OpenVPN client has stopped working

Technical Support for Routers
7

Do you have further logs?

The log you posted does not show the reason openvpn is not connected. The “file not found” errors does not affect the connection.

What is the vpn service provider?
If you don’t mind you can send one ovpn for me to try. Maybe the server is not just not available.

8

Hi, this is NordVPN London. I’m away from the router at the moment but I’ll post later with more logs.

1 Like
9

Okay I have proper logs now

Mon Dec 18 20:01:05 2023 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Mon Dec 18 20:01:05 2023 daemon.warn ovpnclient[17797]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Mon Dec 18 20:01:05 2023 daemon.warn ovpnclient[17797]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Mon Dec 18 20:01:05 2023 daemon.warn ovpnclient[17797]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: NOTE: --fast-io is disabled since we are not using UDP
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP/UDP: Preserving recently used remote address: [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Attempting to establish TCP connection with [AF_INET]31.132.5.19:443 [nonblock]
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP connection established with [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP_CLIENT link local: (not bound)
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TCP_CLIENT link remote: [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: TLS: Initial packet from [AF_INET]31.132.5.19:443, sid=05ed6b38 41eac427
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY KU OK
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: Validating certificate extended key usage
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY EKU OK
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY X509NAME OK: CN=uk1904.nordvpn.com
Mon Dec 18 20:01:05 2023 daemon.notice ovpnclient[17797]: VERIFY OK: depth=0, CN=uk1904.nordvpn.com
Mon Dec 18 20:01:06 2023 daemon.notice ovpnclient[17797]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Mon Dec 18 20:01:06 2023 daemon.notice ovpnclient[17797]: [uk1904.nordvpn.com] Peer Connection Initiated with [AF_INET]31.132.5.19:443
Mon Dec 18 20:01:07 2023 daemon.notice ovpnclient[17797]: SENT CONTROL [uk1904.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Mon Dec 18 20:01:07 2023 daemon.notice ovpnclient[17797]: AUTH: Received control message: AUTH_FAILED
Mon Dec 18 20:01:07 2023 daemon.notice ovpnclient[17797]: SIGTERM[soft,auth-failure] received, process exiting
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[2] (guest) cannot resolve device of network 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Option 'ovpnclient'.masq6 is unknown
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'ovpnclient' cannot resolve device of network 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'wan_in_conn_mark' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'lan_in_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'out_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section 'block_dns' does not specify a protocol, assuming TCP+UDP
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[2] (guest) has no device, network, subnet or extra options
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115): Warning: Section @zone[3] (ovpnclient) has no device, network, subnet or extra options
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv4 filter table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv4 nat table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv4 mangle table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv4 raw table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv4 filter table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-DHCP-Renew'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-IGMP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-IPSec-ESP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-ISAKMP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'block_dns'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-DHCP'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-DNS'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Forward 'ovpnclient' -> 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Forward 'lan' -> 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Forward 'guest' -> 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv4 nat table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv4 mangle table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'process_mark'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'wan_in_conn_mark'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'lan_in_conn_mark_restore'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'out_conn_mark_restore'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv4 raw table
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):      - Using automatic conntrack helper attachment
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):      - Using automatic conntrack helper attachment
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:07 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv6 filter table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv6 nat table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Clearing IPv6 mangle table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv6 filter table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-DHCPv6'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-MLD'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-ICMPv6-Input'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-ICMPv6-Forward'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-IPSec-ESP'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-ISAKMP'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'block_dns'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-DHCP'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'Allow-DNS'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Forward 'ovpnclient' -> 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Forward 'lan' -> 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Forward 'guest' -> 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv6 nat table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_ovpnclient_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_ovpnclient_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Populating IPv6 mangle table
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'process_mark'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'wan_in_conn_mark'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'lan_in_conn_mark_restore'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Rule 'out_conn_mark_restore'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'lan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'wan'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'guest'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    * Zone 'ovpnclient'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Set tcp_ecn to off
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Set tcp_syncookies to on
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Set tcp_window_scaling to on
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Running script '/etc/firewall.nat6'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Running script '/var/etc/gls2s.include'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):    ! Skipping due to path error: No such file or directory
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Running script '/usr/bin/gl_block.sh'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115):  * Running script '/etc/firewall.vpn_server_policy.sh'
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): Failed to parse json data: unexpected character
Mon Dec 18 20:01:08 2023 daemon.notice netifd: ovpnclient (18115): uci: Entry not found
Mon Dec 18 20:01:08 2023 user.notice root: openvpn process exit and try again 5 seconds later
Mon Dec 18 20:01:12 2023 daemon.notice netifd: Interface 'ovpnclient' is now down
Mon Dec 18 20:01:12 2023 user.notice mwan3[18407]: Execute ifdown event on interface ovpnclient (unknown)
Mon Dec 18 20:01:13 2023 user.notice firewall: Reloading firewall due to ifdown of ovpnclient ()

This is when connecting to uk1904.nordvpn.com.tcp

I have just tried this and it didn’t work. Thank you though.

Further suggestions welcomed :slight_smile: thank you in advance!

10

Sounds like bad user/password/secret issue.

1 Like
11

It’s the same username and password used to get the nordvpn logins, on the router interface itself, so I don’t think it’s that.

