Open moorsey opened 3 years ago
Remove ' symbol from PASS and USER environment variables in docker-compose.yml file
environment:
- USER=***
- PASS=***
ah! Thanks so much, thought it needed to be quoted as showing on the example compose file, working great now, all up and running, thanks so much for the assistance and container!
Hello, thought I ran into the same issue, although it is the same result, I think it is something else, any help is appreciated:
2021-07-24 01:35:55 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-24 01:35:55 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-24 01:35:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-24 01:35:59 AUTH: Received control message: AUTH_FAILED
2021-07-24 01:35:59 SIGTERM[soft,auth-failure] received, process exiting
2021-07-24 01:35:59 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-24 01:35:59 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-24 01:36:04 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-24 01:36:07 AUTH: Received control message: AUTH_FAILED
2021-07-24 01:36:07 SIGTERM[soft,auth-failure] received, process exiting
2021-07-24 01:36:07 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-24 01:36:07 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-24 01:36:08 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
@kikearciniegas please provide me example of docker-compose.yaml
file with azinchen/nordvpn
image.
Sure thing.. pretty much a standard minimal configuration:
nordvpn:
image: azinchen/nordvpn
container_name: nordvpn
networks:
- avmedia
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
environment:
- USER=[redacted]
- PASS=[redacted]
- OPENVPN_OPTS=--mute-replay-warnings
- NETWORK=10.0.1.0/24
ports:
- 5320:80
- 5120:8112/tcp # deluge web-ui
- 62384:62384/tcp # deluge tcp
- 62384:62384/udp # deluge udp
restart: always
networks:
avmedia:
external: true
thanks...
Hi,
This might sound like a silly question but in the overview, the user is expressed as user@email.com - However, Nord were advising me to use my NordVPN Service Credentials, which are a string of random alphanumerics.
Should we be authenticating with NordVPN email and password, or the service credentials?
I can't log in using either method at the moment, I get "AUTH_FAILED".
I can successfully authenticate with NordVPN using my iPhone and the NordVPN App which seems to use OpenVPN and the service credential username is in my iPhone's VPN settings.
Cheers,
Karl
Hi @karlitros,
How did you run azinchen/nordvpn
, from cli or docker-compose?
Hi!
I ran it from cli:
sudo docker run -ti --cap-add=NET_ADMIN --device /dev/tun --name test_vpn -p 9091:9091 -e NETWORK=192.168.0.0/24 -e USER=SeRviCeCreDentiAlUserName -e PASS=ServiCeCreDentIalPassWoRd -d azinchen/nordvpn
In cli you should use quotation mark
sudo docker run -ti --cap-add=NET_ADMIN --device /dev/tun --name test_vpn -p 9091:9091 -e NETWORK="192.168.0.0/24" -e USER="SeRviCeCreDentiAlUserName" -e PASS="ServiCeCreDentIalPassWoRd" -d azinchen/nordvpn
Thanks for getting back to me!
I've encapsulated in quotes as you've said, here's my output:
2021-09-10 09:25:02 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-09-10 09:25:02 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-09-10 09:25:02 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-10 09:25:02 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-09-10 09:25:02 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-09-10 09:25:02 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 09:25:02 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 09:25:02 TCP/UDP: Preserving recently used remote address: [AF_INET]172.106.165.2:1194
2021-09-10 09:25:02 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-09-10 09:25:02 UDP link local: (not bound)
2021-09-10 09:25:02 UDP link remote: [AF_INET]172.106.165.2:1194
2021-09-10 09:25:02 TLS: Initial packet from [AF_INET]172.106.165.2:1194, sid=e0415615 354f7bc3
2021-09-10 09:25:02 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-09-10 09:25:02 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-09-10 09:25:02 VERIFY KU OK
2021-09-10 09:25:02 Validating certificate extended key usage
2021-09-10 09:25:02 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-09-10 09:25:02 VERIFY EKU OK
2021-09-10 09:25:02 VERIFY OK: depth=0, CN=us2926.nordvpn.com
2021-09-10 09:25:04 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-09-10 09:25:04 [us2926.nordvpn.com] Peer Connection Initiated with [AF_INET]172.106.165.2:1194
2021-09-10 09:25:05 SENT CONTROL [us2926.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-09-10 09:25:05 AUTH: Received control message: AUTH_FAILED
2021-09-10 09:25:05 SIGTERM[soft,auth-failure] received, process exiting
Edit: It's worth mentioning I've also tried taking the docker-compose file from the introduction, adding my credentials to that (without any quotes as you suggested to another person above), and still get the same AUTH_FAILED message when composing that way.
