Fedora 31 - Disconnection problems

[ShinJii89]

Hi,
While installing newest version (I had 1.3.2 earlier) I have an errors:

Required packages installed
installing certificates (needed by ipsec)
Can't open /etc/ipsec.d/cacerts/NordVPN.der for reading, No such file or directory
140600940902208:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/ipsec.d/cacerts/NordVPN.der','rb')
140600940902208:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate

[ShinJii89]

It connects to NordVPN from NordPy, but now I can't connect through NordPy-Plasmoid...

[ShinJii89]

Also not found package iproute2....

[morpheusthewhite]

Also not found package iproute2....

Try installling iproute instead

[ShinJii89]

Also not found package iproute2....

Try installling iproute instead

Installed :)

[morpheusthewhite]

Are you using IPsec to connect (or is IPsec the last protocol you used on the gui to connect)?

[ShinJii89]

[morpheusthewhite]

You are actually connected, did you start it from the plasmoid?

[morpheusthewhite]

Because with TCP/UDP I am encountering no problem

[ShinJii89]

No, I started it directly from NordPy, I can't connect through plasmoid.... it trying connect but few seconds later it's disconnected... maybe I should restart PC - I will do this in few moments.

[ShinJii89]

After restart still not working through plasmoid... there's some error logs? I can check it and send you, just give me a path to them :D

[morpheusthewhite]

You can try to run

pkexec nordpy --quick-connect

and see if it works, it is the command launched by the plasmoid

[ShinJii89]

Trying to connect to the last server type
Key not found
No settings stored, connect to a server type with the gui, then try again

[morpheusthewhite]

Well it is pretty clear, you need to store credentials and/or settings, which you do jsut by connecting with the gui.

Paste here the content of the folder

[ShinJii89]

Content of which folder? Nordpy or nordpy-plasmoid?

Nordpy:

[morpheusthewhite]

Remove the settings.ini file, connect with the gui, disconnect and then try again with the above command

[ShinJii89]

Remove the settings.ini file, connect with the gui, disconnect and then try again with the above command

Still the same... it recreated settings.ini

[morpheusthewhite]

Yes, it is ok that it is recreated

Can you past here its content?

[ShinJii89]

[DEFAULT]
server type = Standard VPN
protocol = 1
last country = Poland
last connected server = pl116.nordvpn.com

[OTHER]
factor scale = 1
nm = False

[morpheusthewhite]

This makes no sense; can you try to download again the project in another folder and install it?

Repeat then the same process: connect with the gui and then launch the command

[ShinJii89]

Still the same :D lol. Again errors from first post while installing.

[morpheusthewhite]

If you go to that new folder and run

./nordpy --quick-connect

(note the ./) is it the same?

[ShinJii89]

./nordpy.py --quick-connect - with your ./nordpy (without .py) I have bash: ./nordpy: No such file or directory

Still the same error... weird is that I can connect throught GUI :D

[morpheusthewhite]

Pull the new version, it will print more info on the terminal; please past them here after launching the same command

[ShinJii89]

Trying to connect to the last server type
Verifing saved file
File is correct
Selected a particular country: Poland
resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:11,%22country_id%22:174}
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 157, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw
  File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 84, in create_connection
    raise err
  File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 74, in create_connection
    sock.connect(sa)
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 334, in connect
    conn = self._new_conn()
  File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 164, in _new_conn
    % (self.host, self.timeout),
urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.VerifiedHTTPSConnection object at 0x7eff1edbbcd0>, 'Connection to nordvpn.com timed out. (connect timeout=10)')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='nordvpn.com', port=443): Max retries exceeded with url: /wp-admin/admin-ajax.php?action=servers_recommendations&filters=%7B%22servers_groups%22:11,%22country_id%22:174%7D (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7eff1edbbcd0>, 'Connection to nordvpn.com timed out. (connect timeout=10)'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/shinjii/nordpy/bin/vpn_util/networkSelection.py", line 54, in get_recommended_server
    response = get(get_nordvpn_url(server_type, country), timeout=REQUEST_TIMEOUT)
  File "/usr/lib/python3.7/site-packages/requests/api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 504, in send
    raise ConnectTimeout(e, request=request)
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='nordvpn.com', port=443): Max retries exceeded with url: /wp-admin/admin-ajax.php?action=servers_recommendations&filters=%7B%22servers_groups%22:11,%22country_id%22:174%7D (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7eff1edbbcd0>, 'Connection to nordvpn.com timed out. (connect timeout=10)'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./nordpy.py", line 62, in <module>
    main()
  File "./nordpy.py", line 35, in main
    quick_connect(parsed_args.wait_connection)
  File "/home/shinjii/nordpy/bin/command_line_util.py", line 32, in quick_connect
    server = get_recommended_server(server_type, country)
  File "/home/shinjii/nordpy/bin/vpn_util/networkSelection.py", line 56, in get_recommended_server
    raise RequestException
bin.vpn_util.networkSelection.RequestException

[ShinJii89]

I can say also that in GUI after start program when I click "Connect" there's an error and after 1 second it connects fine...

