GithubHelp home page GithubHelp logo

Comments (8)

morpheusthewhite avatar morpheusthewhite commented on June 1, 2024

Try to test your credentials with opemvpn just to make sure that they're correct

from nordpy.

tifoji avatar tifoji commented on June 1, 2024

Yes the credentials are correct. I wonder if anyone on Rpi 4 and Buster has a similar error. I can see that some guides mention about an RSA key also being present in the /etc/ipsec.secrets file but I don't have one. I also opened UDP ports 500 and 4500 to see if it makes any difference.
During the install it failed that strongswan-ikev2 package. Will that have an impact in all this ? On my Raspberry Pi 4 I have the following

pi@raspberrypi:~ $ apt list | grep -i strongswan

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libstrongswan-extra-plugins/stable 5.7.2-1 armhf
libstrongswan-standard-plugins/stable,now 5.7.2-1 armhf [installed,automatic]
libstrongswan/stable,now 5.7.2-1 armhf [installed,automatic]
network-manager-strongswan/stable 1.4.4-2 armhf
strongswan-charon/stable,now 5.7.2-1 armhf [installed,automatic]
strongswan-libcharon/stable,now 5.7.2-1 armhf [installed,automatic]
strongswan-nm/stable 5.7.2-1 armhf
strongswan-pki/stable 5.7.2-1 armhf
strongswan-scepclient/stable 5.7.2-1 armhf
strongswan-starter/stable,now 5.7.2-1 armhf [installed,automatic]
strongswan-swanctl/stable 5.7.2-1 armhf
strongswan/stable,now 5.7.2-1 all [installed]
pi@raspberrypi:~ $

from nordpy.

morpheusthewhite avatar morpheusthewhite commented on June 1, 2024

Exactly, I was also thinking about that; I tested the script on Debian but unfortunately I could not do the same on the raspberry

from nordpy.

morpheusthewhite avatar morpheusthewhite commented on June 1, 2024

If you can, please do these tests:

  • Verify the nordvpn certificate (which should be downloaded by the install.sh script) by
$ file /etc/ipsec.d/cacerts/NordVPN.der
  • Try to install the plugins suggested on the NordVPN site
$ sudo apt-get install strongswan libcharon-extra-plugins libcharon-standard-plugins
  • Issue this command (suggested on the NordVPN site)
$ sudo openssl x509 -inform der -in /etc/ipsec.d/cacerts/NordVPN.der -out /etc/ipsec.d/cacerts/NordVPN.pem

Source: https://support.nordvpn.com/Connectivity/Linux/1151861242/How-to-connect-to-NordVPN-with-IKEv2-IPSec-on-Linux.htm

from nordpy.

tifoji avatar tifoji commented on June 1, 2024

libcharon-standard-plugins is no longer available. I just issued $ sudo apt-get install strongswan libcharon-extra-plugins and it installed successfully. I had already followed the rest of the guide as indicated in one of the earlier messages. But it was interesting to see this error while trying to restart ipsec

Feb 17 12:35:34 raspberrypi charon: 00[CFG]   loaded EAP secret for [email protected]
Feb 17 12:35:34 raspberrypi charon: 00[CFG] loaded 0 RADIUS server configurations
Feb 17 12:35:34 raspberrypi charon: 00[CFG] HA config misses local/remote address
Feb 17 12:35:34 raspberrypi charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
Feb 17 12:35:34 raspberrypi charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Feb 17 12:35:34 raspberrypi charon: 00[JOB] spawning 16 worker threads
Feb 17 12:35:34 raspberrypi charon: 05[CFG] received stroke: add connection 'NordVPN'
**Feb 17 12:35:34 raspberrypi charon: 05[CFG] CA certificate "/etc/ipsec.d/cacerts/NordVPN.pem" not found, discarding CA constraint**
Feb 17 12:35:34 raspberrypi charon: 05[CFG] added configuration 'NordVPN'
Feb 17 12:36:11 raspberrypi systemd[1]: Started Session c5 of user pi.

The file most definitely exists

pi@raspberrypi:/etc $ sudo openssl x509 -inform der -in /etc/ipsec.d/cacerts/NordVPN.der -out /etc/ipsec.d/cacerts/NordVPN.pem
pi@raspberrypi:/etc $ cat /etc/ipsec.d/cacerts/NordVPN.pem
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
pi@raspberrypi:/etc $

So yes it is still failing but I am not sure what is going on.

from nordpy.

morpheusthewhite avatar morpheusthewhite commented on June 1, 2024

On ubuntu I am not able to replicate this error

from nordpy.

morpheusthewhite avatar morpheusthewhite commented on June 1, 2024

I am not able to reproduce this even on a Raspbian VM

from nordpy.

morpheusthewhite avatar morpheusthewhite commented on June 1, 2024

Since this error depends most likely on NordVPN and ipsec, I cannot help you.

You'll probably find someone else with the same problem, like this one

from nordpy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.