AUTH_FAILED, data channel cipher negotiation failed (no shared cipher)

[neuroverflow]

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

transmission-openvpn:
cap_add:
- NET_ADMIN
volumes:
- '/home/neuro/Docker/transmission-openvpn:/data'
- '/home/neuro/Docker/transmission-openvpn:/config'
- '/mnt/NASDisk1/Download/Temp:/data/incomplete'
- '/mnt/NASDisk1/Download/Done:/data/completed'
- '/mnt/NASDisk1/Download/TorHole:/data/watch'
environment:
- TZ=Europe/Paris
- PUID=1000
- PGID=1000
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60 --pull-filter ignore ping
- NORDVPN_COUNTRY=IT
- TRANSMISSION_WEB_UI=flood-for-transmission
- OPENVPN_USERNAME=xxx
- 'OPENVPN_PASSWORD=xxx'
- TRANSMISSION_RPC_USERNAME=xxx
- TRANSMISSION_RPC_PASSWORD=xxx
- TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
- LOCAL_NETWORK=192.168.0.0/16
- OVERRIDE_DNS_1=103.86.96.100
- OVERRIDE_DNS_2=103.86.99.100
- DROP_DEFAULT_ROUTE=false
ports:
- '9091:9091'
dns:
- 8.8.8.8
- 1.1.1.1
security_opt:
- seccomp:unconfined
image: haugene/transmission-openvpn:dev
restart: unless-stopped
container_name: seedbox

Current Behavior

Stopped suddenly to connect to NordVPN
AUTH_FAILED, data channel cipher negotiation failed (no shared cipher)

Expected Behavior

Connect to NordVPN like before

How have you tried to solve the problem?

tried dev branch
googled ;)

