectivity/Linux/1905092252/How-to-log-in-to-NordVPN-on-Linux-with-a-token.htm

That would be worth trying right? Can that be edited into the pass.txt somehow?

[peno64]

I think the current tapi call https://api.nordvpn.com/v1/users/tokens, username=xxxxx&password=**** must be replaced by something that provides the token.

Btw, the token can be generated on the nordvpn page

[peno64]

Another strange thing is that on the page https://my.nordaccount.com/nl/dashboard/nordvpn/ it shows a user name and password Both are however not the user name and password we used to use to login to nordvpn. So I tried to use that information but it still doesn't work, unfortunately...

Anyone smarter than me who can figure this out? I have to go to sleep...

[tlaurion]

Broke for me too... Login works, vpn on qubes vpn works as well

user@sys-nordvpn:~$ nordvpn connect
Connecting to Canada #1457 (ca1457.nordvpn.com)
You are connected to Canada #1457 (ca1457.nordvpn.com)!

[tlaurion]

As said previously, canadians and worldwide would profit from riseupvpn, but I can hardly let go on nordvpn as well. Anything I can do to help here? Lots of device in the field without access relying on that subscription to provide their services. Anything I can do here to help would pass in my community hours of devotion. Cheap if not free anonimity should not be dismissed.

[mqttnodered]

Not sure what NordVPN have done but it also broke for me. I did find a quick work around though. Reset all the OpenVPN settings (or just uninstall and reinstall) and use the UserDefined settings. Download a couple of .ovpn config files from NordVpn https://nordvpn.com/ovpn/ and also find your Service Credentials for manual setup. These are located on your dashboard page after you select the 'NordVPN' service. The Username and Password generated here will now be your login details for OpenVPN. You will need to import the .ovpn config files through the OpenVPN settings wizard for all the servers you have. Note that they will probably change over time so I'm not sure how stable this will be going forward.

It looks like Nord allow your original Un and Pwd to log into any of the official NordVPN apps, but any third-party VPN client may have to use the alternative service credentials.

[Arathonk]

Not sure what NordVPN have done but it also broke for me. I did find a quick work around though. Reset all the OpenVPN settings (or just uninstall and reinstall) and use the UserDefined settings. Download a couple of .ovpn config files from NordVpn https://nordvpn.com/ovpn/ and also find your Service Credentials for manual setup. These are located on your dashboard page after you select the 'NordVPN' service. The Username and Password generated here will now be your login details for OpenVPN. You will need to import the .ovpn config files through the OpenVPN settings wizard for all the servers you have. Note that they will probably change over time so I'm not sure how stable this will be going forward.

It looks like Nord allow your original Un and Pwd to log into any of the official NordVPN apps, but any third-party VPN client may have to use the alternative service credentials.

The original username and password worked for me when trying user defined tho

[Zomboided]

To fix this, I'd need access to the Nord API documentation, which I don't have anymore. Currently it uses your username and password to log on to get a token to do 'things', but maybe that support link above is really saying that the only way to get a token now is to generate it using their website. As @mqttnodered and others have said, the way to use Nord is now is by downloading the ovpn files and using the wizard. It's a shame because the integration with their API made this one of the better options to use.

On Tue, Apr 4, 2023 at 7:27 AM Arathonk @.***> wrote:

Not sure what NordVPN have done but it also broke for me. I did find a quick work around though. Reset all the OpenVPN settings (or just uninstall and reinstall) and use the UserDefined settings. Download a couple of .ovpn config files from NordVpn https://nordvpn.com/ovpn/ and also find your Service Credentials for manual setup. These are located on your dashboard page after you select the 'NordVPN' service. The Username and Password generated here will now be your login details for OpenVPN. You will need to import the .ovpn config files through the OpenVPN settings wizard for all the servers you have. Note that they will probably change over time so I'm not sure how stable this will be going forward.

It looks like Nord allow your original Un and Pwd to log into any of the official NordVPN apps, but any third-party VPN client may have to use the alternative service credentials.

The original username and password worked for me when trying user defined tho

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1495418826, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZKAZ7T5VWHVITY5GU3W7O5M5ANCNFSM6AAAAAAWRJYDNA . You are receiving this because you commented.Message ID: @.***>

[peno64]

I suggest that everyone of us sends a mail to support@nordvpn.com to report the issue to them to give some pressure. Also say that their scripts are still python2 and don't work at all anymore with the current kodi versions.

[Arathonk]

I suggest that everyone of us sends a mail to support@nordvpn.com to report the issue to them to give some pressure. Also say that their scripts are still python2 and don't work at all anymore with the current kodi versions.

Would you care giving us a template to mail them? As I have no idea how to compress this into an email.

[peno64]

Everyone should say it is his own words I think or it will look as spam

[kpisacic]

Would it be possible to utilize generated static token based authorization ( https://support.nordvpn.com/Connectivity/Linux/1905092252/How-to-log-in-to-NordVPN-on-Linux-with-a-token.htm ) ? To skip all username/password authorization to get temporary token, and instead use token manually generated on nordVpn page as described in instructions from some configuration variable? Would it work to only return this token from some configuration in def getTokenNordVPN() ?

