vpnmgr vpnmgr - Manage and update VPN Client configurations for NordVPN and PIA

[Viktor Jaep]

Ok, I have also found the issue here. It does has no effect when you schedule through the UI. When I do it throug ssh it works perfectly

Any reason why you are setting this interval so short? You want to ask Nordvpn every 2 minutes if this is the best server to use for this country/city? These things don't change that often. Why not set it for every 6hrs?

 

[damianar1984]

Maybe you can test by using a different browser? Or the same browser, but disable all the plugins (or via incognito mode).

I was already using the incognito mode but I will try tomorrow with a different browser.

 

[damianar1984]

Any reason why you are setting this interval so short? You want to ask Nordvpn every 2 minutes if this is the best server to use for this country/city? These things don't change that often. Why not set it for every 6hrs?

I wanted only to test this plugin before I get rid of all my AVM Routers tomorrow, to be sure, Asus is the right choice. Of course I will change it to once a day during night.

 

[damianar1984]

I have some issues with the script. Everytime when it tries to reboot/update the server it runs into this problem:

Feb 28 06:10:51 ovpn-client2[2505]: [ch319.nordvpn.com] Inactivity timeout (--ping-restart), restarting
Feb 28 06:10:51 ovpn-client2[2505]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 28 06:10:51 ovpn-client2[2505]: Restart pause, 5 second(s)
Feb 28 06:10:56 ovpn-client2[2505]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 28 06:10:56 ovpn-client2[2505]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 28 06:10:56 ovpn-client2[2505]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 28 06:10:56 ovpn-client2[2505]: TCP/UDP: Preserving recently used remote address: [AF_INET]195.216.219.121:1194
Feb 28 06:10:56 ovpn-client2[2505]: Socket Buffers: R=[524288->1048576] S=[524288->1048576]
Feb 28 06:10:56 ovpn-client2[2505]: UDP link local: (not bound)
Feb 28 06:10:56 ovpn-client2[2505]: UDP link remote: [AF_INET]195.216.219.121:1194
Feb 28 06:10:56 ovpn-client2[2505]: TLS: Initial packet from [AF_INET]195.216.219.121:1194, sid=2ae45b8a de29ed13
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY KU OK
Feb 28 06:10:56 ovpn-client2[2505]: Validating certificate extended key usage
Feb 28 06:10:56 ovpn-client2[2505]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY EKU OK
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY OK: depth=0, CN=ch319.nordvpn.com
Feb 28 06:10:56 ovpn-client2[2505]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Feb 28 06:10:56 ovpn-client2[2505]: [ch319.nordvpn.com] Peer Connection Initiated with [AF_INET]195.216.219.121:1194
Feb 28 06:10:57 ovpn-client2[2505]: SENT CONTROL [ch319.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Feb 28 06:11:03 ovpn-client2[2505]: SENT CONTROL [ch319.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Feb 28 06:11:03 ovpn-client2[2505]: AUTH: Received control message: AUTH_FAILED
Feb 28 06:11:03 ovpn-client2[2505]: SIGTERM received, sending exit notification to peer
Feb 28 06:11:06 ovpn-client2[2505]: ovpn-route-pre-down tun12 1500 1654 10.8.0.10 255.255.255.0 init
Feb 28 06:11:06 ovpn-client2[2505]: Closing TUN/TAP interface
Feb 28 06:11:06 ovpn-client2[2505]: /usr/sbin/ip addr del dev tun12 10.8.0.10/24
Feb 28 06:11:06 ovpn-client2[2505]: ovpn-down 2 client tun12 1500 1654 10.8.0.10 255.255.255.0 init
Feb 28 06:11:06 ovpn-client2[2505]: SIGTERM[soft,exit-with-notification] received, process exiting

It tells me, that the AUTH failed but the credentials are 100% right. It works, when I turn it on manually but just for few minutes/hours. Any clue what I am doing wrong?

