AUTH_FAILED, data channel cipher negotiation failed (no shared cipher)

[neuroverflow]

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

transmission-openvpn:
cap_add:
- NET_ADMIN
volumes:
- '/home/neuro/Docker/transmission-openvpn:/data'
- '/home/neuro/Docker/transmission-openvpn:/config'
- '/mnt/NASDisk1/Download/Temp:/data/incomplete'
- '/mnt/NASDisk1/Download/Done:/data/completed'
- '/mnt/NASDisk1/Download/TorHole:/data/watch'
environment:
- TZ=Europe/Paris
- PUID=1000
- PGID=1000
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60 --pull-filter ignore ping
- NORDVPN_COUNTRY=IT
- TRANSMISSION_WEB_UI=flood-for-transmission
- OPENVPN_USERNAME=xxx
- 'OPENVPN_PASSWORD=xxx'
- TRANSMISSION_RPC_USERNAME=xxx
- TRANSMISSION_RPC_PASSWORD=xxx
- TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
- LOCAL_NETWORK=192.168.0.0/16
- OVERRIDE_DNS_1=103.86.96.100
- OVERRIDE_DNS_2=103.86.99.100
- DROP_DEFAULT_ROUTE=false
ports:
- '9091:9091'
dns:
- 8.8.8.8
- 1.1.1.1
security_opt:
- seccomp:unconfined
image: haugene/transmission-openvpn:dev
restart: unless-stopped
container_name: seedbox

Current Behavior

Stopped suddenly to connect to NordVPN
AUTH_FAILED, data channel cipher negotiation failed (no shared cipher)

Expected Behavior

Connect to NordVPN like before

How have you tried to solve the problem?

tried dev branch
googled ;)

