[Solved] NordVPN connection issue

Started by mr.sarge, July 05, 2023, 05:18:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 05, 2023, 05:18:36 PM Last Edit: July 06, 2023, 08:36:06 AM by mr.sarge
Hi,

the VPN worked without problems until a few days ago. Does someone know if Nord VPN has changed something? Login (username/pass) is 100% correct

OPNSense 23.1.9
OpenVPN package 2.6.4

Log:

Code Select
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 85466 - [meta sequenceId="1"] OpenVPN 2.6.4 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 85466 - [meta sequenceId="2"] library versions: OpenSSL 1.1.1t  7 Feb 2023, LZO 2.10
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="3"] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
<28>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="4"] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="5"] TCP/UDP: Preserving recently used remote address: [AF_INET]5.180.62.45:1194
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="6"] Socket Buffers: R=[42080->42080] S=[57344->57344]
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="7"] UDPv4 link local: (not bound)
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="8"] UDPv4 link remote: [AF_INET]5.180.62.45:1194
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="9"] TLS: Initial packet from [AF_INET]5.180.62.45:1194 (via [AF_INET]xx.xx.xx.xx%), sid=9ff13ef6 923800f4
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="10"] VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="11"] VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="12"] VERIFY KU OK
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="13"] Validating certificate extended key usage
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="14"] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="15"] VERIFY EKU OK
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="16"] VERIFY OK: depth=0, CN=de963.nordvpn.com
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="17"] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="18"] [de963.nordvpn.com] Peer Connection Initiated with [AF_INET]5.180.62.45:1194 (via [AF_INET]xx.xx.xx.xx%)
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="19"] TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
<29>1 2023-07-05T17:05:45+02:00  openvpn_client1 86487 - [meta sequenceId="20"] TLS: tls_multi_process: initial untrusted session promoted to trusted
<29>1 2023-07-05T17:05:46+02:00  openvpn_client1 86487 - [meta sequenceId="21"] SENT CONTROL [de963.nordvpn.com]: 'PUSH_REQUEST' (status=1)
<29>1 2023-07-05T17:05:48+02:00  openvpn_client1 86487 - [meta sequenceId="22"] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
<29>1 2023-07-05T17:05:48+02:00  openvpn_client1 86487 - [meta sequenceId="23"] MANAGEMENT: CMD 'state'
<29>1 2023-07-05T17:05:48+02:00  openvpn_client1 86487 - [meta sequenceId="24"] MANAGEMENT: Client disconnected
<29>1 2023-07-05T17:05:48+02:00  openvpn_client1 86487 - [meta sequenceId="25"] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
<29>1 2023-07-05T17:05:48+02:00  openvpn_client1 86487 - [meta sequenceId="26"] MANAGEMENT: CMD 'status 3'
<29>1 2023-07-05T17:05:48+02:00  openvpn_client1 86487 - [meta sequenceId="27"] MANAGEMENT: Client disconnected
<29>1 2023-07-05T17:05:51+02:00  openvpn_client1 86487 - [meta sequenceId="28"] SENT CONTROL [de963.nordvpn.com]: 'PUSH_REQUEST' (status=1)
<29>1 2023-07-05T17:05:51+02:00  openvpn_client1 86487 - [meta sequenceId="29"] AUTH: Received control message: AUTH_FAILED
<29>1 2023-07-05T17:05:51+02:00  openvpn_client1 86487 - [meta sequenceId="30"] SIGTERM[soft,auth-failure] received, process exiting
~

config:

Code Select
dev ovpnc1
verb 3
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
script-security 3
daemon openvpn_client1
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-GCM
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
multihome
tls-client
client
nobind
management /var/etc/openvpn/client1.sock unix
remote de850.nordvpn.com 1194
remote de972.nordvpn.com 1194
remote de963.nordvpn.com 1194
auth-user-pass /var/etc/openvpn/client1.up
ca /var/etc/openvpn/client1.ca
tls-auth /var/etc/openvpn/client1.tls-auth 1
comp-lzo no
route-noexec
resolv-retry infinite
remote-random
reneg-sec 0
remote-random

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

persist-key

persist-tun

remote-cert-tls server

fast-io

auth-nocache


kind regards,

sarge
July 05, 2023, 07:44:49 PM #1 Last Edit: July 06, 2023, 08:36:52 AM by mr.sarge
solved: NordVPN changed the authentication, now service credentials must be used for login (see attachment)
Print
Go Up Pages1
User actions