[ShinJii89]

With version 1.3.2 I had 0 problems since beginning :P

[morpheusthewhite]

That error is most likely related to your connection, since this was missing when you did the first test; try to execute the command when your connection works and let me know the output

[ShinJii89]

Verifing saved file
File is correct
Selected a particular country: Poland
resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:11,%22country_id%22:174}
Best server retrieved: pl111.nordvpn.com
Turning on killswitch
Default interface: wlp3s0
IP and port of the VPN server: 185.246.208.92 443
Network address on wlp3s0: 192.168.1.0/24
Launching tcp connection with 185.246.208.92:443 on wlp3s0 (on network 192.168.1.0/24)
[OPENVPN]: Sun Mar  1 21:23:47 2020 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019

[OPENVPN]: Sun Mar  1 21:23:47 2020 library versions: OpenSSL 1.1.1d FIPS  10 Sep 2019, LZO 2.08

[OPENVPN]: Sun Mar  1 21:23:47 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

[OPENVPN]: Sun Mar  1 21:23:47 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

[OPENVPN]: Sun Mar  1 21:23:47 2020 NOTE: --fast-io is disabled since we are not using UDP

[OPENVPN]: Sun Mar  1 21:23:47 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Mar  1 21:23:47 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Mar  1 21:23:47 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.246.208.92:443

[OPENVPN]: Sun Mar  1 21:23:47 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]

[OPENVPN]: Sun Mar  1 21:23:47 2020 Attempting to establish TCP connection with [AF_INET]185.246.208.92:443 [nonblock]

expired timeout for openvpn connection
Turning off killswitch
looking for iptables in /home/shinjii/nordpy/stored_iptables
Turning on killswitch
Default interface: wlp3s0
IP and port of the VPN server: 185.246.208.92 443
Network address on wlp3s0: 192.168.1.0/24
Launching tcp connection with 185.246.208.92:443 on wlp3s0 (on network 192.168.1.0/24)
[OPENVPN]: Sun Mar  1 21:23:57 2020 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019

[OPENVPN]: Sun Mar  1 21:23:57 2020 library versions: OpenSSL 1.1.1d FIPS  10 Sep 2019, LZO 2.08

[OPENVPN]: Sun Mar  1 21:23:57 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

[OPENVPN]: Sun Mar  1 21:23:57 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

[OPENVPN]: Sun Mar  1 21:23:57 2020 NOTE: --fast-io is disabled since we are not using UDP

[OPENVPN]: Sun Mar  1 21:23:57 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Mar  1 21:23:57 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Mar  1 21:23:57 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.246.208.92:443

[OPENVPN]: Sun Mar  1 21:23:57 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]

[OPENVPN]: Sun Mar  1 21:23:57 2020 Attempting to establish TCP connection with [AF_INET]185.246.208.92:443 [nonblock]

[OPENVPN]: Sun Mar  1 21:23:58 2020 TCP connection established with [AF_INET]185.246.208.92:443

[OPENVPN]: Sun Mar  1 21:23:58 2020 TCP_CLIENT link local: (not bound)

[OPENVPN]: Sun Mar  1 21:23:58 2020 TCP_CLIENT link remote: [AF_INET]185.246.208.92:443

[OPENVPN]: Sun Mar  1 21:23:58 2020 TLS: Initial packet from [AF_INET]185.246.208.92:443, sid=335c2f6a e03d8ece

[OPENVPN]: Sun Mar  1 21:23:58 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

[OPENVPN]: Sun Mar  1 21:23:59 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

[OPENVPN]: Sun Mar  1 21:23:59 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA4

[OPENVPN]: Sun Mar  1 21:23:59 2020 VERIFY KU OK

[OPENVPN]: Sun Mar  1 21:23:59 2020 Validating certificate extended key usage

[OPENVPN]: Sun Mar  1 21:23:59 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

[OPENVPN]: Sun Mar  1 21:23:59 2020 VERIFY EKU OK

[OPENVPN]: Sun Mar  1 21:23:59 2020 VERIFY OK: depth=0, CN=pl111.nordvpn.com

[OPENVPN]: Sun Mar  1 21:23:59 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

[OPENVPN]: Sun Mar  1 21:23:59 2020 [pl111.nordvpn.com] Peer Connection Initiated with [AF_INET]185.246.208.92:443

