AUTH_FAILED, data channel cipher negotiation failed (no shared cipher)

[neuroverflow]

Is there a pinned issue for this?

• [X] I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• [X] I have searched the existing issues
• [X] I have searched the existing discussions

Is there any comment in the documentation for this?

• [X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• [X] I have checked the provider repo for issues
• [X] My issue is NOT related to a provider

Are you using the latest release?

• [X] I am using the latest release

Have you tried using the dev branch latest?

• [X] I have tried using dev branch

Docker run config used

transmission-openvpn: cap_add:

• NET_ADMIN volumes:
  • '/home/neuro/Docker/transmission-openvpn:/data'
  • '/home/neuro/Docker/transmission-openvpn:/config'
  • '/mnt/NASDisk1/Download/Temp:/data/incomplete'
  • '/mnt/NASDisk1/Download/Done:/data/completed'
  • '/mnt/NASDisk1/Download/TorHole:/data/watch' environment:
• TZ=Europe/Paris
• PUID=1000
• PGID=1000
• OPENVPN_PROVIDER=NORDVPN
• OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60 --pull-filter ignore ping
• NORDVPN_COUNTRY=IT
• TRANSMISSION_WEB_UI=flood-for-transmission
• OPENVPN_USERNAME=xxx
• 'OPENVPN_PASSWORD=xxx'
• TRANSMISSION_RPC_USERNAME=xxx
• TRANSMISSION_RPC_PASSWORD=xxx
• TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
• LOCAL_NETWORK=192.168.0.0/16
• OVERRIDE_DNS_1=103.86.96.100
• OVERRIDE_DNS_2=103.86.99.100
• DROP_DEFAULT_ROUTE=false ports:
• '9091:9091' dns:
• 8.8.8.8
• 1.1.1.1 security_opt:
• seccomp:unconfined image: haugene/transmission-openvpn:dev restart: unless-stopped container_name: seedbox

Current Behavior

Stopped suddenly to connect to NordVPN AUTH_FAILED, data channel cipher negotiation failed (no shared cipher)

Expected Behavior

Connect to NordVPN like before

How have you tried to solve the problem?

tried dev branch googled ;)

