azinchen / nordvpn Goto Github PK
View Code? Open in Web Editor NEWThis project forked from bubuntux/nordvpn
NordVPN Docker Client
License: GNU Affero General Public License v3.0
nordvpn's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
Stargazers
Watchers
Forkers
mehd-io johncardenas stickystyle cewood phplaboratory holl0log saikpr lj020326 ermax81 edenhaus kernadler ninjayoto sahma31 mardikarifqi svaningelgem dettonville akakshay2607 ronin-dojo jiriteachnordvpn's Issues
Allow connection to a specific server (or list of servers)
I migrated to this container from the bubuntux one, where I was using NordVPN's Dedicated IP OpenVPN Servers to host some services. As far as I have found, it is not possible to specify a specific server with this container, the closest I can get is specifying
- GROUP=legacy_dedicated_ip - TECHNOLOGY=openvpn_dedicated_udp
However, this still gives a list of servers and will connect to the "best" available one. This means that the IP of my services change when restarting the container, which I do not want. Is there any way to specify the exact server to connect to (ex. us4956), or at least a list so that I know it is one of 3 IPs?
Thank you for your work on this container!
Debian9 - Ethernet configuration does not match
Hello,
I try to use this docker with a debian 9.
The problem is that debian 9 does not use eth0 as main ethernet configuration interface but it uses enp3s0
Log :
Device "eth0" does not exist.
Bad argument ACCEPT' Try iptables -h' or 'iptables --help' for more information.
Device "eth0" does not exist.
AUTH: Received control message: AUTH_FAILED
Morning,
Having some issues getting started with this one, logs etc below
Have tried "standard" credentials and also the service credentials from the NordVPN account page, same results for both
Logs:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 10-firewall: executing... ,
Firewall everything has to go through the vpn,
Bypass requests to NordVPN thru regular connection,
[cont-init.d] 10-firewall: exited 0.,
[cont-init.d] 30-localnetwork: executing... ,
Bypass requests to local network thru regular connection,
[cont-init.d] 30-localnetwork: exited 0.,
[cont-init.d] 40-downloadconfigs: executing... ,
Server configs not found. Download configs from NordVPN,
[cont-init.d] 40-downloadconfigs: exited 0.,
[cont-init.d] 50-createvpnconfig: executing... ,
Select NordVPN server and create config file,
OpenVPN servers in pool: 5268,
Country not set, skip filtering,
Filter pool by category: P2P,
Servers in filtered pool: 4711,
Filter pool by protocol: openvpn_udp,
Servers in filtered pool: 4709,
Filter pool by load, less than 70%,
Servers in filtered pool: 4705,
Random order of top 10 servers in filtered pool,
--- Top 20 servers in filtered pool ---,
us6757.nordvpn.com 2%,
us6751.nordvpn.com 1%,
us5658.nordvpn.com 3%,
us5782.nordvpn.com 3%,
us5491.nordvpn.com 2%,
us5860.nordvpn.com 3%,
us6697.nordvpn.com 3%,
us8623.nordvpn.com 2%,
us5492.nordvpn.com 3%,
si12.nordvpn.com 1%,
us5891.nordvpn.com 3%,
us6087.nordvpn.com 3%,
us6459.nordvpn.com 3%,
us6987.nordvpn.com 3%,
us6988.nordvpn.com 3%,
us8002.nordvpn.com 3%,
us8005.nordvpn.com 3%,
us8211.nordvpn.com 3%,
us8225.nordvpn.com 3%,
us8570.nordvpn.com 3%,
---------------------------------------,
Adding iptable rule for: 45.83.89.115 1194 udp,
[cont-init.d] 50-createvpnconfig: exited 0.,
[cont-init.d] 60-createcron: executing... ,
Create reconnection cron,
[cont-init.d] 60-createcron: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
2021-03-26 11:45:17 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.,
2021-03-26 11:45:17 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020,
2021-03-26 11:45:17 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10,
2021-03-26 11:45:17 WARNING: --ping should normally be used with --ping-restart or --ping-exit,
2021-03-26 11:45:17 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
2021-03-26 11:45:17 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
2021-03-26 11:45:17 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
2021-03-26 11:45:17 TCP/UDP: Preserving recently used remote address: [AF_INET]45.83.89.115:1194,
2021-03-26 11:45:17 Socket Buffers: R=[212992->212992] S=[212992->212992],
2021-03-26 11:45:17 UDP link local: (not bound),
2021-03-26 11:45:17 UDP link remote: [AF_INET]45.83.89.115:1194,
2021-03-26 11:45:17 TLS: Initial packet from [AF_INET]45.83.89.115:1194, sid=f2d197b5 52c311ee,
2021-03-26 11:45:18 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA,
2021-03-26 11:45:18 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5,
2021-03-26 11:45:18 VERIFY KU OK,
2021-03-26 11:45:18 Validating certificate extended key usage,
2021-03-26 11:45:18 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication,
2021-03-26 11:45:18 VERIFY EKU OK,
2021-03-26 11:45:18 VERIFY OK: depth=0, CN=us6757.nordvpn.com,
2021-03-26 11:45:20 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA,
2021-03-26 11:45:20 [us6757.nordvpn.com] Peer Connection Initiated with [AF_INET]45.83.89.115:1194,
2021-03-26 11:45:21 SENT CONTROL [us6757.nordvpn.com]: 'PUSH_REQUEST' (status=1),
2021-03-26 11:45:21 AUTH: Received control message: AUTH_FAILED,
2021-03-26 11:45:21 SIGTERM[soft,auth-failure] received, process exiting,
Then the following lines are just repeated:
2021-03-26 11:45:21 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.,
2021-03-26 11:45:21 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020,
2021-03-26 11:45:21 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10,
2021-03-26 11:45:21 WARNING: --ping should normally be used with --ping-restart or --ping-exit,
2021-03-26 11:45:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
2021-03-26 11:45:21 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
2021-03-26 11:45:21 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
2021-03-26 11:45:21 TCP/UDP: Preserving recently used remote address: [AF_INET]45.83.89.115:1194,
2021-03-26 11:45:21 Socket Buffers: R=[212992->212992] S=[212992->212992],
2021-03-26 11:45:21 UDP link local: (not bound),
2021-03-26 11:45:21 UDP link remote: [AF_INET]45.83.89.115:1194,
2021-03-26 11:45:22 TLS: Initial packet from [AF_INET]45.83.89.115:1194, sid=2acdb19a f5505b85,
2021-03-26 11:45:22 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA,
2021-03-26 11:45:22 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5,
2021-03-26 11:45:22 VERIFY KU OK,
2021-03-26 11:45:22 Validating certificate extended key usage,
2021-03-26 11:45:22 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication,
2021-03-26 11:45:22 VERIFY EKU OK,
2021-03-26 11:45:22 VERIFY OK: depth=0, CN=us6757.nordvpn.com,
2021-03-26 11:45:24 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA,
2021-03-26 11:45:24 [us6757.nordvpn.com] Peer Connection Initiated with [AF_INET]45.83.89.115:1194,
2021-03-26 11:45:25 SENT CONTROL [us6757.nordvpn.com]: 'PUSH_REQUEST' (status=1),
2021-03-26 11:45:25 AUTH: Received control message: AUTH_FAILED,
2021-03-26 11:45:25 SIGTERM[soft,auth-failure] received, process exiting,
docker-compose.yml:
version: "2"
services:
vpn:
image: azinchen/nordvpn:latest
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER='***'
- PASS='***'
- CATEGORY=P2P
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */3 * * *
- NETWORK=192.168.1.0/24;192.168.2.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 9117:9117
- 9091:9091
- 53295:53295
restart: always
web:
image: nginx
network_mode: service:vpn
The connection keep restarting
Hi,
basically as the title said, the connection of the VPN keep restarting infiniteely.
This is the VPN settings:
vpn:
image: azinchen/nordvpn:latest
container_name: vpn
network_mode: bridge
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
environment:
- USER=***
- PASS=***
- NETWORK=192.168.1.0/24
- TZ=Europe/Rome
- COUNTRY=Italy
- CATEGORY=P2P
- RANDOM_TOP=10
- OPENVPN_OPTS=--mute-replay-warnings --pull-filter ignore "ping-restart" --ping-exit 180
ports:
- 8080:80
- 6881:6881
- 6881:6881/udp
- 8090:8090
- 9117:9117
- 8989:8989
- 7878:7878
- 1730:1730
- 8686:8686
- 6595:6595
This is a "loop" of logs
`2020-10-06T17:38:51.909894701Z Tue Oct 6 17:38:51 2020 Initialization Sequence Completed
2020-10-06T17:39:09.360307830Z Tue Oct 6 17:39:09 2020 event_wait : Interrupted system call (code=4)
2020-10-06T17:39:09.360512978Z Tue Oct 6 17:39:09 2020 SIGTERM received, sending exit notification to peer
2020-10-06T17:39:09.362729458Z [cont-finish.d] executing container finish scripts...