Also, I do specify in my CLI input that I don't have /dev/net/tun, I have /dev/tun - I saw a flash of an error when the container intialised referring to /dev/net/tun - Could it be anything to do with that, or would that be totally beside the point?
[cont-init.d] 60-createcron: executing...
[cont-init.d] 60-createcron: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
crond[405]: crond (busybox 1.33.1) started, log level 8
2021-09-10 10:44:05 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-09-10 10:44:05 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-09-10 10:44:05 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-10 10:44:05 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-09-10 10:44:05 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-09-10 10:44:05 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 10:44:05 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 10:44:05 TCP/UDP: Preserving recently used remote address: [AF_INET]155.94.242.5:1194
2021-09-10 10:44:05 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-09-10 10:44:05 UDP link local: (not bound)
2021-09-10 10:44:05 UDP link remote: [AF_INET]155.94.242.5:1194
2021-09-10 10:44:05 TLS: Initial packet from [AF_INET]155.94.242.5:1194, sid=c9945164 fdc71c3a
2021-09-10 10:44:05 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-09-10 10:44:05 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-09-10 10:44:05 VERIFY KU OK
2021-09-10 10:44:05 Validating certificate extended key usage
2021-09-10 10:44:05 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-09-10 10:44:05 VERIFY EKU OK
2021-09-10 10:44:05 VERIFY OK: depth=0, CN=us2902.nordvpn.com
2021-09-10 10:44:05 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-09-10 10:44:05 [us2902.nordvpn.com] Peer Connection Initiated with [AF_INET]155.94.242.5:1194
2021-09-10 10:44:07 SENT CONTROL [us2902.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-09-10 10:44:07 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.0.5 255.255.0.0,peer-id 1,cipher AES-256-GCM'
2021-09-10 10:44:07 OPTIONS IMPORT: timers and/or timeouts modified
2021-09-10 10:44:07 OPTIONS IMPORT: explicit notify parm(s) modified
2021-09-10 10:44:07 OPTIONS IMPORT: compression parms modified
2021-09-10 10:44:07 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-09-10 10:44:07 Socket Buffers: R=[212992->425984] S=[212992->425984]
2021-09-10 10:44:07 OPTIONS IMPORT: --ifconfig/up options modified
2021-09-10 10:44:07 OPTIONS IMPORT: route options modified
2021-09-10 10:44:07 OPTIONS IMPORT: route-related options modified
2021-09-10 10:44:07 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-09-10 10:44:07 OPTIONS IMPORT: peer-id set
2021-09-10 10:44:07 OPTIONS IMPORT: adjusting link_mtu to 1657
2021-09-10 10:44:07 OPTIONS IMPORT: data channel crypto options modified
2021-09-10 10:44:07 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-10 10:44:07 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-10 10:44:07 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-10 10:44:07 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
2021-09-10 10:44:07 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2021-09-10 10:44:07 Exiting due to fatal error
2021-09-10 10:44:07 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-09-10 10:44:07 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-09-10 10:44:07 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-10 10:44:07 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-09-10 10:44:07 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-09-10 10:44:07 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 10:44:07 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 10:44:07 TCP/UDP: Preserving recently used remote address: [AF_INET]155.94.242.5:1194
2021-09-10 10:44:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-09-10 10:44:07 UDP link local: (not bound)
2021-09-10 10:44:07 UDP link remote: [AF_INET]155.94.242.5:1194
2021-09-10 10:44:07 TLS: Initial packet from [AF_INET]155.94.242.5:1194, sid=03f0ce65 a8bb10f7