Log output

2024-03-30T12:46:44.375322588Z Starting container with revision: 54acc3acfa771a96961e2667b6b6e81f78b1fff8 2024-03-30T12:46:44.375427124Z TRANSMISSION_HOME is currently set to: /config/transmission-home 2024-03-30T12:46:44.397590577Z One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf 2024-03-30T12:46:44.540854119Z Creating TUN device /dev/net/tun 2024-03-30T12:46:44.547534246Z Using OpenVPN provider: NORDVPN 2024-03-30T12:46:44.547631411Z Running with VPN_CONFIG_SOURCE auto 2024-03-30T12:46:44.547642272Z Provider NORDVPN has a bundled setup script. Defaulting to internal config 2024-03-30T12:46:44.547703486Z Executing setup script for NORDVPN 2024-03-30T12:46:44.550604948Z /etc/openvpn/nordvpn/.. 2024-03-30T12:46:45.768720277Z INFO: OVPN: Checking curl installation 2024-03-30T12:46:45.824061534Z INFO: OVPN: DNS resolution ok 2024-03-30T12:46:46.896241735Z INFO: OVPN: ok, configurations download site reachable 2024-03-30T12:46:46.896416494Z INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn 2024-03-30T12:46:48.176878439Z Checking NORDPVN API responses 2024-03-30T12:46:48.359326188Z INFO: OVPN:Selecting the best server... 2024-03-30T12:46:48.408486489Z INFO: OVPN: Searching for country : IT (106) 2024-03-30T12:46:48.409971224Z WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn 2024-03-30T12:46:48.411305853Z INFO: OVPN:Searching for technology: openvpn_tcp 2024-03-30T12:46:48.926137472Z INFO: OVPN: Best server : it232.nordvpn.com, load: null 2024-03-30T12:46:48.926256771Z Best server : it232.nordvpn.com 2024-03-30T12:46:48.928113994Z INFO: OVPN: Downloading config: it232.nordvpn.com.ovpn 2024-03-30T12:46:48.928153856Z INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/it232.nordvpn.com.tcp.ovpn 2024-03-30T12:46:49.243238817Z OVPN: NORDVPN: selected: it232.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn 2024-03-30T12:46:49.250497354Z Starting OpenVPN using config it232.nordvpn.com.ovpn 2024-03-30T12:46:49.254698828Z Modifying /etc/openvpn/nordvpn/it232.nordvpn.com.ovpn for best behaviour in this container 2024-03-30T12:46:49.254834256Z Modification: Point auth-user-pass option to the username/password file 2024-03-30T12:46:49.257834969Z Modification: Change ca certificate path 2024-03-30T12:46:49.261700786Z Modification: Change ping options 2024-03-30T12:46:49.269500180Z Modification: Update/set resolv-retry to 15 seconds 2024-03-30T12:46:49.273950670Z Modification: Change tls-crypt keyfile path 2024-03-30T12:46:49.277744450Z Modification: Set output verbosity to 3 2024-03-30T12:46:49.281822060Z Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2024-03-30T12:46:49.285965196Z Modification: Updating status for config failure detection 2024-03-30T12:46:49.295425308Z Setting OpenVPN credentials... 2024-03-30T12:46:49.351794705Z adding route to local network 192.168.0.0/16 via 172.18.0.1 dev eth0 2024-03-30T12:46:49.362396406Z 2024-03-30 13:46:49 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023 2024-03-30T12:46:49.362432511Z 2024-03-30 13:46:49 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2024-03-30T12:46:49.362718773Z 2024-03-30 13:46:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2024-03-30T12:46:49.362742601Z 2024-03-30 13:46:49 NOTE: --fast-io is disabled since we are not using UDP 2024-03-30T12:46:49.365491279Z 2024-03-30 13:46:49 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2024-03-30T12:46:49.365545584Z 2024-03-30 13:46:49 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2024-03-30T12:46:49.365665679Z 2024-03-30 13:46:49 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.211.7:443 2024-03-30T12:46:49.365687292Z 2024-03-30 13:46:49 Socket Buffers: R=[131072->131072] S=[16384->16384] 2024-03-30T12:46:49.365701156Z 2024-03-30 13:46:49 Attempting to establish TCP connection with [AF_INET]178.249.211.7:443 [nonblock] 2024-03-30T12:46:49.403957835Z 2024-03-30 13:46:49 TCP connection established with [AF_INET]178.249.211.7:443 2024-03-30T12:46:49.403988467Z 2024-03-30 13:46:49 TCP_CLIENT link local: (not bound) 2024-03-30T12:46:49.403996129Z 2024-03-30 13:46:49 TCP_CLIENT link remote: [AF_INET]178.249.211.7:443 2024-03-30T12:46:49.442350973Z 2024-03-30 13:46:49 TLS: Initial packet from [AF_INET]178.249.211.7:443, sid=40aad1c9 ca4ed2a9 2024-03-30T12:46:49.442546320Z 2024-03-30 13:46:49 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2024-03-30T12:46:49.608717741Z 2024-03-30 13:46:49 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2024-03-30T12:46:49.608753907Z 2024-03-30 13:46:49 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9 2024-03-30T12:46:49.608761916Z 2024-03-30 13:46:49 VERIFY KU OK 2024-03-30T12:46:49.608768618Z 2024-03-30 13:46:49 Validating certificate extended key usage 2024-03-30T12:46:49.608775292Z 2024-03-30 13:46:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2024-03-30T12:46:49.608781884Z 2024-03-30 13:46:49 VERIFY EKU OK 2024-03-30T12:46:49.608788213Z 2024-03-30 13:46:49 VERIFY X509NAME OK: CN=it232.nordvpn.com 2024-03-30T12:46:49.608794643Z 2024-03-30 13:46:49 VERIFY OK: depth=0, CN=it232.nordvpn.com 2024-03-30T12:46:49.726085595Z 2024-03-30 13:46:49 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500' 2024-03-30T12:46:49.726175813Z 2024-03-30 13:46:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2024-03-30T12:46:49.726204488Z 2024-03-30 13:46:49 [it232.nordvpn.com] Peer Connection Initiated with [AF_INET]178.249.211.7:443 2024-03-30T12:46:50.773692351Z 2024-03-30 13:46:50 SENT CONTROL [it232.