Solved: OpenVPN reconnect AUTH_FAILED

downundermate

I found a solution. It looks like a bug in OpenVPN.
You need to add:

pull-filter ignore "auth-token"

After that client reconnects smoothly.
More reading:
https://www.privateinternetaccess.com/forum/discussion/24089/inactivity-timeout-ping-restart#latest
https://www.snbforums.com/threads/how-to-setup-a-vpn-client-including-policy-rules-for-pia-and-other-vpn-providers-380-68-09-12.30851/page-24

bcruze

correct i use the same command.  also if you follow the opvn file you can get rid of these messages as well:
Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'

downundermate

@bcruze:

correct i use the same command.  also if you follow the opvn file you can get rid of these messages as well:
Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'

"Get rid of" log entries or actually solving it?
To remove warnings from log file I can use:

disable-occ

bcruze

try adding:

resolv-retry infinite
persist-key
persist-tun
cipher aes-128-cbc
auth sha128
tls-client
remote-cert-tls server
reneg-sec 0

i had to take several out as it would not allow the connection to start.  so play with it and see what works best for yours.    this is the strong encryption for PIA

client
dev tun
proto udp
remote us-newyorkcity.privateinternetaccess.com 1197
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.4096.pem
ca ca.rsa.4096.crt
disable-occ

downundermate

Yes, it's all standard except for the "disable-occ".
But my problem was with missing

pull-filter ignore "auth-token"

Motleycru

NordVPN issue solved
Yesterday (6-28-2023), my Glinet AXT1800 stopped connecting with the same "Auth Failed" issue in the log file. I found the solution to be:

1. Disable the OpenVPN at the dashboard (to gain internet access)
2. Go to NordVPN website and log in
3. Under accounts - Services - click NordVPN
4. Click - Set up NordVPN manually - at the bottom right of the page.
5. You will receive a verification code in your email that you use for NordVPN services. Type the code in the popup window the preceded the email check.
6. Copy the credentials using the “Copy” buttons on the right for your new encrypted user name and password in the OpenVPN Client settings.

You will now be able to connect again

Gertjan

@Motleycru said in Solved: OpenVPN reconnect AUTH_FAILED:

for your new encrypted user name and password

Wait ....
'They' changed the user login and password on their side, not notifing you ?
Serious ?

Motleycru

@Gertjan for the router login, they changed it and did not notify me.

eICHiZ

@Motleycru GREAT!! Many thanks for the hint, and this solved it for me as well. Not knowing that they changed the way to authenticate for OpenVPN

hadlem

@Motleycru
Thanks. This approach worked instantly for me.

Norm

@Motleycru Bravo, well done, I had no idea Nord had done this. Your steps worked perfectly for me straight away. (I had already upgraded my router firmware and vpn-openssl packages!)

venkidas

@Motleycru oh my oh my ...man ....thank you so so so much....so unbeliable....i wasted about 6 hours tying to debug this shit. i was so frustuated and wanted to wack someone from norde, GL-Inet or dd-wrt ...what a mess .... a simple code comment on some screen would have saved 1000's of hours of peoples time. some one deserves to wacked serously. but thank you so so much. i can get some sleep now