2021-09-10 10:44:07 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-09-10 10:44:07 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-09-10 10:44:07 VERIFY KU OK
2021-09-10 10:44:07 Validating certificate extended key usage
2021-09-10 10:44:07 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-09-10 10:44:07 VERIFY EKU OK
2021-09-10 10:44:07 VERIFY OK: depth=0, CN=us2902.nordvpn.com
2021-09-10 10:44:08 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-09-10 10:44:08 [us2902.nordvpn.com] Peer Connection Initiated with [AF_INET]155.94.242.5:1194
2021-09-10 10:44:09 SENT CONTROL [us2902.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-09-10 10:44:09 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.0.7 255.255.0.0,peer-id 4,cipher AES-256-GCM'
2021-09-10 10:44:09 OPTIONS IMPORT: timers and/or timeouts modified
2021-09-10 10:44:09 OPTIONS IMPORT: explicit notify parm(s) modified
2021-09-10 10:44:09 OPTIONS IMPORT: compression parms modified
2021-09-10 10:44:09 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-09-10 10:44:09 Socket Buffers: R=[212992->425984] S=[212992->425984]
2021-09-10 10:44:09 OPTIONS IMPORT: --ifconfig/up options modified
2021-09-10 10:44:09 OPTIONS IMPORT: route options modified
2021-09-10 10:44:09 OPTIONS IMPORT: route-related options modified
2021-09-10 10:44:09 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-09-10 10:44:09 OPTIONS IMPORT: peer-id set
2021-09-10 10:44:09 OPTIONS IMPORT: adjusting link_mtu to 1657
2021-09-10 10:44:09 OPTIONS IMPORT: data channel crypto options modified
2021-09-10 10:44:09 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-10 10:44:09 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-10 10:44:09 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-10 10:44:09 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
2021-09-10 10:44:09 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2021-09-10 10:44:09 Exiting due to fatal error
2021-09-10 10:44:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-09-10 10:44:09 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-09-10 10:44:09 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-10 10:44:09 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-09-10 10:44:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-09-10 10:44:09 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 10:44:09 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-09-10 10:44:09 TCP/UDP: Preserving recently used remote address: [AF_INET]155.94.242.5:1194
2021-09-10 10:44:09 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-09-10 10:44:09 UDP link local: (not bound)
2021-09-10 10:44:09 UDP link remote: [AF_INET]155.94.242.5:1194
2021-09-10 10:44:09 TLS: Initial packet from [AF_INET]155.94.242.5:1194, sid=f343f5aa f6f594e9
Finally, I can connect the same machine to Nord by specifying the same credentials and an openvpn config file specified by Nord, so I know my credentials are correct.
I do have the same problem here, but it gets even weirder. Apparently, it does make a difference whether I start the container by using docker run
or docker-compose.
Works (about 2/3 of the times I tried):
docker run --rm -ti --cap-add=NET_ADMIN --device /dev/net/tun -e USER="XXXXXXXXXX" -e PASS="XXXXXXXXXXXX" azinchen/nordvpn
Doesn't work:
version: "3"
services:
vpn:
image: azinchen/nordvpn
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
environment:
- USER="XXXXXXXXXXXXXXXXXXXXXXX"
- PASS="XXXXXXXXXXXXXXXXXXXXXXX"
#- COUNTRY=Germany
#- CONNECT=Germany
#- TECHNOLOGY=NordLynx
#- CATEGORY=P2P
#- RANDOM_TOP=10
#- RECREATE_VPN_CRON=5 */3 * * *
#- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 8080:80
#- 49160:49160/udp
- 49161:49161
restart: unless-stopped
Looks like, filtering servers might work incorrectly when embedded NordVPN config files are outdated. New servers are not excluded from filtering even when config file for these servers are not included to the container.
The container has been rebuild, NordVPN config files are up to date now. But definitely filter algorithm shall be reworked.