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2024-03-30T12:46:50.773746195Z 2024-03-30 13:46:50 AUTH: Received control message: AUTH_FAILED 2024-03-30T12:46:50.774356467Z 2024-03-30 13:46:50 SIGTERM[soft,auth-failure] received, process exiting 2024-03-30T12:46:51.480143945Z Starting container with revision: 54acc3acfa771a96961e2667b6b6e81f78b1fff8 2024-03-30T12:46:51.480213769Z TRANSMISSION_HOME is currently set to: /config/transmission-home 2024-03-30T12:46:51.487235136Z One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf 2024-03-30T12:46:51.613413232Z Creating TUN device /dev/net/tun 2024-03-30T12:46:51.623591018Z Using OpenVPN provider: NORDVPN 2024-03-30T12:46:51.623671251Z Running with VPN_CONFIG_SOURCE auto 2024-03-30T12:46:51.623777274Z Provider NORDVPN has a bundled setup script. Defaulting to internal config 2024-03-30T12:46:51.623794721Z Executing setup script for NORDVPN 2024-03-30T12:46:51.626800208Z /etc/openvpn/nordvpn/.. 2024-03-30T12:46:52.847545311Z INFO: OVPN: Checking curl installation 2024-03-30T12:46:52.897856068Z INFO: OVPN: DNS resolution ok 2024-03-30T12:46:53.973590040Z INFO: OVPN: ok, configurations download site reachable 2024-03-30T12:46:53.973733062Z INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn 2024-03-30T12:46:55.190386682Z Checking NORDPVN API responses 2024-03-30T12:46:55.358647641Z INFO: OVPN:Selecting the best server... 2024-03-30T12:46:55.398244137Z INFO: OVPN: Searching for country : IT (106) 2024-03-30T12:46:55.399901720Z WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn 2024-03-30T12:46:55.400973293Z INFO: OVPN:Searching for technology: openvpn_tcp 2024-03-30T12:46:55.865309984Z INFO: OVPN: Best server : it232.nordvpn.com, load: null 2024-03-30T12:46:55.865356790Z Best server : it232.nordvpn.com 2024-03-30T12:46:55.867126404Z INFO: OVPN: Downloading config: it232.nordvpn.com.ovpn 2024-03-30T12:46:55.867161106Z INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/it232.nordvpn.com.tcp.ovpn 2024-03-30T12:46:56.040305134Z OVPN: NORDVPN: selected: it232.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn 2024-03-30T12:46:56.048354090Z Starting OpenVPN using config it232.nordvpn.com.ovpn 2024-03-30T12:46:56.052789772Z Modifying /etc/openvpn/nordvpn/it232.nordvpn.com.ovpn for best behaviour in this container 2024-03-30T12:46:56.052821586Z Modification: Point auth-user-pass option to the username/password file 2024-03-30T12:46:56.055476192Z Modification: Change ca certificate path 2024-03-30T12:46:56.059226829Z Modification: Change ping options 2024-03-30T12:46:56.067245142Z Modification: Update/set resolv-retry to 15 seconds 2024-03-30T12:46:56.073819230Z Modification: Change tls-crypt keyfile path 2024-03-30T12:46:56.077575020Z Modification: Set output verbosity to 3 2024-03-30T12:46:56.082228404Z Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2024-03-30T12:46:56.086428342Z Modification: Updating status for config failure detection 2024-03-30T12:46:56.094021220Z Setting OpenVPN credentials... 2024-03-30T12:46:56.147671572Z adding route to local network 192.168.0.0/16 via 172.18.0.1 dev eth0 2024-03-30T12:46:56.157044000Z 2024-03-30 13:46:56 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023 2024-03-30T12:46:56.157082051Z 2024-03-30 13:46:56 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2024-03-30T12:46:56.157425094Z 2024-03-30 13:46:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2024-03-30T12:46:56.157446347Z 2024-03-30 13:46:56 NOTE: --fast-io is disabled since we are not using UDP 2024-03-30T12:46:56.159371021Z 2024-03-30 13:46:56 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2024-03-30T12:46:56.159392722Z 2024-03-30 13:46:56 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2024-03-30T12:46:56.159608746Z 2024-03-30 13:46:56 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.211.7:443 2024-03-30T12:46:56.159659347Z 2024-03-30 13:46:56 Socket Buffers: R=[131072->131072] S=[16384->16384] 2024-03-30T12:46:56.159695880Z 2024-03-30 13:46:56 Attempting to establish TCP connection with [AF_INET]178.249.211.7:443 [nonblock] 2024-03-30T12:46:56.198622775Z 2024-03-30 13:46:56 TCP connection established with [AF_INET]178.249.211.7:443 2024-03-30T12:46:56.198662700Z 2024-03-30 13:46:56 TCP_CLIENT link local: (not bound) 2024-03-30T12:46:56.198672535Z 2024-03-30 13:46:56 TCP_CLIENT link remote: [AF_INET]178.249.211.7:443 2024-03-30T12:46:56.237788404Z 2024-03-30 13:46:56 TLS: Initial packet from [AF_INET]178.249.211.7:443, sid=af9ca463 10cb6ea5 2024-03-30T12:46:56.237903256Z 2024-03-30 13:46:56 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2024-03-30T12:46:56.405610169Z 2024-03-30 13:46:56 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2024-03-30T12:46:56.405969101Z 2024-03-30 13:46:56 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9 2024-03-30T12:46:56.406342379Z 2024-03-30 13:46:56 VERIFY KU OK 2024-03-30T12:46:56.406381932Z 2024-03-30 13:46:56 Validating certificate extended key usage 2024-03-30T12:46:56.406391364Z 2024-03-30 13:46:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2024-03-30T12:46:56.406398192Z 2024-03-30 13:46:56 VERIFY EKU OK 2024-03-30T12:46:56.406404654Z 2024-03-30 13:46:56 VERIFY X509NAME OK: CN=it232.nordvpn.com 2024-03-30T12:46:56.406411247Z 2024-03-30 13:46:56 VERIFY OK: depth=0, CN=it232.nordvpn.com 2024-03-30T12:46:56.523572110Z 2024-03-30 13:46:56 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500' 2024-03-30T12:46:56.523613650Z 2024-03-30 13:46:56 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2024-03-30T12:46:56.523624325Z 2024-03-30 13:46:56 [it232.nordvpn.com] Peer Connection Initiated with [AF_INET]178.249.211.7:443 2024-03-30T12:46:57.570931965Z 2024-03-30 13:46:57 SENT CONTROL [it232.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2024-03-30T12:46:57.702147442Z 2024-03-30 13:46:57 AUTH: Received control message: AUTH_FAILED 2024-03-30T12:46:57.702329770Z 2024-03-30 13:46:57 SIGTERM[soft,auth-failure] received, process exiting

