Nas Synology + NordVPN Auth problem
BioSs54 opened this issue · 1 comments
BioSs54 commented
Information
Hi,
I try to up the container on my NAS Synology.
When i check logs, seem auth' problem but I have been send user, password & provider to the container. I also check my credentials file, he is complete. I use latest container. So maybe some arguments are wrong ? What do you think ?
The strangest: this docker-compose works locally but not on Synology
Docker compose file
services:
qbittorrent-openvpn:
volumes:
- '/volume1/Download:/data'
- '/volume1/docker/qbitorrent/config:/config'
- '/etc/localtime:/etc/localtime:ro'
environment:
- CREATE_TUN_DEVICE=true
- WEBPROXY_ENABLED=false
- OPENVPN_PROVIDER=NORDVPN
- NORDVPN_COUNTRY=FR
- NORDVPN_CATEGORY=p2p
- NORDVPN_PROTOCOL=udp
- OPENVPN_USERNAME=XXXXXXXXXXXXX
- OPENVPN_PASSWORD=XXXXXXXXXXXXX
- PUID=1024
- PGID=100
#- OPENVPN_CONFIG=
#- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- LAN=192.168.1.0/24
- HEALTH_CHECK_HOST=google.com
#- OPENVPN_CONFIG_FILE=/config/openvpn/config.ovpn
- QBT_WEBUI_PORT=9092
cap_add:
- NET_ADMIN
privileged: true
#devices:
# - /dev/net/tun
logging:
driver: json-file
options:
max-size: 10m
ports:
- '9092:9092'
image: guillaumedsde/alpine-qbittorrent-openvpn:latest
Logs
qbittorrent-openvpn_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
qbittorrent-openvpn_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
qbittorrent-openvpn_1 | [fix-attrs.d] applying ownership & permissions fixes...
qbittorrent-openvpn_1 | [fix-attrs.d] done.
qbittorrent-openvpn_1 | [cont-init.d] executing container initialization scripts...
qbittorrent-openvpn_1 | [cont-init.d] 01-setup-permissions: executing...
qbittorrent-openvpn_1 | [cont-init.d] 01-setup-permissions: exited 0.
qbittorrent-openvpn_1 | [cont-init.d] 02-setup-openvpn: executing...
qbittorrent-openvpn_1 | 2022-06-10 18:11:31 TUN/TAP device tun0 opened
qbittorrent-openvpn_1 | 2022-06-10 18:11:31 Persist state set to: ON
qbittorrent-openvpn_1 | INFO: Trying to use OpenVPN provider: NORDVPN
qbittorrent-openvpn_1 | A nordvpn
qbittorrent-openvpn_1 | A nordvpn/configure-openvpn.sh
qbittorrent-openvpn_1 | Exported revision 1286.
qbittorrent-openvpn_1 | Provider NORDVPN has a custom startup script, executing it
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Checking curl installation
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 DNS: resolution ok
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 PING: ok, configurations download site reachable
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Removing existing configs in /etc/openvpn/nordvpn
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Selecting the best server...
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Searching for country : FR (74)
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Searching for group: legacy_p2p
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Searching for technology: openvpn_udp
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Best server : fr551.nordvpn.com, load: 6
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Downloading config: fr551.nordvpn.com.ovpn
qbittorrent-openvpn_1 | 2022-06-10 18:11:33 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/fr551.nordvpn.com.udp.ovpn
qbittorrent-openvpn_1 | INFO: Found OpenVPN configuration: "fr551.nordvpn.com" for provider "NORDVPN" using it
qbittorrent-openvpn_1 | [cont-init.d] 02-setup-openvpn: exited 0.
qbittorrent-openvpn_1 | [cont-init.d] 03-setup-iptables: executing...
qbittorrent-openvpn_1 | INFO: Configuring Docker networks: 172.21.0.2/16
qbittorrent-openvpn_1 | [cont-init.d] 03-setup-iptables: exited 0.
qbittorrent-openvpn_1 | [cont-init.d] done.
qbittorrent-openvpn_1 | [services.d] starting services
qbittorrent-openvpn_1 | [services.d] done.