2020-10-06T17:39:09.363286047Z [cont-finish.d] done.
2020-10-06T17:39:09.363569515Z [s6-finish] waiting for services.
2020-10-06T17:39:10.418977230Z Tue Oct 6 17:39:10 2020 /sbin/ip route del 82.102.21.75/32
2020-10-06T17:39:10.419554569Z Tue Oct 6 17:39:10 2020 /sbin/ip route del 0.0.0.0/1
2020-10-06T17:39:10.420077811Z Tue Oct 6 17:39:10 2020 /sbin/ip route del 128.0.0.0/1
2020-10-06T17:39:10.420624426Z Tue Oct 6 17:39:10 2020 Closing TUN/TAP interface
2020-10-06T17:39:10.420634502Z Tue Oct 6 17:39:10 2020 /sbin/ip addr del dev tun0 10.8.0.4/24
2020-10-06T17:39:10.440709420Z Tue Oct 6 17:39:10 2020 /etc/openvpn/down.sh tun0 1500 1585 10.8.0.4 255.255.255.0 init
2020-10-06T17:39:10.442107714Z Tue Oct 6 17:39:10 2020 SIGTERM[soft,exit-with-notification] received, process exiting
2020-10-06T17:39:10.644191564Z [s6-finish] sending all processes the TERM signal.
2020-10-06T17:39:13.648788332Z [s6-finish] sending all processes the KILL signal and exiting.
2020-10-06T17:39:14.497335553Z [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
2020-10-06T17:39:14.519720692Z [s6-init] ensuring user provided files have correct perms...exited 0.
2020-10-06T17:39:14.520353620Z [fix-attrs.d] applying ownership & permissions fixes...
2020-10-06T17:39:14.520945578Z [fix-attrs.d] done.
2020-10-06T17:39:14.521450774Z [cont-init.d] executing container initialization scripts...
2020-10-06T17:39:14.522179927Z [cont-init.d] 10-firewall: executing...
2020-10-06T17:39:14.524011362Z Firewall everything has to go through the vpn
2020-10-06T17:39:14.539238334Z Bypass requests to NordVPN thru regular connection
2020-10-06T17:39:14.574454092Z [cont-init.d] 10-firewall: exited 0.
2020-10-06T17:39:14.575305295Z [cont-init.d] 30-localnetwork: executing...
2020-10-06T17:39:14.577001550Z Bypass requests to local network thru regular connection
2020-10-06T17:39:14.580372819Z [cont-init.d] 30-localnetwork: exited 0.
2020-10-06T17:39:14.581009936Z [cont-init.d] 40-downloadconfigs: executing...
2020-10-06T17:39:14.637747160Z [cont-init.d] 40-downloadconfigs: exited 0.
2020-10-06T17:39:14.638312370Z [cont-init.d] 50-createvpnconfig: executing...
2020-10-06T17:39:14.641444458Z Select NordVPN server and create config file
2020-10-06T17:39:14.646389151Z Deleting iptable rule for: 82.102.21.75 1194 udp
2020-10-06T17:39:14.647123019Z iptables: Bad rule (does a matching rule exist in that chain?).
2020-10-06T17:39:24.324164811Z OpenVPN servers in pool: 5262
2020-10-06T17:39:24.836532999Z Filter pool by country: Italy
2020-10-06T17:39:25.183701994Z Servers in filtered pool: 63
2020-10-06T17:39:25.218832509Z Filter pool by category: P2P
2020-10-06T17:39:25.330277161Z Servers in filtered pool: 63
2020-10-06T17:39:25.364857523Z Filter pool by protocol: openvpn_udp
2020-10-06T17:39:25.438708473Z Servers in filtered pool: 63
2020-10-06T17:39:25.476211942Z Filter pool by load, less than 70%
2020-10-06T17:39:25.552542388Z Servers in filtered pool: 63
2020-10-06T17:39:25.596326095Z Random order of top 10 servers in filtered pool
2020-10-06T17:39:25.608461975Z --- Top 20 servers in filtered pool ---
2020-10-06T17:39:25.644663517Z it152.nordvpn.com 14%
2020-10-06T17:39:25.644682658Z it185.nordvpn.com 9%
2020-10-06T17:39:25.644685974Z it162.nordvpn.com 12%
2020-10-06T17:39:25.644688630Z it188.nordvpn.com 11%
2020-10-06T17:39:25.644691232Z it204.nordvpn.com 13%
2020-10-06T17:39:25.644693708Z it191.nordvpn.com 13%
2020-10-06T17:39:25.644696161Z it176.nordvpn.com 13%
2020-10-06T17:39:25.644698620Z it187.nordvpn.com 13%
2020-10-06T17:39:25.644701102Z it155.nordvpn.com 14%
2020-10-06T17:39:25.644703540Z it154.nordvpn.com 14%
2020-10-06T17:39:25.644705953Z it166.nordvpn.com 14%
2020-10-06T17:39:25.644708380Z it174.nordvpn.com 14%
2020-10-06T17:39:25.644711056Z it183.nordvpn.com 14%
2020-10-06T17:39:25.644713881Z it207.nordvpn.com 14%
2020-10-06T17:39:25.644716281Z it132.nordvpn.com 15%
2020-10-06T17:39:25.644718669Z it149.nordvpn.com 15%
2020-10-06T17:39:25.644721070Z it156.nordvpn.com 15%
2020-10-06T17:39:25.644723477Z it157.nordvpn.com 15%
2020-10-06T17:39:25.644725852Z it160.nordvpn.com 15%
2020-10-06T17:39:25.644728304Z it184.nordvpn.com 15%
2020-10-06T17:39:25.644730751Z ---------------------------------------
2020-10-06T17:39:25.684441552Z Adding iptable rule for: 217.138.219.143 1194 udp
2020-10-06T17:39:25.687069590Z [cont-init.d] 50-createvpnconfig: exited 0.
2020-10-06T17:39:25.687564656Z [cont-init.d] 60-createcron: executing...
2020-10-06T17:39:25.690557488Z [cont-init.d] 60-createcron: exited 0.
2020-10-06T17:39:25.690993130Z [cont-init.d] done.
2020-10-06T17:39:25.691455513Z [services.d] starting services
2020-10-06T17:39:25.697281590Z Tue Oct 6 17:39:25 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-10-06T17:39:25.697297372Z Tue Oct 6 17:39:25 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-10-06T17:39:25.697583019Z Tue Oct 6 17:39:25 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-10-06T17:39:25.699061933Z Tue Oct 6 17:39:25 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-10-06T17:39:25.699071810Z Tue Oct 6 17:39:25 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-10-06T17:39:25.699195843Z Tue Oct 6 17:39:25 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.219.143:1194
2020-10-06T17:39:25.699249650Z Tue Oct 6 17:39:25 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-10-06T17:39:25.699257748Z Tue Oct 6 17:39:25 2020 UDP link local: (not bound)
2020-10-06T17:39:25.699291830Z Tue Oct 6 17:39:25 2020 UDP link remote: [AF_INET]217.138.219.143:1194
2020-10-06T17:39:25.700295250Z [services.d] done.