2021-10-11 13:04:14 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2021-10-11 13:04:14 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 2021-10-11 13:04:14 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 2021-10-11 13:04:14 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2021-10-11 13:04:14 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2021-10-11 13:04:14 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-10-11 13:04:14 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-10-11 13:04:14 TCP/UDP: Preserving recently used remote address: [AF_INET]152.89.204.203:1194 2021-10-11 13:04:14 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021-10-11 13:04:14 UDP link local: (not bound) 2021-10-11 13:04:14 UDP link remote: [AF_INET]152.89.204.203:1194 2021-10-11 13:04:14 TLS: Initial packet from [AF_INET]152.89.204.203:1194, sid=ef12b4c4 150d3ff5 2021-10-11 13:04:14 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2021-10-11 13:04:14 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 2021-10-11 13:04:14 VERIFY KU OK 2021-10-11 13:04:14 Validating certificate extended key usage 2021-10-11 13:04:14 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-10-11 13:04:14 VERIFY EKU OK 2021-10-11 13:04:14 VERIFY OK: depth=0, CN=us8508.nordvpn.com 2021-10-11 13:04:17 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-10-11 13:04:17 [us8508.nordvpn.com] Peer Connection Initiated with [AF_INET]152.89.204.203:1194 2021-10-11 13:04:18 SENT CONTROL [us8508.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2021-10-11 13:04:18 AUTH: Received control message: AUTH_FAILED 2021-10-11 13:04:18 SIGTERM[soft,auth-failure] received, process exiting
I too am receiving this message on infinite loop, even after updating with the latest container version as of this morning. I'm not quite sure when it started, but I think it was sometime in the last couple weeks. Previously, this container was running reliably.
I have updated as well, still does not work for me. I can't rule out the possibility that I am doing something wrong though
Server selection algorithm has been updated in PR #65, now NordVPN recommended API is used for server selection and filtering. Input parameters of the new container are changed, please update your configuration according to the changes.
Hi there, I'm still getting AUTH_FAILED messages, and I'm not sure why. I have updated to the latest docker image and updated my config file based on the readme. Everything was working until a few weeks ago when it (seemingly randomly) just stopped working.
Here is my compose:
vpn:
image: azinchen/nordvpn:latest
container_name: vpn
depends_on: []
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
restart: unless-stopped
ports:
- 9117:9117 # Jackett port
- 8112:8112 # Deluge WebUI port
environment:
- TZ=${TZ}
- RANDOM_TOP=5
- USER=${VPN_USER}
- PASS=${VPN_PASS}
- COUNTRY=United States
- GROUPS=legacy_p2p
- PROTOCOL=openvpn_udp
Note that VPN_USER and VPN_PASS are defined in my .env file; they use my email address and password (no spaces, no quotes).
Here is a dump of the output.
Select server "United States #6862" hostname="us6862.nordvpn.com" ip=64.44.140.35 protocol="udp"
Adding iptable rule for: 64.44.140.35 1194 udp
[cont-init.d] 50-createvpnconfig: exited 0.
[cont-init.d] 60-createcron: executing...