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 WARNING: --ping should normally be used with --ping-restart or --ping-exit
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 TCP/UDP: Preserving recently used remote address: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 Socket Buffers: R=[212992->212992] S=[212992->212992]
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 UDP link local: (not bound)
qbittorrent-openvpn_1 | 2022-06-10 18:12:02 UDP link remote: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 TLS: Initial packet from [AF_INET]89.40.XXX.XXX:1194, sid=b0b3abeb f21039ec
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 VERIFY KU OK
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 Validating certificate extended key usage
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 VERIFY EKU OK
qbittorrent-openvpn_1 | 2022-06-10 18:12:03 VERIFY OK: depth=0, CN=fr551.nordvpn.com
qbittorrent-openvpn_1 | 2022-06-10 18:12:05 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
qbittorrent-openvpn_1 | 2022-06-10 18:12:05 [fr551.nordvpn.com] Peer Connection Initiated with [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 SENT CONTROL [fr551.nordvpn.com]: 'PUSH_REQUEST' (status=1)
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 AUTH: Received control message: AUTH_FAILED
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 SIGTERM[soft,auth-failure] received, process exiting
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 WARNING: --ping should normally be used with --ping-restart or --ping-exit
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 TCP/UDP: Preserving recently used remote address: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 Socket Buffers: R=[212992->212992] S=[212992->212992]
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 UDP link local: (not bound)
qbittorrent-openvpn_1 | 2022-06-10 18:12:06 UDP link remote: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:12:07 TLS: Initial packet from [AF_INET]89.40.XXX.XXX:1194, sid=e77bce73 0819ddd3
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 VERIFY KU OK
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 Validating certificate extended key usage
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 VERIFY EKU OK
qbittorrent-openvpn_1 | 2022-06-10 18:12:15 VERIFY OK: depth=0, CN=fr551.nordvpn.com
qbittorrent-openvpn_1 | 2022-06-10 18:13:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
qbittorrent-openvpn_1 | 2022-06-10 18:13:06 TLS Error: TLS handshake failed
qbittorrent-openvpn_1 | 2022-06-10 18:13:06 SIGUSR1[soft,tls-error] received, process restarting
qbittorrent-openvpn_1 | 2022-06-10 18:13:06 Restart pause, 5 second(s)
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 WARNING: --ping should normally be used with --ping-restart or --ping-exit
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 TCP/UDP: Preserving recently used remote address: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 Socket Buffers: R=[212992->212992] S=[212992->212992]
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 UDP link local: (not bound)
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 UDP link remote: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 TLS: Initial packet from [AF_INET]89.40.XXX.XXX:1194, sid=a6f5226a a19fb221
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 VERIFY KU OK
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 Validating certificate extended key usage
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 VERIFY EKU OK
qbittorrent-openvpn_1 | 2022-06-10 18:13:11 VERIFY OK: depth=0, CN=fr551.nordvpn.com
qbittorrent-openvpn_1 | 2022-06-10 18:13:13 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
qbittorrent-openvpn_1 | 2022-06-10 18:13:13 [fr551.nordvpn.com] Peer Connection Initiated with [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:13:14 SENT CONTROL [fr551.nordvpn.com]: 'PUSH_REQUEST' (status=1)
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 AUTH: Received control message: AUTH_FAILED
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 SIGTERM[soft,auth-failure] received, process exiting
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 WARNING: --ping should normally be used with --ping-restart or --ping-exit
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 TCP/UDP: Preserving recently used remote address: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 Socket Buffers: R=[212992->212992] S=[212992->212992]
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 UDP link local: (not bound)
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 UDP link remote: [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:13:15 TLS: Initial packet from [AF_INET]89.40.XXX.XXX:1194, sid=098e5dbc 587e01f0
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 VERIFY KU OK
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 Validating certificate extended key usage
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 VERIFY EKU OK
qbittorrent-openvpn_1 | 2022-06-10 18:13:17 VERIFY OK: depth=0, CN=fr551.nordvpn.com
qbittorrent-openvpn_1 | 2022-06-10 18:13:20 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
qbittorrent-openvpn_1 | 2022-06-10 18:13:20 [fr551.nordvpn.com] Peer Connection Initiated with [AF_INET]89.40.XXX.XXX:1194
qbittorrent-openvpn_1 | 2022-06-10 18:13:21 SENT CONTROL [fr551.nordvpn.com]: 'PUSH_REQUEST' (status=1)
qbittorrent-openvpn_1 | 2022-06-10 18:13:21 AUTH: Received control message: AUTH_FAILED
qbittorrent-openvpn_1 | 2022-06-10 18:13:21 SIGTERM[soft,auth-failure] received, process exiting
Try
- In the General Settings of the container on the Synology, try ticking the checkbox for 'Execute container using high privelege'
MrBradricks commented
Here are my values that work, note I wrap my password in quotes so it consumes the special characters properly. Perhaps thats your issue?
environment:
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_USERNAME=redacted@redacted.com
- "OPENVPN_PASSWORD=redacted"
- NORDVPN_COUNTRY=US
- NORDVPN_CATEGORY=legacy_p2p
- NORDVPN_PROTOCOL=tcp
- PUID=911
- PGID=911
- LAN=192.168.1.0/24