NordVPN

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
RannerDesign
OpenVpn Newbie
Posts: 2
Joined: Tue Sep 14, 2021 9:37 pm

NordVPN

Post by RannerDesign » Tue Sep 14, 2021 10:06 pm

I tried to install and use OpenVPN together with servers provided by NordVPN.
Hardware is Raspberry PI 4, Operating system is Linux 5.10.60-v7l+ #1449 SMP Wed Aug 25 15:00:44 BST 2021 armv7l
Installation along their docs went very well:
https://support.nordvpn.com/Connectivity/Linux/1047409422/How-can-I-connect-to-NordVPN-using-Linux-Terminal.htm


I tested the connection with a VPN-server in Austria with the following configuration file provided by NordVPN:
[oconf=]
client
dev tun
proto udp
remote 37.120.155.216 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
[/oconf]

With
[olog]sudo openvpn --config /etc/openvpn/ovpn_udp/at101.nordvpn.com.udp.ovpn[/olog]
I get the following log information:
[olog]Tue Sep 14 22:17:37 2021 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
Tue Sep 14 22:17:37 2021 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Enter Auth Username: ................
Enter Auth Password: ****************
Tue Sep 14 22:18:27 2021 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Sep 14 22:18:27 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Sep 14 22:18:27 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Sep 14 22:18:27 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.155.216:1194
Tue Sep 14 22:18:27 2021 Socket Buffers: R=[180224->180224] S=[180224->180224]
Tue Sep 14 22:18:27 2021 UDP link local: (not bound)
Tue Sep 14 22:18:27 2021 UDP link remote: [AF_INET]37.120.155.216:1194
Tue Sep 14 22:18:27 2021 TLS: Initial packet from [AF_INET]37.120.155.216:1194, sid=dbbc8f1a 1b37252d
Tue Sep 14 22:18:27 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Sep 14 22:18:27 2021 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Tue Sep 14 22:18:27 2021 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
Tue Sep 14 22:18:27 2021 VERIFY KU OK
Tue Sep 14 22:18:27 2021 Validating certificate extended key usage
Tue Sep 14 22:18:27 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep 14 22:18:27 2021 VERIFY EKU OK
Tue Sep 14 22:18:27 2021 VERIFY OK: depth=0, CN=at101.nordvpn.com
Tue Sep 14 22:18:28 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Tue Sep 14 22:18:28 2021 [at101.nordvpn.com] Peer Connection Initiated with [AF_INET]37.120.155.216:1194
Tue Sep 14 22:18:29 2021 SENT CONTROL [at101.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Tue Sep 14 22:18:29 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.11 255.255.255.0,peer-id 9,cipher AES-256-GCM'
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: compression parms modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Sep 14 22:18:29 2021 Socket Buffers: R=[180224->360448] S=[180224->360448]
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: route options modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: route-related options modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: peer-id set
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: adjusting link_mtu to 1657
Tue Sep 14 22:18:29 2021 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 14 22:18:29 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Sep 14 22:18:29 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 14 22:18:29 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 14 22:18:29 2021 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=dc:a6:32:b1:b9:c9
Tue Sep 14 22:18:29 2021 TUN/TAP device tun0 opened
Tue Sep 14 22:18:29 2021 TUN/TAP TX queue length set to 100
Tue Sep 14 22:18:29 2021 /sbin/ip link set dev tun0 up mtu 1500
Tue Sep 14 22:18:29 2021 /sbin/ip addr add dev tun0 10.8.3.11/24 broadcast 10.8.3.255
Tue Sep 14 22:18:29 2021 /sbin/ip route add 37.120.155.216/32 via 192.168.1.1
Tue Sep 14 22:18:29 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.3.1
Tue Sep 14 22:18:29 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.3.1
Tue Sep 14 22:18:29 2021 Initialization Sequence Completed[/olog]

But a this point the program hangs and can only be terminated by ^Z.

In another session I can see, that the VPN connection has successfully established. But after entering ^Z the whole network hangs.

Killing processes with sudo kill <nnnn> does not work.

I'm interested to get some feedback on the following questions:

1. Avoid hangin
What can be done, that openvpn is terminating an not hanging after entering sudo openvpn --config ...?
2. Terminating VPN connection
How can the running VPN connection be terminated without reboot?
3. Credentials
How can credentials (email and password) for NordVPN be stored and used in the openvpn commands?

I appreciate any feedback.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: NordVPN

Post by TinCanTech » Tue Sep 14, 2021 10:25 pm

RannerDesign wrote:
Tue Sep 14, 2021 10:06 pm
But a this point the program hangs and can only be terminated by ^Z.
It is working.
RannerDesign wrote:
Tue Sep 14, 2021 10:06 pm
In another session I can see, that the VPN connection has successfully established. But after entering ^Z the whole network hangs.

Killing processes with sudo kill <nnnn> does not work.
Stop the killing !
RannerDesign wrote:
Tue Sep 14, 2021 10:06 pm
3. Credentials
How can credentials (email and password) for NordVPN be stored and used in the openvpn commands?
See --auth-user-pass in the manual.

RannerDesign
OpenVpn Newbie
Posts: 2
Joined: Tue Sep 14, 2021 9:37 pm

Re: NordVPN

Post by RannerDesign » Wed Sep 15, 2021 7:48 am

Hi TinCanTech,
thanks for your advice, --auth-user-pass worked well immediately, with the many options beginning with auth-user-pass I oversaw the elementary one.

With stopping the process I'm still stuck. The docs
https://openvpn.net/community-resources ... n-process/
tell me sending SIGTERM to exit which is more or less the same as kill

So after starting a VPN connection with server A I need the following actions:
- stop connection to A and initiate connection to B
- stop connection to any VPN server and run Internet without VPN

What is the right way for these options?
Thanks in advance

Post Reply