alzhao
December 18, 2023, 9:45am
7
Do you have further logs?
The log you posted does not show the reason openvpn is not connected. The “file not found” errors does not affect the connection.
What is the vpn service provider?
If you don’t mind you can send one ovpn for me to try. Maybe the server is not just not available.
danield
December 18, 2023, 2:02pm
8
Hi, this is NordVPN London. I’m away from the router at the moment but I’ll post later with more logs.
1 Like
danield
December 18, 2023, 8:09pm
9
Okay I have proper logs now
Mon Dec 18 20:01:05 2023 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Mon Dec 18 20:01:05 2023 daemon.warn ovpnclient[17797]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Mon Dec 18 20:01:05 2023 daemon.warn ovpnclient[17797]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Mon Dec 18 20:01:05 2023 daemon.warn ovpnclient[17797]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: NOTE: --fast-io is disabled since we are not using UDP
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP/UDP: Preserving recently used remote address: [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Attempting to establish TCP connection with [AF_INET]31.132.5.19:443 [nonblock]
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP connection established with [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP_CLIENT link local: (not bound)
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP_CLIENT link remote: [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TLS: Initial packet from [AF_INET]31.132.5.19:443, sid=05ed6b38 41eac427
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY KU OK
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Validating certificate extended key usage
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY EKU OK
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY X509NAME OK: CN=uk1904.nordvpn.com
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY OK: depth=0, CN=uk1904.nordvpn.com
Mon Dec 18 20:01:06 2023 daemon.notice ovpnclient[17797]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Mon Dec 18 20:01:06 2023 daemon.notice ovpnclient[17797]: [uk1904.nordvpn.com] Peer Connection Initiated with [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:07 2023 daemon.notice ovpnclient[17797]: SENT CONTROL [uk1904.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Mon Dec 18 20:01:07 2023 daemon.notice ovpnclient[17797]: AUTH: Received control message: AUTH_FAILED
Mon Dec 18 20:01:07 2023 daemon.notice ovpnclient[17797]: SIGTERM[soft,auth-failure] received, process exiting
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[2] (guest) cannot resolve device of network 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Option 'ovpnclient'.masq6 is unknown
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'ovpnclient' cannot resolve device of network 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'wan_in_conn_mark' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'lan_in_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'out_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'block_dns' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[2] (guest) has no device, network, subnet or extra options
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[3] (ovpnclient) has no device, network, subnet or extra options
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv4 filter table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv4 nat table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv4 mangle table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv4 raw table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv4 filter table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-DHCP-Renew'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-IGMP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-IPSec-ESP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-ISAKMP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'block_dns'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-DHCP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-DNS'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Forward 'ovpnclient' -> 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Forward 'lan' -> 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Forward 'guest' -> 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv4 nat table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv4 mangle table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'process_mark'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'wan_in_conn_mark'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'lan_in_conn_mark_restore'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'out_conn_mark_restore'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv4 raw table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): - Using automatic conntrack helper attachment
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): - Using automatic conntrack helper attachment
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv6 filter table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv6 nat table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Clearing IPv6 mangle table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv6 filter table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-DHCPv6'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-MLD'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-ICMPv6-Input'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-ICMPv6-Forward'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-IPSec-ESP'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-ISAKMP'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'block_dns'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-DHCP'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'Allow-DNS'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Forward 'ovpnclient' -> 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Forward 'lan' -> 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Forward 'guest' -> 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv6 nat table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_ovpnclient_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_ovpnclient_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Populating IPv6 mangle table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'process_mark'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'wan_in_conn_mark'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'lan_in_conn_mark_restore'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Rule 'out_conn_mark_restore'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'lan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'guest'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Zone 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Set tcp_ecn to off
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Set tcp_syncookies to on
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Set tcp_window_scaling to on
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Running script '/etc/firewall.nat6'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Running script '/var/etc/gls2s.include'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): ! Skipping due to path error: No such file or directory
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Running script '/usr/bin/gl_block.sh'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): * Running script '/etc/firewall.vpn_server_policy.sh'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Failed to parse json data: unexpected character
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): uci: Entry not found
Mon Dec 18 20:01:08 2023 user.notice root: openvpn process exit and try again 5 seconds later
Mon Dec 18 20:01:12 2023 daemon.notice netifd: Interface 'ovpnclient' is now down
Mon Dec 18 20:01:12 2023 user.notice mwan3[18407]: Execute ifdown event on interface ovpnclient (unknown)
Mon Dec 18 20:01:13 2023 user.notice firewall: Reloading firewall due to ifdown of ovpnclient ()
This is when connecting to uk1904.nordvpn.com.tcp
I have just tried this and it didn’t work. Thank you though.
Further suggestions welcomed thank you in advance!
admon
December 18, 2023, 8:20pm
10
Sounds like bad user/password/secret issue.
1 Like
danield
December 18, 2023, 8:33pm
11
It’s the same username and password used to get the nordvpn logins, on the router interface itself, so I don’t think it’s that.
admon
December 18, 2023, 8:38pm
12
I can only tell you what the error shows
And the error tells us that the authentication did not work.
