OpenVPN Client not connecting to NordVPN

Discussions for BiPAC 8900 series: 8900AX-1600, 8900AX-2400, 8900X
scobie
Posts: 16
Joined: Thu May 13, 2021 12:13 am

OpenVPN Client not connecting to NordVPN

Post by scobie » Fri May 14, 2021 1:14 am

Hi everyone.

Attempting to setup OpenVPN client on my 8900AX2400 but not having any luck. Running fw 2.52.d48.

I have followed the instructions outlined in the "BiPAC 8900AX-2400 OpenVPN Client with NordVPN Server" pdf included in this forum, and everything installs ok however the client will not connect. I have tried 3 different VPN servers with the same result

The UDP log shows TLS errors:

May 14 09:53:34 daemon notice openvpn[2829]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:34 daemon notice openvpn[2829]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:34 daemon notice openvpn[2829]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:34 daemon warn openvpn[2829]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:53:37 daemon err openvpn[2829]: event_wait : Interrupted system call (code=4)
May 14 09:53:37 daemon notice openvpn[2829]: SIGTERM[hard,] received, process exiting
May 14 09:53:37 daemon notice openvpn[2870]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:37 daemon notice openvpn[2870]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:37 daemon notice openvpn[2870]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:37 daemon warn openvpn[2870]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS key negotiation failed to occur within 40 seconds (check your network connectivity)
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS handshake failed
May 14 09:54:17 daemon notice openvpn[2870]: SIGTERM[soft,tls-error] received, process exiting



So I tried TCP, which gets a little further but still fails:
May 14 10:00:17 daemon notice openvpn[4824]: Attempting to establish TCP connection with [AF_INET]<nord server address>:443 [nonblock]
May 14 10:00:18 daemon notice openvpn[4824]: TCP connection established with [AF_INET]<nord server address>:443
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link local (bound): [AF_INET]<my external IP>:1194
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link remote: [AF_INET]<nord server address>:443
May 14 10:00:18 daemon warn openvpn[4824]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 10:00:19 daemon err openvpn[4824]: Connection reset, restarting [0]
May 14 10:00:19 daemon notice openvpn[4824]: SIGTERM[soft,connection-reset] received, process exiting



I imagine the TLS error is firewall related?

The only real port config I have on my router is some port forwarding to systems on my internal network. Do I need to configure anything around port 1194, and if so what needs to be done?

At some point I also tried setting the DNS to 8.8.8.8 a per another thread but it made no difference.

Thanks in advance.

Scobie.

billion_fan
Posts: 5266
Joined: Tue Jul 19, 2011 4:30 pm

Re: OpenVPN Client not connecting to NordVPN

Post by billion_fan » Fri May 14, 2021 9:28 am

scobie wrote:
Fri May 14, 2021 1:14 am
Hi everyone.

Attempting to setup OpenVPN client on my 8900AX2400 but not having any luck. Running fw 2.52.d48.

I have followed the instructions outlined in the "BiPAC 8900AX-2400 OpenVPN Client with NordVPN Server" pdf included in this forum, and everything installs ok however the client will not connect. I have tried 3 different VPN servers with the same result

The UDP log shows TLS errors:

May 14 09:53:34 daemon notice openvpn[2829]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:34 daemon notice openvpn[2829]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:34 daemon notice openvpn[2829]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:34 daemon warn openvpn[2829]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:53:37 daemon err openvpn[2829]: event_wait : Interrupted system call (code=4)
May 14 09:53:37 daemon notice openvpn[2829]: SIGTERM[hard,] received, process exiting
May 14 09:53:37 daemon notice openvpn[2870]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:37 daemon notice openvpn[2870]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:37 daemon notice openvpn[2870]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:37 daemon warn openvpn[2870]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS key negotiation failed to occur within 40 seconds (check your network connectivity)
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS handshake failed
May 14 09:54:17 daemon notice openvpn[2870]: SIGTERM[soft,tls-error] received, process exiting



So I tried TCP, which gets a little further but still fails:
May 14 10:00:17 daemon notice openvpn[4824]: Attempting to establish TCP connection with [AF_INET]<nord server address>:443 [nonblock]
May 14 10:00:18 daemon notice openvpn[4824]: TCP connection established with [AF_INET]<nord server address>:443
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link local (bound): [AF_INET]<my external IP>:1194
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link remote: [AF_INET]<nord server address>:443
May 14 10:00:18 daemon warn openvpn[4824]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 10:00:19 daemon err openvpn[4824]: Connection reset, restarting [0]
May 14 10:00:19 daemon notice openvpn[4824]: SIGTERM[soft,connection-reset] received, process exiting



I imagine the TLS error is firewall related?