HW/SW Environment

- OS: Ubuntu server
- Docker: 25.0.4

Anything else?

No response

[julianneswinoga]

I'm seeing this as well, but it looks like a login problem on the NordVPN side. Their regular login services seem to be having problems for me as well :frowning_face:

[ilike2burnthing]

https://github.com/haugene/docker-transmission-openvpn/discussions/2819

[kiwidoggie]

2819

Does not solve the issue, especially when its happening no matter which server you choose.

[neuroverflow]

2819

Does not solve the issue, especially when its happening no matter which server you choose.

try a german server, solved it for me but I tried several before... My guess is a change that s currently being deployed or an issue affecting mostservers ...

[kiwidoggie]

I think the ovpn files may need updating, I took the exact same server/tcp/dedicated ip, and it was giving me this error. I downloaded the .ovpn file, and followed these steps: https://haugene.github.io/docker-transmission-openvpn/supported-providers/#using_a_local_single_ovpn_file_from_a_provider

Setting it as custom and giving the file name, and it started working again.

[ilike2burnthing]

NordVPN is working fine for me.

NordVPN in this container uses a script to pull the files using NordVPN's API, so there's nothing to update on this end. If you're specifying exactly the same server as the one you're using for custom, then there's a different issue.

As explained in https://github.com/haugene/docker-transmission-openvpn/discussions/2819, you generally don't want to specify a server. However, as you're using a dedicated IP, you should ONLY specify the server, and not the country, category, or protocol. I've not used a dedicated IP server before, so can't speak to any issues it may or may not have with this container.

[VMBindraban]

I am getting this error since an hour.

Config:

      - LOCAL_NETWORK=192.168.1.0/24
      - OPENVPN_USERNAME=***
      - OPENVPN_PASSWORD=***
      - OPENVPN_PROVIDER=NORDVPN
      - CREATE_TUN_DEVICE=true
      - OPENVPN_OPTS=--mute-replay-warnings
      - NORDVPN_COUNTRY=nl
      - TRANSMISSION_DOWNLOAD_DIR=/data/downloads/completed
      - TRANSMISSION_HOME=/config/home
      - TRANSMISSION_INCOMPLETE_DIR=/data/downloads/incomplete
      - HEALTH_CHECK_HOST=nordvpn.com
      - SELFHEAL=true

Logs:

2024-04-02 10:05:03 VERIFY X509NAME OK: CN=nl1001.nordvpn.com
2024-04-02 10:05:03 VERIFY OK: depth=0, CN=nl1001.nordvpn.com
2024-04-02 10:05:03 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-04-02 10:05:03 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-04-02 10:05:03 [nl1001.nordvpn.com] Peer Connection Initiated with [AF_INET]213.152.162.250:443
2024-04-02 10:05:04 SENT CONTROL [nl1001.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 10:05:04 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
2024-04-02 10:05:04 SIGTERM[soft,auth-failure] received, process exiting

[Nitrousoxide]

I am also getting auth errors out of no where. I did not change anything in my config, and I double checked my account on NordVPN and the username and passwords still match.

