Start Nordvpn from android app fails

manderss99 · July 2, 2022, 7:48am

starting from routers downloaded config files works but when I try the app it cannot connect.
using same nordvpn account and new slate ax.

from the connection log:
Sat Jul 2 09:46:14 2022 daemon.err ovpnclient[28937]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can’t ask for ‘Enter Auth Username:’. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

downloaded files contain auth-user-pass /etc/openvpn/profiles/2658/auth/username_password.txt

file ovpnclient in /var/ovpnclient which i think is the uploaded conf contains only auth-user-pass

alzhao · July 5, 2022, 9:47am

Did you try this via ssh?

The ovpn should contain one line daemon because it is runs in the backgroud.

manderss99 · July 5, 2022, 10:51am

I downloaded the nordvpn config files in the web interface and connected via the web interface, it works as expected. I have not tried to start from ssh, not sure how to do that.

If I use the glinet app and try to connect to nordvpn it does not work, below is connection log:

"Tue Jul  5 12:46:20 2022 daemon.notice ovpnclient[6948]: Exiting due to fatal error\nTue Jul  5 12:46:20 2022 daemon.notice netifd: ovpnclient (6951): sh: can't kill pid 26058: No such process\nTue Jul  5 12:46:20 2022 daemon.notice netifd: ovpnclient (6951): Cannot find device \"ovpnclient\"\nTue Jul  5 12:46:20 2022 daemon.notice netifd: Interface 'ovpnclient' is now down\nTue Jul  5 12:46:20 2022 daemon.notice netifd: Interface 'ovpnclient' is setting up now\nTue Jul  5 12:46:20 2022 daemon.warn ovpnclient[6999]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.\nTue Jul  5 12:46:20 2022 daemon.notice ovpnclient[6999]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nTue Jul  5 12:46:20 2022 daemon.notice ovpnclient[6999]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10\nTue Jul  5 12:46:20 2022 daemon.err ovpnclient[6999]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.\nTue Jul  5 12:46:20 2022 daemon.notice ovpnclient[6999]: Exiting due to fatal error\nTue Jul  5 12:46:20 2022 daemon.notice netifd: ovpnclient (7000): sh: can't kill pid 26058: No such process\nTue Jul  5 12:46:20 2022 daemon.notice netifd: ovpnclient (7000): Cannot find device \"ovpnclient\"\nTue Jul  5 12:46:20 2022 daemon.notice netifd: Interface 'ovpnclient' is now down\nTue Jul  5 12:46:20 2022 daemon.notice netifd: Interface 'ovpnclient' is setting up now\nTue Jul  5 12:46:20 2022 daemon.warn ovpnclient[7042]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.\nTue Jul  5 12:46:20 2022 daemon.notice ovpnclient[7042]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nTue Jul  5 12:46:20 2022 daemon.notice ovpnclient[7042]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10\nTue Jul  5 12:46:20 2022 daemon.err ovpnclient[7042]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.\nTue Jul  5 12:46:20 2022 daemon.notice ovpnclient[7042]: Exiting due to fatal error\nTue Jul  5 12:46:20 2022 daemon.notice netifd: ovpnclient (7043): sh: can't kill pid 26058: No such process\n"

manderss99 · July 5, 2022, 10:55am

Leo · July 5, 2022, 11:44am

I test the gl-axt1800 with firmware 4.0.0 release3, Compile Time: 2022-06-28 7:21:42(UTC+08:00), with android app 1.2.01, the NordVPN worked.

Did you use the NordVPN service credential to connect to their OpenVPN? The service credential is two long random strings.
What is the Compile Time of your firmware?
What is the version of your app?

manderss99 · July 5, 2022, 5:37pm

gl-inet app versionn 1.2.01
I am using my regular nordvpn login credentials, email and password
in upgrade it says firmware is up to date, release3
compile time 2022-06-03 18:19:56(UTC+08:00)

Leo · July 5, 2022, 11:09pm

NordVPN change the way to connect their OpenVPN. It need to use their service credentials.