[Arathonk]

I would say it would be possible to implement that, but I don't have any coding experience, so I guess that's up to @Zomboided or anyone else that knows how to do this.

[Zomboided]

The authenticateNordVPN and renewNordVPN functions would need to be dealt with as the API they both use looks to have gone away. They both record a valid token using setToken once it's successfully accessed for future use. Whether hacking these to use the downloaded token would work is for someone with access to try out.

On Tue, Apr 4, 2023 at 9:44 AM Arathonk @.***> wrote:

I would say it would be possible to implement that, but I don't have any coding experience, so I guess that's up to @Zomboided https://github.com/Zomboided or anyone else that knows how to do this.

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1495582283, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZOF3VV24FZJ37TIMG3W7PNPDANCNFSM6AAAAAAWRJYDNA . You are receiving this because you were mentioned.Message ID: @.***>

[MichaelLikesJazz]

I've send a message to NordVPN directly. However, I do not think that they'll change their process.

I am open to support here due to the fact that I am in the need of solution.

In addition, is there a way for a quick fix for LibreElec / Kodi etc. to use NordVPN until the fix of Zomboided?

[Arathonk]

I've send a message to NordVPN directly. However, I do not think that they'll change their process.

I am open to support here due to the fact that I am in the need of solution.

In addition, is there a way for a quick fix for LibreElec / Kodi etc. to use NordVPN until the fix of Zomboided?

The quick fix is using user defined with your usual login, that works for me.

[tlaurion]

Sent an email pointing to https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1495423130 with subject: "Upstream API change broke downstream VPN application", urging them to revert the change done 2 days ago which broke access to raspberries in remote locations, inaccessible to fix for me.

[mikfrase]

I started having same issue 2 days ago, RasPi4 with LibreELEC, Kodi 19.5 Matrix. I have sent NorrdVPN a support concern about this. Following, I will attempt to resolve with what I am learning here.

[MichaelLikesJazz]

I've send a message to NordVPN directly. However, I do not think that they'll change their process. I am open to support here due to the fact that I am in the need of solution. In addition, is there a way for a quick fix for LibreElec / Kodi etc. to use NordVPN until the fix of Zomboided?

The quick fix is using user defined with your usual login, that works for me.

Many thanks! Works well as a workaround.

[kpisacic]

I have added code below into alternativeNord.py:

• added "return True" into start of authenticateNordVPN
• added reading of token from config "vpn_password" and returning token in start of getTokenNordVPN

I stored token from NordVPN profile page into configuration "vpn_password" - and then wizard and connectivity works fine without authorization (it downloads countries, chooses best server, connect).

# diff alternativeNord.py.old alternativeNord.py
48a49,53
>     # start - workaround NordVPN issues
>     return True
>     # end - workaround NordVPN issues
> 
> 
118a124,129
>     # start - workaround for NordVPN API issues
>     addon = xbmcaddon.Addon(getID())
>     token = addon.getSetting("vpn_password")
>     return token
>     # end - workaround for NordVPN issues
> 

I think best solution would be:

• add "vpn_token" as configuration of addon (screen, config file),
• if "vpn_token" populated, return True from authenticateNordVPN
• if "vpn_token" populated, return value of "vpn_token" from getTokenNordVPN

I would like to add this, but even do know some python, i don't have a clue how to add config parameter in Kodi addon.

br,k.

[peno64]

@kpisacic

If @Zomboided doesn't have time or interest to make these change I would gladly do them.

I have modified and even created some simple addons in the past so I am confident I can do this.

[Zomboided]

Yeah, my interest in this addon is low because I don't use it any more. Happy to guide @peno64 in doing it and looking at a change request. I don't know the best way of adding a token though, whether it's to replace the user ID/password, or whether it's to create a separate field which would appear if Nord is selected. The config xml is already horrendously fragile so you'd need to be super careful doing that. Once you have that, you'd just need to work through the authorisation stuff and test the error conditions. Turn on full json tracing and you'll see what's going on. Probably you don't need to renew, but maybe the renew mechanism is to return the same token anyway. Hit me up if you have questions.

On Tue, Apr 4, 2023 at 6:16 PM peno64 @.***> wrote:

@kpisacic https://github.com/kpisacic

If @Zomboided https://github.com/Zomboided doesn't have time or interest to make these change I would gladly do them.

I have modified and even created some simple addons in the past so I am confident I can do this.

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1496329044, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZINR5QRMI3UAVTBUNDW7RJPVANCNFSM6AAAAAAWRJYDNA . You are receiving this because you were mentioned.Message ID: @.***>

[FatFreddysDog]

Ive got the same issue contacted NordVPN and they wont tell me what theyve changed or help with 3rd party apps , however they did say this

[FatFreddysDog]

also if i use user defined what folder do i drop the openvpn files into ?