[OPENVPN]: Sun Mar  1 21:24:00 2020 SENT CONTROL [pl111.nordvpn.com]: 'PUSH_REQUEST' (status=1)

[OPENVPN]: Sun Mar  1 21:24:00 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.0.7 255.255.255.0,peer-id 0,cipher AES-256-GCM'

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: timers and/or timeouts modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: compression parms modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 Socket Buffers: R=[131072->425984] S=[87040->425984]

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: --ifconfig/up options modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: route options modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: route-related options modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: peer-id set

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: adjusting link_mtu to 1659

[OPENVPN]: Sun Mar  1 21:24:00 2020 OPTIONS IMPORT: data channel crypto options modified

[OPENVPN]: Sun Mar  1 21:24:00 2020 Data Channel: using negotiated cipher 'AES-256-GCM'

[OPENVPN]: Sun Mar  1 21:24:00 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

[OPENVPN]: Sun Mar  1 21:24:00 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

[OPENVPN]: Sun Mar  1 21:24:00 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp3s0 HWADDR=c4:d9:87:3a:d4:19

[OPENVPN]: Sun Mar  1 21:24:00 2020 TUN/TAP device tun0 opened

[OPENVPN]: Sun Mar  1 21:24:00 2020 TUN/TAP TX queue length set to 100

[OPENVPN]: Sun Mar  1 21:24:00 2020 /sbin/ip link set dev tun0 up mtu 1500

[OPENVPN]: Sun Mar  1 21:24:00 2020 /sbin/ip addr add dev tun0 10.7.0.7/24 broadcast 10.7.0.255

[OPENVPN]: Sun Mar  1 21:24:00 2020 /home/shinjii/nordpy/scripts/nordpy_up.sh tun0 1500 1587 10.7.0.7 255.255.255.0 init

[OPENVPN]: Sun Mar  1 21:24:00 2020 /sbin/ip route add 185.246.208.92/32 via 192.168.1.1

[OPENVPN]: Sun Mar  1 21:24:00 2020 /sbin/ip route add 0.0.0.0/1 via 10.7.0.1

[OPENVPN]: Sun Mar  1 21:24:00 2020 /sbin/ip route add 128.0.0.0/1 via 10.7.0.1

[OPENVPN]: Sun Mar  1 21:24:00 2020 Initialization Sequence Completed

[ShinJii89]

It's while connected to NordVPN, I can't do this without NordVPN connection I don't know why :P looks like killswitch working or something... I don't know but something is wrong with this version.

[morpheusthewhite]

I can't do this without NordVPN connection

What are you referring to?

I don't know but something is wrong with this version.

In the meantime you can use the previous version obviously

[ShinJii89]

I can't do this without NordVPN connection

What are you referring to?

That error is when I'm not connected by the NordPy, when I'm connected it's working (that command with --quick-connect) ;)

Trying to connect to the last server type
Key not found
No settings stored, connect to a server type with the gui, then try again

[ShinJii89]

I don't know what but 1.3.3 broke something in my system and even when I came back to 1.3.2 there are still the same issues.... I guess it might be something with killswitch? because I don't know why, but when I disconnect from NordPy then I have no access to internet... then while clicking connect it should take recommended server but there's no connection so it takes last one used... and all the time I have the same server since yesterday....

[morpheusthewhite]

It may be related to killswitch, but also to DNS; if possible, do this tests

1. ping 8.8.8.8 to verify connection, ping www.github.com to verify also DNS
2. Paste here the content of /etc/resolv.conf, the output of ip r and the output of iptables-save
3. Connect to VPN and do the same step again, as above
4. Disconnect and again do as above

[ShinJii89]

DISCONNECTED [it's after disconnect, so as point 4] (I can't connect to anywhere.) [no restart PC since yesterday + one hibernation]
1.

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

ping github.com
PING github.com (140.82.118.4) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

# Generated by NetworkManager
search ShinNet
nameserver 192.168.1.1

ip r
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 20600 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.23 metric 600

# Generated by iptables-save v1.8.3 on Mon Mar  2 15:54:59 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Mar  2 15:54:59 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 15:54:59 2020
*mangle
:PREROUTING ACCEPT [247:37915]
:INPUT ACCEPT [233:31627]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1716:103985]
:POSTROUTING ACCEPT [193:12609]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Mon Mar  2 15:54:59 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 15:54:59 2020
*raw
:PREROUTING ACCEPT [247:37915]
:OUTPUT ACCEPT [1716:103985]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Mon Mar  2 15:54:59 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 15:54:59 2020
*security
:INPUT ACCEPT [233:31627]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [193:12609]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Mon Mar  2 15:54:59 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 15:54:59 2020
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [1523:91376]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i wlp3s0 -j ACCEPT
-A INPUT -s 185.246.208.92/32 -i wlp3s0 -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o wlp3s0 -j ACCEPT
-A OUTPUT -d 185.246.208.92/32 -o wlp3s0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
COMMIT
# Completed on Mon Mar  2 15:54:59 2020