 

[Viktor Jaep]

I have some issues with the script. Everytime when it tries to reboot/update the server it runs into this problem:

Feb 28 06:10:51 ovpn-client2[2505]: [ch319.nordvpn.com] Inactivity timeout (--ping-restart), restarting
Feb 28 06:10:51 ovpn-client2[2505]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 28 06:10:51 ovpn-client2[2505]: Restart pause, 5 second(s)
Feb 28 06:10:56 ovpn-client2[2505]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 28 06:10:56 ovpn-client2[2505]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 28 06:10:56 ovpn-client2[2505]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 28 06:10:56 ovpn-client2[2505]: TCP/UDP: Preserving recently used remote address: [AF_INET]195.216.219.121:1194
Feb 28 06:10:56 ovpn-client2[2505]: Socket Buffers: R=[524288->1048576] S=[524288->1048576]
Feb 28 06:10:56 ovpn-client2[2505]: UDP link local: (not bound)
Feb 28 06:10:56 ovpn-client2[2505]: UDP link remote: [AF_INET]195.216.219.121:1194
Feb 28 06:10:56 ovpn-client2[2505]: TLS: Initial packet from [AF_INET]195.216.219.121:1194, sid=2ae45b8a de29ed13
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY KU OK
Feb 28 06:10:56 ovpn-client2[2505]: Validating certificate extended key usage
Feb 28 06:10:56 ovpn-client2[2505]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY EKU OK
Feb 28 06:10:56 ovpn-client2[2505]: VERIFY OK: depth=0, CN=ch319.nordvpn.com
Feb 28 06:10:56 ovpn-client2[2505]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Feb 28 06:10:56 ovpn-client2[2505]: [ch319.nordvpn.com] Peer Connection Initiated with [AF_INET]195.216.219.121:1194
Feb 28 06:10:57 ovpn-client2[2505]: SENT CONTROL [ch319.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Feb 28 06:11:03 ovpn-client2[2505]: SENT CONTROL [ch319.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Feb 28 06:11:03 ovpn-client2[2505]: AUTH: Received control message: AUTH_FAILED
Feb 28 06:11:03 ovpn-client2[2505]: SIGTERM received, sending exit notification to peer
Feb 28 06:11:06 ovpn-client2[2505]: ovpn-route-pre-down tun12 1500 1654 10.8.0.10 255.255.255.0 init
Feb 28 06:11:06 ovpn-client2[2505]: Closing TUN/TAP interface
Feb 28 06:11:06 ovpn-client2[2505]: /usr/sbin/ip addr del dev tun12 10.8.0.10/24
Feb 28 06:11:06 ovpn-client2[2505]: ovpn-down 2 client tun12 1500 1654 10.8.0.10 255.255.255.0 init
Feb 28 06:11:06 ovpn-client2[2505]: SIGTERM[soft,exit-with-notification] received, process exiting

View attachment 48232

It tells me, that the AUTH failed but the credentials are 100% right. It works, when I turn it on manually but just for few minutes/hours. Any clue what I am doing wrong?

I would recommend probably just downloading a brand new .config file from NordVPN, and set up your VPN slot from scratch. Make sure it works reliably and functions without fail before using vpnmgr.

 

[damianar1984]

I think I have found the problem.

Step 1: Reset the PW for NordVPN (you will get a new PW also for the service/manual configuration which is needed)
Step 2: Config VPN Client (Upload the config file for the server you haven chosen before)
Step 3: And that is important: delete everything under custom configuration
Step 4: Important: Wait at least 60 Minutes after reset of the PW.

That was it. Now it works perfectly.

 

[muffintastic]

Is this project defunct now, not been any updates for over 2 years..

 

[dsring]

Does vpnmgr work with the 388 series of Merlin firmware?

 

[Viktor Jaep]

Does vpnmgr work with the 388 series of Merlin firmware?

Not seeing any reason why not? Give it a shot!

 

[pgershon]

I just tried to install on FT-AX6000 with Merlin and got an error message "Entware not detected".

Do I need Entware and is it easy and safe to load?

 

[Spud]

I just tried to install on FT-AX6000 with Merlin and got an error message "Entware not detected".

Do I need Entware and is it easy and safe to load?

Yes, sounds like you need Entware, which is fine to use. You can install it using the amtm command in your terminal.

 

[SALMIGHTY]

I'll let the poll run for a week, and whichever comes out on top I'll take a stab at adding. Doesn't look like many offer free trials annoyingly!

Could you add MullVad to the poll, please? Thanks.

 

[SALMIGHTY]

develop has been merged to master. I'm not anticipating adding anything else before going 1.0.0 (roughly a week from now unless anything major happens)

This is such a great script!! Could you please add MullVad when you are going to add other VPN services to vpnmg? It would be greatly
appreciated by many I think because even MullVad doesn't have a decent tut to config MullVad on an AsusWRT-Merlin, in my case with
the Asus GT-AEX16000.