Log output

2024-03-30T12:46:44.375322588Z Starting container with revision: 54acc3a
2024-03-30T12:46:44.375427124Z TRANSMISSION_HOME is currently set to: /config/transmission-home
2024-03-30T12:46:44.397590577Z One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf
2024-03-30T12:46:44.540854119Z Creating TUN device /dev/net/tun
2024-03-30T12:46:44.547534246Z Using OpenVPN provider: NORDVPN
2024-03-30T12:46:44.547631411Z Running with VPN_CONFIG_SOURCE auto
2024-03-30T12:46:44.547642272Z Provider NORDVPN has a bundled setup script. Defaulting to internal config
2024-03-30T12:46:44.547703486Z Executing setup script for NORDVPN
2024-03-30T12:46:44.550604948Z /etc/openvpn/nordvpn/..
2024-03-30T12:46:45.768720277Z INFO: OVPN: Checking curl installation
2024-03-30T12:46:45.824061534Z INFO: OVPN: DNS resolution ok
2024-03-30T12:46:46.896241735Z INFO: OVPN: ok, configurations download site reachable
2024-03-30T12:46:46.896416494Z INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
2024-03-30T12:46:48.176878439Z Checking NORDPVN API responses
2024-03-30T12:46:48.359326188Z INFO: OVPN:Selecting the best server...
2024-03-30T12:46:48.408486489Z INFO: OVPN: Searching for country : IT (106)
2024-03-30T12:46:48.409971224Z WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn
2024-03-30T12:46:48.411305853Z INFO: OVPN:Searching for technology: openvpn_tcp
2024-03-30T12:46:48.926137472Z INFO: OVPN: Best server : it232.nordvpn.com, load: null
2024-03-30T12:46:48.926256771Z Best server : it232.nordvpn.com
2024-03-30T12:46:48.928113994Z INFO: OVPN: Downloading config: it232.nordvpn.com.ovpn
2024-03-30T12:46:48.928153856Z INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/it232.nordvpn.com.tcp.ovpn
2024-03-30T12:46:49.243238817Z OVPN: NORDVPN: selected: it232.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
2024-03-30T12:46:49.250497354Z Starting OpenVPN using config it232.nordvpn.com.ovpn
2024-03-30T12:46:49.254698828Z Modifying /etc/openvpn/nordvpn/it232.nordvpn.com.ovpn for best behaviour in this container
2024-03-30T12:46:49.254834256Z Modification: Point auth-user-pass option to the username/password file
2024-03-30T12:46:49.257834969Z Modification: Change ca certificate path
2024-03-30T12:46:49.261700786Z Modification: Change ping options
2024-03-30T12:46:49.269500180Z Modification: Update/set resolv-retry to 15 seconds
2024-03-30T12:46:49.273950670Z Modification: Change tls-crypt keyfile path
2024-03-30T12:46:49.277744450Z Modification: Set output verbosity to 3
2024-03-30T12:46:49.281822060Z Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
2024-03-30T12:46:49.285965196Z Modification: Updating status for config failure detection
2024-03-30T12:46:49.295425308Z Setting OpenVPN credentials...
2024-03-30T12:46:49.351794705Z adding route to local network 192.168.0.0/16 via 172.18.0.1 dev eth0
2024-03-30T12:46:49.362396406Z 2024-03-30 13:46:49 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-03-30T12:46:49.362432511Z 2024-03-30 13:46:49 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-03-30T12:46:49.362718773Z 2024-03-30 13:46:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-30T12:46:49.362742601Z 2024-03-30 13:46:49 NOTE: --fast-io is disabled since we are not using UDP
2024-03-30T12:46:49.365491279Z 2024-03-30 13:46:49 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:49.365545584Z 2024-03-30 13:46:49 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:49.365665679Z 2024-03-30 13:46:49 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.211.7:443
2024-03-30T12:46:49.365687292Z 2024-03-30 13:46:49 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-03-30T12:46:49.365701156Z 2024-03-30 13:46:49 Attempting to establish TCP connection with [AF_INET]178.249.211.7:443 [nonblock]
2024-03-30T12:46:49.403957835Z 2024-03-30 13:46:49 TCP connection established with [AF_INET]178.249.211.7:443
2024-03-30T12:46:49.403988467Z 2024-03-30 13:46:49 TCP_CLIENT link local: (not bound)
2024-03-30T12:46:49.403996129Z 2024-03-30 13:46:49 TCP_CLIENT link remote: [AF_INET]178.249.211.7:443
2024-03-30T12:46:49.442350973Z 2024-03-30 13:46:49 TLS: Initial packet from [AF_INET]178.249.211.7:443, sid=40aad1c9 ca4ed2a9
2024-03-30T12:46:49.442546320Z 2024-03-30 13:46:49 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-03-30T12:46:49.608717741Z 2024-03-30 13:46:49 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-03-30T12:46:49.608753907Z 2024-03-30 13:46:49 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-03-30T12:46:49.608761916Z 2024-03-30 13:46:49 VERIFY KU OK
2024-03-30T12:46:49.608768618Z 2024-03-30 13:46:49 Validating certificate extended key usage
2024-03-30T12:46:49.608775292Z 2024-03-30 13:46:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-03-30T12:46:49.608781884Z 2024-03-30 13:46:49 VERIFY EKU OK
2024-03-30T12:46:49.608788213Z 2024-03-30 13:46:49 VERIFY X509NAME OK: CN=it232.nordvpn.com
2024-03-30T12:46:49.608794643Z 2024-03-30 13:46:49 VERIFY OK: depth=0, CN=it232.nordvpn.com
2024-03-30T12:46:49.726085595Z 2024-03-30 13:46:49 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-03-30T12:46:49.726175813Z 2024-03-30 13:46:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-03-30T12:46:49.726204488Z 2024-03-30 13:46:49 [it232.nordvpn.com] Peer Connection Initiated with [AF_INET]178.249.211.7:443
2024-03-30T12:46:50.773692351Z 2024-03-30 13:46:50 SENT CONTROL [it232.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-03-30T12:46:50.773746195Z 2024-03-30 13:46:50 AUTH: Received control message: AUTH_FAILED
2024-03-30T12:46:50.774356467Z 2024-03-30 13:46:50 SIGTERM[soft,auth-failure] received, process exiting