vpn_media_server-transmission-openvpn-1  | INFO: OVPN: ok, configurations download site reachable
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
vpn_media_server-transmission-openvpn-1  | Checking NORDPVN API responses
vpn_media_server-transmission-openvpn-1  | INFO: OVPN:Selecting the best server...
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Searching for country : US (228)
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Searching for group: legacy_p2p
vpn_media_server-transmission-openvpn-1  | INFO: OVPN:Searching for technology: openvpn_udp
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Best server : us5100.nordvpn.com, load: null
vpn_media_server-transmission-openvpn-1  | Best server : us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Downloading config: us5100.nordvpn.com.ovpn
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us5100.nordvpn.com.udp.ovpn
vpn_media_server-transmission-openvpn-1  | OVPN: NORDVPN: selected: us5100.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
vpn_media_server-transmission-openvpn-1  | Starting OpenVPN using config us5100.nordvpn.com.ovpn
vpn_media_server-transmission-openvpn-1  | Modifying /etc/openvpn/nordvpn/us5100.nordvpn.com.ovpn for best behaviour in this container
vpn_media_server-transmission-openvpn-1  | Modification: Point auth-user-pass option to the username/password file
vpn_media_server-transmission-openvpn-1  | Modification: Change ca certificate path
vpn_media_server-transmission-openvpn-1  | Modification: Change ping options
vpn_media_server-transmission-openvpn-1  | Modification: Update/set resolv-retry to 15 seconds
vpn_media_server-transmission-openvpn-1  | Modification: Change tls-crypt keyfile path
vpn_media_server-transmission-openvpn-1  | Modification: Set output verbosity to 3
vpn_media_server-transmission-openvpn-1  | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
vpn_media_server-transmission-openvpn-1  | Modification: Updating status for config failure detection
vpn_media_server-transmission-openvpn-1  | Setting OpenVPN credentials...
vpn_media_server-transmission-openvpn-1  | adding route to local network 192.168.7.0/24 via 172.22.0.1 dev eth0
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 TCP/UDP: Preserving recently used remote address: [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 UDP link local: (not bound)
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 UDP link remote: [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 TLS: Initial packet from [AF_INET]86.107.55.230:1194, sid=a8b58ffd e4c15b55
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY KU OK
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Validating certificate extended key usage
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY EKU OK
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY X509NAME OK: CN=us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=0, CN=us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 [us5100.nordvpn.com] Peer Connection Initiated with [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 SENT CONTROL [us5100.nordvpn.com]: 'PUSH_REQUEST' (status=1)
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 AUTH: Received control message: AUTH_FAILED
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 SIGTERM[soft,auth-failure] received, process exiting

[chrisburkey]

Update: Somehow this has magically starting working.

This issue just started sometime between in the last few hours. Nothing has changed with config and account is valid able to start VPN connection from iOS without issue.

2024-04-02 08:46:04 [us8410.nordvpn.com] Peer Connection Initiated with [AF_INET]192.145.116.136:443 2024-04-02 08:46:05 SENT CONTROL [us8410.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2024-04-02 08:46:05 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher) 2024-04-02 08:46:05 SIGTERM[soft,auth-failure] received, process exiting

  - OPENVPN_PROVIDER=NORDVPN
  - NORDVPN_COUNTRY=US
  - NORDVPN_PROTOCOL=tcp
  - OPENVPN_USERNAME=***
  - OPENVPN_PASSWORD=***
  - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60

[VMBindraban]

Update: Somehow this has magically starting working.

Still issues here, seems nordvpn is doing something. Takes a while to propagate all the servers.

[Kamoenix]

I've also been getting a similar error with NordVPN. No changes to container. Spoke to NordVPN support and they didn't offer any help.

2024/04/02 14:27:57stdout2024-04-02 13:27:57 SIGTERM[soft,auth-failure] received, process exiting 2024/04/02 14:27:57stdout2024-04-02 13:27:57 AUTH: Received control message: AUTH_FAILED 2024/04/02 14:27:56stdout2024-04-02 13:27:56 SENT CONTROL [uk1690.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2024/04/02 14:27:55stdout2024-04-02 13:27:55 [uk1690.nordvpn.com] Peer Connection Initiated with [AF_INET]152.89.207.4:443 2024/04/02 14:27:55stdout2024-04-02 13:27:55 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2024/04/02 14:27:55stdout2024-04-02 13:27:55 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500' 2024/04/02 14:27:55stdout2024-04-02 13:27:55 VERIFY OK: depth=0, CN=uk1690.nordvpn.com

[zsd7200]

Was able to get mine working again by removing any server-specific shenanigans (like NORDVPN_SERVER or OPENVPN_CONFIG). My environment variables look like this:

            - OPENVPN_PROVIDER=NORDVPN
            - OPENVPN_USERNAME=x
            - OPENVPN_PASSWORD=x
            - LOCAL_NETWORK=192.168.0.0/24
            - NORDVPN_COUNTRY=US

And I was able to connect just now.

[Nitrousoxide]

for the folks who have gotten it working, can you post which nordvpn server you are connected to?

[chrisburkey]

for the folks who have gotten it working, can you post which nordvpn server you are connected to?

It seems to be transient. I was not connected didn't make any changes and eventually it connected and now I am back to the same errors in the logs: 2024-04-02 10:13:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2024-04-02 10:13:09 [us9921.nordvpn.com] Peer Connection Initiated with [AF_INET]45.85.144.100:443 2024-04-02 10:13:11 SENT CONTROL [us9921.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2024-04-02 10:13:11 AUTH: Received control message: AUTH_FAILED 2024-04-02 10:13:11 SIGTERM[soft,auth-failure] received, process exiting

[cravev]

@chrisburkey I'm seeing the same as you. Wasn't working this morning. Came back for ~30 minutes. Back to AUTH_FAILED now. I shut the container down for the time being.