[cont-init.d] 60-createcron: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2021-10-27 11:38:01 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-10-27 11:38:01 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-10-27 11:38:01 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-10-27 11:38:01 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-10-27 11:38:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-27 11:38:01 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-27 11:38:01 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-27 11:38:01 TCP/UDP: Preserving recently used remote address: [AF_INET]64.44.140.35:1194
2021-10-27 11:38:01 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-10-27 11:38:01 UDP link local: (not bound)
2021-10-27 11:38:01 UDP link remote: [AF_INET]64.44.140.35:1194
2021-10-27 11:38:01 TLS: Initial packet from [AF_INET]64.44.140.35:1194, sid=7617095c 3058dec2
2021-10-27 11:38:01 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-10-27 11:38:01 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-10-27 11:38:01 VERIFY KU OK
2021-10-27 11:38:01 Validating certificate extended key usage
2021-10-27 11:38:01 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-27 11:38:01 VERIFY EKU OK
2021-10-27 11:38:01 VERIFY OK: depth=0, CN=us6862.nordvpn.com
2021-10-27 11:38:03 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-10-27 11:38:03 [us6862.nordvpn.com] Peer Connection Initiated with [AF_INET]64.44.140.35:1194
2021-10-27 11:38:04 SENT CONTROL [us6862.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-10-27 11:38:04 AUTH: Received control message: AUTH_FAILED
2021-10-27 11:38:04 SIGTERM[soft,auth-failure] received, process exiting
Hi, could it be you are using the same VPN account on different devices? NordVPN only allows6 simultaneous connections but when one of those fail it will reconnect and if you have already used the 6 connections it wont let you connect for a few minutes as the dropped connection seems to be still alive for NordVPN
On Wed, Oct 27, 2021 at 6:40 AM Bree Pratt @.***> wrote:
Hi there, I'm still getting AUTH_FAILED messages, and I'm not sure why. I have updated to the latest docker image and everything was working until a few weeks ago when it (seemingly randomly) just stopped working.
Here is my compose: vpn: image: azinchen/nordvpn:latest container_name: vpn depends_on: [] cap_add: - NET_ADMIN devices: - /dev/net/tun restart: unless-stopped ports:
- 9117:9117 # Jackett port - 8112:8112 # Deluge WebUI port environment: - TZ=${TZ} - RANDOM_TOP=5 - USER=${VPN_USER} - PASS=${VPN_PASS} - COUNTRY=United States - GROUPS=legacy_p2p - PROTOCOL=openvpn_udp
Note that VPN_USER and VPN_PASS are defined in my .env file; they use my email address and password (no spaces, no quotes).
Here is a dump of the output.
Select server "United States #6862" hostname="us6862.nordvpn.com" ip=64.44.140.35 protocol="udp" Adding iptable rule for: 64.44.140.35 1194 udp [cont-init.d] 50-createvpnconfig: exited 0. [cont-init.d] 60-createcron: executing... [cont-init.d] 60-createcron: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. 2021-10-27 11:38:01 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2021-10-27 11:38:01 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 2021-10-27 11:38:01 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 2021-10-27 11:38:01 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2021-10-27 11:38:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2021-10-27 11:38:01 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-10-27 11:38:01 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-10-27 11:38:01 TCP/UDP: Preserving recently used remote address: [AF_INET]64.44.140.35:1194 2021-10-27 11:38:01 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021-10-27 11:38:01 UDP link local: (not bound) 2021-10-27 11:38:01 UDP link remote: [AF_INET]64.44.140.35:1194 2021-10-27 11:38:01 TLS: Initial packet from [AF_INET]64.44.140.35:1194, sid=7617095c 3058dec2 2021-10-27 11:38:01 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2021-10-27 11:38:01 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 2021-10-27 11:38:01 VERIFY KU OK 2021-10-27 11:38:01 Validating certificate extended key usage 2021-10-27 11:38:01 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-10-27 11:38:01 VERIFY EKU OK 2021-10-27 11:38:01 VERIFY OK: depth=0, CN= us6862.nordvpn.com 2021-10-27 11:38:03 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-10-27 11:38:03 [us6862.nordvpn.com] Peer Connection Initiated with [AF_INET]64.44.140.35:1194 2021-10-27 11:38:04 SENT CONTROL [us6862.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2021-10-27 11:38:04 AUTH: Received control message: AUTH_FAILED 2021-10-27 11:38:04 SIGTERM[soft,auth-failure] received, process exiting
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/azinchen/nordvpn/issues/18#issuecomment-952834469, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALYGYKSFSGJ6CFL5AWVUDDUI7QJRANCNFSM4Z3IBOBA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Good question. I do not use this account anywhere else. And I've shut down the docker container a few times to give it some breathing time, in case I was hammering the servers too hard.
Hi there, I'm still getting AUTH_FAILED messages, and I'm not sure why. I have updated to the latest docker image and updated my config file based on the readme. Everything was working until a few weeks ago when it (seemingly randomly) just stopped working.
