I had a power cut last night and it corrupted my install of Dietpi a Raspberry PI 4
I did a fresh reinstall this morning, updated to latest and all is working great except NordVPN (via dietpi-vpn)
I’m using the same manual credentials as before and it logs in and connects to the server (lu106.nordvpn.com) fine but fails to get a WAN Ip with the error - WAN IP : curl: (28) Resolving timed out after 3000 milliseconds.
Any ideas what to do?
dietpi@NASPi:~$ sudo systemctl -l status dietpi-vpn
● dietpi-vpn.service - VPN Client (DietPi)
Loaded: loaded (/etc/systemd/system/dietpi-vpn.service; disabled; preset: enabled)
Active: active (running) since Thu 2024-01-25 13:44:57 GMT; 58s ago
Main PID: 4442 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 4471)
CPU: 104ms
CGroup: /system.slice/dietpi-vpn.service
└─4442 /usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client.ovpn
Jan 25 13:44:58 NASPi openvpn[4442]: net_addr_v4_add: 10.7.2.4/24 dev tun0
Jan 25 13:44:58 NASPi openvpn[4442]: /var/lib/dietpi/dietpi-vpn/static_up.sh tun0 1500 0 10.7.2.4 255.255.255.0 init
Jan 25 13:44:58 NASPi openvpn[4456]: net.ipv6.conf.all.disable_ipv6 = 1
Jan 25 13:44:58 NASPi openvpn[4459]: net.ipv6.conf.default.disable_ipv6 = 1
Jan 25 13:44:58 NASPi openvpn[4442]: net_route_v4_add: 194.110.85.64/32 via 192.168.2.1 dev [NULL] table 0 metric -1
Jan 25 13:44:58 NASPi openvpn[4442]: net_route_v4_add: 0.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
Jan 25 13:44:58 NASPi openvpn[4442]: net_route_v4_add: 128.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
Jan 25 13:44:58 NASPi openvpn[4442]: Initialization Sequence Completed
Jan 25 13:44:58 NASPi openvpn[4442]: Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'stub'
Jan 25 13:44:58 NASPi openvpn[4442]: Timers: ping 60, ping-restart 180
dietpi@NASPi:~$ sudo openvpn /etc/openvpn/client.ovpn
2024-01-25 13:46:56 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-01-25 13:46:56 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-01-25 13:46:56 OpenVPN 2.6.3 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-01-25 13:46:56 library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10
2024-01-25 13:46:56 DCO version: N/A
2024-01-25 13:46:56 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-01-25 13:46:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-01-25 13:46:56 NOTE: --fast-io is disabled since we are not using UDP
2024-01-25 13:46:56 TCP/UDP: Preserving recently used remote address: [AF_INET]194.110.85.64:443
2024-01-25 13:46:56 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-01-25 13:46:56 Attempting to establish TCP connection with [AF_INET]194.110.85.64:443
2024-01-25 13:46:56 TCP connection established with [AF_INET]194.110.85.64:443
2024-01-25 13:46:56 TCPv4_CLIENT link local: (not bound)
2024-01-25 13:46:56 TCPv4_CLIENT link remote: [AF_INET]194.110.85.64:443
2024-01-25 13:46:56 TLS: Initial packet from [AF_INET]194.110.85.64:443, sid=a96f8994 806a791b
2024-01-25 13:46:56 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-01-25 13:46:56 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-01-25 13:46:56 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-01-25 13:46:56 VERIFY KU OK
2024-01-25 13:46:56 Validating certificate extended key usage
2024-01-25 13:46:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-01-25 13:46:56 VERIFY EKU OK
2024-01-25 13:46:56 VERIFY X509NAME OK: CN=lu106.nordvpn.com
2024-01-25 13:46:56 VERIFY OK: depth=0, CN=lu106.nordvpn.com
2024-01-25 13:46:56 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-01-25 13:46:56 [lu106.nordvpn.com] Peer Connection Initiated with [AF_INET]194.110.85.64:443
2024-01-25 13:46:56 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-01-25 13:46:56 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-01-25 13:46:57 SENT CONTROL [lu106.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-01-25 13:46:57 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.7.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.2.5 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-01-25 13:46:57 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
2024-01-25 13:46:57 OPTIONS IMPORT: --ifconfig/up options modified
2024-01-25 13:46:57 OPTIONS IMPORT: route options modified
2024-01-25 13:46:57 OPTIONS IMPORT: route-related options modified
2024-01-25 13:46:57 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-01-25 13:46:57 net_route_v4_best_gw query: dst 0.0.0.0
2024-01-25 13:46:57 net_route_v4_best_gw result: via 192.168.2.1 dev eth0
2024-01-25 13:46:57 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eth0 HWADDR=dc:a6:32:4f:6d:08
2024-01-25 13:46:57 TUN/TAP device tun1 opened
2024-01-25 13:46:57 net_iface_mtu_set: mtu 1500 for tun1
2024-01-25 13:46:57 net_iface_up: set tun1 up
2024-01-25 13:46:57 net_addr_v4_add: 10.7.2.5/24 dev tun1
2024-01-25 13:46:57 /var/lib/dietpi/dietpi-vpn/static_up.sh tun1 1500 0 10.7.2.5 255.255.255.0 init
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