[zsd7200]

Yep, same here, unfortunately--was up for a bit, now it's back to being dead and I can't get it back. Guess we'll just have to wait it out.

[giantsystems]

Seeing this too, same auth error regarding ciphers. Working fine before. Using NordVPN.

Have checked the service account u/p from Nord and re entered. Tried and few different countries (NO,US,CH) with the same issue.

Pulled latest images. Still failing. Will try again in an hour or so.

[Larvitar]

As far as I can see in my logs started around 8:00 am UTC.

Definitely a problem with NordVPN since I've tried several machines, even official Android app with the same result. Someone on X suggested that it's a problem with certificates. Right now the error has changed a little, and it actually looks like a cert issue:

2024-04-02 16:29:50 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)

I recall that certificates can cause issues sometimes when servers are switching to/from daylight saving time (which happened 2 days ago in most (?) countries). If it is an issue with certificates it can take up to a few days before it fixes itself.

[thfondak]

Still seeing this problem as of April 2nd at 11am in the Midwestern US.

[Cubiss]

Can confirm this started happening April 2nd between around 11:30 UTC. Seems like a NordVPN issue

[gabrielstelmach]

CONFIRMED WORKAROUND

I think the ovpn files may need updating, I took the exact same server/tcp/dedicated ip, and it was giving me this error. I downloaded the .ovpn file, and followed these steps: https://haugene.github.io/docker-transmission-openvpn/supported-providers/#using_a_local_single_ovpn_file_from_a_provider

Setting it as custom and giving the file name, and it started working again.

Hey guys! I started facing the same issue this morning. The container will not start due to the error AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher).

After tying some different approaches like changing the country and reviewing all the configurations (including NordVPN credentials). The only way to get the container back online was using a custom provider as suggested by @kiwidoggie.

So, what I did was start the container as usual and from the logs, grab the OVPN file it was downloading from NordVPN, then I placed that file in the 'custom' folder -and also changed the container to grab the custom configuration as explained above.

I would say this issue is caused by a change in the NordVPN side (.ovpn file) that is not being taken by the current image/script, thus, the connection fails.

[Nitrousoxide]

CONFIRMED WORKAROUND

No luck for me on this.

[jjjonesjr33]

I'm having the same issue. Something I noticed tho when using a ovpn file from NordVPN and trying the custom route to get back working.

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

Still trying to find a fix, will update if I get it going.

[TaTaSuZette]

CONFIRMED WORKAROUND

Did the same, worked like a charm, thanks mate !

[evellior]

Going to copy-paste what I posted here: https://github.com/haugene/docker-transmission-openvpn/discussions/2819#discussioncomment-8986169

~I guess Nord is updating the auth certificates on their servers. Until all the servers are updated it may just be luck of the draw whether the one you connect to has been updated.~

~If that is the issue then it should resolve itself once their remote servers and the configs being served from their api (api.nordvpn.com) are in sync again. And if you can't wait for that then maybe people who've connected successfully could check their logs and see which server they connected to. I got onto fr949.nordvpn.com, so if you set NORDVPN_SERVER=fr949.nordvpn.com it should work for you too.~

~Look for a line that looks something like: 2024-04-02 15:51:46 VERIFY OK: depth=0, CN=fr949.nordvpn.com~

Commenter below tested this out and it didn't fix the issue, they used the exact same server that I had success on and it didn't work for them 😬

[alex-patterson-webdev]

I am having the same issues:

AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)

The work around that @kiwidoggie / @gabrielstelmach mentioned is working for me (thanks)

If not already mentioned, the ovpn files can be found here https://nordvpn.com/ovpn

[jjcampillop]

Going to copy-paste what I posted here: #2819 (comment)

I guess Nord is updating the auth certificates on their servers. Until all the servers are updated it may just be luck of the draw whether the one you connect to has been updated.

If that is the issue then it should resolve itself once their remote servers and the configs being served from their api (api.nordvpn.com) are in sync again. And if you can't wait for that then maybe people who've connected successfully could check their logs and see which server they connected to. I got onto fr949.nordvpn.com, so if you set NORDVPN_SERVER=fr949.nordvpn.com it should work for you too.

Look for a line that looks something like: 2024-04-02 15:51:46 VERIFY OK: depth=0, CN=fr949.nordvpn.com

I'm afraid that's not enough:

[Arkheon]

Going to copy-paste what I posted here: #2819 (comment) I guess Nord is updating the auth certificates on their servers. Until all the servers are updated it may just be luck of the draw whether the one you connect to has been updated. If that is the issue then it should resolve itself once their remote servers and the configs being served from their api (api.nordvpn.com) are in sync again. And if you can't wait for that then maybe people who've connected successfully could check their logs and see which server they connected to. I got onto fr949.nordvpn.com, so if you set NORDVPN_SERVER=fr949.nordvpn.com it should work for you too. Look for a line that looks something like: 2024-04-02 15:51:46 VERIFY OK: depth=0, CN=fr949.nordvpn.com

I'm afraid that's not enough:

Exactly the same error , French server .