Could you try to run the container manually? Strangely, that seems to be working fine for me, unlike with docker-compose
source .env; docker run --rm -ti --cap-add=NET_ADMIN --device /dev/net/tun -e USER="$VPN_USER" -e PASS="$VPN_PASS" azinchen/nordvpn
What username and password did you use? I did not test the container using service credentials, regular email login name and password work fine with docker-compose in my setup.
I also use my email address and the usual password
@waweic yes! it works for me as well... very strange
EDIT: I also noticed that the command also sometimes does not work.
EDIT2: it also interest that AUTH failes and works after multiple attemps, I am starting to think that something is wrong on the Nordvpn side...
2021-10-28 06:53:05 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-10-28 06:53:05 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-10-28 06:53:05 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-10-28 06:53:05 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-10-28 06:53:05 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-28 06:53:05 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-28 06:53:05 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-28 06:53:05 TCP/UDP: Preserving recently used remote address: [AF_INET]213.232.87.75:1194
2021-10-28 06:53:05 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-10-28 06:53:05 UDP link local: (not bound)
2021-10-28 06:53:05 UDP link remote: [AF_INET]213.232.87.75:1194
2021-10-28 06:53:05 TLS: Initial packet from [AF_INET]213.232.87.75:1194, sid=ce6574a6 adf187c6
2021-10-28 06:53:05 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-10-28 06:53:05 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-10-28 06:53:05 VERIFY KU OK
2021-10-28 06:53:05 Validating certificate extended key usage
2021-10-28 06:53:05 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-28 06:53:05 VERIFY EKU OK
2021-10-28 06:53:05 VERIFY OK: depth=0, CN=nl872.nordvpn.com
2021-10-28 06:53:07 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-10-28 06:53:07 [nl872.nordvpn.com] Peer Connection Initiated with [AF_INET]213.232.87.75:1194
2021-10-28 06:53:08 SENT CONTROL [nl872.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-10-28 06:53:08 AUTH: Received control message: AUTH_FAILED
2021-10-28 06:53:08 SIGTERM[soft,auth-failure] received, process exiting
2021-10-28 06:53:08 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-10-28 06:53:08 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-10-28 06:53:08 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-10-28 06:53:08 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-10-28 06:53:08 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-28 06:53:08 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-28 06:53:08 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-28 06:53:08 TCP/UDP: Preserving recently used remote address: [AF_INET]213.232.87.75:1194
2021-10-28 06:53:08 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-10-28 06:53:08 UDP link local: (not bound)
2021-10-28 06:53:08 UDP link remote: [AF_INET]213.232.87.75:1194
2021-10-28 06:53:08 TLS: Initial packet from [AF_INET]213.232.87.75:1194, sid=3920acd0 6d5a0bf1
2021-10-28 06:53:08 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-10-28 06:53:08 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-10-28 06:53:08 VERIFY KU OK
2021-10-28 06:53:08 Validating certificate extended key usage
2021-10-28 06:53:08 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-28 06:53:08 VERIFY EKU OK
2021-10-28 06:53:08 VERIFY OK: depth=0, CN=nl872.nordvpn.com
2021-10-28 06:53:10 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-10-28 06:53:10 [nl872.nordvpn.com] Peer Connection Initiated with [AF_INET]213.232.87.75:1194
2021-10-28 06:53:12 SENT CONTROL [nl872.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-10-28 06:53:12 AUTH: Received control message: AUTH_FAILED
2021-10-28 06:53:12 SIGTERM[soft,auth-failure] received, process exiting
