Open titou4307 opened 2 years ago
[USER should be just - USER
CHECK_CONNECTION_CRON="/5 " -e CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion
should be
plus missing a * in CRON.
Try this:
version: "3"
services:
vpn:
image: azinchen/nordvpn:latest
container_name: nordvpn-user-pass # Nom donné au container
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=XXXXXXXXXXXXXXX # Adresse mail du compte
- PASS=XXXXXXXXXXXXX # Mot de passe du compte
- COUNTRY=France
- GROUP=Standard VPN servers
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */3 * * *
- CHECK_CONNECTION_CRON="/5 * * * *"
- CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion Internet
- NETWORK=192.168.1.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 5800:5800 # Port des autres containers susceptibles d’utiliser cet accès VPN
restart: unless-stopped
Hi @neildeadman
Many thanks for your first help, I have mod the stack
version: "3" services: vpn: image: azinchen/nordvpn:latest container_name: nordvpn-v4 # Nom donné au container cap_add:
Impossible to have access to internet.... I'm using other container (jdownloader under port 5800.....)
In the container VPN here : curl ifconfig.me give no information (like if it impossible, no response....)
Can you post the logs of the container?
Here the copy of the logs :
2022-03-28 20:57:00 TLS Error: TLS handshake failed 2022-03-28 20:57:00 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 20:57:00 Restart pause, 5 second(s) 2022-03-28 20:57:05 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 20:57:05 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 20:57:05 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 20:57:05 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 20:57:05 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 20:57:05 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 20:57:05 UDP link local: (not bound) 2022-03-28 20:57:05 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 20:58:05 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 20:58:05 TLS Error: TLS handshake failed 2022-03-28 20:58:05 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 20:58:05 Restart pause, 10 second(s) 2022-03-28 20:58:15 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 20:58:15 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 20:58:15 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 20:58:15 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 20:58:15 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 20:58:15 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 20:58:15 UDP link local: (not bound) 2022-03-28 20:58:15 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 20:59:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 20:59:16 TLS Error: TLS handshake failed 2022-03-28 20:59:16 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 20:59:16 Restart pause, 20 second(s) 2022-03-28 20:59:36 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 20:59:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 20:59:36 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 20:59:36 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 20:59:36 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 20:59:36 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 20:59:36 UDP link local: (not bound) 2022-03-28 20:59:36 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 21:00:36 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 21:00:36 TLS Error: TLS handshake failed 2022-03-28 21:00:36 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 21:00:36 Restart pause, 40 second(s) 2022-03-28 21:01:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 21:01:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 21:01:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:01:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:01:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 21:01:16 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 21:01:16 UDP link local: (not bound) 2022-03-28 21:01:16 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 21:02:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 21:02:16 TLS Error: TLS handshake failed 2022-03-28 21:02:16 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 21:02:16 Restart pause, 80 second(s) 2022-03-28 21:03:36 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 21:03:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 21:03:36 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:03:36 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:03:36 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 21:03:36 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 21:03:36 UDP link local: (not bound) 2022-03-28 21:03:36 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 21:04:36 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 21:04:36 TLS Error: TLS handshake failed 2022-03-28 21:04:36 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 21:04:36 Restart pause, 160 second(s) /bin/ash: *: not found 2022-03-28 21:07:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 21:07:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 21:07:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:07:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:07:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 21:07:16 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 21:07:16 UDP link local: (not bound) 2022-03-28 21:07:16 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 21:08:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 21:08:16 TLS Error: TLS handshake failed 2022-03-28 21:08:16 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 21:08:16 Restart pause, 300 second(s) 2022-03-28 21:13:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 21:13:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 21:13:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:13:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:13:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 21:13:16 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 21:13:16 UDP link local: (not bound) 2022-03-28 21:13:16 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 21:14:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 21:14:16 TLS Error: TLS handshake failed 2022-03-28 21:14:16 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 21:14:16 Restart pause, 300 second(s) 2022-03-28 21:19:16 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 21:19:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 21:19:16 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:19:16 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 21:19:16 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.212.15:1194 2022-03-28 21:19:16 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 21:19:16 UDP link local: (not bound) 2022-03-28 21:19:16 UDP link remote: [AF_INET]178.249.212.15:1194 2022-03-28 21:20:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-28 21:20:16 TLS Error: TLS handshake failed 2022-03-28 21:20:16 SIGUSR1[soft,tls-error] received, process restarting 2022-03-28 21:20:16 Restart pause, 300 second(s)
you could try adding the environment variable - DEBUG=trace
to get more info, but this looks like a TLS handshake error and something to do with using UDP, but it is a little beyond my knowledge. Sorry.
I have had the line in the stack and restart all...
Here the logs :
2022-03-28 22:05:52 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2022-03-28 22:05:52 OpenVPN 2.5.4 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021 2022-03-28 22:05:52 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 2022-03-28 22:05:52 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2022-03-28 22:05:52 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-03-28 22:05:52 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 22:05:52 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2022-03-28 22:05:52 TCP/UDP: Preserving recently used remote address: [AF_INET]138.199.16.37:1194 2022-03-28 22:05:52 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-03-28 22:05:52 UDP link local: (not bound) 2022-03-28 22:05:52 UDP link remote: [AF_INET]138.199.16.37:1194 2022-03-28 22:05:52 TLS: Initial packet from [AF_INET]138.199.16.37:1194, sid=e1350179 9f8538ff 2022-03-28 22:05:52 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2022-03-28 22:05:52 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7 2022-03-28 22:05:52 VERIFY KU OK 2022-03-28 22:05:52 Validating certificate extended key usage 2022-03-28 22:05:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-03-28 22:05:52 VERIFY EKU OK 2022-03-28 22:05:52 VERIFY OK: depth=0, CN=fr795.nordvpn.com 2022-03-28 22:05:54 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2022-03-28 22:05:54 [fr795.nordvpn.com] Peer Connection Initiated with [AF_INET]138.199.16.37:1194 2022-03-28 22:05:55 SENT CONTROL [fr795.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2022-03-28 22:05:55 AUTH: Received control message: AUTH_FAILED 2022-03-28 22:05:55 SIGTERM[soft,auth-failure] received, process exiting
Hello at all
Does anyone could help me ?
Thanks
2022-03-28 22:05:59 AUTH: Received control message: AUTH_FAILED
So your username & password is wrong.
When you go to https://my.nordaccount.com/dashboard/nordvpn/, scroll down you'll see: Service credentials (manual setup)
.
Additionally, I have this set too: TECHNOLOGY=openvpn_tcp
Hello
I'm trying this config file under docker compose in Portainer (Host = Pi4 8Gb)
version: "3" services: vpn: image: azinchen/nordvpn:latest container_name: nordvpn-user-pass # Nom donné au container cap_add:
Is anyone can "read" this config and say me where is the BUG