Log output

2024-03-30T12:46:44.375322588Z Starting container with revision: 54acc3a
2024-03-30T12:46:44.375427124Z TRANSMISSION_HOME is currently set to: /config/transmission-home
2024-03-30T12:46:44.397590577Z One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf
2024-03-30T12:46:44.540854119Z Creating TUN device /dev/net/tun
2024-03-30T12:46:44.547534246Z Using OpenVPN provider: NORDVPN
2024-03-30T12:46:44.547631411Z Running with VPN_CONFIG_SOURCE auto
2024-03-30T12:46:44.547642272Z Provider NORDVPN has a bundled setup script. Defaulting to internal config
2024-03-30T12:46:44.547703486Z Executing setup script for NORDVPN
2024-03-30T12:46:44.550604948Z /etc/openvpn/nordvpn/..
2024-03-30T12:46:45.768720277Z INFO: OVPN: Checking curl installation
2024-03-30T12:46:45.824061534Z INFO: OVPN: DNS resolution ok
2024-03-30T12:46:46.896241735Z INFO: OVPN: ok, configurations download site reachable
2024-03-30T12:46:46.896416494Z INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
2024-03-30T12:46:48.176878439Z Checking NORDPVN API responses
2024-03-30T12:46:48.359326188Z INFO: OVPN:Selecting the best server...
2024-03-30T12:46:48.408486489Z INFO: OVPN: Searching for country : IT (106)
2024-03-30T12:46:48.409971224Z WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn
2024-03-30T12:46:48.411305853Z INFO: OVPN:Searching for technology: openvpn_tcp
2024-03-30T12:46:48.926137472Z INFO: OVPN: Best server : it232.nordvpn.com, load: null
2024-03-30T12:46:48.926256771Z Best server : it232.nordvpn.com
2024-03-30T12:46:48.928113994Z INFO: OVPN: Downloading config: it232.nordvpn.com.ovpn
2024-03-30T12:46:48.928153856Z INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/it232.nordvpn.com.tcp.ovpn
2024-03-30T12:46:49.243238817Z OVPN: NORDVPN: selected: it232.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
2024-03-30T12:46:49.250497354Z Starting OpenVPN using config it232.nordvpn.com.ovpn
2024-03-30T12:46:49.254698828Z Modifying /etc/openvpn/nordvpn/it232.nordvpn.com.ovpn for best behaviour in this container
2024-03-30T12:46:49.254834256Z Modification: Point auth-user-pass option to the username/password file
2024-03-30T12:46:49.257834969Z Modification: Change ca certificate path
2024-03-30T12:46:49.261700786Z Modification: Change ping options
2024-03-30T12:46:49.269500180Z Modification: Update/set resolv-retry to 15 seconds
2024-03-30T12:46:49.273950670Z Modification: Change tls-crypt keyfile path
2024-03-30T12:46:49.277744450Z Modification: Set output verbosity to 3
2024-03-30T12:46:49.281822060Z Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
2024-03-30T12:46:49.285965196Z Modification: Updating status for config failure detection
2024-03-30T12:46:49.295425308Z Setting OpenVPN credentials...
2024-03-30T12:46:49.351794705Z adding route to local network 192.168.0.0/16 via 172.18.0.1 dev eth0
2024-03-30T12:46:49.362396406Z 2024-03-30 13:46:49 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-03-30T12:46:49.362432511Z 2024-03-30 13:46:49 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-03-30T12:46:49.362718773Z 2024-03-30 13:46:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-30T12:46:49.362742601Z 2024-03-30 13:46:49 NOTE: --fast-io is disabled since we are not using UDP
2024-03-30T12:46:49.365491279Z 2024-03-30 13:46:49 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:49.365545584Z 2024-03-30 13:46:49 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:49.365665679Z 2024-03-30 13:46:49 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.211.7:443
2024-03-30T12:46:49.365687292Z 2024-03-30 13:46:49 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-03-30T12:46:49.365701156Z 2024-03-30 13:46:49 Attempting to establish TCP connection with [AF_INET]178.249.211.7:443 [nonblock]
2024-03-30T12:46:49.403957835Z 2024-03-30 13:46:49 TCP connection established with [AF_INET]178.249.211.7:443
2024-03-30T12:46:49.403988467Z 2024-03-30 13:46:49 TCP_CLIENT link local: (not bound)
2024-03-30T12:46:49.403996129Z 2024-03-30 13:46:49 TCP_CLIENT link remote: [AF_INET]178.249.211.7:443
2024-03-30T12:46:49.442350973Z 2024-03-30 13:46:49 TLS: Initial packet from [AF_INET]178.249.211.7:443, sid=40aad1c9 ca4ed2a9
2024-03-30T12:46:49.442546320Z 2024-03-30 13:46:49 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-03-30T12:46:49.608717741Z 2024-03-30 13:46:49 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-03-30T12:46:49.608753907Z 2024-03-30 13:46:49 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-03-30T12:46:49.608761916Z 2024-03-30 13:46:49 VERIFY KU OK
2024-03-30T12:46:49.608768618Z 2024-03-30 13:46:49 Validating certificate extended key usage
2024-03-30T12:46:49.608775292Z 2024-03-30 13:46:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-03-30T12:46:49.608781884Z 2024-03-30 13:46:49 VERIFY EKU OK
2024-03-30T12:46:49.608788213Z 2024-03-30 13:46:49 VERIFY X509NAME OK: CN=it232.nordvpn.com
2024-03-30T12:46:49.608794643Z 2024-03-30 13:46:49 VERIFY OK: depth=0, CN=it232.nordvpn.com
2024-03-30T12:46:49.726085595Z 2024-03-30 13:46:49 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-03-30T12:46:49.726175813Z 2024-03-30 13:46:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-03-30T12:46:49.726204488Z 2024-03-30 13:46:49 [it232.nordvpn.com] Peer Connection Initiated with [AF_INET]178.249.211.7:443
2024-03-30T12:46:50.773692351Z 2024-03-30 13:46:50 SENT CONTROL [it232.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-03-30T12:46:50.773746195Z 2024-03-30 13:46:50 AUTH: Received control message: AUTH_FAILED
2024-03-30T12:46:50.774356467Z 2024-03-30 13:46:50 SIGTERM[soft,auth-failure] received, process exiting
