[SOLVED] VPN (NordVPN / OpenVPN) stopped working

Bug Reports
,
#1

REPRODUCIBILITY: yes
OS VERSION: 4.4.0.68 – 4.4.0.58 – 4.5.0.19 – 3.4.0.24
HARDWARE: 10 III & 10 II – 10 plus – 10 plus – JP1
UI LANGUAGE: german
REGRESSION: no

DESCRIPTION:

Since end of june all my Sailfish devices stopped working over VPN (NordVPN / OpenVPN), while the account still works on my linux Notebook.
Most VPN-cofigs steadily asking for credentials. Some just struggle connecting.
Using mobile network or wifi makes no difference.
Mobile network is setup using “IP” (not “IPv6” or “dual”).
With wifi also IP4 is supported by my ISP - I did book this seperately and I checked again today - I still have an IP4 adress as well (since VPN services tended to only support IP4 in the past).

Data connetion without VPN is still flawless (mobile data & wifi).

Restart device doesnˋt help.
Import freshly downloaded conig file (OpenVPN) doesnˋt help.
Removing all configs and start over doesnˋt help.

Seaching the forum - no hint that this is a common problem.

PRECONDITIONS:

Use VPN with NordVPN after import OpenVPN config file

STEPS TO REPRODUCE:

  1. start VPN coonection to NordVPN
    …then see actual reult

EXPECTED RESULT:

VPN connection is established
(did work for years)

ACTUAL RESULT:


2) connection fails [assumption because of 3) ]
3) already stored credentials are retrieved once more
…then again 2) and 3) and 2) and 3)…

MODIFICATIONS:

nothing special (no patchmanager)

ADDITIONAL INFORMATION:

I did not change anything before it sopped working.

Is this possibly related to outdated certificates?
(…since only my SF devices are affected)

#2

Wait a sec…

OS VERSION: 4.4.0.68 – 4.4.0.58 – 4.5.0.19 – 3.4.0.24
REGRESSION: yes

With 4 SFOS versions listed, regression from what, then?
Regression is something that works in a version and without changing anything else, doesn’t work in the next one.

1 Like
#3

I cannot say anything about commercial products like Nordvpn but OpenVPN works and has worked afair.

1 Like
#5

you are right…sorry for confusing…
I changed it to “REGRESSION: no”

#6

Thanks, this sounds promising.
I’ll try afterhour.
(I was using e-mail + pw …like all the years before)

#7

Thanks again @calinutzzz - your hint was excellent.
:+1:

2 Likes
#8

I’m using service credentials, but the connection isn’t working. I tried UDP and TCP OpenVPN, and the Android app doesn’t connect either. It works on my Linux desktop in the CLI application, though. Any tips? X10III with 4.5.0.24 here.

There’s no other connection active, but I have the Linux client logged in. Can that be it?

Edit: doesn’t work = doesn’t connect but only pulses. I have a file for username and password.

#9

I didn’t even think to look for a bug report when this happened to me, I just assumed it was just another thing that stopped working in SFOS.

Thanks for the solution. I haven’t got it to work yet, but maybe the 4th or 5th attempt at typing the several dozen characters in the VPN setup page will finally work. At least until the SFOS VPN password amnesia bug hits. That settings dialog is sadistic!

Anyway, belated thanks again for posting this info.

Any luck for you?

#10

Eureka! I used username and password in a plaintext file and got connected when I tried with a recently downloaded VPN server config. When I did the same with two older VPN configs, I got the same pulsing indicator direc85 describes. Apparently in the months I’ve been VPN-less, these two server addresses had been retired, obsoleted, euthanized, or something . . .

Still not super happy about leaving login credentials right out in the open, but I did name the file 1978_tax_return so nobody’d go snooping . . .

#11

I’m not sure I follow…
Why using a plain text file for the credentials?

When I add some openVPN config by downloaded config file, SF asks for credentials - offering to keep them …so there’s no input needed in the future.
Why is a plain text file for the credentials helpful in your case?

You managed to get it working again.
So, I assume, you already are using the ‘service credentials’ - retrieved, like @calinutzzz described (other then NordVPN account credentials with e-mail + pw).

Then this is a new problem…or simply outdated NordVPN server configs???

#12

I would like to copy-paste the username and password and paste them to the dialog, but when the dialog is active, I can’t switch to another app to select and copy the password. Hence, plaintext credentials file is needed. Or I’ll write down the server username and password somewhere fist and type them in - which is sub-optimal.

I wasn’t able to make the VPN work over mobile data - pulsing only - so perhaps WiFi works.

On my PC it works fine, and that is more important anyway in my use case.

#13

Congrats @robthebold !
I did the same few years ago as I had ProtonVPN. I put the text file to some location deep in the system and defined this strange path for ‘fetch from file’ in the VPN config. So I didn’t have the sensible access data somewhere in my home dir but hidden between some system files.

#14

ah yes, the well-established security-by-obscurity principle :wink:

1 Like
#15

Yes, the input dialog for credentials disappears when switching focus to another app…strangely and annoying.

My workaround:
I copied both phrases (user & password) at once.
After pasting in the input field I deleted the non-needed part, the same in the second field and didn’t have to type the long cryptic phrase.

2 Likes
#16

Fair enough, there’s a bunch of issues at play here. I’ll list all the ones that got me in no particular order.

1: The issue that triggered your bug report, NordVPN changed the login policy for manually configured VPN connections seemingly without communicating this. I never got any notice from them about the change, but I know they know how to contact me because I get marketing messages all the time. Not a SFOS bug in the end, although the bug report did lead to a solution, so I’m glad you filed it.

2: This issue is (probably) just me . . . I can’t seem to type the 48 random chars of uppers, lowers and letters 100% accurately and verify their accuracy in the VPN credentials dialog under ideal conditions (have my glasses, seated indoors, no distractions). This is probably not an issue for users (so far) untouched by the ravages of time.

3: (This partly addresses your “plain text file” question) The VPN credentials dialog is modal(?)* and thus a PITA, so it’s impossible to copy/pasta two strings into the two fields. I could deal with that when the NordVPN username was my email – I could remember and check the accuracy of that at least – by copying the randomish password from a password manager first, then and slamming it into the password field as soon as I opened the credentials dialog. (I think I remember seeing a bug report/feature request about improving the dialog somewhere, but can’t seem to find it now.)

4: (Another reason for the plain text file) SFOS VPN password amnesia problem. The one in this bug report: VPN credentials gone on restart 3.4 on XA2. Supposedly this is now fixed, but I’m not 100% sure it’s 100% solved.

5: NordVPN servers periodically go away. AFAIK, there is no schedule for this or notification to users ahead of time. This is not a SFOS bug either, except that login failure due to a missing server just causes the VPN to report status “Connecting” and pulse the active indicator forever, so the cause of failure isn’t readily apparent to the user. I’ve never had sufficient patience to find if this ever times out and fails.

To sum up: I’ve got it working with the new NordVPN credentials policy on freshly downloaded server configs, and I’ve purged the expired servers from my VPN settings that were causing additional, unrelated problems complicating the solution for me.

2 Likes
#17

That’s clever. Post must be at least 20 characters.

1 Like
#18

Can I ask why NordVPN is your choice? I mean, there are others and IMHO, better.
Are there any explicit benefits, or is it just the massive marketing?
Just curious…