You can find the service credentials here.
nordvpn service credentials

https://docs.gl-inet.com/en/4/tutorials/openvpn_client/#setup-nordvpn

I will update the app to make it clear.

manderss99 · July 6, 2022, 2:16am

Thanks, however I still cant connect. see attached log.

connection log.zip (897 Bytes)

Leo · July 6, 2022, 2:46am

Could you please PM me a screenrecorder of your process or send email to leo.lin@gl-inet.com, from the log it seems authentication issue.

manderss99 · July 6, 2022, 3:08am

I have sent pm to you

manderss99 · July 6, 2022, 4:48am

After upgrading to firmware 2022-06-28 7:21:42(UTC+08:00) and clearing data on app I can successfully connect.

Thanks

Leo · July 6, 2022, 4:52am

Sorry for the inconvenience and thanks for your patient.
The firmware team will put the new beta firmware to download site soon.

manderss99 · July 20, 2022, 6:26am

tried again today, cannot connect to nordvpn via app.
firmware 4.0.1 beta 2

"Wed Jul 20 08:25:13 2022 daemon.err ovpnclient[13399]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13399]: Exiting due to fatal error\nWed Jul 20 08:25:13 2022 daemon.notice netifd: ovpnclient (13400): sh: can't kill pid 12563: No such process\nWed Jul 20 08:25:13 2022 daemon.notice netifd: ovpnclient (13400): Cannot find device \"ovpnclient\"\nWed Jul 20 08:25:13 2022 daemon.notice netifd: Interface 'ovpnclient' is now down\nWed Jul 20 08:25:13 2022 daemon.notice netifd: Interface 'ovpnclient' is setting up now\nWed Jul 20 08:25:13 2022 daemon.warn ovpnclient[13427]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13427]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13427]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10\nWed Jul 20 08:25:13 2022 daemon.err ovpnclient[13427]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13427]: Exiting due to fatal error\nWed Jul 20 08:25:13 2022 daemon.notice netifd: ovpnclient (13431): sh: can't kill pid 12563: No such process\nWed Jul 20 08:25:13 2022 daemon.notice netifd: ovpnclient (13431): Cannot find device \"ovpnclient\"\nWed Jul 20 08:25:13 2022 daemon.notice netifd: Interface 'ovpnclient' is now down\nWed Jul 20 08:25:13 2022 daemon.notice netifd: Interface 'ovpnclient' is setting up now\nWed Jul 20 08:25:13 2022 daemon.warn ovpnclient[13464]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13464]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13464]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10\nWed Jul 20 08:25:13 2022 daemon.err ovpnclient[13464]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.\nWed Jul 20 08:25:13 2022 daemon.notice ovpnclient[13464]: Exiting due to fatal error\n"

Leo · July 20, 2022, 7:00am

Thanks for your feedback. I’ve asked a colleague to check your log.

hilll · July 20, 2022, 7:03am

cloud try connect to nordvpn, in the router web UI operate? parse from the log, it enter the username auth error. you can try operate in the web UI operate.

manderss99 · July 20, 2022, 7:19am

it works fine from webui, it is just the app that does not work
same account, same credentials,
webui log:

"Wed Jul 20 09:17:13 2022 daemon.info avahi-daemon[3889]: Registering new address record for 10.8.0.5 on ovpnclient.IPv4.\nWed Jul 20 09:17:13 2022 user.notice ovpnclient-up: env value:route_vpn_gateway=10.8.0.1 daemon_log_redirect=0 script_type=up proto_1=udp daemon=0 SHLVL=1 foreign_option_1=dhcp-option DNS 103.86.96.100 dev_type=tun foreign_option_2=dhcp-option DNS 103.86.99.100 remote_1=185.247.71.35 dev=ovpnclient X509_0_CN=se533.nordvpn.com remote_port_1=1194 X509_1_CN=NordVPN CA7 X509_1_C=PA X509_2_CN=NordVPN Root CA X509_2_C=PA ifconfig_netmask=255.255.255.0 tls_digest_sha256_0=3f:72:8a:3c:0e:31:db:af:8e:92:3c:51:42:73:62:01:6d:9f:fb:f4:b8:f7:46:02:42:01:22:76:16:56:e4:e4 daemon_start_time=1658301430 script_context=init ifconfig_local=10.8.0.5 common_name=se533.nordvpn.com tls_digest_sha256_1=30:af:37:6e:21:d3:d4:87:bb:2e:0b:e4:5d:e9:bf:d8:32:3d:ec:3b:d1:cc:9d:64:52:95:d2:5e:29:34:45:83 tls_digest_sha256_2=8b:5a:49:5d:b4:98:a6:c2:c8:ca:7a:f6:ae:4a:5c:df:65:e6:89:d0:6c:be:cc:b0:24:53:c9:1c:31:91:e2:ff verb=3 link_mtu=1585 trusted_ip=185.247.71.35 tls_serial_hex_0=41:76:59:5b:15:d4:dc:33:54:5a:9f:0f:ac:2d:1a:ab:f9:5b:b6:ff X509_1_O=NordVPN\nWed Jul 20 09:17:17 2022 daemon.notice netifd: ovpnclient (12897): udhcpc: started, v1.33.2\nWed Jul 20 09:17:17 2022 daemon.notice netifd: ovpnclient (12897): udhcpc: sending discover\nWed Jul 20 09:17:20 2022 daemon.notice netifd: ovpnclient (12897): udhcpc: no lease, failing\nWed Jul 20 09:17:20 2022 daemon.notice netifd: ovpnclient (12897): udhcpc: started, v1.33.2\nWed Jul 20 09:17:20 2022 daemon.notice netifd: ovpnclient (12897): udhcpc: sending discover\nWed Jul 20 09:17:23 2022 daemon.notice netifd: ovpnclient (12897): udhcpc: no lease, failing\nWed Jul 20 09:17:24 2022 daemon.info avahi-daemon[3889]: Interface ovpnclient.IPv4 no longer relevant for mDNS.\nWed Jul 20 09:17:24 2022 daemon.info avahi-daemon[3889]: Leaving mDNS multicast group on interface ovpnclient.IPv4 with address 10.8.0.5.\nWed Jul 20 09:17:24 2022 daemon.info avahi-daemon[3889]: Withdrawing address record for 10.8.0.5 on ovpnclient.\nWed Jul 20 09:17:24 2022 daemon.info avahi-daemon[3889]: Joining mDNS multicast group on interface ovpnclient.IPv4 with address 10.8.0.5.\nWed Jul 20 09:17:24 2022 daemon.info avahi-daemon[3889]: New relevant interface ovpnclient.IPv4 for mDNS.\nWed Jul 20 09:17:24 2022 daemon.info avahi-daemon[3889]: Registering new address record for 10.8.0.5 on ovpnclient.IPv4.\nWed Jul 20 09:17:24 2022 daemon.notice netifd: Interface 'ovpnclient' is now up\nWed Jul 20 09:17:24 2022 daemon.notice netifd: Network device 'ovpnclient' link is up\nWed Jul 20 09:17:24 2022 kern.info kernel: [116115.124806] IPv6: ADDRCONF(NETDEV_UP): ovpnclient: link is not ready\nWed Jul 20 09:17:24 2022 user.notice firewall: Reloading firewall due to ifup of ovpnclient (ovpnclient)\nWed Jul 20 09:17:27 2022 daemon.warn ovpnclient[12897]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this\nWed Jul 20 09:17:27 2022 daemon.notice ovpnclient[12897]: Initialization Sequence Completed\n"

Leo · July 20, 2022, 12:15pm

I may know the cause of this problem. If you only use NordVPN in the app, you won’t have a problem. If you also send .ovpn to the router to connect without a username password or other .ovpn that requires a username password, it can cause problems.
We will fix this bug as soon as possible.