2024-01-25 13:46:57 net_route_v4_add: 194.110.85.64/32 via 192.168.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:46:57 sitnl_send: rtnl: generic error (-17): File exists
2024-01-25 13:46:57 NOTE: Linux route add command failed because route exists
2024-01-25 13:46:57 net_route_v4_add: 0.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:46:57 sitnl_send: rtnl: generic error (-17): File exists
2024-01-25 13:46:57 NOTE: Linux route add command failed because route exists
2024-01-25 13:46:57 net_route_v4_add: 128.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:46:57 sitnl_send: rtnl: generic error (-17): File exists
2024-01-25 13:46:57 NOTE: Linux route add command failed because route exists
2024-01-25 13:46:57 Initialization Sequence Completed
2024-01-25 13:46:57 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'stub'
2024-01-25 13:46:57 Timers: ping 60, ping-restart 180
^C2024-01-25 13:47:30 event_wait : Interrupted system call (fd=-1,code=4)
2024-01-25 13:47:30 net_route_v4_del: 194.110.85.64/32 via 192.168.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:47:30 net_route_v4_del: 0.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:47:30 net_route_v4_del: 128.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:47:30 Closing TUN/TAP interface
2024-01-25 13:47:30 net_addr_v4_del: 10.7.2.5 dev tun1
2024-01-25 13:47:30 /var/lib/dietpi/dietpi-vpn/static_down.sh tun1 1500 0 10.7.2.5 255.255.255.0 init
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
2024-01-25 13:47:30 SIGINT[hard,] received, process exiting
dietpi@NASPi:~$ sudo openvpn /etc/openvpn/client.ovpn
2024-01-25 13:47:39 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-01-25 13:47:39 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-01-25 13:47:39 OpenVPN 2.6.3 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-01-25 13:47:39 library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10
2024-01-25 13:47:39 DCO version: N/A
2024-01-25 13:47:39 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-01-25 13:47:39 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-01-25 13:47:39 NOTE: --fast-io is disabled since we are not using UDP
2024-01-25 13:47:39 TCP/UDP: Preserving recently used remote address: [AF_INET]194.110.85.64:443
2024-01-25 13:47:39 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-01-25 13:47:39 Attempting to establish TCP connection with [AF_INET]194.110.85.64:443
2024-01-25 13:47:39 TCP connection established with [AF_INET]194.110.85.64:443
2024-01-25 13:47:39 TCPv4_CLIENT link local: (not bound)
2024-01-25 13:47:39 TCPv4_CLIENT link remote: [AF_INET]194.110.85.64:443
2024-01-25 13:47:39 TLS: Initial packet from [AF_INET]194.110.85.64:443, sid=e4709e9f 38edf6da
2024-01-25 13:47:39 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-01-25 13:47:40 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-01-25 13:47:40 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-01-25 13:47:40 VERIFY KU OK
2024-01-25 13:47:40 Validating certificate extended key usage
2024-01-25 13:47:40 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-01-25 13:47:40 VERIFY EKU OK
2024-01-25 13:47:40 VERIFY X509NAME OK: CN=lu106.nordvpn.com
2024-01-25 13:47:40 VERIFY OK: depth=0, CN=lu106.nordvpn.com
2024-01-25 13:47:40 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-01-25 13:47:40 [lu106.nordvpn.com] Peer Connection Initiated with [AF_INET]194.110.85.64:443
2024-01-25 13:47:40 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-01-25 13:47:40 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-01-25 13:47:40 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.1.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-01-25 13:47:40 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
2024-01-25 13:47:40 OPTIONS IMPORT: --ifconfig/up options modified
2024-01-25 13:47:40 OPTIONS IMPORT: route options modified
2024-01-25 13:47:40 OPTIONS IMPORT: route-related options modified
2024-01-25 13:47:40 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-01-25 13:47:40 net_route_v4_best_gw query: dst 0.0.0.0
2024-01-25 13:47:40 net_route_v4_best_gw result: via 192.168.2.1 dev eth0
2024-01-25 13:47:40 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eth0 HWADDR=dc:a6:32:4f:6d:08
2024-01-25 13:47:40 TUN/TAP device tun1 opened
2024-01-25 13:47:40 net_iface_mtu_set: mtu 1500 for tun1
2024-01-25 13:47:40 net_iface_up: set tun1 up
2024-01-25 13:47:40 net_addr_v4_add: 10.7.1.2/24 dev tun1
2024-01-25 13:47:40 /var/lib/dietpi/dietpi-vpn/static_up.sh tun1 1500 0 10.7.1.2 255.255.255.0 init
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
2024-01-25 13:47:40 net_route_v4_add: 194.110.85.64/32 via 192.168.2.1 dev [NULL] table 0 metric -1
2024-01-25 13:47:40 net_route_v4_add: 0.0.0.0/1 via 10.7.1.1 dev [NULL] table 0 metric -1
2024-01-25 13:47:40 net_route_v4_add: 128.0.0.0/1 via 10.7.1.1 dev [NULL] table 0 metric -1
2024-01-25 13:47:40 Initialization Sequence Completed
2024-01-25 13:47:40 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'stub'
2024-01-25 13:47:40 Timers: ping 60, ping-restart 180