CONNECTED

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=52.4 ms

ping github.com
PING github.com (140.82.118.3) 56(84) bytes of data.
64 bytes from lb-140-82-118-3-ams.github.com (140.82.118.3): icmp_seq=1 ttl=54 time=39.5 ms

# Appended by NordPy
nameserver 8.8.8.8
nameserver 8.8.4.4
# Generated by NetworkManager
search ShinNet

ip r
0.0.0.0/1 via 10.7.1.1 dev tun0 
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 20600 
10.7.1.0/24 dev tun0 proto kernel scope link src 10.7.1.4 
37.120.211.123 via 192.168.1.1 dev wlp3s0 
128.0.0.0/1 via 10.7.1.1 dev tun0 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.23 metric 600

# Generated by iptables-save v1.8.3 on Mon Mar  2 16:01:12 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Mar  2 16:01:12 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 16:01:12 2020
*mangle
:PREROUTING ACCEPT [4203:1752416]
:INPUT ACCEPT [4157:1733840]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7419:903145]
:POSTROUTING ACCEPT [4029:700912]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Mon Mar  2 16:01:12 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 16:01:12 2020
*raw
:PREROUTING ACCEPT [4203:1752416]
:OUTPUT ACCEPT [7419:903145]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Mon Mar  2 16:01:12 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 16:01:12 2020
*security
:INPUT ACCEPT [4132:1727728]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4028:699869]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Mon Mar  2 16:01:12 2020
# Generated by iptables-save v1.8.3 on Mon Mar  2 16:01:12 2020
*filter
:INPUT DROP [25:6112]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [31:1860]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i wlp3s0 -j ACCEPT
-A INPUT -s 37.120.211.123/32 -i wlp3s0 -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o wlp3s0 -j ACCEPT
-A OUTPUT -d 37.120.211.123/32 -o wlp3s0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
COMMIT
# Completed on Mon Mar  2 16:01:12 2020

[ShinJii89]

Hmmm...after restart PC version 1.3.2 is working fine with plasmoid.

[morpheusthewhite]

I am yet not able to reproduce this on a Fedora 31; did you try to reboot and connect with 1.3.3?

[ShinJii89]

I did this also on 1.3.3 :) as you can see in previous posts. I guess 1.3.3 is broken because of this installation errors?2 mar 2020 21:50 morpheusthewhite <notifications@github.com> napisał(a):I am yet not able to reproduce this on a Fedora 31; did you try to reboot and connect with 1.3.3? —You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.

[morpheusthewhite]

No, the installation errors are linked with ipsec, which is not installed on Fedora

[ShinJii89]

No, the installation errors are linked with ipsec, which is not installed on Fedora

So I don't know :)

[rharmonson]

Using Fedora 31. If I can help with testing, please let me know and provide the process.

Love you work and appreciate your stellar support. @morpheusthewite.

[morpheusthewhite]

Using Fedora 31. If I can help with testing, please let me know and provide the process.

Love you work and appreciate your stellar support. @morpheusthewite.

Thank you so much!

Yes, actually it could be very good if you can provide me some information. First of all, are you using nordpy 1.3.3? Do you experience any connection problem?

[rharmonson]

@morpheusthewhite, no idea what version for I do not see a version number in the GUI or CLI. How do I get nordpy to report its version? New feature request! jk.. maybe?

Anyway, I cloned it as of now and give me a few minutes to test.

[rharmonson]

Documenting the Fedora 31 nordpy installation and testing:

SYNOPSIS:

Connected without issue using server types:

1. Standard VPN
2. P2P
3. Dedicated IP
4. Double VPN

However, these server types did not work.

1. Onion over VPN
2. Obfuscated

@morpheusthewhite What would you like me to test?

DETAILS:

Moved my old nordpy installation to old.nordpy to ensure clean install. The account used to install has sudo and I did a sudo/auth just prior to ./install.sh. Also, responded 'Y' when asked for Obfuscated support. Never used it before, so.. no idea why I decided it would be a good idea to install it. Sorry?