[Nitrousoxide]

Glad I'm not the only one! I tried the same server and got that issue.

Maybe there's some env variable that no longer works now? here's my (nonworking) env variables

    environment:
      - PUID=1000
      - PGID=100
      - CREATE_TUN_DEVICE=true
      - OPENVPN_PROVIDER=NORDVPN
      - TRANSMISSION_WEB_UI=combustion
      - NORDVPN_COUNTRY=US
      - NORDVPN_CATEGORY=legacy_p2p
      - NORDVPN_PROTOCOL=udp
      - OPENVPN_USERNAME=$NORDUSERNAME
      - OPENVPN_PASSWORD=$NORDPASSWORD
      - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 600
      - WEBPROXY_ENABLED=true
      - WEBPROXY_PORT=8888
      - LOCAL_NETWORK=192.168.7.0/24
      - TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false
      - TRANSMISSION_DOWNLOAD_DIR=/downloads
      - TRANSMISSION_INCOMPLETE_DIR=/downloads
      - TRANSMISSION_RATIO_LIMIT=2
      - TRANSMISSION_IDLE_SEEDING_LIMIT=300
      - TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true
      - TRANSMISSION_RATIO_LIMIT_ENABLED=true
      - HEALTH_CHECK_HOST=github.com

[PeachesMLG]

Im getting the same errors, Havent modified anything on my side.

Im assuming this has been narrowed down to something on Nord's side? other vpn's are working fine?

[fredt152]

Same problem here - I also keep getting rate limited by Nord because im restarting my container too often to try fixes - just FYI if anyone starts getting "parse error invalid numeric literal" in logs

[robiXxu]

same here

[ilike2burnthing]

I'm now also affected, having tried plenty of servers in different countries. It's not just limited to this container, but also the OpenVPN client, NordVPN's own client, and as far as I can tell even their SOCKS5 proxies.

I'll contact support, and suggest everyone else does the same; the sooner they realise it's a widespread issue, the faster they'll do something about it.

[popeadam]

Go to https://support.nordvpn.com and chat via the bubble. Don't be fooled into them telling you it's your fault, to try different servers, change you password, or what have you. Paste the link to this thread and ask them to raise a case for their technicians to look into it

[abramter]

I contacted them and after sending them logs and even a screenshot of my stack, here is what I got back.

Nord Support:

It does seem, like your setup is proper.

That being said, from your connection log, I can see that you are receiving authentication failures. Authentication failures are caused if you are trying to connect more than 10 devices at once. We only offer 10 simultaneous connections at once. If you exceed this limit, the 11th connection attempt will fail. If the case above is not applicable, we recommend changing your password to lock out any possible unauthorized users from your account. You can change your password by following this link:

In that case, please proceed with the reset of your password and afterwards I would suggest waiting for up to 15 minutes for the sessions to clear. Since this is the only reason for this error to come up.

BTW: They didn't want to open this thread up as it is a security risk for them to open unknown sites.

[fredt152]

following the password reset email leads me to:

{"error":"page not found"}

🤷‍♂️

[Nitrousoxide]

following the password reset email leads me to:

{"error":"page not found"}

🤷‍♂️

same.

[Micsters]

It's not a User Limit issue.. So all out passwords got 'Hacked' at the same time? lol I have no issues logging into Nord via app on my desktop or phone. If it was a user limit issue, I would get same error message.

[mkjustuk]

Same here, definitely not user limits. No access on any app or device. Wake up Nord.

[erdemkose]

Hey guys, is it possible to test without modifying NordVPN's ovpn file? Looks like adding data-ciphers AES-256-CBC breaks the cipher negotiation.

I tried removing this line and it works: https://github.com/haugene/docker-transmission-openvpn/blob/deebad02f47c144ec6551ad5c9fedb3359fb35b1/openvpn/nordvpn/configure-openvpn.sh#L311

It will complain about the deprecated option, but at least it will work. I will let the team managing ovpn files know about the issue.

Alternatively (and maybe a better solution), you can try replacing cipher AES-256-CBC with cipher AES-256-GCM since the NordVPN uses AES-256-GCM in OpenVPN connections.

https://nordvpn.com/features/next-generation-encryption/

FYI, these are just my personal comments. They are not recommendations from the NordVPN team.

[ilike2burnthing]

Yea, I'm getting that as well for the password reset now.

From previous interactions with support, they won't open external links and won't open anything over than .txt and .jpeg files (I've sent them .log and .png files before and had to change them... 🙄). It's a sensible security policy that's being applied way too broadly.

---

I've gone through the chat support now, was largely useless, I would suggest people just email - support@nordvpn.com

I'll give a rough template below, feel free to use as much or as little of it as you want for your own correspondence. You'll have to send two emails if you want to complain/get compensation, as the techs don't handle complaints. I was told the subject for the complaint should just be Complaint.