[peno64]

@FatFreddysDog That doesn't matter. Just a place that can be accessed by kodi. The vpn manager wizard will ask for the file (directory or file) and you choose the location where you put it. The wizard will then copy it to the location where it is actually needed and even make modifications in it.

[FatFreddysDog]

@FatFreddysDog That doesn't matter. Just a place that can be accessed by kodi. The vpn manager wizard will ask for the file (directory or file) and you choose the location where you put it. The wizard will then copy it to the location where it is actually needed and even make modifications in it.

brill cheers

[peno64]

@kpisacic

You say: "I stored token from NordVPN profile page into configuration "vpn_password"

What do you exactly mean by this? Do you mean that you edited addon_data/service.vpn.manager/settings.xml with a text editor and changed vpn_password to the token, save and that it?

[peno64]

@Zomboided

I don't know the best way of adding a token though, whether it's to replace the user ID/password, or whether it's to create a separate field which would appear if Nord is selected.

Wouldn't the easiest thing not be to rename the current label "User name" to "User name/Token" and provide an info label that it will be used as User name if there is a password entered and as token if no password is provided? Loging in with a user name without a password isn't possible anyway. Most probably not a solution that will win a price but it would require the least of work.

[Zomboided]

Yeah kinda, but you've seen the bug reports....expect a lot of 'where do I get the token from' questions from non Nord users. I would not do it this way, even as a quick hack, I'd fiddle wtih the xml until it worked. I think it also offers you a way of telling Nord users via a line of text instead of the password to 'Get token from your Nord account' or something more meaningful. Not everyone is invested in this stuff...they just want to steal TV.

On Tue, Apr 4, 2023 at 7:56 PM peno64 @.***> wrote:

@Zomboided https://github.com/Zomboided

I don't know the best way of adding a token though, whether it's to replace the user ID/password, or whether it's to create a separate field which would appear if Nord is selected.

Wouldn't the easiest thing not be to rename the current label "User name" to "User name/Token" and provide an info label that it will be used as User name if there is a password entered and as token if no password is provided? Loging in with a user name without a password isn't possible anyway. Most probably not a solution that will win a price but it would require the least of work.

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/393#issuecomment-1496451110, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZLJ4ZT3JQGDBQYWODLW7RVHNANCNFSM6AAAAAAWRJYDNA . You are receiving this because you were mentioned.Message ID: @.***>

[peno64]

@Zomboided

ok will look into it

[peno64]

@kpisacic

I can confirm that your changes work great. Everything seems to work again as before with it.

Working on an update of the addon.

[Arathonk]

@kpisacic

I can confirm that your changes work great. Everything seems to work again as before with it.

Working on an update of the addon.

That would be great! I have no clue what to do 😅

[quickstang]

Glad I'm not alone. Same thing happened to me on my Pi4. I'll try the workaround until there is an update of the addon, because this addon is a lifesaver and so easy to use.

[peno64]

Ok, I just created a pull request to update the addon so that it works again with NordVPN. The version will becomme 7.0.2 Note that it will only work on kodi Matrix (19.x) and Nexus (20.x), not on kodi 19 (Leia) or lower.

Thanks to @kpisacic to find out how to fix it.

@Zomboided can you please accept the pull request and make a release of it.

Unfortunately it's not just updating the addon and all works again. There is a little more to it because it broke because NordVPN changed sommething to their api. It looks like it is no longer possible to login with user/password or at least we don't know how to do that with their changes. Fortunately it is possible to login via a token (which was previously determined via the login with user/password). So instead of providing your login credentials to the addon, now the token must be provided.

To get a token you must login via a browser to your NordVPN account and go to https://my.nordaccount.com/dashboard/nordvpn/

Scoll a bit down and there you will see a section Access Token and a button create new access token. Do that and there you will get the possibility to create a token for (I think) one month or a token that will never expire. If you create one for one month then you will have to repeat below procedure again after that time. I created a token that never expires.

Copy that token and keep it somewhere safe such that you can get it back because when this window is closed you will not be able to visualize it again via NordVPN. If you forget that token you will have to revoke the token first and then create a new one.

Now once this is done and you updated the service vpn manager addon go into the settings of the addon and do the following:

• Settings, VPN Configuration
• Note that for VPN Provider NordVPN you will see it no longer asks for a user name and password but for a token.
• If NordVPN was previously already configured, the settings are disabled and you must click on "Click here to update VPN settings"
• Press Yes on message box
• Enter the token you obtained via https://my.nordaccount.com/dashboard/nordvpn/
• Go to Settings, VPN Connections and setup at least your first connection and possible others (if you previously had nordvpn configured you have lost this and you must define the connections again. Fortunately its the only thing you loose)
• Press Ok on the settings to save.

Another way, if you know how to do this, is edit settings.xml under userdata/addon_data/service.vpn.manager with a text editor and add thte token like this:

<setting id="vpn_token">the token from the nordvpn website comes here</setting>

Save this and restart kodi. The advantage of this way is that you can copy/paste the token and you don't loose your existing configurations.

All should be ok now.