1. $ git clone https://github.com/morpheusthewhite/nordpy.git
2. $ ./install.sh

Results

[jdoe@fed31pc nordpy]$ ./install.sh 
Do you want to install support for obfuscated servers (it will reinstall openvpn)?[y/n] (Recommended: n)
Y
sudo: apt-get: command not found
Dependencies resolved.
================================================================================
 Package                        Arch     Version               Repository  Size
================================================================================
Removing:
 openvpn                        x86_64   2.4.8-1.fc31          @updates   1.3 M
Removing dependent packages:
 NetworkManager-openvpn-gnome   x86_64   1:1.8.10-1.fc31.1     @fedora    235 k
Removing unused dependencies:
 NetworkManager-openvpn         x86_64   1:1.8.10-1.fc31.1     @fedora    1.1 M
 pkcs11-helper                  x86_64   1.22-8.fc31           @fedora    156 k

Transaction Summary
================================================================================
Remove  4 Packages

Freed space: 2.8 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: NetworkManager-openvpn-gnome-1:1.8.10-1.fc31.1.x86_6   1/1 
  Erasing          : NetworkManager-openvpn-gnome-1:1.8.10-1.fc31.1.x86_6   1/4 
  Erasing          : NetworkManager-openvpn-1:1.8.10-1.fc31.1.x86_64        2/4 
  Running scriptlet: openvpn-2.4.8-1.fc31.x86_64                            3/4 
Invalid unit name "openvpn-client@*.service" was escaped as "openvpn-client@\x2a.service" (maybe you should use systemd-escape?)
Invalid unit name "openvpn-server@*.service" was escaped as "openvpn-server@\x2a.service" (maybe you should use systemd-escape?)

  Erasing          : openvpn-2.4.8-1.fc31.x86_64                            3/4 
  Running scriptlet: openvpn-2.4.8-1.fc31.x86_64                            3/4 
  Erasing          : pkcs11-helper-1.22-8.fc31.x86_64                       4/4 
  Running scriptlet: pkcs11-helper-1.22-8.fc31.x86_64                       4/4 
  Verifying        : NetworkManager-openvpn-1:1.8.10-1.fc31.1.x86_64        1/4 
  Verifying        : NetworkManager-openvpn-gnome-1:1.8.10-1.fc31.1.x86_6   2/4 
  Verifying        : openvpn-2.4.8-1.fc31.x86_64                            3/4 
  Verifying        : pkcs11-helper-1.22-8.fc31.x86_64                       4/4 

Removed:
  NetworkManager-openvpn-1:1.8.10-1.fc31.1.x86_64                               
  NetworkManager-openvpn-gnome-1:1.8.10-1.fc31.1.x86_64                         
  openvpn-2.4.8-1.fc31.x86_64                                                   
  pkcs11-helper-1.22-8.fc31.x86_64                                              

Complete!
sudo: apt-get: command not found
sudo: pacman: command not found
sudo: apt-get: command not found
sudo: apt-get: command not found
crypto.c: In function ‘init_key_ctx_bi’:
crypto.c:907:33: warning: passing argument 2 of ‘init_key_ctx’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  907 |     init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~
crypto.c:845:47: note: expected ‘struct key *’ but argument is of type ‘const struct key *’
  845 | init_key_ctx(struct key_ctx *ctx, struct key *key,
      |                                   ~~~~~~~~~~~~^~~
crypto.c:911:33: warning: passing argument 2 of ‘init_key_ctx’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  911 |     init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~
crypto.c:845:47: note: expected ‘struct key *’ but argument is of type ‘const struct key *’
  845 | init_key_ctx(struct key_ctx *ctx, struct key *key,
      |                                   ~~~~~~~~~~~~^~~
ssl_openssl.c: In function ‘key_state_ssl_init’:
ssl_openssl.c:1545:30: warning: passing argument 1 of ‘getbio’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 1545 |     ks_ssl->ssl_bio = getbio(BIO_f_ssl(), "ssl_bio");
      |                              ^~~~~~~~~~~
ssl_openssl.c:1393:20: note: expected ‘BIO_METHOD *’ {aka ‘struct bio_method_st *’} but argument is of type ‘const BIO_METHOD *’ {aka ‘const struct bio_method_st *’}
 1393 | getbio(BIO_METHOD *type, const char *desc)
      |        ~~~~~~~~~~~~^~~~
ssl_openssl.c:1546:28: warning: passing argument 1 of ‘getbio’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 1546 |     ks_ssl->ct_in = getbio(BIO_s_mem(), "ct_in");
      |                            ^~~~~~~~~~~
ssl_openssl.c:1393:20: note: expected ‘BIO_METHOD *’ {aka ‘struct bio_method_st *’} but argument is of type ‘const BIO_METHOD *’ {aka ‘const struct bio_method_st *’}
 1393 | getbio(BIO_METHOD *type, const char *desc)
      |        ~~~~~~~~~~~~^~~~
ssl_openssl.c:1547:29: warning: passing argument 1 of ‘getbio’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 1547 |     ks_ssl->ct_out = getbio(BIO_s_mem(), "ct_out");
      |                             ^~~~~~~~~~~
ssl_openssl.c:1393:20: note: expected ‘BIO_METHOD *’ {aka ‘struct bio_method_st *’} but argument is of type ‘const BIO_METHOD *’ {aka ‘const struct bio_method_st *’}
 1393 | getbio(BIO_METHOD *type, const char *desc)
      |        ~~~~~~~~~~~~^~~~
removing temporary files
Required packages installed
installing certificates (needed by ipsec)
/etc/ipsec.d/cacerts/NordVPN.der: No such file or directory
Can't open /etc/ipsec.d/cacerts/NordVPN.der for reading, No such file or directory
140006366349120:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/ipsec.d/cacerts/NordVPN.der','rb')
140006366349120:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate
downloading and extracting conf files from NordVPN
replace ovpn_udp/nl582.nordvpn.com.udp.ovpn? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
replace ovpn_udp/nl583.nordvpn.com.udp.ovpn? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
[jdoe@fed31pc nordpy]$ 