2024-03-30T12:46:51.480143945Z Starting container with revision: 54acc3a
2024-03-30T12:46:51.480213769Z TRANSMISSION_HOME is currently set to: /config/transmission-home
2024-03-30T12:46:51.487235136Z One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf
2024-03-30T12:46:51.613413232Z Creating TUN device /dev/net/tun
2024-03-30T12:46:51.623591018Z Using OpenVPN provider: NORDVPN
2024-03-30T12:46:51.623671251Z Running with VPN_CONFIG_SOURCE auto
2024-03-30T12:46:51.623777274Z Provider NORDVPN has a bundled setup script. Defaulting to internal config
2024-03-30T12:46:51.623794721Z Executing setup script for NORDVPN
2024-03-30T12:46:51.626800208Z /etc/openvpn/nordvpn/..
2024-03-30T12:46:52.847545311Z INFO: OVPN: Checking curl installation
2024-03-30T12:46:52.897856068Z INFO: OVPN: DNS resolution ok
2024-03-30T12:46:53.973590040Z INFO: OVPN: ok, configurations download site reachable
2024-03-30T12:46:53.973733062Z INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
2024-03-30T12:46:55.190386682Z Checking NORDPVN API responses
2024-03-30T12:46:55.358647641Z INFO: OVPN:Selecting the best server...
2024-03-30T12:46:55.398244137Z INFO: OVPN: Searching for country : IT (106)
2024-03-30T12:46:55.399901720Z WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn
2024-03-30T12:46:55.400973293Z INFO: OVPN:Searching for technology: openvpn_tcp
2024-03-30T12:46:55.865309984Z INFO: OVPN: Best server : it232.nordvpn.com, load: null
2024-03-30T12:46:55.865356790Z Best server : it232.nordvpn.com
2024-03-30T12:46:55.867126404Z INFO: OVPN: Downloading config: it232.nordvpn.com.ovpn
2024-03-30T12:46:55.867161106Z INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/it232.nordvpn.com.tcp.ovpn
2024-03-30T12:46:56.040305134Z OVPN: NORDVPN: selected: it232.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
2024-03-30T12:46:56.048354090Z Starting OpenVPN using config it232.nordvpn.com.ovpn
2024-03-30T12:46:56.052789772Z Modifying /etc/openvpn/nordvpn/it232.nordvpn.com.ovpn for best behaviour in this container
2024-03-30T12:46:56.052821586Z Modification: Point auth-user-pass option to the username/password file
2024-03-30T12:46:56.055476192Z Modification: Change ca certificate path
2024-03-30T12:46:56.059226829Z Modification: Change ping options
2024-03-30T12:46:56.067245142Z Modification: Update/set resolv-retry to 15 seconds
2024-03-30T12:46:56.073819230Z Modification: Change tls-crypt keyfile path
2024-03-30T12:46:56.077575020Z Modification: Set output verbosity to 3
2024-03-30T12:46:56.082228404Z Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
2024-03-30T12:46:56.086428342Z Modification: Updating status for config failure detection
2024-03-30T12:46:56.094021220Z Setting OpenVPN credentials...
2024-03-30T12:46:56.147671572Z adding route to local network 192.168.0.0/16 via 172.18.0.1 dev eth0
2024-03-30T12:46:56.157044000Z 2024-03-30 13:46:56 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-03-30T12:46:56.157082051Z 2024-03-30 13:46:56 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-03-30T12:46:56.157425094Z 2024-03-30 13:46:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-30T12:46:56.157446347Z 2024-03-30 13:46:56 NOTE: --fast-io is disabled since we are not using UDP
2024-03-30T12:46:56.159371021Z 2024-03-30 13:46:56 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:56.159392722Z 2024-03-30 13:46:56 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:56.159608746Z 2024-03-30 13:46:56 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.211.7:443
2024-03-30T12:46:56.159659347Z 2024-03-30 13:46:56 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-03-30T12:46:56.159695880Z 2024-03-30 13:46:56 Attempting to establish TCP connection with [AF_INET]178.249.211.7:443 [nonblock]
2024-03-30T12:46:56.198622775Z 2024-03-30 13:46:56 TCP connection established with [AF_INET]178.249.211.7:443
2024-03-30T12:46:56.198662700Z 2024-03-30 13:46:56 TCP_CLIENT link local: (not bound)
2024-03-30T12:46:56.198672535Z 2024-03-30 13:46:56 TCP_CLIENT link remote: [AF_INET]178.249.211.7:443
2024-03-30T12:46:56.237788404Z 2024-03-30 13:46:56 TLS: Initial packet from [AF_INET]178.249.211.7:443, sid=af9ca463 10cb6ea5
2024-03-30T12:46:56.237903256Z 2024-03-30 13:46:56 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-03-30T12:46:56.405610169Z 2024-03-30 13:46:56 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-03-30T12:46:56.405969101Z 2024-03-30 13:46:56 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-03-30T12:46:56.406342379Z 2024-03-30 13:46:56 VERIFY KU OK
2024-03-30T12:46:56.406381932Z 2024-03-30 13:46:56 Validating certificate extended key usage
2024-03-30T12:46:56.406391364Z 2024-03-30 13:46:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-03-30T12:46:56.406398192Z 2024-03-30 13:46:56 VERIFY EKU OK
2024-03-30T12:46:56.406404654Z 2024-03-30 13:46:56 VERIFY X509NAME OK: CN=it232.nordvpn.com
2024-03-30T12:46:56.406411247Z 2024-03-30 13:46:56 VERIFY OK: depth=0, CN=it232.nordvpn.com
2024-03-30T12:46:56.523572110Z 2024-03-30 13:46:56 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-03-30T12:46:56.523613650Z 2024-03-30 13:46:56 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-03-30T12:46:56.523624325Z 2024-03-30 13:46:56 [it232.nordvpn.com] Peer Connection Initiated with [AF_INET]178.249.211.7:443
2024-03-30T12:46:57.570931965Z 2024-03-30 13:46:57 SENT CONTROL [it232.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-03-30T12:46:57.702147442Z 2024-03-30 13:46:57 AUTH: Received control message: AUTH_FAILED
2024-03-30T12:46:57.702329770Z 2024-03-30 13:46:57 SIGTERM[soft,auth-failure] received, process exiting