12

I can only tell you what the error shows :smile:
And the error tells us that the authentication did not work.

@hansome Is there something odd with NordVPN and the GL.iNet config downloader?

13

I’m also getting the same error when going back to my Draytek at home. And I’ve double and triple checked that password. It worked fine, but now it doesn’t and I can’t remember what has changed since then. Both show the same Auth issue but it isn’t that (as far as I can tell).

14

Nord VPN changed that back in the summer.

Off topic but they have a ‘reputation’ in the privacy ‘community’ (what isn’t a damn community these days?!). I won’t touch them:

2 Likes
15

That could be a network or Nordvpn server load issue.
But reported as “AUTH_FAILED” not precisely.
Please try to stop connecting and reconnect after a while. @danield

1 Like
16

It isn’t intermittent. This has persisted over the course of a month.

Understood, but Dropbox left their login form wide open in 2016 and yet I know people that run their businesses from there. Nowhere is safe really.

It isn’t an Auth issue because there is only one place to enter a username and password for nordvpn on the router. Plus as I mentioned above I get the same issue when connecting to my Draytek at home and I have triple checked the password. Plus, it all used to work fine but now doesn’t.

17

In the interests of science I thought I’d reset the router and reproduce the issue. Here’s what I did:

  1. Factory reset.
  2. Set admin password.
  3. Logged in, set up WiFi repeater mode and joined a WiFi network for Internet access.
  4. Clicked VPN Dashboard, entered Nordvpn username and password, chose London from location, left it as UDP, then tried to connect to first London VPN endpoint.

No bueno, same error.

18

Does the upstream WiFi blocks UDP OVPN maybe?

19

No, it’s not that. I’ve just connected to the same WiFi upstream and configured my nordvpn app on my phone to use ovpn udp. Works fine.

Screenshot_20231219_092303_NordVPN
Screenshot_20231219_092303_NordVPN1080×619 82.1 KB

20

Is it the same server? Nord app can switch server automatically. :joy:

21

I’ve just checked this by manually connecting to a specific London server using OpenVPN TCP on my app, as follows:

photo_2023-12-19_15-45-21
photo_2023-12-19_15-45-21829×1280 61.3 KB

and then configured the router to connect to that exact same server and protocol:

image
image1272×509 23.2 KB

And I have the same problem:

Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TCP connection established with [AF_INET]109.70.150.130:443
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TCP_CLIENT link local: (not bound)
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TCP_CLIENT link remote: [AF_INET]109.70.150.130:443
Tue Dec 19 15:46:07 2023 daemon.notice ovpnclient[9273]: TLS: Initial packet from [AF_INET]109.70.150.130:443, sid=ea1f8652 aad60ec0
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY KU OK
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: Validating certificate extended key usage
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY EKU OK
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY X509NAME OK: CN=uk2317.nordvpn.com
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: VERIFY OK: depth=0, CN=uk2317.nordvpn.com
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Tue Dec 19 15:46:08 2023 daemon.notice ovpnclient[9273]: [uk2317.nordvpn.com] Peer Connection Initiated with [AF_INET]109.70.150.130:443
Tue Dec 19 15:46:09 2023 daemon.notice ovpnclient[9273]: SENT CONTROL [uk2317.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Tue Dec 19 15:46:09 2023 daemon.notice ovpnclient[9273]: AUTH: Received control message: AUTH_FAILED
Tue Dec 19 15:46:09 2023 daemon.notice ovpnclient[9273]: SIGTERM[soft,auth-failure] received, process exiting
Tue Dec 19 15:46:09 2023 daemon.notice netifd: ovpnclient (9471): Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling

We can rule out the upstream Internet connection now. Also as I said previously I have had this problem for about a month: I have tried this on many Internet connections, hotel and commerical/fibre ethernet with nothing but DHCP, DNS and outbound NAT in the chain. It worked fine, then one day it stopped.

It’s not the Internet connection because I’ve tried several, it’s not the VPN provider because I’ve tried several. It’s the router.

Furthermore, I can establish a NordVPN connection on my phone when connected to the router’s access point.

So it’s not the upstream provider.

22

So it turns out this was the issue for the NordVPN connection. I used the instructions here Changes to the login process on third-party apps and routers | NordVPN support to get my service credentials and input these, instead of my main NordVPN login, and then I was able to connect. Thank you @bring.fringe18.

I have downgraded firmware to 4.2.1 (via 4.2.3) to see if that would resolve the issue and it didn’t. I’m now upgrading back to 4.4.6 to see if that fixes the issue.

2 Likes
23

There’s a reason why nobody likes NordVPN - unless there are big discounts somewhere.
Next renewal, go with mullvad.net instead. :wink:

24

Oh, I forgot to mention that the username and password should be device-specific for Nord openvpn, not the one for your account.

quote:

I tried, and it connected successfully.

image
image898×459 31.3 KB

25

I’ve put my router back to 4.4.6 and the NordVPN connection has stayed where it is - can I ask the staff at GL.iNet to put a hint in the interface to use the service credentials instead of the main login as it doesn’t present an error (unless you dig through the logs) and isn’t clear…

1 Like
26

FTFY.