2020-10-06T17:39:25.712446980Z Tue Oct 6 17:39:25 2020 TLS: Initial packet from [AF_INET]217.138.219.143:1194, sid=a417948c bdbf2dbf
2020-10-06T17:39:25.754268914Z Tue Oct 6 17:39:25 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2020-10-06T17:39:25.754553803Z Tue Oct 6 17:39:25 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
2020-10-06T17:39:25.754825668Z Tue Oct 6 17:39:25 2020 VERIFY KU OK
2020-10-06T17:39:25.754831885Z Tue Oct 6 17:39:25 2020 Validating certificate extended key usage
2020-10-06T17:39:25.754835031Z Tue Oct 6 17:39:25 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-10-06T17:39:25.754837795Z Tue Oct 6 17:39:25 2020 VERIFY EKU OK
2020-10-06T17:39:25.754840315Z Tue Oct 6 17:39:25 2020 VERIFY OK: depth=0, CN=it152.nordvpn.com
2020-10-06T17:39:25.803827265Z Tue Oct 6 17:39:25 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2020-10-06T17:39:25.803842367Z Tue Oct 6 17:39:25 2020 [it152.nordvpn.com] Peer Connection Initiated with [AF_INET]217.138.219.143:1194
2020-10-06T17:39:26.811017628Z Tue Oct 6 17:39:26 2020 SENT CONTROL [it152.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2020-10-06T17:39:31.512627446Z Tue Oct 6 17:39:31 2020 SENT CONTROL [it152.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2020-10-06T17:39:31.523328530Z Tue Oct 6 17:39:31 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.1.4 255.255.255.0,peer-id 1,cipher AES-256-GCM'
2020-10-06T17:39:31.523355735Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: timers and/or timeouts modified
2020-10-06T17:39:31.523359551Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: explicit notify parm(s) modified
2020-10-06T17:39:31.523371770Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: compression parms modified
2020-10-06T17:39:31.523400949Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2020-10-06T17:39:31.523404777Z Tue Oct 6 17:39:31 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]
2020-10-06T17:39:31.523408051Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: --ifconfig/up options modified
2020-10-06T17:39:31.523410659Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: route options modified
2020-10-06T17:39:31.523413190Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: route-related options modified
2020-10-06T17:39:31.523415704Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-10-06T17:39:31.523423994Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: peer-id set
2020-10-06T17:39:31.523426798Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: adjusting link_mtu to 1657
2020-10-06T17:39:31.523429404Z Tue Oct 6 17:39:31 2020 OPTIONS IMPORT: data channel crypto options modified
2020-10-06T17:39:31.523431925Z Tue Oct 6 17:39:31 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-10-06T17:39:31.523459783Z Tue Oct 6 17:39:31 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-10-06T17:39:31.523463536Z Tue Oct 6 17:39:31 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-10-06T17:39:31.523558208Z Tue Oct 6 17:39:31 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
2020-10-06T17:39:31.523714658Z Tue Oct 6 17:39:31 2020 TUN/TAP device tun0 opened
2020-10-06T17:39:31.523722382Z Tue Oct 6 17:39:31 2020 TUN/TAP TX queue length set to 100
2020-10-06T17:39:31.523725458Z Tue Oct 6 17:39:31 2020 /sbin/ip link set dev tun0 up mtu 1500
2020-10-06T17:39:31.524374238Z Tue Oct 6 17:39:31 2020 /sbin/ip addr add dev tun0 10.8.1.4/24 broadcast 10.8.1.255
2020-10-06T17:39:31.524946462Z Tue Oct 6 17:39:31 2020 /etc/openvpn/up.sh tun0 1500 1585 10.8.1.4 255.255.255.0 init
2020-10-06T17:39:31.526525819Z Tue Oct 6 17:39:31 2020 /sbin/ip route add 217.138.219.143/32 via 172.17.0.1
2020-10-06T17:39:31.527121440Z Tue Oct 6 17:39:31 2020 /sbin/ip route add 0.0.0.0/1 via 10.8.1.1
2020-10-06T17:39:31.527620964Z Tue Oct 6 17:39:31 2020 /sbin/ip route add 128.0.0.0/1 via 10.8.1.1
2020-10-06T17:39:31.528185287Z Tue Oct 6 17:39:31 2020 Initialization Sequence Completed`
Technology - NordLynx crashes container
Hi, I have been running this excellent container with this environment variable: - "TECHNOLOGY=NordLynx"
Seems like it stopped working today, and the log gives the error message that it's not available. Wireguard seems to give the same thing?
52 Empty Reply From Server.
I'm trying to send my request through a NordVPN container and I'm getting an empty reply error. I am able to CLI into the container, run this Curl command, and get the expected results:
curl https://ident.me
But when I run this command from the host I get (52) Empty reply from server:
curl 127.0.0.1:5150 https://ident.me
Below is my build:
docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name nvpn -p 5150:5150 -e -host=0.0.0.0 -e USER=**** -e PASS=**** -d azinchen/nordvpn
I've tried toggling the -host=0.0.0.0 argument but no luck.
I'm still a bit new to Docker so there has to be something I'm missing. Any suggestions would be greatly appreciated!
Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
I tried your NordVPN docker image today, but can't seem to get a connection. I keep getting the following error:
2037-04-16 14:35:52 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.
I can't seem to find anything about it in the documentation. I used the default config you posted and just replaced my username and password.
Documentation - use case OPENVPN_OPTS
hey, i want to set a custom dns with the OPENVPN_OPTS option. can you write some documentation how to use the parameters of https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
Error: writing output failed: Broken pipe
Hi, I've been seeing the error writing output failed: Broken pipe for quite sometime now and decided to let you know about it. It does not seem to affect the VPN correct functioning. Please let me know if there's something else I can provided to help you identify it.
vpn1_1 | 2021-10-26 14:56:19 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 vpn1_1 | 2021-10-26 14:56:19 [be191.nordvpn.com] Peer Connection Initiated with [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:21 SENT CONTROL [be191.nordvpn.com]: 'PUSH_REQUEST' (status=1) vpn1_1 | 2021-10-26 14:56:21 AUTH: Received control message: AUTH_FAILED vpn1_1 | 2021-10-26 14:56:21 SIGTERM[soft,auth-failure] received, process exiting vpn1_1 | 2021-10-26 14:56:21 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. vpn1_1 | 2021-10-26 14:56:21 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 vpn1_1 | 2021-10-26 14:56:21 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 vpn1_1 | 2021-10-26 14:56:21 WARNING: --ping should normally be used with --ping-restart or --ping-exit vpn1_1 | 2021-10-26 14:56:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts vpn1_1 | 2021-10-26 14:56:21 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:21 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:21 TCP/UDP: Preserving recently used remote address: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:21 Socket Buffers: R=[212992->212992] S=[212992->212992] vpn1_1 | 2021-10-26 14:56:21 UDP link local: (not bound) vpn1_1 | 2021-10-26 14:56:21 UDP link remote: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:21 TLS: Initial packet from [AF_INET]188.95.55.38:1194, sid=50b55578 5ad3bb9b vpn1_1 | 2021-10-26 14:56:21 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA vpn1_1 | 2021-10-26 14:56:21 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 vpn1_1 | 2021-10-26 14:56:21 VERIFY KU OK vpn1_1 | 2021-10-26 14:56:21 Validating certificate extended key usage vpn1_1 | 2021-10-26 14:56:21 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication vpn1_1 | 2021-10-26 14:56:21 VERIFY EKU OK vpn1_1 | 2021-10-26 14:56:21 VERIFY OK: depth=0, CN=be191.nordvpn.com vpn1_1 | 2021-10-26 14:56:24 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 vpn1_1 | 2021-10-26 14:56:24 [be191.nordvpn.com] Peer Connection Initiated with [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:25 SENT CONTROL [be191.nordvpn.com]: 'PUSH_REQUEST' (status=1) vpn1_1 | 2021-10-26 14:56:25 AUTH: Received control message: AUTH_FAILED vpn1_1 | 2021-10-26 14:56:25 SIGTERM[soft,auth-failure] received, process exiting vpn1_1 | 2021-10-26 14:56:25 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. vpn1_1 | 2021-10-26 14:56:25 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 vpn1_1 | 2021-10-26 14:56:25 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 vpn1_1 | 2021-10-26 14:56:25 WARNING: --ping should normally be used with --ping-restart or --ping-exit vpn1_1 | 2021-10-26 14:56:25 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts vpn1_1 | 2021-10-26 14:56:25 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:25 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:25 TCP/UDP: Preserving recently used remote address: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:25 Socket Buffers: R=[212992->212992] S=[212992->212992] vpn1_1 | 2021-10-26 14:56:25 UDP link local: (not bound) vpn1_1 | 2021-10-26 14:56:25 UDP link remote: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:25 TLS: Initial packet from [AF_INET]188.95.55.38:1194, sid=7c29643e c86f6206 vpn1_1 | 2021-10-26 14:56:25 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA vpn1_1 | 2021-10-26 14:56:25 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 vpn1_1 | 2021-10-26 14:56:25 VERIFY KU OK vpn1_1 | 2021-10-26 14:56:25 Validating certificate extended key usage vpn1_1 | 2021-10-26 14:56:25 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication vpn1_1 | 2021-10-26 14:56:25 VERIFY EKU OK vpn1_1 | 2021-10-26 14:56:25 VERIFY OK: depth=0, CN=be191.nordvpn.com vpn1_1 | Iteration 3(3), url=https://ipinfo.io/json, Connection via VPN is down vpn1_1 | Sleep between iteration for 10 vpn1_1 | 2021-10-26 14:56:28 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 vpn1_1 | 2021-10-26 14:56:28 [be191.nordvpn.com] Peer Connection Initiated with [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:29 SENT CONTROL [be191.nordvpn.com]: 'PUSH_REQUEST' (status=1) vpn1_1 | 2021-10-26 14:56:29 AUTH: Received control message: AUTH_FAILED vpn1_1 | 2021-10-26 14:56:29 SIGTERM[soft,auth-failure] received, process exiting vpn1_1 | 2021-10-26 14:56:29 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. vpn1_1 | 2021-10-26 14:56:29 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 vpn1_1 | 2021-10-26 14:56:29 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 vpn1_1 | 2021-10-26 14:56:29 WARNING: --ping should normally be used with --ping-restart or --ping-exit vpn1_1 | 2021-10-26 14:56:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts vpn1_1 | 2021-10-26 14:56:29 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:29 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:29 TCP/UDP: Preserving recently used remote address: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:29 Socket Buffers: R=[212992->212992] S=[212992->212992] vpn1_1 | 2021-10-26 14:56:29 UDP link local: (not bound) vpn1_1 | 2021-10-26 14:56:29 UDP link remote: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:29 TLS: Initial packet from [AF_INET]188.95.55.38:1194, sid=b62ced09 936da332 vpn1_1 | 2021-10-26 14:56:30 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA vpn1_1 | 2021-10-26 14:56:30 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 vpn1_1 | 2021-10-26 14:56:30 VERIFY KU OK vpn1_1 | 2021-10-26 14:56:30 Validating certificate extended key usage vpn1_1 | 2021-10-26 14:56:30 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication vpn1_1 | 2021-10-26 14:56:30 VERIFY EKU OK vpn1_1 | 2021-10-26 14:56:30 VERIFY OK: depth=0, CN=be191.nordvpn.com vpn1_1 | 2021-10-26 14:56:32 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 vpn1_1 | 2021-10-26 14:56:32 [be191.nordvpn.com] Peer Connection Initiated with [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:33 SENT CONTROL [be191.nordvpn.com]: 'PUSH_REQUEST' (status=1) vpn1_1 | 2021-10-26 14:56:33 AUTH: Received control message: AUTH_FAILED vpn1_1 | 2021-10-26 14:56:33 SIGTERM[soft,auth-failure] received, process exiting vpn1_1 | 2021-10-26 14:56:33 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. vpn1_1 | 2021-10-26 14:56:33 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 vpn1_1 | 2021-10-26 14:56:33 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 vpn1_1 | 2021-10-26 14:56:33 WARNING: --ping should normally be used with --ping-restart or --ping-exit vpn1_1 | 2021-10-26 14:56:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts vpn1_1 | 2021-10-26 14:56:33 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:33 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:33 TCP/UDP: Preserving recently used remote address: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:33 Socket Buffers: R=[212992->212992] S=[212992->212992] vpn1_1 | 2021-10-26 14:56:33 UDP link local: (not bound) vpn1_1 | 2021-10-26 14:56:33 UDP link remote: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:33 TLS: Initial packet from [AF_INET]188.95.55.38:1194, sid=b88f364e 4bf71d9e vpn1_1 | 2021-10-26 14:56:34 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA vpn1_1 | 2021-10-26 14:56:34 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 vpn1_1 | 2021-10-26 14:56:34 VERIFY KU OK vpn1_1 | 2021-10-26 14:56:34 Validating certificate extended key usage vpn1_1 | 2021-10-26 14:56:34 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication vpn1_1 | 2021-10-26 14:56:34 VERIFY EKU OK vpn1_1 | 2021-10-26 14:56:34 VERIFY OK: depth=0, CN=be191.nordvpn.com vpn1_1 | 2021-10-26 14:56:36 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 vpn1_1 | 2021-10-26 14:56:36 [be191.nordvpn.com] Peer Connection Initiated with [AF_INET]188.95.55.38:1194 vpn1_1 | Connection via VPN is down, recreate VPN vpn1_1 | Deleting iptable rule for: 188.95.55.38 1194 udp vpn1_1 | Select NordVPN server and create config file vpn1_1 | Apply filter technology "OpenVPN UDP" vpn1_1 | 2021-10-26 14:56:37 SENT CONTROL [be191.nordvpn.com]: 'PUSH_REQUEST' (status=1) vpn1_1 | 2021-10-26 14:56:37 AUTH: Received control message: AUTH_FAILED vpn1_1 | 2021-10-26 14:56:37 SIGTERM[soft,auth-failure] received, process exiting vpn1_1 | 2021-10-26 14:56:37 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. vpn1_1 | 2021-10-26 14:56:37 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 vpn1_1 | 2021-10-26 14:56:37 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 vpn1_1 | 2021-10-26 14:56:37 WARNING: --ping should normally be used with --ping-restart or --ping-exit vpn1_1 | 2021-10-26 14:56:37 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts vpn1_1 | 2021-10-26 14:56:37 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:37 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:37 TCP/UDP: Preserving recently used remote address: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:37 Socket Buffers: R=[212992->212992] S=[212992->212992] vpn1_1 | 2021-10-26 14:56:37 UDP link local: (not bound) vpn1_1 | 2021-10-26 14:56:37 UDP link remote: [AF_INET]188.95.55.38:1194 vpn1_1 | 2021-10-26 14:56:37 write UDP: Operation not permitted (code=1) vpn1_1 | 20 recommended servers in "Austria" vpn1_1 | 20 recommended servers in "Belgium" vpn1_1 | 20 recommended servers in "Brazil" vpn1_1 | 20 recommended servers in "Canada" vpn1_1 | 12 recommended servers in "Chile" vpn1_1 | 2021-10-26 14:56:39 write UDP: Operation not permitted (code=1) vpn1_1 | 12 recommended servers in "Costa Rica" vpn1_1 | 8 recommended servers in "Croatia" vpn1_1 | 20 recommended servers in "Denmark" vpn1_1 | 20 recommended servers in "France" vpn1_1 | 20 recommended servers in "Germany" vpn1_1 | 20 recommended servers in "Ireland" vpn1_1 | 20 recommended servers in "Italy" vpn1_1 | 19 recommended servers in "Luxembourg" vpn1_1 | 20 recommended servers in "Mexico" vpn1_1 | 2021-10-26 14:56:44 write UDP: Operation not permitted (code=1) vpn1_1 | 20 recommended servers in "Netherlands" vpn1_1 | 20 recommended servers in "Norway" vpn1_1 | 20 recommended servers in "Poland" vpn1_1 | 20 recommended servers in "Portugal" vpn1_1 | 20 recommended servers in "Spain" vpn1_1 | 20 recommended servers in "Sweden" vpn1_1 | 20 recommended servers in "Switzerland" vpn1_1 | 20 recommended servers in "United Kingdom" vpn1_1 | 20 recommended servers in "United States" vpn1_1 | 431 recommended servers in pool vpn1_1 | --- Top 20 servers in filtered pool --- vpn1_1 | Error: writing output failed: Broken pipe vpn1_1 | us8909.nordvpn.com: 6 vpn1_1 | no147.nordvpn.com: 12 vpn1_1 | mx50.nordvpn.com: 28 vpn1_1 | ca1265.nordvpn.com: 8 vpn1_1 | fr663.nordvpn.com: 9 vpn1_1 | es135.nordvpn.com: 12 vpn1_1 | de942.nordvpn.com: 10 vpn1_1 | fr668.nordvpn.com: 10 vpn1_1 | pl194.nordvpn.com: 11 vpn1_1 | uk2280.nordvpn.com: 15 vpn1_1 | it189.nordvpn.com: 14 vpn1_1 | pt39.nordvpn.com: 8 vpn1_1 | es198.nordvpn.com: 13 vpn1_1 | de1025.nordvpn.com: 10 vpn1_1 | ch224.nordvpn.com: 9 vpn1_1 | br48.nordvpn.com: 12 vpn1_1 | lu90.nordvpn.com: 16 vpn1_1 | mx57.nordvpn.com: 32 vpn1_1 | no191.nordvpn.com: 16 vpn1_1 | no187.nordvpn.com: 19 vpn1_1 | --------------------------------------- vpn1_1 | Error: writing output failed: Broken pipe vpn1_1 | Error: writing output failed: Broken pipe vpn1_1 | 2021-10-26 14:56:53 write UDP: Operation not permitted (code=1) vpn1_1 | Error: writing output failed: Broken pipe vpn1_1 | Select server "United States #8909" hostname="us8909.nordvpn.com" ip=23.82.138.68 protocol="udp" vpn1_1 | Adding iptable rule for: 23.82.138.68 1194 udp vpn1_1 | Reconnect to selected VPN server vpn1_1 | 2021-10-26 14:56:53 event_wait : Interrupted system call (code=4) vpn1_1 | 2021-10-26 14:56:53 SIGHUP[hard,] received, process restarting vpn1_1 | 2021-10-26 14:56:53 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. vpn1_1 | 2021-10-26 14:56:53 