Previously had this working for a docker container in Qnap. Switched to Unraid. Was able to set it up easily and it was initially working with Nordvpn.
Now I'm getting the following error using:
Created by...
___. .__ .__
\_ |__ |__| ____ | |__ ____ ___ ___
| __ \| |/ \| | \_/ __ \\ \/ /
| \_\ \ | | \ Y \ ___/ > <
|___ /__|___| /___| /\___ >__/\_ \
\/ \/ \/ \/ \/
https://hub.docker.com/u/binhex/
2024-12-19 13:13:51.904117 [info] Host is running unRAID
2024-12-19 13:13:51.917702 [info] System information: Linux ebccd6005156 6.1.118-Unraid #1 SMP PREEMPT_DYNAMIC Thu Nov 21 15:54:38 PST 2024 x86_64 GNU/Linux
2024-12-19 13:13:51.930566 [info] Image tags: BASE_RELEASE_TAG=2024110703,INT_RELEASE_TAG=2024110703,IMAGE_RELEASE_TAG=5.0.3-1-01
2024-12-19 13:13:51.944800 [info] PUID defined as '99'
2024-12-19 13:13:51.961581 [info] PGID defined as '100'
2024-12-19 13:13:52.007313 [info] UMASK defined as '000'
2024-12-19 13:13:52.021605 [info] Permissions already set for '/config'
2024-12-19 13:13:52.036443 [info] Deleting files in /tmp (non recursive)...
2024-12-19 13:13:52.053709 [info] VPN_ENABLED defined as 'yes'
2024-12-19 13:13:52.069494 [info] VPN_CLIENT defined as 'openvpn'
2024-12-19 13:13:52.083969 [info] VPN_PROV defined as 'custom'
2024-12-19 13:13:52.104802 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/se400.nordvpn.com.udp.ovpn
2024-12-19 13:13:52.139339 [info] VPN remote server(s) defined as '37.120.209.219,'
2024-12-19 13:13:52.152996 [info] VPN remote port(s) defined as '1194,'
2024-12-19 13:13:52.165963 [info] VPN remote protcol(s) defined as 'udp,'
2024-12-19 13:13:52.181317 [info] VPN_DEVICE_TYPE defined as 'tun0'
2024-12-19 13:13:52.195223 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2024-12-19 13:13:52.209223 [info] NAME_SERVERS defined as '209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1'
2024-12-19 13:13:52.347781 [info] LAN_NETWORK defined as '192.168.1.0/24'
2024-12-19 13:13:52.368919 [info] LAN_NETWORK exported as '192.168.1.0/24'
2024-12-19 13:13:52.383447 [info] VPN_USER defined as REDACTED
2024-12-19 13:13:52.398099 [info] VPN_PASS defined as REDACTED
2024-12-19 13:13:52.414594 [info] VPN_INPUT_PORTS not defined (via -e VPN_INPUT_PORTS), skipping allow for custom incoming ports
2024-12-19 13:13:52.428972 [info] VPN_OUTPUT_PORTS not defined (via -e VPN_OUTPUT_PORTS), skipping allow for custom outgoing ports
2024-12-19 13:13:52.445129 [info] ENABLE_STARTUP_SCRIPTS defined as 'no'
2024-12-19 13:13:52.460057 [info] ENABLE_SOCKS defined as 'no'
2024-12-19 13:13:52.475430 [info] ENABLE_PRIVOXY defined as 'yes'
2024-12-19 13:13:52.490087 [info] WEBUI_PORT defined as '8080'
2024-12-19 13:13:52.507132 [info] SHARED_NETWORK not defined (via -e SHARED_NETWORK), defaulting to 'no'
2024-12-19 13:13:52.520710 [info] Starting Supervisor...