3. ./nordpy, provided root credentials and it immediately connected per the GUI. Which is weird since I didn't provide credentials. Cached credentials? From where? Red herring? I didn't verify the connection, instead step 4.
4. Disconnect and close nordpy

Results

[jdoe@fed31pc nordpy]$ ./nordpy.py 
Font factor: 1.1111111111111112
Retrieved stats
Retrieved stats
Connection 'us4478.nordvpn.com.tcp' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[jdoe@fed31pc nordpy]$ 

5. ./nord.py, selected Standard VPN, UDP, and connect.
6. Prompted and provided my NordVPN credentials
7. Verified general connectivity then closed nordpy

Results

[jdoe@fed31pc nordpy]$ ./nordpy.py 
Font factor: 1.1111111111111112
captured grep
Retrieved stats
Retrieved stats
Saved 1
Updating advanced setting file
resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:11}
Best server retrieved: us4066.nordvpn.com
Checking if exists /home/jdoe/nordpy/ovpn_udp/us4066.nordvpn.com.udp.ovpn
Updating setting file
Storing credentials in '/home/jdoe/nordpy/credentials' with openvpn compatible 'auth-user-pass' file format

Awesome, the credentials have been saved in '/home/jdoe/nordpy/credentials'

Turning on killswitch
Default interface: eth0
IP and port of the VPN server: 198.201.81.227 1194
Network address on eth0: 192.168.0.0/24
Launching udp connection with 198.201.81.227:1194 on eth0 (on network 192.168.0.0/24)
[OPENVPN]: Sun Apr 12 08:50:48 2020 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 12 2020

[OPENVPN]: Sun Apr 12 08:50:48 2020 library versions: OpenSSL 1.1.1d FIPS  10 Sep 2019, LZO 2.08

[OPENVPN]: Sun Apr 12 08:50:48 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

[OPENVPN]: Sun Apr 12 08:50:48 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

[OPENVPN]: Sun Apr 12 08:50:48 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Apr 12 08:50:48 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Apr 12 08:50:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]198.201.81.227:1194

[OPENVPN]: Sun Apr 12 08:50:48 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]

[OPENVPN]: Sun Apr 12 08:50:48 2020 UDP link local: (not bound)

[OPENVPN]: Sun Apr 12 08:50:48 2020 UDP link remote: [AF_INET]198.201.81.227:1194

[OPENVPN]: Sun Apr 12 08:50:48 2020 TLS: Initial packet from [AF_INET]198.201.81.227:1194, sid=ad02127c 734dd896

[OPENVPN]: Sun Apr 12 08:50:48 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

[OPENVPN]: Sun Apr 12 08:50:48 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

[OPENVPN]: Sun Apr 12 08:50:48 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA4

[OPENVPN]: Sun Apr 12 08:50:48 2020 VERIFY KU OK

[OPENVPN]: Sun Apr 12 08:50:48 2020 Validating certificate extended key usage

[OPENVPN]: Sun Apr 12 08:50:48 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

[OPENVPN]: Sun Apr 12 08:50:48 2020 VERIFY EKU OK

[OPENVPN]: Sun Apr 12 08:50:48 2020 VERIFY OK: depth=0, CN=us4066.nordvpn.com

[OPENVPN]: Sun Apr 12 08:50:48 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

[OPENVPN]: Sun Apr 12 08:50:48 2020 [us4066.nordvpn.com] Peer Connection Initiated with [AF_INET]198.201.81.227:1194

[OPENVPN]: Sun Apr 12 08:50:49 2020 SENT CONTROL [us4066.nordvpn.com]: 'PUSH_REQUEST' (status=1)

[OPENVPN]: Sun Apr 12 08:50:49 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.200.96.100,dhcp-option DNS 172.200.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.200.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.200.2.39 255.255.255.0,peer-id 18,cipher AES-256-GCM'

