Spitz AX unable to connect to nordvpn openvpn

uppppppp · September 28, 2023, 7:23pm

I have the spitz ax with latest firmware.
I login to my nord account and choose servers to add
I have the list of servers UDP and try to connect but nothing at all

it is stuck on “The client is starting, please wait…”

logs:
“Thu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.19.217.36:1194\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: Socket Buffers: R=[212992->212992] S=[212992->212992]\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: UDP link local: (not bound)\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: UDP link remote: [AF_INET]37.19.217.36:1194\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: TLS: Initial packet from [AF_INET]37.19.217.36:1194, sid=2aaa1878 c3d6fe3c\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: VERIFY KU OK\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: Validating certificate extended key usage\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: VERIFY EKU OK\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: VERIFY X509NAME OK: CN=fr838.nordvpn.com\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: VERIFY OK: depth=0, CN=fr838.nordvpn.com\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512\nThu Sep 28 21:22:46 2023 daemon.notice ovpnclient[32041]: [fr838.nordvpn.com] Peer Connection Initiated with [AF_INET]37.19.217.36:1194\nThu Sep 28 21:22:47 2023 daemon.notice ovpnclient[32041]: SENT CONTROL [fr838.nordvpn.com]: ‘PUSH_REQUEST’ (status=1)\nThu Sep 28 21:22:52 2023 daemon.notice ovpnclient[32041]: SENT CONTROL [fr838.nordvpn.com]: ‘PUSH_REQUEST’ (status=1)\nThu Sep 28 21:22:52 2023 daemon.notice ovpnclient[32041]: AUTH: Received control message: AUTH_FAILED\nThu Sep 28 21:22:52 2023 daemon.notice ovpnclient[32041]: SIGTERM[soft,auth-failure] received, process exiting\nThu Sep 28 21:22:52 2023 daemon.notice netifd: ovpnclient (32480): cat: can’t open ‘/tmp/run/ovpn_resolved_ip’: No such file or directory\n”

wcs2228 · September 29, 2023, 2:01am

Make sure you are using the NordVPN Service Credentials, not the standard Username/Password.

I do not work for and I am not directly associated with GL.iNet

alzhao · September 29, 2023, 6:34am

Check out the slution here

uppppppp · September 29, 2023, 7:55am

thank you
now I can connect but it still does not work.

“Fri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Set tcp_ecn to off\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Set tcp_syncookies to on\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Set tcp_window_scaling to on\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Running script ‘/etc/firewall.nat6’\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Running script ‘/etc/firewall.swap_wan_in_conn_mark.sh’\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Running script ‘/etc/firewall.vpn_server_policy.sh’\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Running script ‘/var/etc/gls2s.include’\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): ! Skipping due to path error: No such file or directory\nFri Sep 29 09:51:55 2023 daemon.notice netifd: ovpnclient (5495): * Running script ‘/usr/bin/gl_block.sh’\nFri Sep 29 09:51:55 2023 user.notice mwan3[6244]: Execute ifup event on interface ovpnclient (ovpnclient)\nFri Sep 29 09:51:55 2023 user.notice mwan3[6244]: Starting tracker on interface ovpnclient (ovpnclient)\nFri Sep 29 09:51:55 2023 daemon.err ovpnclient[5495]: write UDP: Operation not permitted (code=1)\nFri Sep 29 09:51:56 2023 daemon.err ovpnclient[5495]: write UDP: Operation not permitted (code=1)\nFri Sep 29 09:51:56 2023 daemon.err ovpnclient[5495]: write UDP: Operation not permitted (code=1)\nFri Sep 29 09:51:56 2023 daemon.err ovpnclient[5495]: write UDP: Operation not permitted (code=1)\nFri Sep 29 09:51:57 2023 daemon.warn ovpnclient[5495]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this\nFri Sep 29 09:51:57 2023 daemon.notice ovpnclient[5495]: Initialization Sequence Completed\nFri Sep 29 09:51:57 2023 daemon.err ovpnclient[5495]: write UDP: Operation not permitted (code=1)\nFri Sep 29 09:51:57 2023 daemon.err ovpnclient[5495]: write UDP: Operation not permitted (code=1)\nFri Sep 29 09:51:58 2023 user.notice firewall: Reloading firewall due to ifup of ovpnclient (ovpnclient)\n”

alzhao · September 29, 2023, 10:18am

Don’t know why. Can you use TCP?

uppppppp · September 29, 2023, 10:35am

TCP is connecting and disconnecting all the time (green light then orange)

“Fri Sep 29 12:33:35 2023 daemon.notice netifd: Interface ‘ovpnclient’ has lost the connection\nFri Sep 29 12:33:35 2023 user.notice mwan3[8555]: Execute ifdown event on interface ovpnclient (unknown)\nFri Sep 29 12:33:35 2023 daemon.notice ovpnclient[1172]: SIGHUP[soft,connection-reset] received, process restarting\nFri Sep 29 12:33:35 2023 daemon.warn ovpnclient[1172]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.\nFri Sep 29 12:33:35 2023 daemon.notice ovpnclient[1172]: OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nFri Sep 29 12:33:35 2023 daemon.notice ovpnclient[1172]: library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10\nFri Sep 29 12:33:35 2023 daemon.notice ovpnclient[1172]: Restart pause, 2 second(s)\nFri Sep 29 12:33:36 2023 user.notice firewall: Reloading firewall due to ifdown of ovpnclient ()\nFri Sep 29 12:33:37 2023 daemon.warn ovpnclient[1172]: WARNING: --ping should normally be used with --ping-restart or --ping-exit\nFri Sep 29 12:33:37 2023 daemon.warn ovpnclient[1172]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: NOTE: --fast-io is disabled since we are not using UDP\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: Outgoing Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: Incoming Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.152.181.147:443\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: Socket Buffers: R=[131072->131072] S=[16384->16384]\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: Attempting to establish TCP connection with [AF_INET]45.152.181.147:443 [nonblock]\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: TCP connection established with [AF_INET]45.152.181.147:443\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: TCP_CLIENT link local: (not bound)\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: TCP_CLIENT link remote: [AF_INET]45.152.181.147:443\nFri Sep 29 12:33:37 2023 daemon.notice ovpnclient[1172]: TLS: Initial packet from [AF_INET]45.152.181.147:443, sid=1aec3c33 2eb6d0ce\n”