2024-12-19 13:13:52,609 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing
2024-12-19 13:13:52,609 INFO Set uid to user 0 succeeded
2024-12-19 13:13:52,610 INFO supervisord started with pid 7
2024-12-19 13:13:53,613 INFO spawned: 'start-script' with pid 292
2024-12-19 13:13:53,614 INFO spawned: 'watchdog-script' with pid 293
2024-12-19 13:13:53,614 INFO reaped unknown pid 8 (exit status 0)
2024-12-19 13:13:53,616 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN
2024-12-19 13:13:53,616 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2024-12-19 13:13:53,616 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2024-12-19 13:13:53,621 DEBG 'start-script' stdout output:
[warn] Username contains characters which could cause authentication issues, please consider changing this if possible
2024-12-19 13:13:53,749 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via adapter eth0
2024-12-19 13:13:53,750 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------
2024-12-19 13:13:53,751 DEBG 'start-script' stdout output:
default via 172.18.0.1 dev eth0
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.0.11
192.168.1.0/24 via 172.18.0.1 dev eth0
2024-12-19 13:13:53,751 DEBG 'start-script' stdout output:
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 172.18.0.11 dev eth0 table local proto kernel scope host src 172.18.0.11
broadcast 172.18.255.255 dev eth0 table local proto kernel scope link src 172.18.0.11
--------------------
2024-12-19 13:13:53,754 DEBG 'start-script' stdout output:
iptable_mangle 16384 1
ip_tables 28672 3 iptable_filter,iptable_nat,iptable_mangle
x_tables 45056 16 ip6table_filter,xt_conntrack,iptable_filter,ip6table_nat,xt_tcpudp,xt_addrtype,xt_CHECKSUM,xt_nat,ip6_tables,ipt_REJECT,ip_tables,iptable_nat,ip6table_mangle,xt_MASQUERADE,iptable_mangle,xt_mark
2024-12-19 13:13:53,754 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables
2024-12-19 13:13:53,785 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------
2024-12-19 13:13:53,785 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 37.120.209.219/32 -i eth0 -j ACCEPT
-A INPUT -s 172.18.0.0/16 -d 172.18.0.0/16 -j ACCEPT
-A INPUT -s 37.120.209.219/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 172.18.0.0/16 -i eth0 -p tcp -m tcp --dport 8118 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -d 37.120.209.219/32 -o eth0 -j ACCEPT
-A OUTPUT -s 172.18.0.0/16 -d 172.18.0.0/16 -j ACCEPT
-A OUTPUT -d 37.120.209.219/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -s 172.18.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 8118 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
2024-12-19 13:13:53,786 DEBG 'start-script' stdout output:
--------------------
2024-12-19 13:13:53,787 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...
2024-12-19 13:13:53,792 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-12-19 13:13:53 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-12-19 13:13:53,792 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 WARNING: file 'credentials.conf' is group or others accessible
2024-12-19 13:13:53 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Dec 16 2024
2024-12-19 13:13:53 library versions: OpenSSL 3.4.0 22 Oct 2024, LZO 2.10
2024-12-19 13:13:53 DCO version: N/A
2024-12-19 13:13:53,792 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-12-19 13:13:53 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-12-19 13:13:53,793 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.209.219:1194
2024-12-19 13:13:53 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-12-19 13:13:53 UDPv4 link local: (not bound)
2024-12-19 13:13:53 UDPv4 link remote: [AF_INET]37.120.209.219:1194
2024-12-19 13:13:53,803 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 TLS: Initial packet from [AF_INET]37.120.209.219:1194, sid=5e594959 3b18b8d4
2024-12-19 13:13:53,827 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-12-19 13:13:53 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-12-19 13:13:53,827 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 VERIFY KU OK
2024-12-19 13:13:53 Validating certificate extended key usage
2024-12-19 13:13:53 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-12-19 13:13:53 VERIFY EKU OK
2024-12-19 13:13:53 VERIFY OK: depth=0, CN=se400.nordvpn.com
2024-12-19 13:13:53,837 DEBG 'start-script' stdout output:
2024-12-19 13:13:53 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-12-19 13:13:53 [se400.nordvpn.com] Peer Connection Initiated with [AF_INET]37.120.209.219:1194
2024-12-19 13:13:53 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-12-19 13:13:53 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-12-19 13:13:55,058 DEBG 'start-script' stdout output:
2024-12-19 13:13:55 SENT CONTROL [se400.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-12-19 13:14:00,292 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 SENT CONTROL [se400.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-12-19 13:14:00,302 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 AUTH: Received control message: AUTH_FAILED
2024-12-19 13:14:00 SIGTERM[soft,auth-failure] received, process exiting
2024-12-19 13:14:00,303 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...