[OPENVPN]: Sun Apr 12 08:50:49 2020 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:6 is ignored by previous <connection> blocks 

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: timers and/or timeouts modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: explicit notify parm(s) modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: compression parms modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: --ifconfig/up options modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: route options modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: route-related options modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: peer-id set

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: adjusting link_mtu to 1657

[OPENVPN]: Sun Apr 12 08:50:49 2020 OPTIONS IMPORT: data channel crypto options modified

[OPENVPN]: Sun Apr 12 08:50:49 2020 Data Channel: using negotiated cipher 'AES-256-GCM'

[OPENVPN]: Sun Apr 12 08:50:49 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

[OPENVPN]: Sun Apr 12 08:50:49 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

[OPENVPN]: Sun Apr 12 08:50:49 2020 ROUTE_GATEWAY 192.168.0.254/255.255.255.0 IFACE=eth0 HWADDR=94:de:80:b6:51:e1

[OPENVPN]: Sun Apr 12 08:50:49 2020 TUN/TAP device tun0 opened

[OPENVPN]: Sun Apr 12 08:50:49 2020 TUN/TAP TX queue length set to 100

[OPENVPN]: Sun Apr 12 08:50:49 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

[OPENVPN]: Sun Apr 12 08:50:49 2020 /usr/sbin/ifconfig tun0 10.200.2.39 netmask 255.255.255.0 mtu 1500 broadcast 10.200.2.255

[OPENVPN]: Sun Apr 12 08:50:49 2020 /home/jdoe/nordpy/scripts/nordpy_up.sh tun0 1500 1585 10.200.2.39 255.255.255.0 init

[OPENVPN]: Sun Apr 12 08:50:49 2020 /usr/sbin/route add -net 198.201.81.227 netmask 255.255.255.255 gw 192.168.0.254

[OPENVPN]: Sun Apr 12 08:50:49 2020 /usr/sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.200.2.1

[OPENVPN]: Sun Apr 12 08:50:49 2020 /usr/sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.200.2.1

[OPENVPN]: Sun Apr 12 08:50:49 2020 Initialization Sequence Completed

Turning off killswitch
looking for iptables in /home/jdoe/nordpy/stored_iptables
[jdoe@fed31pc nordpy]$ 

I tried each server type with success except

1. Onion over VPN which resulted with "Sorry, server not found! Pelase try a different server" from the GUI

CLI Onion over VPN results

[jdoe@fed31pc nordpy]$ ./nordpy.py 
Read a factor scale of 1.0 and False
Font factor: 1.1111111111111112
captured grep
Verifing saved file
File is correct
Retrieved stats
Retrieved stats
resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:3}

2. Obfuscated with the GUI showing "Connecting"

CLI Obfuscated results

[jdoe@fed31pc nordpy]$ ./nordpy.py 
Read a factor scale of 1.0 and False
Font factor: 1.1111111111111112
captured grep
Verifing saved file
File is correct
Retrieved stats
Retrieved stats
Retrieved stats
Obfuscated server selected: sg308.nordvpn.com
Checking if exists /home/jdoe/nordpy/ovpn_udp/sg308.nordvpn.com.udp.ovpn
Updating setting file
Exception in Tkinter callback
Traceback (most recent call last):
  File "/usr/lib64/python3.7/tkinter/__init__.py", line 1705, in __call__
    return self.func(*args)
  File "/home/jdoe/nordpy/bin/gui.py", line 137, in connect
    self.automatic_connection()
  File "/home/jdoe/nordpy/bin/gui.py", line 190, in automatic_connection
    self.connect_to_VPN(recommended_server, protocol_selected)
  File "/home/jdoe/nordpy/bin/gui.py", line 210, in connect_to_VPN
    connected_to = startVPN(server, protocol, self.nm_use)
  File "/home/jdoe/nordpy/bin/vpn_util/vpn.py", line 32, in startVPN
    start_openvpn(server, protocol)
  File "/home/jdoe/nordpy/bin/vpn_util/openvpn.py", line 43, in start_openvpn
    killswitch_up(server, protocol)
  File "/home/jdoe/nordpy/bin/vpn_util/killswitch.py", line 102, in killswitch_up
    (ip, port) = read_remote_ip_port(get_path_to_conf(server_name, protocol))
ValueError: too many values to unpack (expected 2)

IP addresses may have been altered to protect the innocent.

Basic funtionality is working. I'v never used Onion over VPN nor Obfuscated, so those may have never worked for me.

@morpheusthewhite What would you like me to test?

I suspect you are going to want me to install NordPy-Plasmoid, but before preceeding, wanted to establish a baseline.

[morpheusthewhite]

However, these server types did not work.