2024-03-30T12:46:51.480143945Z Starting container with revision: 54acc3a
2024-03-30T12:46:51.480213769Z TRANSMISSION_HOME is currently set to: /config/transmission-home
2024-03-30T12:46:51.487235136Z One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf
2024-03-30T12:46:51.613413232Z Creating TUN device /dev/net/tun
2024-03-30T12:46:51.623591018Z Using OpenVPN provider: NORDVPN
2024-03-30T12:46:51.623671251Z Running with VPN_CONFIG_SOURCE auto
2024-03-30T12:46:51.623777274Z Provider NORDVPN has a bundled setup script. Defaulting to internal config
2024-03-30T12:46:51.623794721Z Executing setup script for NORDVPN
2024-03-30T12:46:51.626800208Z /etc/openvpn/nordvpn/..
2024-03-30T12:46:52.847545311Z INFO: OVPN: Checking curl installation
2024-03-30T12:46:52.897856068Z INFO: OVPN: DNS resolution ok
2024-03-30T12:46:53.973590040Z INFO: OVPN: ok, configurations download site reachable
2024-03-30T12:46:53.973733062Z INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
2024-03-30T12:46:55.190386682Z Checking NORDPVN API responses
2024-03-30T12:46:55.358647641Z INFO: OVPN:Selecting the best server...
2024-03-30T12:46:55.398244137Z INFO: OVPN: Searching for country : IT (106)
2024-03-30T12:46:55.399901720Z WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn
2024-03-30T12:46:55.400973293Z INFO: OVPN:Searching for technology: openvpn_tcp
2024-03-30T12:46:55.865309984Z INFO: OVPN: Best server : it232.nordvpn.com, load: null
2024-03-30T12:46:55.865356790Z Best server : it232.nordvpn.com
2024-03-30T12:46:55.867126404Z INFO: OVPN: Downloading config: it232.nordvpn.com.ovpn
2024-03-30T12:46:55.867161106Z INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/it232.nordvpn.com.tcp.ovpn
2024-03-30T12:46:56.040305134Z OVPN: NORDVPN: selected: it232.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
2024-03-30T12:46:56.048354090Z Starting OpenVPN using config it232.nordvpn.com.ovpn
2024-03-30T12:46:56.052789772Z Modifying /etc/openvpn/nordvpn/it232.nordvpn.com.ovpn for best behaviour in this container
2024-03-30T12:46:56.052821586Z Modification: Point auth-user-pass option to the username/password file
2024-03-30T12:46:56.055476192Z Modification: Change ca certificate path
2024-03-30T12:46:56.059226829Z Modification: Change ping options
2024-03-30T12:46:56.067245142Z Modification: Update/set resolv-retry to 15 seconds
2024-03-30T12:46:56.073819230Z Modification: Change tls-crypt keyfile path
2024-03-30T12:46:56.077575020Z Modification: Set output verbosity to 3
2024-03-30T12:46:56.082228404Z Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
2024-03-30T12:46:56.086428342Z Modification: Updating status for config failure detection
2024-03-30T12:46:56.094021220Z Setting OpenVPN credentials...
2024-03-30T12:46:56.147671572Z adding route to local network 192.168.0.0/16 via 172.18.0.1 dev eth0
2024-03-30T12:46:56.157044000Z 2024-03-30 13:46:56 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-03-30T12:46:56.157082051Z 2024-03-30 13:46:56 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-03-30T12:46:56.157425094Z 2024-03-30 13:46:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-30T12:46:56.157446347Z 2024-03-30 13:46:56 NOTE: --fast-io is disabled since we are not using UDP
2024-03-30T12:46:56.159371021Z 2024-03-30 13:46:56 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:56.159392722Z 2024-03-30 13:46:56 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-30T12:46:56.159608746Z 2024-03-30 13:46:56 TCP/UDP: Preserving recently used remote address: [AF_INET]178.249.211.7:443
2024-03-30T12:46:56.159659347Z 2024-03-30 13:46:56 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-03-30T12:46:56.159695880Z 2024-03-30 13:46:56 Attempting to establish TCP connection with [AF_INET]178.249.211.7:443 [nonblock]
2024-03-30T12:46:56.198622775Z 2024-03-30 13:46:56 TCP connection established with [AF_INET]178.249.211.7:443
2024-03-30T12:46:56.198662700Z 2024-03-30 13:46:56 TCP_CLIENT link local: (not bound)
2024-03-30T12:46:56.198672535Z 2024-03-30 13:46:56 TCP_CLIENT link remote: [AF_INET]178.249.211.7:443
2024-03-30T12:46:56.237788404Z 2024-03-30 13:46:56 TLS: Initial packet from [AF_INET]178.249.211.7:443, sid=af9ca463 10cb6ea5
2024-03-30T12:46:56.237903256Z 2024-03-30 13:46:56 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-03-30T12:46:56.405610169Z 2024-03-30 13:46:56 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-03-30T12:46:56.405969101Z 2024-03-30 13:46:56 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-03-30T12:46:56.406342379Z 2024-03-30 13:46:56 VERIFY KU OK
2024-03-30T12:46:56.406381932Z 2024-03-30 13:46:56 Validating certificate extended key usage
2024-03-30T12:46:56.406391364Z 2024-03-30 13:46:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-03-30T12:46:56.406398192Z 2024-03-30 13:46:56 VERIFY EKU OK
2024-03-30T12:46:56.406404654Z 2024-03-30 13:46:56 VERIFY X509NAME OK: CN=it232.nordvpn.com
2024-03-30T12:46:56.406411247Z 2024-03-30 13:46:56 VERIFY OK: depth=0, CN=it232.nordvpn.com
2024-03-30T12:46:56.523572110Z 2024-03-30 13:46:56 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-03-30T12:46:56.523613650Z 2024-03-30 13:46:56 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-03-30T12:46:56.523624325Z 2024-03-30 13:46:56 [it232.nordvpn.com] Peer Connection Initiated with [AF_INET]178.249.211.7:443
2024-03-30T12:46:57.570931965Z 2024-03-30 13:46:57 SENT CONTROL [it232.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-03-30T12:46:57.702147442Z 2024-03-30 13:46:57 AUTH: Received control message: AUTH_FAILED
2024-03-30T12:46:57.702329770Z 2024-03-30 13:46:57 SIGTERM[soft,auth-failure] received, process exiting