HW/SW Environment

- OS: Ubuntu server
- Docker: 25.0.4

Anything else?

No response

[julianneswinoga]

I'm seeing this as well, but it looks like a login problem on the NordVPN side. Their regular login services seem to be having problems for me as well ☹️

[ilike2burnthing]

#2819

[kiwidoggie]

#2819

Does not solve the issue, especially when its happening no matter which server you choose.

[neuroverflow]

#2819

Does not solve the issue, especially when its happening no matter which server you choose.

try a german server, solved it for me but I tried several before... My guess is a change that s currently being deployed or an issue affecting mostservers ...

[kiwidoggie]

I think the ovpn files may need updating, I took the exact same server/tcp/dedicated ip, and it was giving me this error. I downloaded the .ovpn file, and followed these steps: https://haugene.github.io/docker-transmission-openvpn/supported-providers/#using_a_local_single_ovpn_file_from_a_provider

Setting it as custom and giving the file name, and it started working again.

[ilike2burnthing]

NordVPN is working fine for me.

NordVPN in this container uses a script to pull the files using NordVPN's API, so there's nothing to update on this end. If you're specifying exactly the same server as the one you're using for custom, then there's a different issue.

As explained in #2819, you generally don't want to specify a server. However, as you're using a dedicated IP, you should ONLY specify the server, and not the country, category, or protocol. I've not used a dedicated IP server before, so can't speak to any issues it may or may not have with this container.

[VMBindraban]

I am getting this error since an hour.

Config:

      - LOCAL_NETWORK=192.168.1.0/24
      - OPENVPN_USERNAME=***
      - OPENVPN_PASSWORD=***
      - OPENVPN_PROVIDER=NORDVPN
      - CREATE_TUN_DEVICE=true
      - OPENVPN_OPTS=--mute-replay-warnings
      - NORDVPN_COUNTRY=nl
      - TRANSMISSION_DOWNLOAD_DIR=/data/downloads/completed
      - TRANSMISSION_HOME=/config/home
      - TRANSMISSION_INCOMPLETE_DIR=/data/downloads/incomplete
      - HEALTH_CHECK_HOST=nordvpn.com
      - SELFHEAL=true

Logs:

2024-04-02 10:05:03 VERIFY X509NAME OK: CN=nl1001.nordvpn.com
2024-04-02 10:05:03 VERIFY OK: depth=0, CN=nl1001.nordvpn.com
2024-04-02 10:05:03 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-04-02 10:05:03 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-04-02 10:05:03 [nl1001.nordvpn.com] Peer Connection Initiated with [AF_INET]213.152.162.250:443
2024-04-02 10:05:04 SENT CONTROL [nl1001.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 10:05:04 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
2024-04-02 10:05:04 SIGTERM[soft,auth-failure] received, process exiting

[Nitrousoxide]

I am also getting auth errors out of no where. I did not change anything in my config, and I double checked my account on NordVPN and the username and passwords still match.