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021 vpn1_1 | 2021-10-26 14:56:53 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 vpn1_1 | 2021-10-26 14:56:53 Restart pause, 5 second(s) vpn1_1 | 2021-10-26 14:56:58 WARNING: --ping should normally be used with --ping-restart or --ping-exit vpn1_1 | 2021-10-26 14:56:58 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts vpn1_1 | 2021-10-26 14:56:58 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:58 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication vpn1_1 | 2021-10-26 14:56:58 TCP/UDP: Preserving recently used remote address: [AF_INET]23.82.138.68:1194 vpn1_1 | 2021-10-26 14:56:58 Socket Buffers: R=[212992->212992] S=[212992->212992] vpn1_1 | 2021-10-26 14:56:58 UDP link local: (not bound) vpn1_1 | 2021-10-26 14:56:58 UDP link remote: [AF_INET]23.82.138.68:1194 vpn1_1 | 2021-10-26 14:56:58 TLS: Initial packet from [AF_INET]23.82.138.68:1194, sid=e7100502 e056b508 vpn1_1 | 2021-10-26 14:56:58 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA vpn1_1 | 2021-10-26 14:56:58 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6 vpn1_1 | 2021-10-26 14:56:58 VERIFY KU OK vpn1_1 | 2021-10-26 14:56:58 Validating certificate extended key usage vpn1_1 | 2021-10-26 14:56:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication vpn1_1 | 2021-10-26 14:56:58 VERIFY EKU OK vpn1_1 | 2021-10-26 14:56:58 VERIFY OK: depth=0, CN=us8909.nordvpn.com vpn6_1 | Tue Oct 26 14:57:00 UTC 2021 Check VPN Internet connection vpn1_1 | 2021-10-26 14:57:00 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 vpn1_1 | 2021-10-26 14:57:00 [us8909.nordvpn.com] Peer Connection Initiated with [AF_INET]23.82.138.68:1194
Fix code scanning alert - Low severity - CVE-2022-32208 vulnerability in curl
Tracking issue for:
Possible ipleak ?
Hi there!
just wanted to give you a heads up on a possible ip leak, it was reported in my version of the container, but i think it may happen at your as well, steps to reproduce can be found here bubuntux#165
Basically if your container doesn't drop all the connection intermediately you may leak your real ip address, i was looking into your version because i wanted to implement s6 but i noticed that it take a few miliseconds to load the scripts so that is why i think you may encounter this leak in your version.
Btw you did a great job in your fork, i was trying to implement some of your ideas into my version.
[Question] Forward Proxy with the VPN container
Hi!
I've been looking at your project and have a question, would it be possible to set up a forward proxy with this container so that for example a broswer connects to it and all the traffic goes through the VPN? So far I've checked how to do it with NGINX but it seems rather complicated and was wondering if there is an easier solution to do this.
Thanks in advance!
impossible to do container VPN
Hello
I'm trying this config file under docker compose in Portainer (Host = Pi4 8Gb)
version: "3"
services:
vpn:
image: azinchen/nordvpn:latest
container_name: nordvpn-user-pass # Nom donné au container
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- [USER=XXXXXXXXXXXXXXX # Adresse mail du compte
- PASS=XXXXXXXXXXXXX # Mot de passe du compte
- COUNTRY=France
- GROUP=Standard VPN servers
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 /3 * * *
- CHECK_CONNECTION_CRON="/5 * * * *" -e CHECK_CONNECTION_URL="https://www.google.com/" # Vérifier connexion Internet
- NETWORK=192.168.1.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 5800:5800 # Port des autres containers susceptibles d’utiliser cet accès VPN
restart: unless-stopped
Is anyone can "read" this config and say me where is the BUG
KillSwitch
Hello Mate,
First of all, thank you for your hard work. My question is: is there a kill switch? so in case the VPN disconnects, the other machine machine depending on this one will not access the 'normal' internet (Without VPN)?
Thank you
cannot to connect to any server: parse error: Invalid numeric literal at line 1, column 7
Hey,
I've tried to get this to work on different computers with different ISPs but so far no luck, it seems that the container can't get the list of servers, I've left it running for 2 days and no luck. Any ideas on how to fix it? I'm on the latest version of the container (pulled today) and here are the logs I get:
vpn4_1 | s6-rc: info: service s6rc-oneshot-runner: starting
vpn4_1 | s6-rc: info: service s6rc-oneshot-runner successfully started
vpn4_1 | s6-rc: info: service fix-attrs: starting
vpn4_1 | s6-rc: info: service container-init: starting
vpn4_1 | s6-rc: info: service fix-attrs successfully started
vpn4_1 | *** Process file /etc/nordvpn/init/10-adduser.sh ***
vpn4_1 | s6-rc: info: service legacy-cont-init: starting
vpn4_1 | Set nordvpn user uid 912 and nordvpn group gid 912
vpn4_1 | s6-rc: info: service legacy-cont-init successfully started
vpn4_1 | usermod: no changes
vpn4_1 | *** Process file /etc/nordvpn/init/20-firewall.sh ***
vpn4_1 | Firewall is up, everything has to go through the vpn
vpn4_1 | Enabling connection to secure interfaces
vpn4_1 | Enabling connection to nordvpn group
vpn4_1 | *** Process file /etc/nordvpn/init/30-localnetwork.sh ***
vpn4_1 | Bypass requests to local network thru regular connection
vpn4_1 | Enabling connection to network 192.168.1.0/24
vpn4_1 | Enabling connection to network 192.168.2.0/24
vpn4_1 | *** Process file /etc/nordvpn/init/40-whitelistnetwork.sh ***
vpn4_1 | Bypass requests to domains from whitelist thru regular connection
vpn4_1 | Bypass requests to NordVPN API thru regular connection
vpn4_1 | *** Process file /etc/nordvpn/init/50-createvpnconfig.sh ***
vpn4_1 | Select NordVPN server and create config file
vpn4_1 | Apply filter technology "OpenVPN UDP"
vpn4_1 | Request list of recommended servers
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Austria", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Belgium", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Brazil", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Canada", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Chile", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Costa Rica", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Croatia", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Denmark", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "France", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Germany", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Ireland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Italy", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Luxembourg", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Mexico", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Netherlands", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Norway", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Poland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Portugal", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Spain", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Sweden", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Switzerland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "United Kingdom", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "United States", 0 servers received
vpn4_1 | 0 recommended servers in pool
vpn4_1 | ERROR: list of selected servers is empty
vpn4_1 | Select server "" hostname="" ip="" protocol="udp"
vpn4_1 | *** Process file /etc/nordvpn/init/60-setupcron.sh ***
vpn4_1 | Setup crond service
vpn4_1 | Create reconnection cron
vpn4_1 | Create connectivity check cron
vpn4_1 | *** Process file /etc/nordvpn/init/70-createauth.sh ***
vpn4_1 | Create auth file
vpn4_1 | s6-rc: info: service container-init successfully started
vpn4_1 | s6-rc: info: service nordvpnd: starting
vpn4_1 | s6-rc: info: service crond: starting
vpn4_1 | s6-rc: info: service crond successfully started
vpn4_1 | s6-rc: info: service nordvpnd successfully started
vpn4_1 | s6-rc: info: service legacy-services: starting
vpn4_1 | Run crond service
vpn4_1 | 2023-06-16 13:34:52 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
vpn4_1 | 2023-06-16 13:34:52 OpenVPN 2.6.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
vpn4_1 | 2023-06-16 13:34:52 library versions: OpenSSL 3.1.0 14 Mar 2023, LZO 2.10
vpn4_1 | 2023-06-16 13:34:52 WARNING: --ping should normally be used with --ping-restart or --ping-exit
vpn4_1 | 2023-06-16 13:34:52 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn4_1 | s6-rc: info: service legacy-services successfully started
vpn4_1 | 2023-06-16 13:34:52 TCP/UDP: Preserving recently used remote address: [AF_INET]0.0.4.170:1194
vpn4_1 | 2023-06-16 13:34:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn4_1 | 2023-06-16 13:34:52 UDPv4 link local: (not bound)
vpn4_1 | 2023-06-16 13:34:52 UDPv4 link remote: [AF_INET]0.0.4.170:1194
vpn4_1 | Fri Jun 16 13:35:00 UTC 2023 Check VPN Internet connection
vpn4_1 | Select NordVPN server and create config file
vpn4_1 | Apply filter technology "OpenVPN UDP"
vpn4_1 | Request list of recommended servers
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Austria", 0 servers received
vpn4_1 | Iteration 1(3), url=https://ipinfo.io/json, Connection via VPN is down
vpn4_1 | Sleep between iteration for 10
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Belgium", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Brazil", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Canada", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Chile", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Costa Rica", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Croatia", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Denmark", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "France", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Germany", 0 servers received
vpn4_1 | Iteration 2(3), url=https://ipinfo.io/json, Connection via VPN is down
vpn4_1 | Sleep between iteration for 10
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Ireland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Italy", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Luxembourg", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Mexico", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Netherlands", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Norway", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Poland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Portugal", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Spain", 0 servers received
vpn4_1 | Iteration 3(3), url=https://ipinfo.io/json, Connection via VPN is down
vpn4_1 | Sleep between iteration for 10
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Sweden", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Switzerland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "United Kingdom", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "United States", 0 servers received
vpn4_1 | 0 recommended servers in pool
vpn4_1 | ERROR: list of selected servers is empty
vpn4_1 | Select server "" hostname="" ip="" protocol="udp"
vpn4_1 | Reconnect to selected VPN server
vpn4_1 | 2023-06-16 13:35:30 event_wait : Interrupted system call (fd=-1,code=4)
vpn4_1 | 2023-06-16 13:35:30 SIGHUP[hard,] received, process restarting
vpn4_1 | 2023-06-16 13:35:30 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
vpn4_1 | 2023-06-16 13:35:30 OpenVPN 2.6.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
vpn4_1 | 2023-06-16 13:35:30 library versions: OpenSSL 3.1.0 14 Mar 2023, LZO 2.10
vpn4_1 | 2023-06-16 13:35:30 Restart pause, 1 second(s)
vpn4_1 | 2023-06-16 13:35:31 WARNING: --ping should normally be used with --ping-restart or --ping-exit
vpn4_1 | 2023-06-16 13:35:31 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn4_1 | 2023-06-16 13:35:31 TCP/UDP: Preserving recently used remote address: [AF_INET]0.0.4.170:1194
vpn4_1 | 2023-06-16 13:35:31 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn4_1 | 2023-06-16 13:35:31 UDPv4 link local: (not bound)
vpn4_1 | 2023-06-16 13:35:31 UDPv4 link remote: [AF_INET]0.0.4.170:1194
vpn4_1 | Connection via VPN is down, recreate VPN
vpn4_1 | Select NordVPN server and create config file
vpn4_1 | Apply filter technology "OpenVPN UDP"
vpn4_1 | Request list of recommended servers
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Austria", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Belgium", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Brazil", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Canada", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Chile", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Costa Rica", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Croatia", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Denmark", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "France", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Germany", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Ireland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Italy", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Luxembourg", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Mexico", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Netherlands", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Norway", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Poland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Portugal", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Spain", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Sweden", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "Switzerland", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "United Kingdom", 0 servers received
vpn4_1 | parse error: Invalid numeric literal at line 1, column 7
vpn4_1 | Request servers in "United States", 0 servers received
vpn4_1 | 0 recommended servers in pool
vpn4_1 | ERROR: list of selected servers is empty
vpn4_1 | Select server "" hostname="" ip="" protocol="udp"
vpn4_1 | Reconnect to selected VPN server
vpn4_1 | 2023-06-16 13:36:09 event_wait : Interrupted system call (fd=-1,code=4)
vpn4_1 | 2023-06-16 13:36:09 SIGHUP[hard,] received, process restarting
vpn4_1 | 2023-06-16 13:36:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
vpn4_1 | 2023-06-16 13:36:09 OpenVPN 2.6.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
vpn4_1 | 2023-06-16 13:36:09 library versions: OpenSSL 3.1.0 14 Mar 2023, LZO 2.10
vpn4_1 | 2023-06-16 13:36:09 Restart pause, 1 second(s)
vpn4_1 | 2023-06-16 13:36:10 WARNING: --ping should normally be used with --ping-restart or --ping-exit
vpn4_1 | 2023-06-16 13:36:10 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn4_1 | 2023-06-16 13:36:10 TCP/UDP: Preserving recently used remote address: [AF_INET]0.0.4.170:1194
vpn4_1 | 2023-06-16 13:36:10 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn4_1 | 2023-06-16 13:36:10 UDPv4 link local: (not bound)
vpn4_1 | 2023-06-16 13:36:10 UDPv4 link remote: [AF_INET]0.0.4.170:1194
vpn4_1 | Fri Jun 16 13:37:00 UTC 2023 Check VPN Internet connection
vpn4_1 | Iteration 1(3), url=https://ipinfo.io/json, Connection via VPN is down
vpn4_1 | Sleep between iteration for 10
vpn4_1 | 2023-06-16 13:37:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
vpn4_1 | 2023-06-16 13:37:10 TLS Error: TLS handshake failed
vpn4_1 | 2023-06-16 13:37:10 SIGUSR1[soft,tls-error] received, process restarting
vpn4_1 | 2023-06-16 13:37:10 Restart pause, 1 second(s)
vpn4_1 | 2023-06-16 13:37:11 WARNING: --ping should normally be used with --ping-restart or --ping-exit
vpn4_1 | 2023-06-16 13:37:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn4_1 | 2023-06-16 13:37:11 TCP/UDP: Preserving recently used remote address: [AF_INET]0.0.4.170:1194
vpn4_1 | 2023-06-16 13:37:11 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn4_1 | 2023-06-16 13:37:11 UDPv4 link local: (not bound)
vpn4_1 | 2023-06-16 13:37:11 UDPv4 link remote: [AF_INET]0.0.4.170:1194
vpn4_1 | Iteration 2(3), url=https://ipinfo.io/json, Connection via VPN is down
vpn4_1 | Sleep between iteration for 10
vpn4_1 | Iteration 3(3), url=https://ipinfo.io/json, Connection via VPN is down
vpn4_1 | Sleep between iteration for 10
vpn4_1 | Connection via VPN is down, recreate VPN
vpn4_1 | Select NordVPN server and create config file
vpn4_1 | Apply filter technology "OpenVPN UDP"
vpn4_1 | Request list of recommended servers
Thanks for your help.
Remove deprecated save-state and set-output commands
Traffic on both Eth0 and Tun0?
Hi,
I'm using this container for a while. I just noticed that a lot of traffic is passing throught the eth0 and not tun0.
Is it normal? Does it mean that this traffic is not passing through nordvpn?
Username and PW login now disabled
Can we pass on token instead?
NordVPN 3.16.2
Logging in with a username and password is no longer available in the terminal as we’ve switched to more secure login options.
1.1.0 Issue with api.nordvpn.com
Not connecting to VPN, possibly due to:
iptables v1.8.7 (legacy): host/network api.nordvpn.com' not found Try iptables -h' or 'iptables --help' for more information.
[cont-init.d] 40-whitelistnetwork: exited 0.
[cont-init.d] 50-createvpnconfig: executing...
Select NordVPN server and create config file
Apply filter technology "OpenVPN UDP"
Request list of recommended servers
Request servers in "Canada", 0 servers received
Request servers in "United States", 0 servers received
Request servers in "United Kingdom", 0 servers received
0 recommended servers in pool
ERROR: list of selected servers is empty
Repeating error line in logs makes gigantic logs
Hey,
I'm getting this repeating line
Tue Aug 27 03:06:29 2019 AEAD Decrypt error: bad packet ID (may be a replay): [ #676043 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
in my logs, and it makes the logs up to 50MB and crashes the container if I don't clean them regularly.
IP leaked when nordvpn is disconnected
version : 2.1.2
i run azinchen/nordvpn:2.1.2 with whoogle. when i stop nordvpn only, IP leak in whoogle for a while and stopped.
i downgraded version and not occur in 0.9.6
similar issue on bubuntux/nordvpn
sorry for my bad english but hope you understand.
thank you.
Fix code scanning alert - Critical severity - Out-of-bounds Write vulnerability in zlib
Tracking issue for:
Nordlynx protocol implementation
Hi ! Any plan to implement Nordlynx (fastest) protocol on your fork ? It is implemented in the project your forked but i find your cron additions usefull :)
Thanks !
Fix code scanning alert - Low severity - CVE-2022-42916 vulnerability in curl
Tracking issue for:
Accessing qBittorrent / NordVPN
Hello, I've successfully created the nordvpn container & it connects fine. I've checked my ip in the container console using curl 'https://api.ipify.org?format=json' and it belongs to Nord so it seems the container is working. However, I am unable to access the qBittorrent UI. After checking into the issue it seems NETWORK= is required so I used the 'ip route | awk '!/ (docker0|br-)/ && /src/ {print $1}' command suggested by the FAQ and it came back with 192.168.0.0/24 on my host. Unfortunately it is still not working after adding that line. I've tried the QBT container on its own (without network_mode) and it works. Can someone help point out what I'm missing? Below is my DC YML. I've kept it close to the original post to prevent my introducing new errors. I figured I could customize it from here once I get it working. I've attached the container startup log as well.
version: "3"
services:
vpn:
image: azinchen/nordvpn:latest
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=hidden
- PASS=hidden
- COUNTRY=Spain;Hong Kong;IE;131
- GROUP=Standard VPN servers
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */3 * * *
- NETWORK=192.168.0.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 6881:6881
- 6881:6881/udp
- 12500:12500
restart: unless-stopped
qbittorrent:
container_name: qbittorrent
image: lscr.io/linuxserver/qbittorrent
environment:
- WEBUI_PORT=12500
network_mode: service:vpn
volumes:
- /home/odroid/dc-config/qbittorrent/config:/config
- /home/odroid/dc-config/qbittorrent/downloads:/downloads
restart: unless-stopped
depends_on:
- vpn
Support aarch64 architecture
RECREATE_VPN_CRON not working
Hi,
Not sure if you still update this, but the recreate does not work in a compose file? I haven't tested it in a docker run command but assume it not to be a difference.
here is my compose file
version: "3"
services:
vpn:
image: azinchen/nordvpn
container_name: vpn
network_mode: bridge # Required
cap_add:
- NET_ADMIN # Required
# - SYS_MODULE # Required for TECHNOLOGY=NordLynx
devices:
- /dev/net/tun # Required
environment: # Review https://github.com/bubuntux/nordvpn#environment-variables
- USER=user
- PASS=password # Required
- RECREATE_VPN_CRON="*/5 * * * *"
- RANDOM_TOP=1000
restart: always
autosel:
build: .
container_name: pypy
command: python ./AutoSel.py
network_mode: service:vpn
depends_on:
- vpn
restart: always
volumes:
- C:/Users/acoun/PycharmProjects/PointsPrizes:/usr/src/app
Check internet connectivity thru VPN connection
How to access VPN container from Internet?
Hello there,
I set up a docker compose file (see code below) which would let me tunnel docker containers through nordvpn.
The problem is that I cannot access my container(s) outside of LAN (and I'm using Cloudflare on my domain).
version: '3.2'
services:
haproxy:
container_name: haproxy
image: haproxy
ports:
- "80:8080" # http-in
- "443:443" # https-in with ssl cert (cloudflare)
volumes:
- ./haproxy:/usr/local/etc/haproxy
vpn:
depends_on:
- haproxy
container_name: nordvpn
image: azinchen/nordvpn:latest
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=mail
- PASS=pass
- COUNTRY=Germany;IE;131
- GROUP=Standard VPN servers
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */3 * * *
- NETWORK=172.26.0.0/16;177.17.0.0/16;177.20.0.0/16 # tried differents ip with no sucess
- OPENVPN_OPTS=--mute-replay-warnings
restart: unless-stopped
pwd:
depends_on:
- vpn
network_mode: service:vpn
# pwd daemon container always needs to be named this way
container_name: pwd
# use the latest golang image
image: golang
# go to the right place and starts the app
command: /bin/sh -c 'ssh-keygen -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key >/dev/null; cd /go/src/; if [ -e /runbin/pwd ]; then /runbin/pwd -save /pwd/sessions -name l2; else go run api.go -save /pwd/sessions -name l2; fi'
volumes:
# since this app creates networks and launches containers, we need to talk to docker daemon
- /var/run/docker.sock:/var/run/docker.sock
# mount the box mounted shared folder to the container
- $PWD:/go/src
- sessions:/pwd
l2:
depends_on:
- vpn2
network_mode: service:vpn2
container_name: l2
# use the latest golang image
image: golang
# go to the right place and starts the app
command: /bin/sh -c 'ssh-keygen -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key >/dev/null; cd /go/src/router/l2; if [ -e /runbin/l2 ]; then /runbin/l2 -ssh_key_path /etc/ssh/ssh_host_rsa_key -name l2 -save /pwd/networks; else go run l2.go -ssh_key_path /etc/ssh/ssh_host_rsa_key -name l2 -save /pwd/networks; fi'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $PWD:/go/src
- networks:/pwd
ports:
- "8022:22"
- "8053:53"
volumes:
sessions:
networks:
PWD allows me to create linux containers on the fly, and I would like to be able to pass them through nordvpn...
PWD expose port 3000.
haproxy has a backend : 80 or 443 (ssl cert) to 3000.
Any help would be greatly appreciated!
Container doenst connect to my vpn since 2.7.0.
Since version 2.7.0 the container doenst connect to my vpn anymore. Im using nordvpn.
The log file shows this error:
Version 2.6.0 does work fine.
How to connect to other container running on host?
Hi, I have the following docker-compose:
services:
vpn:
container_name: vpn
image: azinchen/nordvpn:latest
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=
- PASS=
- COUNTRY=United Kingdom;Norway;Spain;Switzerland
- CATEGORY=Dedicated IP
- RANDOM_TOP=20
- RECREATE_VPN_CRON=*/30 * * * *
- NETWORK=192.168.0.0/24
- OPENVPN_OPTS=--mute-replay-warnings
- PROTOCOL=openvpn_tcp
restart: unless-stopped
downloader:
container_name: demo
image: demo:0.0.1
environment:
- SQLALCHEMY_DATABASE_URI=mysql+pymysql://root:pass@mysql:3306/demo
restart: unless-stopped
volumes:
network_mode: service:vpn
I want to connect demo container to outside mysql container but I'm getting:
"Can't connect to MySQL server on 'mysql' ([Errno -2] Name or service not known)"
Any suggestion on how I could go about it?
Thanks for putting together this great image.
Fix code scanning alert - Low severity - CVE-2022-35252 vulnerability in curl
Tracking issue for:
Fix code scanning alert - Low severity - CVE-2022-2097 vulnerability in openssl
Tracking issue for:
Fix code scanning alert - Medium severity - Inadequate Encryption Strength vulnerability in openssl
Tracking issue for:
Traefik, NordVPN, QBittorrent
Hi.
This is fantastic, but I am unable to access the qbittorrent web ui using a traefik subdomain.
version: "3"
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- TZ=Asia/Manila
- WEBUI_PORT=7000
volumes:
- /var/data/qbittorrent/config:/config
- <path>:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.nas.home`)"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=7000"
- "traefik.docker.network=nordvpn-2_default"
network_mode: container:vpn2
version: "3"
services:
nordvpn:
image: azinchen/nordvpn:latest
container_name: vpn2
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=
- PASS=
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */3 * * *
- NETWORK=192.168.2.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 7000:7000
- 6881:6881
- 6881:6881/udp
restart: unless-stopped
NordVPN Web API Handles
It may the the NordVPN Web API at the time of writing struggling to respond but it looks like a script is inconsistently having a hard time parsing a filter list:
This results in dropping to the defualt recommended list which gets a little too close to home. Any way of handling API calls differently?
Access service from localhost only in an Host machine directly connected to the internet
Hello,
I've read the documentation regarding Local Network access to services connecting to the internet through the VPN.
I'm using this container on a VPS with a public IP on eth0 and I would like to access a service from the Host machine that is running in a docker container connected to the VPN container.
I don't know what I should put in the NETWORK variable to allow the request to go through.
The command ip route | awk '!/ (docker0|br-)/ && /src/ {print $1}' gives me an empty result.
On the VPN container I have forwarded the port like this: -p 127.0.0.1:5701:5600
Then running curl http://127.0.0.1:5701 from the Host machine gives me Recv failure: Connection reset by peer, running curl http://127.0.0.1:5600 from inside the VPN container works.
Any advice?
Thanks
Fixed packages in Dockerfile
Hi,
I'm wondering why you have fixed packages inside your Dockerfile. Why not simply let them float and let apk install the latest versions?
The reason I came onto this is that I was looking how you were updating these version numbers but didn't see any github workflows for it.
Is it because you want a reproducible build every time?
Or is it because you want to vet the version increases yourself?
Or still something else?
I'd like to learn more ;-)
Thanks
Remotely connect to containers that are running through the VPN container?
Is this possible?
I have a Synology NAS where some of my docker containers run through the VPN container.
This works great locally, but at the minute it does mean I can't access any of those containers remotely.
Is there something I can do to keep it running through the VPN container but also be able to access it remotely?
Rename 'beta' tag to 'edge'
Fix code scanning alert - Low severity - CVE-2022-43552 vulnerability in curl
Tracking issue for:
ERROR: "ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)"
The container ran into this error "ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)"
I don't see any AUTH failure or any error message prior to that. Would might be the reason?
Fix code scanning alert - High severity - Use After Free vulnerability in busybox
Tracking issue for:
QBittorrent and NordVPN
I hate to open an old issue, but I saw that issue #12 is closed, but has most of the information needed to get it working. However, I have looked into this and I still can't get it to work with my setup. The following is my Docker Compose file:
version: "3"
services:
vpn:
container_name: nordvpn
image: azinchen/nordvpn:latest
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=xxxxxxxxxx
- PASS=xxxxxxxxxx
- COUNTRY=United_Kingdom
- CATEGORY=P2P
ports:
- 8080:8080
restart: unless-stopped
nginx:
container_name: nginx
image: dperson/nginx:latest
links:
- vpn:qbittorrent
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "8088:80/tcp"
- "4433:443/tcp"
restart: unless-stopped
qbittorrent:
container_name: qbittorrent
image: linuxserver/qbittorrent:latest
network_mode: service:vpn
depends_on:
- vpn
environment:
- WEBUI_PORT=8080
restart: unless-stopped
sonarr:
container_name: sonarr
image: linuxserver/sonarr:latest
volumes:
- "/media/pi/Seagate/Sonarr:/media/pi/storage"
- "/config:/config"
ports:
- "8989:8989"
restart: unless-stopped
radarr:
container_name: radarr
image: linuxserver/radarr:latest
volumes:
- "/media/pi/Seagate/Radarr:/media/pi/storage"
- "/config:/config-radarr"
ports:
- "7878:7878"
restart: unless-stopped
jackett:
container_name: jackett
image: linuxserver/jackett:latest
ports:
- "9117:9117"
restart: unless-stopped
Is there something wrong with this file that prevents it from working? I have checked the status of the services using Portainer and they all say either "healthy" or "running", but I am still unable to access the webUI like I would expect that I would be able to do. I have tried nagivating to both port 8080 and port 80.
Sudden /dev/net/tun disappearence
I am using nordvpn on synology in docker. After every reboot - container can't start due to error from daemon saying: dev/net/tun - no such device or directory... It is new issue that did not occur before... I ssh into synology and create dir and then it works. Any pointers how to avoid this being deleted every reboot? Thanks
Server list caching to avoid being blocked by https://api.nordvpn.com/v1/servers/recommendations
Hi, it seems that nordVPN has become more strict when it comes to server list fetching from https://api.nordvpn.com/v1/servers/recommendations and my containers are getting blocked within 24 hours. Once my ip is blocked I cant get the list anymore and as such the containers cannot connect to any other server when I drop connections or wish to change server.
After some time the containers start showing this error:
parse error: Invalid numeric literal at line 1, column 7
Request servers in "Poland", 0 servers received
For this I've thought of 2 solutions:
- caching of the server list, ideally this could be a parameter where the user specifies for how long should the server list be cached and renewing it only once the time cache is expired. This would solve the problem completely.
- Obtaining the server list while using the VPN connection, obviously for the first connection this shouldnt be the case but onwards it should use the nordvpn connection to fetch the list. I doubt they will block their own ips.
What do you think of these two solutions? I'd be more than happy to help with this issue, I'd just need some guidance on how to do it.
cheers
Manually disconnect / reconnect
Nordvpn has a connection limit, so I would like to disconnect from the vpn when I'm currently not requiring any outgoing traffic. Is it possible to do so without breaking the network of other containers?
Whitelist domain not working?
nordvpn-proxy | Enabling connection to host br2.me
I can see the IPs used by the site on Iptables -L.
But when I access the url (eg http://br2.me/images/v9XwEXYWpxt2rpkmFBiQ1zeyKUy_small.jpg), it keeps using the VPN for it instead of bypassing it. Resulting in an error 1005 because many of the BR nord servers are blacklisted by it.
nordvpn-proxy:
image: azinchen/nordvpn:latest
container_name: nordvpn-proxy
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=myuser
- PASS=mypass
- COUNTRY=Brazil
- GROUP=legacy_p2p
- TECHNOLOGY=openvpn_udp
- RANDOM_TOP=5
- RECREATE_VPN_CRON=30 4 * * *
- NETWORK=192.168.1.0/24
- OPENVPN_OPTS=--mute-replay-warnings --auth-nocache --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC --pull-filter ignore "ping-restart" --ping-exit 180
- CHECK_CONNECTION_CRON=*/15 * * * *
- CHECK_CONNECTION_URL=https://www.google.com
- WHITELIST=br2.me
ports:
- 8119:1080
restart: unless-stopped
nordvpn-socks5:
image: serjs/go-socks5-proxy
container_name: nordvpn-socks5
depends_on:
- nordvpn-proxy
network_mode: "service:nordvpn-proxy"
Maybe I understood something wrong.
Thanks.
neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd
_vpn_logs.txt
I have attached my log file but cannot figure out why this container will not function. Below is my compose entry.
vpn:
image: azinchen/nordvpn:latest
container_name: vpn
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
ports:
- 8080:8080
- 9696:9696
- 8989:8989
- 7878:7878
environment:
- USER=******
- PASSWORD=******
- COUNTRY=38;227;228
- GROUP=15
- RANDOM_TOP=10
- RECREATE_VPN_CRON=15 */5 * * *
- NETWORK=192.168.1.0/24
restart: unless-stopped
nordvpn container with qbittorrent container
Hey there, I am having some problems with the linuxserver/qbittorrent docker container, maybe one of you might be able to help me. Here is my docker-compose.yml
version: "2"
services:
vpn:
image: azinchen/nordvpn:latest
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- [email protected]
- PASS='notmypassword'
- COUNTRY=Germany
- CATEGORY=P2P
- RANDOM_TOP=10
- RECREATE_VPN_CRON=5 */6 * * *
- NETWORK=192.168.0.0/24
- OPENVPN_OPTS=--mute-replay-warnings
ports:
- 8080:80
- 6881:6881
- 6881:6881/udp
- 8888:8888 # Port on which the WEB-UI is hosted
restart: unless-stopped
web: # Still not 100% sure why I need that in here
image: nginx
network_mode: service:vpn
qbittorrent:
image: linuxserver/qbittorrent
container_name: qbittorrent
network_mode: service:vpn
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- UMASK_SET=022
- WEBUI_PORT=8888
volumes:
- /home/pi/dockerconf/qbittorrent/config:/config
- /home/pi/dockerconf/qbittorrent/downloads:/downloads
restart: unless-stopped
#
# My Goal is to get qBittorrent running through the NordVPN container,
# so the traffic is encrypted. Right now I can open the WebUI, but my
# Ubuntu test torrent just doesn't start downloading. I've tried:
# - Checking the qBittorrent settings to make sure the right port is selected
# - going through the logs, but if you think they may help I'll send them
#
# it is only working while I am providing a proxy in the qBittorrent settings, but that defies
# the purpose of using a VPN at all. I would really appreciate any help I can get.
The full name of the qBittorrent container I am using is "linuxserver/qbittorrent.
Thank you in advance!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.