HW/SW Environment

- OS: Ubuntu server
- Docker: 25.0.4

Anything else?

No response

[julianneswinoga]

I'm seeing this as well, but it looks like a login problem on the NordVPN side. Their regular login services seem to be having problems for me as well ☹️

[ilike2burnthing]

#2819

[kiwidoggie]

#2819

Does not solve the issue, especially when its happening no matter which server you choose.

[neuroverflow]

#2819

Does not solve the issue, especially when its happening no matter which server you choose.

try a german server, solved it for me but I tried several before... My guess is a change that s currently being deployed or an issue affecting mostservers ...

[kiwidoggie]

I think the ovpn files may need updating, I took the exact same server/tcp/dedicated ip, and it was giving me this error. I downloaded the .ovpn file, and followed these steps: https://haugene.github.io/docker-transmission-openvpn/supported-providers/#using_a_local_single_ovpn_file_from_a_provider

Setting it as custom and giving the file name, and it started working again.

[ilike2burnthing]

NordVPN is working fine for me.

NordVPN in this container uses a script to pull the files using NordVPN's API, so there's nothing to update on this end. If you're specifying exactly the same server as the one you're using for custom, then there's a different issue.

As explained in #2819, you generally don't want to specify a server. However, as you're using a dedicated IP, you should ONLY specify the server, and not the country, category, or protocol. I've not used a dedicated IP server before, so can't speak to any issues it may or may not have with this container.

[VMBindraban]

I am getting this error since an hour.

Config:

      - LOCAL_NETWORK=192.168.1.0/24
      - OPENVPN_USERNAME=***
      - OPENVPN_PASSWORD=***
      - OPENVPN_PROVIDER=NORDVPN
      - CREATE_TUN_DEVICE=true
      - OPENVPN_OPTS=--mute-replay-warnings
      - NORDVPN_COUNTRY=nl
      - TRANSMISSION_DOWNLOAD_DIR=/data/downloads/completed
      - TRANSMISSION_HOME=/config/home
      - TRANSMISSION_INCOMPLETE_DIR=/data/downloads/incomplete
      - HEALTH_CHECK_HOST=nordvpn.com
      - SELFHEAL=true

Logs:

2024-04-02 10:05:03 VERIFY X509NAME OK: CN=nl1001.nordvpn.com
2024-04-02 10:05:03 VERIFY OK: depth=0, CN=nl1001.nordvpn.com
2024-04-02 10:05:03 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-04-02 10:05:03 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-04-02 10:05:03 [nl1001.nordvpn.com] Peer Connection Initiated with [AF_INET]213.152.162.250:443
2024-04-02 10:05:04 SENT CONTROL [nl1001.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 10:05:04 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
2024-04-02 10:05:04 SIGTERM[soft,auth-failure] received, process exiting

[Nitrousoxide]

I am also getting auth errors out of no where. I did not change anything in my config, and I double checked my account on NordVPN and the username and passwords still match.

vpn_media_server-transmission-openvpn-1  | INFO: OVPN: ok, configurations download site reachable
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
vpn_media_server-transmission-openvpn-1  | Checking NORDPVN API responses
vpn_media_server-transmission-openvpn-1  | INFO: OVPN:Selecting the best server...
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Searching for country : US (228)
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Searching for group: legacy_p2p
vpn_media_server-transmission-openvpn-1  | INFO: OVPN:Searching for technology: openvpn_udp
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Best server : us5100.nordvpn.com, load: null
vpn_media_server-transmission-openvpn-1  | Best server : us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Downloading config: us5100.nordvpn.com.ovpn
vpn_media_server-transmission-openvpn-1  | INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us5100.nordvpn.com.udp.ovpn
vpn_media_server-transmission-openvpn-1  | OVPN: NORDVPN: selected: us5100.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
vpn_media_server-transmission-openvpn-1  | Starting OpenVPN using config us5100.nordvpn.com.ovpn
vpn_media_server-transmission-openvpn-1  | Modifying /etc/openvpn/nordvpn/us5100.nordvpn.com.ovpn for best behaviour in this container
vpn_media_server-transmission-openvpn-1  | Modification: Point auth-user-pass option to the username/password file
vpn_media_server-transmission-openvpn-1  | Modification: Change ca certificate path
vpn_media_server-transmission-openvpn-1  | Modification: Change ping options
vpn_media_server-transmission-openvpn-1  | Modification: Update/set resolv-retry to 15 seconds
vpn_media_server-transmission-openvpn-1  | Modification: Change tls-crypt keyfile path
vpn_media_server-transmission-openvpn-1  | Modification: Set output verbosity to 3
vpn_media_server-transmission-openvpn-1  | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
vpn_media_server-transmission-openvpn-1  | Modification: Updating status for config failure detection
vpn_media_server-transmission-openvpn-1  | Setting OpenVPN credentials...
vpn_media_server-transmission-openvpn-1  | adding route to local network 192.168.7.0/24 via 172.22.0.1 dev eth0
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 TCP/UDP: Preserving recently used remote address: [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 UDP link local: (not bound)
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 UDP link remote: [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 TLS: Initial packet from [AF_INET]86.107.55.230:1194, sid=a8b58ffd e4c15b55
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY KU OK
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Validating certificate extended key usage
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY EKU OK
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY X509NAME OK: CN=us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 VERIFY OK: depth=0, CN=us5100.nordvpn.com
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:48 [us5100.nordvpn.com] Peer Connection Initiated with [AF_INET]86.107.55.230:1194
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 SENT CONTROL [us5100.nordvpn.com]: 'PUSH_REQUEST' (status=1)
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 AUTH: Received control message: AUTH_FAILED
vpn_media_server-transmission-openvpn-1  | 2024-04-02 08:26:50 SIGTERM[soft,auth-failure] received, process exiting

[chrisburkey]

Update: Somehow this has magically starting working.

This issue just started sometime between in the last few hours. Nothing has changed with config and account is valid able to start VPN connection from iOS without issue.

2024-04-02 08:46:04 [us8410.nordvpn.com] Peer Connection Initiated with [AF_INET]192.145.116.136:443
2024-04-02 08:46:05 SENT CONTROL [us8410.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 08:46:05 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
2024-04-02 08:46:05 SIGTERM[soft,auth-failure] received, process exiting

  - OPENVPN_PROVIDER=NORDVPN
  - NORDVPN_COUNTRY=US
  - NORDVPN_PROTOCOL=tcp
  - OPENVPN_USERNAME=***
  - OPENVPN_PASSWORD=***
  - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60

[VMBindraban]

Update: Somehow this has magically starting working.

Still issues here, seems nordvpn is doing something. Takes a while to propagate all the servers.

[Kamoenix]

I've also been getting a similar error with NordVPN. No changes to container. Spoke to NordVPN support and they didn't offer any help.

2024/04/02 14:27:57stdout2024-04-02 13:27:57 SIGTERM[soft,auth-failure] received, process exiting
2024/04/02 14:27:57stdout2024-04-02 13:27:57 AUTH: Received control message: AUTH_FAILED
2024/04/02 14:27:56stdout2024-04-02 13:27:56 SENT CONTROL [uk1690.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024/04/02 14:27:55stdout2024-04-02 13:27:55 [uk1690.nordvpn.com] Peer Connection Initiated with [AF_INET]152.89.207.4:443
2024/04/02 14:27:55stdout2024-04-02 13:27:55 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024/04/02 14:27:55stdout2024-04-02 13:27:55 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024/04/02 14:27:55stdout2024-04-02 13:27:55 VERIFY OK: depth=0, CN=uk1690.nordvpn.com

[zsd7200]

Was able to get mine working again by removing any server-specific shenanigans (like NORDVPN_SERVER or OPENVPN_CONFIG).
My environment variables look like this:

            - OPENVPN_PROVIDER=NORDVPN
            - OPENVPN_USERNAME=x
            - OPENVPN_PASSWORD=x
            - LOCAL_NETWORK=192.168.0.0/24
            - NORDVPN_COUNTRY=US

And I was able to connect just now.

[Nitrousoxide]

for the folks who have gotten it working, can you post which nordvpn server you are connected to?

[chrisburkey]

for the folks who have gotten it working, can you post which nordvpn server you are connected to?

It seems to be transient. I was not connected didn't make any changes and eventually it connected and now I am back to the same errors in the logs:
2024-04-02 10:13:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-04-02 10:13:09 [us9921.nordvpn.com] Peer Connection Initiated with [AF_INET]45.85.144.100:443
2024-04-02 10:13:11 SENT CONTROL [us9921.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-02 10:13:11 AUTH: Received control message: AUTH_FAILED
2024-04-02 10:13:11 SIGTERM[soft,auth-failure] received, process exiting

[cravev]

@chrisburkey I'm seeing the same as you. Wasn't working this morning. Came back for ~30 minutes. Back to AUTH_FAILED now. I shut the container down for the time being.

[zsd7200]

Yep, same here, unfortunately--was up for a bit, now it's back to being dead and I can't get it back.
Guess we'll just have to wait it out.

[giantsystems]

Seeing this too, same auth error regarding ciphers. Working fine before. Using NordVPN.

Have checked the service account u/p from Nord and re entered. Tried and few different countries (NO,US,CH) with the same issue.

Pulled latest images. Still failing. Will try again in an hour or so.

[Larvitar]

As far as I can see in my logs started around 8:00 am UTC.

Definitely a problem with NordVPN since I've tried several machines, even official Android app with the same result. Someone on X suggested that it's a problem with certificates. Right now the error has changed a little, and it actually looks like a cert issue:

2024-04-02 16:29:50 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)

I recall that certificates can cause issues sometimes when servers are switching to/from daylight saving time (which happened 2 days ago in most (?) countries). If it is an issue with certificates it can take up to a few days before it fixes itself.

[thfondak]

Still seeing this problem as of April 2nd at 11am in the Midwestern US.

[Cubiss]

Can confirm this started happening April 2nd between around 11:30 UTC. Seems like a NordVPN issue

[gabrielstelmach]

CONFIRMED WORKAROUND

I think the ovpn files may need updating, I took the exact same server/tcp/dedicated ip, and it was giving me this error. I downloaded the .ovpn file, and followed these steps: https://haugene.github.io/docker-transmission-openvpn/supported-providers/#using_a_local_single_ovpn_file_from_a_provider

Setting it as custom and giving the file name, and it started working again.

Hey guys! I started facing the same issue this morning. The container will not start due to the error AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher).

After tying some different approaches like changing the country and reviewing all the configurations (including NordVPN credentials). The only way to get the container back online was using a custom provider as suggested by @kiwidoggie.

So, what I did was start the container as usual and from the logs, grab the OVPN file it was downloading from NordVPN, then I placed that file in the 'custom' folder -and also changed the container to grab the custom configuration as explained above.

I would say this issue is caused by a change in the NordVPN side (.ovpn file) that is not being taken by the current image/script, thus, the connection fails.

[Nitrousoxide]

CONFIRMED WORKAROUND

No luck for me on this.

[jjjonesjr33]

I'm having the same issue. Something I noticed tho when using a ovpn file from NordVPN and trying the custom route to get back working.

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

Still trying to find a fix, will update if I get it going.

[TaTaSuZette]

CONFIRMED WORKAROUND

Did the same, worked like a charm, thanks mate !

[evellior]

Going to copy-paste what I posted here: #2819 (comment)

I guess Nord is updating the auth certificates on their servers. Until all the servers are updated it may just be luck of the draw whether the one you connect to has been updated.

If that is the issue then it should resolve itself once their remote servers and the configs being served from their api (api.nordvpn.com) are in sync again. And if you can't wait for that then maybe people who've connected successfully could check their logs and see which server they connected to. I got onto fr949.nordvpn.com, so if you set NORDVPN_SERVER=fr949.nordvpn.com it should work for you too.

Look for a line that looks something like:
2024-04-02 15:51:46 VERIFY OK: depth=0, CN=fr949.nordvpn.com

Commenter below tested this out and it didn't fix the issue, they used the exact same server that I had success on and it didn't work for them 😬

[alex-patterson-webdev]

I am having the same issues:

AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)

The work around that @kiwidoggie / @gabrielstelmach mentioned is working for me (thanks)

If not already mentioned, the ovpn files can be found here https://nordvpn.com/ovpn

[jjcampillop]

Going to copy-paste what I posted here: #2819 (comment)

I guess Nord is updating the auth certificates on their servers. Until all the servers are updated it may just be luck of the draw whether the one you connect to has been updated.

If that is the issue then it should resolve itself once their remote servers and the configs being served from their api (api.nordvpn.com) are in sync again. And if you can't wait for that then maybe people who've connected successfully could check their logs and see which server they connected to. I got onto fr949.nordvpn.com, so if you set NORDVPN_SERVER=fr949.nordvpn.com it should work for you too.

Look for a line that looks something like: 2024-04-02 15:51:46 VERIFY OK: depth=0, CN=fr949.nordvpn.com

I'm afraid that's not enough:

[Arkheon]

Going to copy-paste what I posted here: #2819 (comment)
I guess Nord is updating the auth certificates on their servers. Until all the servers are updated it may just be luck of the draw whether the one you connect to has been updated.
If that is the issue then it should resolve itself once their remote servers and the configs being served from their api (api.nordvpn.com) are in sync again. And if you can't wait for that then maybe people who've connected successfully could check their logs and see which server they connected to. I got onto fr949.nordvpn.com, so if you set NORDVPN_SERVER=fr949.nordvpn.com it should work for you too.
Look for a line that looks something like: 2024-04-02 15:51:46 VERIFY OK: depth=0, CN=fr949.nordvpn.com

I'm afraid that's not enough:

Exactly the same error , French server .

[Nitrousoxide]

Glad I'm not the only one! I tried the same server and got that issue.

Maybe there's some env variable that no longer works now? here's my (nonworking) env variables

    environment:
      - PUID=1000
      - PGID=100
      - CREATE_TUN_DEVICE=true
      - OPENVPN_PROVIDER=NORDVPN
      - TRANSMISSION_WEB_UI=combustion
      - NORDVPN_COUNTRY=US
      - NORDVPN_CATEGORY=legacy_p2p
      - NORDVPN_PROTOCOL=udp
      - OPENVPN_USERNAME=$NORDUSERNAME
      - OPENVPN_PASSWORD=$NORDPASSWORD
      - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 600
      - WEBPROXY_ENABLED=true
      - WEBPROXY_PORT=8888
      - LOCAL_NETWORK=192.168.7.0/24
      - TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false
      - TRANSMISSION_DOWNLOAD_DIR=/downloads
      - TRANSMISSION_INCOMPLETE_DIR=/downloads
      - TRANSMISSION_RATIO_LIMIT=2
      - TRANSMISSION_IDLE_SEEDING_LIMIT=300
      - TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true
      - TRANSMISSION_RATIO_LIMIT_ENABLED=true
      - HEALTH_CHECK_HOST=github.com

[PeachesMLG]

Im getting the same errors, Havent modified anything on my side.

Im assuming this has been narrowed down to something on Nord's side? other vpn's are working fine?

[sideslip-it]

Can you post an image that shows the output like this?

[inehmo42]

[sideslip-it]

Do you have multiple openvpn containers or containers that are no longer used?
You can check which overlay file the transmission docker is using by relating it to the docker ID. The following link shows how to run the command.
https://stackoverflow.com/questions/67607874/how-to-find-which-folder-under-overlay2-directory-belong-to-which-container

[inehmo42]

Do you have multiple openvpn containers or containers that are no longer used?

I deleted old images in Portainer and now there is only one openvpn row.

I managed to run the command and my container is back up again! Thank you so much.

One thing that was different from your instructions was that I have directory nordvpn under the diff/etc/openvpn/ and that's where the configure-openvpn.sh is located. Then I just ran your command and the container popped back up like a champ!

Thanks a lot again!

[robiXxu]

Did they just fixed it? My container started just now (got a notification on the discord)

[sebcourant]

Did they just fixed it? My container started just now (got a notification on the discord)

Seems like it, I just restarted my container, without any of the changes mentioned in this thread, and it worked.

[jjjonesjr33]

I was locked out for awhile, had to reset password to get nordvpn to clear the timeout lockout. Once that was done I was able to get it working.

For the fix on Unraid containor "Transmission_VPN" error
AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)

Console into the containor "Transmission_VPN" the moment it boots and past/run
sed -i 's/\/cipher AES-256-CBC\/a data-ciphers AES-256-CBC/s\/cipher AES-256-CBC\/cipher AES-256-GCM\\ndata-ciphers AES-256-GCM\/g/g' /etc/openvpn/nordvpn/configure-openvpn.sh

So far this seems to persist on reboot of the container as well. And is now working for me without issues.

[sideslip-it]

Did they just fixed it? My container started just now (got a notification on the discord)

Seems like it, I just restarted my container, without any of the changes mentioned in this thread, and it worked.

Yep I have just deleted my container and recreated it and it has started straight away.

[VMBindraban]

Did they just fixed it? My container started just now (got a notification on the discord)

Seems like it, I just restarted my container, without any of the changes mentioned in this thread, and it worked.

Yep I have just deleted my container and recreated it and it has started straight away.

Still fails here. (NL server)

[abramter]

Just restarted the container without any of the updates and it worked like before.

2024-04-03 00:47:18 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2024-04-03 00:47:18 [ch387.nordvpn.com] Peer Connection Initiated with [AF_INET]82.180.148.247:1194
2024-04-03 00:47:19 SENT CONTROL [ch387.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-03 00:47:19 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.5 255.255.255.0,peer-id 3,cipher AES-256-CBC'

Did a check at https://www.whatismyip.net/tools/torrent-ip-checker/ and had a CH Server IP

[PeachesMLG]

Mine is working now

[ilike2burnthing]

For anyone still having issues, change your image to haugene/transmission-openvpn:dev or pull a new one if already on it (released 5mins ago).

[mkjustuk]

Restarted my (un-altered in anyway) container again and it's now working, so Nord have fixed/changed whatever they needed to.

[Nitrousoxide]

Restarted my (un-altered in anyway) container again and it's now working, so Nord have fixed/changed whatever they needed to.

I pulled the non-dev, regular live image and it worked for me as well. I did reset my password yesterday, though that didn't get it working then. So hopefully everyone's back up and running now.

[VMBindraban]

Confirmed that it works after re-pulling the image. Didn't change the password.

[thfondak]

Wahoo! Thanks, everyone!

[julianneswinoga]

Didn't need to pull the latest, everything Nord just started working for me again. They must've fixed something 🤷‍♀️

[ciceroripi]

I pulled again to be sure, and it's working again.

[Micsters]

Didn't work till i repulled it.. Works now tho.

[DiabloBajo]

Didn't need to pull the latest, everything Nord just started working for me again. They must've fixed something 🤷‍♀️

exactly same here.

[bradleyburgess]

Are you using the `latest` or the `dev` tag? (Or something else?)

…

On Wed, Apr 3, 2024, 10:19 AM Mic ***@***.***> wrote: Didn't work till i repulled it.. Works now tho. — Reply to this email directly, view it on GitHub <#2820 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALNQRRMFBEXLCXCNFUWQLWLY3QFVHAVCNFSM6AAAAABFPRMAESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZUG42TINRRGI> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.*** com>

[helmsb]

FYI, repulling latest fixed it for me.

[BiggsBounds]

I submitted a case with Nord yesterday. Today I received a reply that the issue had been resolved. Confirmed the original configuration is working again.

[ilike2burnthing]

Only the dev image has been updated, re-pulling latest was probably just the equivalent of 'turn it off and on again'.

[Cubiss]

Can confirm latest tag build started working yesterday. Dev tag build still works fine, just isn't necessary anymore (for now?).

[ilike2burnthing]

dev doesn't appear to be necessary anymore, no, although the encryption is bumped up to AES-256-GCM.

[matt-hagan]

If you are still having issues with this, or registering a new container do not forget that NordVPN changed how linux connects, you can't not use the normal email and password.
You need to get the username and password from the section that states Set up NordVPN manually.
https://support.nordvpn.com/hc/en-us/articles/20226600447633-How-to-log-in-to-NordVPN-on-Linux-devices-without-a-GUI.
That can generate the username and password, or the token to use with their cli program.
That solved my issues after I had to recreate my container when a node died.

[bradleyburgess]

This is working fine for me now (without dev).

[fuzsh]

I still face this problem with a lot of servers, some servers work fine, and some do not. 😢

Is there any approach to finding the servers that work fine? I tried with recommended ones, with custom ones, and ... but from time to time I can connect. In my case for example from all the servers of Austria, just 3 works.

Also, I test dev but nothing special happened, issue is still there.

[koenvanderlinden]

@farzad-845 maybe find a one that is working and set that url in the OPENVPN_CONFIG_URL environment variable. Hopefully that config will work forever.