The only real port config I have on my router is some port forwarding to systems on my internal network. Do I need to configure anything around port 1194, and if so what needs to be done?

At some point I also tried setting the DNS to 8.8.8.8 a per another thread but it made no difference.

Thanks in advance.

Scobie.
Have you tried using a simple password for Nord VPN, without any special characters (just want to confirm if the router is rejecting some special characters)

scobie
Posts: 16
Joined: Thu May 13, 2021 12:13 am

Re: OpenVPN Client not connecting to NordVPN

Post by scobie » Fri May 14, 2021 10:58 am

Have you tried using a simple password for Nord VPN, without any special characters (just want to confirm if the router is rejecting some special characters)
Thanks Billion_Fan but the authentication parameters are supplied by NordVPN (they call them "Service Credentials"), I don't have control of username or password.

Having said that neither username nor password has anything other than upper and lower case and numerals, no non alphanumeric so they should be fine.

Cheers

Scobie

scobie
Posts: 16
Joined: Thu May 13, 2021 12:13 am

Re: OpenVPN Client not connecting to NordVPN

Post by scobie » Fri May 14, 2021 11:04 am

Billion _Fan I also just saw your reply to my other thread re TCP only for NordVPN.
http://www.forum.billion.uk.com/viewtop ... c&start=10

Given this is still the case so I don't think this setup is a good fit for me, TCP - even if I get it working - would be way too slow.

Is there a recommended VPN provider for Billion that supports OpenVPN over UPN?

Thanks

Scobie

billion_fan
Posts: 5266
Joined: Tue Jul 19, 2011 4:30 pm

Re: OpenVPN Client not connecting to NordVPN

Post by billion_fan » Fri May 14, 2021 11:12 am

scobie wrote:
Fri May 14, 2021 11:04 am
Billion _Fan I also just saw your reply to my other thread re TCP only for NordVPN.
http://www.forum.billion.uk.com/viewtop ... c&start=10

Given this is still the case so I don't think this setup is a good fit for me, TCP - even if I get it working - would be way too slow.

Is there a recommended VPN provider for Billion that supports OpenVPN over UPN?

Thanks

Scobie
I'm not sure, as some other VPN providers don't seem to work, with our Open VPN client.

scobie
Posts: 16
Joined: Thu May 13, 2021 12:13 am

Re: OpenVPN Client not connecting to NordVPN

Post by scobie » Fri May 14, 2021 11:20 am

Ok, so what would be a good VPN Client / Provider combination for the Billion 8900?

billion_fan
Posts: 5266
Joined: Tue Jul 19, 2011 4:30 pm

Re: OpenVPN Client not connecting to NordVPN

Post by billion_fan » Fri May 14, 2021 11:37 am

scobie wrote:
Fri May 14, 2021 11:20 am
Ok, so what would be a good VPN Client / Provider combination for the Billion 8900?
We only officially support Nord VPN (on our built VPN client) others have tried other providers but they fail to work.

You can install which ever client you want on your PC or devices, this will give you the best speeds.

scobie
Posts: 16
Joined: Thu May 13, 2021 12:13 am

Re: OpenVPN Client not connecting to NordVPN

Post by scobie » Fri May 14, 2021 11:45 am

We only officially support Nord VPN with use with our Open VPN. (on our built VPN client)
Ok so just to be clear...

The only provider supported over OpenVPN for the Billion VPN Client is NordVPN, and this only works over TCP?

And given I don't want to use PPTP or L2TP, it doesn't look like I am going to be able to make any use of the Billion VPN Client?

Thanks

Scobie

billion_fan
Posts: 5266
Joined: Tue Jul 19, 2011 4:30 pm

Re: OpenVPN Client not connecting to NordVPN

Post by billion_fan » Fri May 14, 2021 12:01 pm

scobie wrote:
Fri May 14, 2021 11:45 am
We only officially support Nord VPN with use with our Open VPN. (on our built VPN client)
Ok so just to be clear...

The only provider supported over OpenVPN for the Billion VPN Client is NordVPN, and this only works over TCP?

And given I don't want to use PPTP or L2TP, it doesn't look like I am going to be able to make any use of the Billion VPN Client?

Thanks

Scobie
Its the only OpenVPN provider I can confirm that works, as listed within the firmware release notes and guides (there might be others that works)

I'll check with our engineers if UDP is now supported with Nord VPN

scobie
Posts: 16
Joined: Thu May 13, 2021 12:13 am

Re: OpenVPN Client not connecting to NordVPN

Post by scobie » Fri May 14, 2021 12:07 pm

Much appreciated, thank you.

Post Reply