vpn_media_server-transmission-openvpn-1  | INFO: OVPN: ok, configurations download site reachable
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
vpn_media_server-transmission-openvpn-1  | Checking NORDPVN API responses
vpn_media_server-transmission-openvpn-1  | INFO: OVPN:Selecting the best server...
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Searching for country : US (228)
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Searching for group: legacy_p2p
vpn_media_server-transmission-openvpn-1  | INFO: OVPN:Searching for technology: openvpn_udp
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Best server : us5100.nordvpn.com, load: null
vpn_media_server-transmission-openvpn-1  | Best server : us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Downloading config: us5100.nordvpn.com.ovpn
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us5100.nordvpn.com.udp.ovpn
vpn_media_server-transmission-openvpn-1  | OVPN: NORDVPN: selected: us5100.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
vpn_media_server-transmission-openvpn-1  | Starting OpenVPN using config us5100.nordvpn.com.ovpn
vpn_media_server-transmission-openvpn-1  | Modifying /etc/openvpn/nordvpn/us5100.nordvpn.com.ovpn for best behaviour in this container
vpn_media_server-transmission-openvpn-1  | Modification: Point auth-user-pass option to the username/password file
vpn_media_server-transmission-openvpn-1  | Modification: Change ca certificate path
vpn_media_server-transmission-openvpn-1  | Modification: Change ping options
vpn_media_server-transmission-openvpn-1  | Modification: Update/set resolv-retry to 15 seconds
vpn_media_server-transmission-openvpn-1  | Modification: Change tls-crypt keyfile path
vpn_media_server-transmission-openvpn-1  | Modification: Set output verbosity to 3
vpn_media_server-transmission-openvpn-1  | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
vpn_media_server-transmission-openvpn-1  | Modification: Updating status for config failure detection
vpn_media_server-transmission-openvpn-1  | Setting OpenVPN credentials...
vpn_media_server-transmission-openvpn-1  | adding route to local network 192.168.7.0/24 via 172.22.0.1 dev eth0
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 TCP/UDP: Preserving recently used remote address: [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 UDP link local: (not bound)
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 UDP link remote: [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 TLS: Initial packet from [AF_INET]86.107.55.230:1194, sid=a8b58ffd e4c15b55
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY KU OK
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Validating certificate extended key usage
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY EKU OK
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY X509NAME OK: CN=us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=0, CN=us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 [us5100.nordvpn.com] Peer Connection Initiated with [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 SENT CONTROL [us5100.nordvpn.com]: 'PUSH_REQUEST' (status=1)
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 AUTH: Received control message: AUTH_FAILED
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 SIGTERM[soft,auth-failure] received, process exiting

[chrisburkey]

Update: Somehow this has magically starting working.

This issue just started sometime between in the last few hours. Nothing has changed with config and account is valid able to start VPN connection from iOS without issue.

2024-04-02 08:46:04 [us8410.nordvpn.com] Peer Connection Initiated with [AF_INET]192.145.116.136:443
2024-04-02 08:46:05 SENT CONTROL [us8410.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 08:46:05 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
2024-04-02 08:46:05 SIGTERM[soft,auth-failure] received, process exiting

  - OPENVPN_PROVIDER=NORDVPN
  - NORDVPN_COUNTRY=US
  - NORDVPN_PROTOCOL=tcp
  - OPENVPN_USERNAME=***
  - OPENVPN_PASSWORD=***
  - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60

[VMBindraban]

Update: Somehow this has magically starting working.

Still issues here, seems nordvpn is doing something. Takes a while to propagate all the servers.

[Kamoenix]

I've also been getting a similar error with NordVPN. No changes to container. Spoke to NordVPN support and they didn't offer any help.

2024/04/02 14:27:57stdout2024-04-02 13:27:57 SIGTERM[soft,auth-failure] received, process exiting
2024/04/02 14:27:57stdout2024-04-02 13:27:57 AUTH: Received control message: AUTH_FAILED
2024/04/02 14:27:56stdout2024-04-02 13:27:56 SENT CONTROL [uk1690.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024/04/02 14:27:55stdout2024-04-02 13:27:55 [uk1690.nordvpn.com] Peer Connection Initiated with [AF_INET]152.89.207.4:443
2024/04/02 14:27:55stdout2024-04-02 13:27:55 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024/04/02 14:27:55stdout2024-04-02 13:27:55 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024/04/02 14:27:55stdout2024-04-02 13:27:55 VERIFY OK: depth=0, CN=uk1690.nordvpn.com

[zsd7200]

Was able to get mine working again by removing any server-specific shenanigans (like NORDVPN_SERVER or OPENVPN_CONFIG).
My environment variables look like this:

            - OPENVPN_PROVIDER=NORDVPN
            - OPENVPN_USERNAME=x
            - OPENVPN_PASSWORD=x
            - LOCAL_NETWORK=192.168.0.0/24
            - NORDVPN_COUNTRY=US

And I was able to connect just now.

[Nitrousoxide]

for the folks who have gotten it working, can you post which nordvpn server you are connected to?

[chrisburkey]

for the folks who have gotten it working, can you post which nordvpn server you are connected to?

It seems to be transient. I was not connected didn't make any changes and eventually it connected and now I am back to the same errors in the logs:
2024-04-02 10:13:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-04-02 10:13:09 [us9921.nordvpn.com] Peer Connection Initiated with [AF_INET]45.85.144.100:443
2024-04-02 10:13:11 SENT CONTROL [us9921.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 10:13:11 AUTH: Received control message: AUTH_FAILED
2024-04-02 10:13:11 SIGTERM[soft,auth-failure] received, process exiting

[cravev]

@chrisburkey I'm seeing the same as you. Wasn't working this morning. Came back for ~30 minutes. Back to AUTH_FAILED now. I shut the container down for the time being.