Update: you may get a response from an AI (read: machine learning) bot. Just ignore any requests for troubleshooting information, answer any actual useful questions, and ask to speak to human.

---

Subject: Fault - AUTH: Received control message: AUTH_FAILED

Body: Hi, I and many others are currently unable to connect to NordVPN servers, receiving the error 'AUTH: Received control message: AUTH_FAILED'.

The issue is affecting multiple people, in multiple countries, on multiple platforms, using multiple clients (NordVPN client on Windows, OpenVPN client on Linux and Windows, even the SOCKS5 proxies), and for most if not all servers, all at once and all of a sudden over the last few days. For example - https://github.com/haugene/docker-transmission-openvpn/issues/2820

The issue would therefore seem to be on NordVPN's end, so with all due respect I will not be doing any pointless troubleshooting.

Please refer this onto your technicians so that they can resolve the issue.

Many thanks and I hope to receive a response soon.

---

Subject: Complaint

Body: Hi, I and many others are currently unable to connect to NordVPN servers, receiving the error 'AUTH: Received control message: AUTH_FAILED'.

The issue is affecting multiple people, in multiple countries, on multiple platforms, using multiple clients (NordVPN client on Windows, OpenVPN client on Linux and Windows, even the SOCKS5 proxies), and for most if not all servers, all at once and all of a sudden over the last few days. For example - https://github.com/haugene/docker-transmission-openvpn/issues/2820

I have asked that this issue be referred onto your technicians in a separate email. I am writing in this email to ask for compensation for the days of lost service, once the issue is resolved, as the issue would appear to be on NordVPN's end.

In simple terms, I am not receiving the service I have paid for, seemingly as a result of the service provider's fault.

Adding an equivalent number of days to my subscription, for those days lost, would seem appropriate.

Many thanks and I hope to receive a response soon.

[ilike2burnthing]

Ok password reset is back up, but my email bounced... back to the chat I go 🙄

Update: turns out it was my email domain (which makes no sense, but ok). Sending from a different email address worked fine.

[erdemkose]

@ilike2burnthing Could you try the method(s) in my comment?

https://github.com/haugene/docker-transmission-openvpn/issues/2820#issuecomment-2033226320

[ilike2burnthing]

I'll give it a shot, but I'm not particularly hopeful as the stock file isn't working in Windows OpenVPN client, nor is the NordVPN client or the browser extension.

The browser extension is actually returning:

Session limit reached Please wait 10 minutes and try connecting to VPN again. If you have 6 devices connected already: disconnect one of them, wait 10 minutes, and try connecting to VPN again.

[Nitrousoxide]

I reset my nordvpn password and gave it over 15 minutes to let any active connections time out. I confirmed it rest the service credential password and updated my compose file with the new one.

It still has an auth issue.

I have not tried the change erdemkose recommended.

[DiabloBajo]

Same issues here. Can't get the trans docker to work, nor my PC and cell phone. Neither on my Wi-Fi or cellular. I reset my password to no avail. I'm not seeing much online about this other than here, but it sure does suck.

[ciceroripi]

Same issue here, tried the alternatives above, didn't work

[pjfian]

Hey guys, is it possible to test without modifying NordVPN's ovpn file? Looks like adding data-ciphers AES-256-CBC breaks the cipher negotiation.

I tried removing this line and it works:

https://github.com/haugene/docker-transmission-openvpn/blob/deebad02f47c144ec6551ad5c9fedb3359fb35b1/openvpn/nordvpn/configure-openvpn.sh#L311

It will complain about the deprecated option, but at least it will work. I will let the team managing ovpn files know about the issue. ...

That did it, thanks.

[erdemkose]

The original issue is data channel cipher negotiation failed (no shared cipher). This can be resolved in two ways.

• Use cipher AES-256-GCM instead of cipher AES-256-CBC

  • 2821

• Stop overriding the default cipher list
  • Remove this line https://github.com/haugene/docker-transmission-openvpn/blob/deebad02f47c144ec6551ad5c9fedb3359fb35b1/openvpn/nordvpn/configure-openvpn.sh#L311

Reference

Data channel cipher negotiation

[pjs0216]

The original issue is data channel cipher negotiation failed (no shared cipher). This can be resolved in two ways.

• Use cipher AES-256-GCM instead of cipher AES-256-CBC

  • Use a supported cipher in nordvpn configuration #2821

• Stop overriding the default cipher list

  • Remove this line https://github.com/haugene/docker-transmission-openvpn/blob/deebad02f47c144ec6551ad5c9fedb3359fb35b1/openvpn/nordvpn/configure-openvpn.sh#L311

Reference

Data channel cipher negotiation

Could somebody tell me where configure-openvpn.sh would be located? I am running the container on a Synology NAS.