2024-12-19 13:14:00,309 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-12-19 13:14:00 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-12-19 13:14:00,309 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 WARNING: file 'credentials.conf' is group or others accessible
2024-12-19 13:14:00 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Dec 16 2024
2024-12-19 13:14:00 library versions: OpenSSL 3.4.0 22 Oct 2024, LZO 2.10
2024-12-19 13:14:00 DCO version: N/A
2024-12-19 13:14:00,309 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-12-19 13:14:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-12-19 13:14:00,310 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.209.219:1194
2024-12-19 13:14:00,310 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-12-19 13:14:00 UDPv4 link local: (not bound)
2024-12-19 13:14:00 UDPv4 link remote: [AF_INET]37.120.209.219:1194
2024-12-19 13:14:00,320 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 TLS: Initial packet from [AF_INET]37.120.209.219:1194, sid=14c32d7d 9886ab42
2024-12-19 13:14:00,348 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-12-19 13:14:00 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-12-19 13:14:00,348 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 VERIFY KU OK
2024-12-19 13:14:00 Validating certificate extended key usage
2024-12-19 13:14:00 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-12-19 13:14:00 VERIFY EKU OK
2024-12-19 13:14:00 VERIFY OK: depth=0, CN=se400.nordvpn.com
2024-12-19 13:14:00,360 DEBG 'start-script' stdout output:
2024-12-19 13:14:00 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-12-19 13:14:00 [se400.nordvpn.com] Peer Connection Initiated with [AF_INET]37.120.209.219:1194
2024-12-19 13:14:00 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-12-19 13:14:00 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-12-19 13:14:01,530 DEBG 'start-script' stdout output:
2024-12-19 13:14:01 SENT CONTROL [se400.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-12-19 13:14:06,714 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 SENT CONTROL [se400.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-12-19 13:14:06,724 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 AUTH: Received control message: AUTH_FAILED
2024-12-19 13:14:06 SIGTERM[soft,auth-failure] received, process exiting
2024-12-19 13:14:06,725 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...
2024-12-19 13:14:06,730 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-12-19 13:14:06 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-12-19 13:14:06,731 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 WARNING: file 'credentials.conf' is group or others accessible
2024-12-19 13:14:06 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Dec 16 2024
2024-12-19 13:14:06 library versions: OpenSSL 3.4.0 22 Oct 2024, LZO 2.10
2024-12-19 13:14:06 DCO version: N/A
2024-12-19 13:14:06,731 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-12-19 13:14:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-12-19 13:14:06,732 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.209.219:1194
2024-12-19 13:14:06,732 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-12-19 13:14:06 UDPv4 link local: (not bound)
2024-12-19 13:14:06 UDPv4 link remote: [AF_INET]37.120.209.219:1194
2024-12-19 13:14:06,742 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 TLS: Initial packet from [AF_INET]37.120.209.219:1194, sid=ebb0f883 8c2f96d4
2024-12-19 13:14:06,767 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-12-19 13:14:06 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-12-19 13:14:06,768 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 VERIFY KU OK
2024-12-19 13:14:06 Validating certificate extended key usage
2024-12-19 13:14:06 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-12-19 13:14:06 VERIFY EKU OK
2024-12-19 13:14:06 VERIFY OK: depth=0, CN=se400.nordvpn.com
2024-12-19 13:14:06,778 DEBG 'start-script' stdout output:
2024-12-19 13:14:06 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-12-19 13:14:06 [se400.nordvpn.com] Peer Connection Initiated with [AF_INET]37.120.209.219:1194
2024-12-19 13:14:06 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-12-19 13:14:06 TLS: tls_multi_process: initial untrusted session promoted to trusted
Upon startup I can see that it is using the correct auth-info (user and pw). I have tried using three different ovpn configs and they all work on windows. Tried restarting the server without any success.
If I disable vpn I can get in to the webgui otherwise it times out.
Any clue as to why this is happening?