@hansome Is there something odd with NordVPN and the GL.iNet config downloader?
danield
December 19, 2023, 12:52am
13
I’m also getting the same error when going back to my Draytek at home. And I’ve double and triple checked that password. It worked fine, but now it doesn’t and I can’t remember what has changed since then. Both show the same Auth issue but it isn’t that (as far as I can tell).
Nord VPN changed that back in the summer.
Off topic but they have a ‘reputation’ in the privacy ‘community’ (what isn’t a damn community these days?!). I won’t touch them:
NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked. The admission comes following
Est. reading time: 4 minutes
2 Likes
hansome
December 19, 2023, 7:51am
15
That could be a network or Nordvpn server load issue.
But reported as “AUTH_FAILED” not precisely.
Please try to stop connecting and reconnect after a while. @danield
1 Like
danield
December 19, 2023, 8:44am
16
It isn’t intermittent. This has persisted over the course of a month.
Understood, but Dropbox left their login form wide open in 2016 and yet I know people that run their businesses from there. Nowhere is safe really.
It isn’t an Auth issue because there is only one place to enter a username and password for nordvpn on the router. Plus as I mentioned above I get the same issue when connecting to my Draytek at home and I have triple checked the password. Plus, it all used to work fine but now doesn’t.
danield
December 19, 2023, 8:57am
17
In the interests of science I thought I’d reset the router and reproduce the issue. Here’s what I did:
Factory reset.
Set admin password.
Logged in, set up WiFi repeater mode and joined a WiFi network for Internet access.
Clicked VPN Dashboard, entered Nordvpn username and password, chose London from location, left it as UDP, then tried to connect to first London VPN endpoint.
No bueno, same error.
admon
December 19, 2023, 9:09am
18
Does the upstream WiFi blocks UDP OVPN maybe?
danield
December 19, 2023, 9:24am
19
No, it’s not that. I’ve just connected to the same WiFi upstream and configured my nordvpn app on my phone to use ovpn udp. Works fine.
hansome
December 19, 2023, 10:28am
20
danield:
uk1904.nordvpn.com.tcp
Is it the same server? Nord app can switch server automatically.
danield
December 19, 2023, 3:49pm
21
I’ve just checked this by manually connecting to a specific London server using OpenVPN TCP on my app, as follows:
and then configured the router to connect to that exact same server and protocol:
And I have the same problem:
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TCP connection established with [AF_INET]109.70.150.130:443
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TCP_CLIENT link local: (not bound)
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TCP_CLIENT link remote: [AF_INET]109.70.150.130:443
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TLS: Initial packet from [AF_INET]109.70.150.130:443, sid=ea1f8652 aad60ec0
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY KU OK
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: Validating certificate extended key usage
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY EKU OK
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY X509NAME OK: CN=uk2317.nordvpn.com
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY OK: depth=0, CN=uk2317.nordvpn.com
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: [uk2317.nordvpn.com] Peer Connection Initiated with [AF_INET]109.70.150.130:443
Tue Dec 19 15:46:09 2023 daemon.notice ovpnclient[9273]: SENT CONTROL [uk2317.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Tue Dec 19 15:46:09 2023 daemon.notice ovpnclient[9273]: AUTH: Received control message: AUTH_FAILED
Tue Dec 19 15:46:09 2023 daemon.notice ovpnclient[9273]: SIGTERM[soft,auth-failure] received, process exiting
Tue Dec 19 15:46:09 2023 daemon.notice netifd: ovpnclient (9471): Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
We can rule out the upstream Internet connection now. Also as I said previously I have had this problem for about a month: I have tried this on many Internet connections, hotel and commerical/fibre ethernet with nothing but DHCP, DNS and outbound NAT in the chain. It worked fine, then one day it stopped.
It’s not the Internet connection because I’ve tried several, it’s not the VPN provider because I’ve tried several. It’s the router.
Furthermore, I can establish a NordVPN connection on my phone when connected to the router’s access point.
So it’s not the upstream provider.
danield
December 19, 2023, 4:54pm
22
So it turns out this was the issue for the NordVPN connection. I used the instructions here Changes to the login process on third-party apps and routers | NordVPN support to get my service credentials and input these, instead of my main NordVPN login, and then I was able to connect. Thank you @bring.fringe18 .
I have downgraded firmware to 4.2.1 (via 4.2.3) to see if that would resolve the issue and it didn’t. I’m now upgrading back to 4.4.6 to see if that fixes the issue.
2 Likes
admon
December 19, 2023, 4:55pm
23
There’s a reason why nobody likes NordVPN - unless there are big discounts somewhere.
Next renewal, go with mullvad.net instead.
hansome
December 20, 2023, 7:35am
24
Oh, I forgot to mention that the username and password should be device-specific for Nord openvpn, not the one for your account.
quote:
I tried, and it connected successfully.
danield
December 20, 2023, 8:29am
25
I’ve put my router back to 4.4.6 and the NordVPN connection has stayed where it is - can I ask the staff at GL.iNet to put a hint in the interface to use the service credentials instead of the main login as it doesn’t present an error (unless you dig through the logs) and isn’t clear…
1 Like