OpenVPN Client not connecting to NordVPN
Posted: Fri May 14, 2021 1:14 am
Hi everyone.
Attempting to setup OpenVPN client on my 8900AX2400 but not having any luck. Running fw 2.52.d48.
I have followed the instructions outlined in the "BiPAC 8900AX-2400 OpenVPN Client with NordVPN Server" pdf included in this forum, and everything installs ok however the client will not connect. I have tried 3 different VPN servers with the same result
The UDP log shows TLS errors:
May 14 09:53:34 daemon notice openvpn[2829]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:34 daemon notice openvpn[2829]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:34 daemon notice openvpn[2829]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:34 daemon warn openvpn[2829]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:53:37 daemon err openvpn[2829]: event_wait : Interrupted system call (code=4)
May 14 09:53:37 daemon notice openvpn[2829]: SIGTERM[hard,] received, process exiting
May 14 09:53:37 daemon notice openvpn[2870]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:37 daemon notice openvpn[2870]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:37 daemon notice openvpn[2870]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:37 daemon warn openvpn[2870]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS key negotiation failed to occur within 40 seconds (check your network connectivity)
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS handshake failed
May 14 09:54:17 daemon notice openvpn[2870]: SIGTERM[soft,tls-error] received, process exiting
So I tried TCP, which gets a little further but still fails:
May 14 10:00:17 daemon notice openvpn[4824]: Attempting to establish TCP connection with [AF_INET]<nord server address>:443 [nonblock]
May 14 10:00:18 daemon notice openvpn[4824]: TCP connection established with [AF_INET]<nord server address>:443
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link local (bound): [AF_INET]<my external IP>:1194
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link remote: [AF_INET]<nord server address>:443
May 14 10:00:18 daemon warn openvpn[4824]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 10:00:19 daemon err openvpn[4824]: Connection reset, restarting [0]
May 14 10:00:19 daemon notice openvpn[4824]: SIGTERM[soft,connection-reset] received, process exiting
I imagine the TLS error is firewall related?
The only real port config I have on my router is some port forwarding to systems on my internal network. Do I need to configure anything around port 1194, and if so what needs to be done?
At some point I also tried setting the DNS to 8.8.8.8 a per another thread but it made no difference.
Thanks in advance.
Scobie.
Attempting to setup OpenVPN client on my 8900AX2400 but not having any luck. Running fw 2.52.d48.
I have followed the instructions outlined in the "BiPAC 8900AX-2400 OpenVPN Client with NordVPN Server" pdf included in this forum, and everything installs ok however the client will not connect. I have tried 3 different VPN servers with the same result
The UDP log shows TLS errors:
May 14 09:53:34 daemon notice openvpn[2829]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:34 daemon notice openvpn[2829]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:34 daemon notice openvpn[2829]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:34 daemon notice openvpn[2829]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:34 daemon warn openvpn[2829]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:53:37 daemon err openvpn[2829]: event_wait : Interrupted system call (code=4)
May 14 09:53:37 daemon notice openvpn[2829]: SIGTERM[hard,] received, process exiting
May 14 09:53:37 daemon notice openvpn[2870]: OpenVPN 2.3.1 mips-brcm-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2021
May 14 09:53:37 daemon notice openvpn[2870]: Control Channel Authentication: using '/var/easy-rsa/ckeys/au596.nordvpn.com.udp.key' as a OpenVPN static key file
May 14 09:53:37 daemon notice openvpn[2870]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link local (bound): [AF_INET]<my external IP>:1194
May 14 09:53:37 daemon notice openvpn[2870]: UDPv4 link remote: [AF_INET]<nord server address>:1194
May 14 09:53:37 daemon warn openvpn[2870]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS key negotiation failed to occur within 40 seconds (check your network connectivity)
May 14 09:54:17 daemon err openvpn[2870]: TLS Error: TLS handshake failed
May 14 09:54:17 daemon notice openvpn[2870]: SIGTERM[soft,tls-error] received, process exiting
So I tried TCP, which gets a little further but still fails:
May 14 10:00:17 daemon notice openvpn[4824]: Attempting to establish TCP connection with [AF_INET]<nord server address>:443 [nonblock]
May 14 10:00:18 daemon notice openvpn[4824]: TCP connection established with [AF_INET]<nord server address>:443
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link local (bound): [AF_INET]<my external IP>:1194
May 14 10:00:18 daemon notice openvpn[4824]: TCPv4_CLIENT link remote: [AF_INET]<nord server address>:443
May 14 10:00:18 daemon warn openvpn[4824]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 14 10:00:19 daemon err openvpn[4824]: Connection reset, restarting [0]
May 14 10:00:19 daemon notice openvpn[4824]: SIGTERM[soft,connection-reset] received, process exiting
I imagine the TLS error is firewall related?
The only real port config I have on my router is some port forwarding to systems on my internal network. Do I need to configure anything around port 1194, and if so what needs to be done?
At some point I also tried setting the DNS to 8.8.8.8 a per another thread but it made no difference.
Thanks in advance.
Scobie.