NordVPN – OpenVPN Support Forum
👨💻
I tried to install and use OpenVPN with servers provided by NordVPN.
Hardware is Raspberry PI 4, Linux 5.10.60-v7l + #1449 SMP Wed Aug 25 15:00:44 BST 2021 armv7l
The installation process went along with their docs very well:
https://support.nordvpn.com/Connectivity/Linux/1047409422/How-can-I-connect-to-NordVPN-using-Linux-Terminal.htm
I tested the connection to a VPN server in Austria with the following configuration file provided by NordVPN:
[oconf=]
Client
Dave Ton
proto udp
Remote Control 37.120.155.216 1194
Solve and try again infinite
random remote
Nabil
Ton MTU 1500
32- The internet
MSFX 1450
persistence key
continuation ton
ping 15
restart ping 0
ping timer rim
0 . second ringing
Comp- lzo no
remote server
Authentication-User-Pass
verb 3
hustle
fast io
AES-256-CBC encryption
SHA512 Authentication
…
—– End of Certificate —–
direction key 1
#
# 2048 bit OpenVPN hard key
#
—– BEGIN OpenVPN Static key V1 —–
…
—– END OpenVPN Static key V1 —–
[/oconf]
with
[olog]sudo openvpn –config /etc/openvpn/ovpn_udp/at101.nordvpn.com.udp.ovpn[/olog]
I get the following log information:
[olog]Tue Sep 14 22:17:37 2021 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] Built on April 28, 2021
Tue Sep 14 22:17:37 2021 Library releases: OpenSSL 1.1.1d Sep 10, 2019, LZO 2.10
Enter the authentication username: …………….
Enter the authentication password: ****************
Tue Sep 14, 22:18:27 2021 Warning: – ping should normally be used with -pin-reboot or -pin-exit
Tue Sep 14, 22:18:27 2021 Outbound Control Channel Authentication: Use 512-bit message hash ‘SHA512’ for HMAC authentication
Tue Sep 14, 22:18:27 2021 Incoming Control Channel Authentication: Using the 512-bit message hash ‘SHA512’ for HMAC authentication
Tue Sep 14 22:18:27 2021 TCP/UDP: Keep recently used remote address: [AF_INET]37.120.155.216:1194
Tue Sep 14 22:18:27 2021 Socket stores: R =[180224->180224] S =[180224->180224]
Tue 14 Sep 22:18:27 2021 Local UDP Link: (Not binding)
Tue 14 Sep 22:18:27 2021 Remote UDP Connector: [AF_INET]37.120.155.216:1194
Tue 14 Sep 22:18:27 2021 TLS: Initial Package from [AF_INET]37.120.155.216:1194, sid=dbbc8f1a 1b37252d
Tue Sep 14 22:18:27 2021 Warning: This configuration may cache passwords in memory – use the auth-nocache option to prevent this
Tue Sep 14 22:18:27 2021 Double Check: Depth = 2, C = PA, O = NordVPN, CN = NordVPN Root CA
Tue Sep 14 22:18:27 2021 Well Check: Depth = 1, C = PA, O = NordVPN, CN = NordVPN CA6
Tue 14 Sep 22:18:27 2021 Check KU OK
Tue 14 Sep, 22:18:27 2021 Verify extended key usage of a certificate
Tue Sep 14 22:18:27 2021++ Certificate contains TLS web server authentication (str) from EKU, expects TLS web server authentication
Tue 14 Sep 22:18:27 2021 Check EKU OK
Tue 14 Sep, 22:18:27 2021 well check: depth = 0, cn = at101.nordvpn.com
Tue Sep 14 22:18:28 2021 Control channel: TLSv1.3, TLSv1.3 cipher TLS_AES_256_GCM_SHA384, 4096-bit RSA
Tuesday 14 September 22:18:28 2021 [at101.nordvpn.com] Peer connection started with [AF_INET]37.120.155.216:1194
Tue September 14 22:18:29 2021 Send Control [at101.nordvpn.com]: “PUSH_REQUEST” (state = 1)
Tue Sep 14 22:18:29 2021 PUSH: I got a control message: ‘PUSH_REPLY, redirect-gateway def1, dhcp-option DNS 103.86.96.100, dhcp-option DNS 103.86.99.100, sndbuf 524288, rcvbuf 524288, clear-exit-notify , comp-lzo no, route-gateway 10.8.3.1, topology subnet, ping 60, ping-Reload 180, ifconfig 10.8.3.11 255.255.255.0, peer-id 9, cipher AES-256-GCM’
Tue Sep 14 22:18:29 2021 Import Options: Timers and/or timeouts adjusted
Tue Sep 14 22:18:29 2021 Import Options: Express notice(s) have been modified
Tue Sep 14 22:18:29 2021 Import Options: Edit Compression Barcodes
Tue Sep 14 22:18:29 2021 import options: –sndbuf / – modified rcvbuf options
Tue Sep 14 22:18:29 2021 socket stores: R =[180224->360448] S =[180224->360448]
Tue Sep 14 22:18:29 2021 Import Options: – Modify Configuration Options / up
Tue Sep 14 22:18:29 2021 Import options: Track options have been modified
Tue Sep 14 22:18:29 2021 Import Options: Route related options have been modified
Tue 14 Sep 22:18:29 2021 import options: — –ip-win32 and/or –dhcp options have been modified
Tue Sep 14 22:18:29 2021 Import Options: Peer ID Set
Tue Sep 14 22:18:29 2021 import options: set link_mtu to 1657
Tue Sep 14 22:18:29 2021 Import Options: Data channel encryption options have been modified
Tue Sep 14 22:18:29 2021 Data Channel: Use negotiated encryption “AES-256-GCM”
Tue Sep 14 22:18:29 2021 Outbound Data Channel: Encryption “AES-256-GCM” initialized with 256-bit key
Tue Sep 14 22:18:29 2021 Incoming data channel: Encryption “AES-256-GCM” initialized with 256-bit key
Tue Sep 14 22:18:29 2021 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=dc:a6:32:b1:b9:c9
Tue Sep 14 22:18:29 2021 TUN / TAP tun0 unlocked
Tue Sep 14 22:18:29 2021 TUN / TAP TX queue length set to 100
Tue Sep 14 22:18:29 2021 / sbin / ip link set dev tun0 up mtu 1500
Tue September 14 22:18:29 2021 / sbin / ip addr add dev tun0 10.8.3.11/24 broadcast 10.8.3.255
Tue 14 Sep 22:18:29 2021 / sbin / ip route add 37.120.155.216/32 via 192.168.1.1
Tue 14 Sep 22:18:29 2021 / sbin / ip route add 0.0.0.0/1 via 10.8.3.1
Tue 14 Sep 22:18:29 2021 / sbin / ip route add 128.0.0.0/1 via 10.8.3.1
Tue Sep 14 22:18:29 2021 Initialization sequence complete[/olog]
But at this point the program stops and can only be terminated by ^Z.
In another session I can see that the VPN connection has been successfully established. But after entering ^Z the whole network stops.
Kills with sudo kill
I am interested in getting some feedback on the following questions:
1. Avoid Hangin
What can be done, that openvpn terminates not commenting after entering sudo openvpn –config …?
2. Terminate the VPN connection
How to terminate a running VPN connection without restarting?
3. Credentials
How can NordVPN credentials (email and password) be stored and used in openvpn commands?
I appreciate any feedback.
[ad_1]
Don’t forget to share this post with friends !