2021-10-28 06:53:12 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-10-28 06:53:12 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021-10-28 06:53:12 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-10-28 06:53:12 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-10-28 06:53:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-28 06:53:12 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-28 06:53:12 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-28 06:53:12 TCP/UDP: Preserving recently used remote address: [AF_INET]213.232.87.75:1194
2021-10-28 06:53:12 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-10-28 06:53:12 UDP link local: (not bound)
2021-10-28 06:53:12 UDP link remote: [AF_INET]213.232.87.75:1194
2021-10-28 06:53:12 TLS: Initial packet from [AF_INET]213.232.87.75:1194, sid=53b1d401 b744d73a
2021-10-28 06:53:12 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2021-10-28 06:53:12 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
2021-10-28 06:53:12 VERIFY KU OK
2021-10-28 06:53:12 Validating certificate extended key usage
2021-10-28 06:53:12 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-28 06:53:12 VERIFY EKU OK
2021-10-28 06:53:12 VERIFY OK: depth=0, CN=nl872.nordvpn.com
2021-10-28 06:53:12 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-10-28 06:53:12 [nl872.nordvpn.com] Peer Connection Initiated with [AF_INET]213.232.87.75:1194
2021-10-28 06:53:13 SENT CONTROL [nl872.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2021-10-28 06:53:13 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.10 255.255.255.0,peer-id 10,cipher AES-256-GCM'
2021-10-28 06:53:13 OPTIONS IMPORT: timers and/or timeouts modified
2021-10-28 06:53:13 OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-28 06:53:13 OPTIONS IMPORT: compression parms modified
2021-10-28 06:53:13 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-28 06:53:13 Socket Buffers: R=[212992->425984] S=[212992->425984]
2021-10-28 06:53:13 OPTIONS IMPORT: --ifconfig/up options modified
2021-10-28 06:53:13 OPTIONS IMPORT: route options modified
2021-10-28 06:53:13 OPTIONS IMPORT: route-related options modified
2021-10-28 06:53:13 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-28 06:53:13 OPTIONS IMPORT: peer-id set
2021-10-28 06:53:13 OPTIONS IMPORT: adjusting link_mtu to 1657
2021-10-28 06:53:13 OPTIONS IMPORT: data channel crypto options modified
2021-10-28 06:53:13 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-10-28 06:53:13 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-28 06:53:13 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-28 06:53:13 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
2021-10-28 06:53:13 TUN/TAP device tun0 opened
2021-10-28 06:53:13 /sbin/ip link set dev tun0 up mtu 1500
2021-10-28 06:53:13 /sbin/ip link set dev tun0 up
2021-10-28 06:53:13 /sbin/ip addr add dev tun0 10.8.3.10/24
2021-10-28 06:53:13 /etc/openvpn/up.sh tun0 1500 1585 10.8.3.10 255.255.255.0 init
2021-10-28 06:53:13 /sbin/ip route add 213.232.87.75/32 via 172.17.0.1
2021-10-28 06:53:13 /sbin/ip route add 0.0.0.0/1 via 10.8.3.1
2021-10-28 06:53:13 /sbin/ip route add 128.0.0.0/1 via 10.8.3.1
2021-10-28 06:53:13 Initialization Sequence Completed
Not sure if it's related to this issue or not (nothing's ever a coincidence): if I restart the compose container (rather than stopping and starting it), I receive these errors as well:
2021-10-29 15:50:39 UDP link local: (not bound)
2021-10-29 15:50:39 UDP link remote: [AF_INET]0.0.4.170:1194
2021-10-29 15:50:39 write UDP: Invalid argument (code=22)
2021-10-29 15:50:41 write UDP: Invalid argument (code=22)
Interestingly I've started receiving this error since migrating to docker compose v2.6.0 last night
Migrating back to docker compose 1.25 resolved the issue for me!
Had an issue with this last night. Are you running "docker compose up" instead of "docker-compose up"? V2 and Nordvpn do not play super nicely.
I have this issue as well, but I can't influence the version of docker compose used. Is there a workaround?
Had the same problem, but switching to user/pass for manual configuration from this page: https://my.nordaccount.com/pl/dashboard/nordvpn/manual-configuration/ did the trick for me
Morning,
Having some issues getting started with this one, logs etc below
Have tried "standard" credentials and also the service credentials from the NordVPN account page, same results for both
Logs:
Then the following lines are just repeated:
docker-compose.yml: