Jack Yaz
Part of the Furniture
hastily jotted ideas in notepad on my computerIs your roadmap published anywhere?
It would be interesting to see what is in the pipeline.
hastily jotted ideas in notepad on my computerIs your roadmap published anywhere?
It would be interesting to see what is in the pipeline.
vpnmgr uses the NordVPN API to use a server NordVPN suggest. If its returning dead servers then you should report that to them as it will affect more than just vpnmgr.@Jack Yaz I've just switched VPN providers to NordVPN so I've been having a look at this script in the past few days, after also replicating my present Merlin/AMTM setup from an RT-AC86U to a new RT-AX86U recently. Figured since I use just about all your other scripts it would be remiss of me not to add this one!
I seem to have had a few instances where either after a reboot or scheduled "refresh", the new NordVPN node picked seems to be "dead", even though showing as connected.
I then have to manually "kick" the connection via Option 5 in the SSH menu (and while I think of it is there any reason that command doesn't seem to be in the web GUI?)
Does your script do any kind of connectivity check / sanity check once it picks a new "node" from the NordVPN list?
Certainly in my neck of the woods (Sydney, Australia) there seems to be quite a few dead ones, or servers where the throughput is pretty low, even though the load is also seemingly low which makes it a good choice in theory ...
Do you have any plans to make the actual server selection more fail-safe and intelligent? (hint, hint)
It would be nice if after picking a new server VPNMGR checked it was a) alive and passing data and b) had a minimum throughput (user configurable) otherwise the script would have a go at picking a better one? Maybe it could tie in with spdMerlin somehow?
How are you testing the connectivity after a reboot? If the VPN client connects then it's unlikely a server fault, do you see any errors in syslog/openvpn log?
Yes but whatever i tried to do, the updating part of your script just kept me offline, something was not working right with nordVPN, so i had to disable vpn client script for now.I think that script lets you failover between VPN clients, it wouldn't let you get a new nordvpn server in a failure condition. it could help you in the meantime, if you have multiple clients set up (1 tcp and 1 udp if both nord to avoid conflict)
Thanks for that linkHello @Jack Yaz ,
Thanks for this addon ! I used it a lot when I was using NordVpn, but now that I switched to ProtonVpn, I'm sad I cannot use it anymore.
Do you think you can add ProtonVpn to your script ? I know they have an API here:
I was not able to find any documentation though.
Yup, Save will refresh all servers iirc. I'll look at making a button or link to refresh individual servers in futureWhilst I can see the option to refresh the vpn connection / server in the CLI side of things, I'm trying to figure out how I would just simply refresh the server on the web side without changing any of the other configuration settings. Sometimes I get connected to a server and the upload speed is in the 1-3 mbps range, vs 80-150 mbps range most have.
Just click on the Save button without making any changes?
do you see any errors in system log from openvpn with the reason why its not connecting?I am using nord vpn, was working fine until recently. I select UK- London and apply and upon switching to the VPN Client tab I see connnecting but it does not connect.
I have VPN start at boot time on.
i rebuilt my router lastnight but still it does not connect.
Any Ideas ?
do you see any errors in system log from openvpn with the reason why its not connecting?
May 21 16:30:39 RT-AC88U-EB98 vpnmgr: VPN client 5 updated successfully (UK2278 Standard UDP)
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12244]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12244]: OpenVPN 2.5.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 30 2021
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12244]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.08
May 21 16:30:41 RT-AC88U-EB98 custom_script: Running /jffs/scripts/service-event-end (args: restart vpnclient5)
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.35.30.215:1194
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: Socket Buffers: R=[122880->245760] S=[122880->245760]
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: UDP link local: (not bound)
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: UDP link remote: [AF_INET]89.35.30.215:1194
May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: TLS: Initial packet from [AF_INET]89.35.30.215:1194, sid=2427bdbd bca55f0b
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY KU OK
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: Validating certificate extended key usage
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY EKU OK
May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY OK: depth=0, CN=uk2278.nordvpn.com
May 21 16:30:44 RT-AC88U-EB98 ovpn-client5[12246]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
May 21 16:30:44 RT-AC88U-EB98 ovpn-client5[12246]: [uk2278.nordvpn.com] Peer Connection Initiated with [AF_INET]89.35.30.215:1194
May 21 16:30:45 RT-AC88U-EB98 ovpn-client5[12246]: SENT CONTROL [uk2278.nordvpn.com]: 'PUSH_REQUEST' (status=1)
May 21 16:30:46 RT-AC88U-EB98 ovpn-client5[12246]: AUTH: Received control message: AUTH_FAILED
May 21 16:30:46 RT-AC88U-EB98 ovpn-client5[12246]: SIGTERM received, sending exit notification to peer
May 21 16:30:49 RT-AC88U-EB98 ovpn-client5[12246]: SIGTERM[soft,exit-with-notification] received, process exiting
Make sure you're using the correct vpn credentials and not those for the nord accountCode:May 21 16:30:39 RT-AC88U-EB98 vpnmgr: VPN client 5 updated successfully (UK2278 Standard UDP) May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12244]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12244]: OpenVPN 2.5.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 30 2021 May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12244]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.08 May 21 16:30:41 RT-AC88U-EB98 custom_script: Running /jffs/scripts/service-event-end (args: restart vpnclient5) May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: WARNING: --ping should normally be used with --ping-restart or --ping-exit May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.35.30.215:1194 May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: Socket Buffers: R=[122880->245760] S=[122880->245760] May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: UDP link local: (not bound) May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: UDP link remote: [AF_INET]89.35.30.215:1194 May 21 16:30:41 RT-AC88U-EB98 ovpn-client5[12246]: TLS: Initial packet from [AF_INET]89.35.30.215:1194, sid=2427bdbd bca55f0b May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5 May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY KU OK May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: Validating certificate extended key usage May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY EKU OK May 21 16:30:42 RT-AC88U-EB98 ovpn-client5[12246]: VERIFY OK: depth=0, CN=uk2278.nordvpn.com May 21 16:30:44 RT-AC88U-EB98 ovpn-client5[12246]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 May 21 16:30:44 RT-AC88U-EB98 ovpn-client5[12246]: [uk2278.nordvpn.com] Peer Connection Initiated with [AF_INET]89.35.30.215:1194 May 21 16:30:45 RT-AC88U-EB98 ovpn-client5[12246]: SENT CONTROL [uk2278.nordvpn.com]: 'PUSH_REQUEST' (status=1) May 21 16:30:46 RT-AC88U-EB98 ovpn-client5[12246]: AUTH: Received control message: AUTH_FAILED May 21 16:30:46 RT-AC88U-EB98 ovpn-client5[12246]: SIGTERM received, sending exit notification to peer May 21 16:30:49 RT-AC88U-EB98 ovpn-client5[12246]: SIGTERM[soft,exit-with-notification] received, process exiting
I see Auth Failed but I can successfuly login to nordvpn with the same credentials
I'll have to double check but block would make sense as a default. Can you let me know why you need to allow inbound connections on your VPN client?Jack
It seems that when vpnmgr cycles the vpn connection, it doesn't maintain "all" the settings that are in on the client.
For one of my vpn's, I have the Inbound Firewall setting set to allow over on the VPN client tab, but I notice that it gets set back to "Block" typically after a cycling.
It's also not one of the options on the vpnmgr page, so dunno if it always being set to block was deliberate, oversight, or bug.
Gaming. Xbox....having some issues connecting with certain game services at the moment and they seem to be corrected when going through vpn.....although I give up being in an open NAT situation to double NAT, can't argue with it because under normal circumstances I can't play at all, and can under the vpn one.I'll have to double check but block would make sense as a default. Can you let me know why you need to allow inbound connections on your VPN client?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!