1. Onion over VPN
2. Obfuscated

Yes, the first one often fails due to the NordVPN site being unable to recommend a proper server; the second one is caused by a parsing error for some .ovpn (I just provided the needed fix).

Regarding the credentials, you may have been in the old directory while launching the first command (since it later asked you the credentials): there are no such mechanism as caching nor I was able to repeat this situation in a quick test.

Given this, thank you so much for this test; we now know this problem in not exactly related to Fedora, that's a big point.

Just for keeping this last information, can you do this tests:

1. ping 8.8.8.8 to verify connection, ping www.github.com to verify also DNS
2. Paste here the content of /etc/resolv.conf, the output of ip r and the output of iptables-save
3. Connect to VPN and do the same step again, as above
4. Disconnect and again do as above

Thanks again

[rharmonson]

Testing

After completing a reboot of Fedora 31 box, I deleted nordpy and git clone for a fresh copy without the Obfuscate feature.

Before establishing a VPN connection

ping 8.8.8.8 to verify connection.

$ ping -i 4 -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=26.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=18.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=19.9 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 8008ms
rtt min/avg/max/mdev = 18.928/21.615/26.042/3.154 ms

ping www.github.com to verify dns

$ ping -i 4 -c 4 www.github.com
PING github.com (192.30.255.112) 56(84) bytes of data.
64 bytes from lb-192-30-255-112-sea.github.com (192.30.255.112): icmp_seq=1 ttl=54 time=29.0 ms
64 bytes from lb-192-30-255-112-sea.github.com (192.30.255.112): icmp_seq=2 ttl=54 time=28.7 ms
64 bytes from lb-192-30-255-112-sea.github.com (192.30.255.112): icmp_seq=3 ttl=54 time=28.4 ms
64 bytes from lb-192-30-255-112-sea.github.com (192.30.255.112): icmp_seq=4 ttl=54 time=27.4 ms

--- github.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 12014ms
rtt min/avg/max/mdev = 27.392/28.373/28.984/0.604 ms

/etc/resolv.conf

$ cat /etc/resolv.conf
# Generated by NetworkManager
search intranet.mydomain.com winauth.mydomain.com mydomain.com
nameserver 192.168.3.31
nameserver 192.168.3.32

ip r

$ ip r
default via 192.168.1.254 dev eth0 proto dhcp metric 100 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.203 metric 100 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

iptables-save

# Generated by iptables-save v1.8.3 on Sun Apr 12 13:50:34 2020
*nat
:PREROUTING ACCEPT [103:34672]
:INPUT ACCEPT [8:756]
:OUTPUT ACCEPT [137:9739]
:POSTROUTING ACCEPT [137:9739]
:LIBVIRT_PRT - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_direct - [0:0]
:POST_libvirt - [0:0]
:POST_libvirt_allow - [0:0]
:POST_libvirt_deny - [0:0]
:POST_libvirt_log - [0:0]
:POST_libvirt_post - [0:0]
:POST_libvirt_pre - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:POST_public_post - [0:0]
:POST_public_pre - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING_ZONES -o eth0 -g POST_public
-A POSTROUTING_ZONES -o virbr0 -g POST_libvirt
-A POSTROUTING_ZONES -g POST_public
-A POST_libvirt -j POST_libvirt_pre
-A POST_libvirt -j POST_libvirt_log
-A POST_libvirt -j POST_libvirt_deny
-A POST_libvirt -j POST_libvirt_allow
-A POST_libvirt -j POST_libvirt_post
-A POST_public -j POST_public_pre
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A POST_public -j POST_public_post
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:50:34 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:50:34 2020
*mangle
:PREROUTING ACCEPT [3605:28617210]
:INPUT ACCEPT [3603:28616432]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3166:341214]
:POSTROUTING ACCEPT [3190:343853]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:LIBVIRT_PRT - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -j POSTROUTING_direct
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:50:34 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:50:34 2020
*raw
:PREROUTING ACCEPT [3605:28617210]
:OUTPUT ACCEPT [3166:341214]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_libvirt_allow -p udp -m udp --dport 69 -j CT --helper tftp
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:50:34 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:50:34 2020
*security
:INPUT ACCEPT [3521:28584324]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3193:343560]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Sun Apr 12 13:50:34 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:50:34 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3152:340246]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_direct - [0:0]
:FWDI_libvirt - [0:0]
:FWDI_libvirt_allow - [0:0]
:FWDI_libvirt_deny - [0:0]
:FWDI_libvirt_log - [0:0]
:FWDI_libvirt_post - [0:0]
:FWDI_libvirt_pre - [0:0]
:FWDI_public - [0:0]
:FWDI_public_allow - [0:0]
:FWDI_public_deny - [0:0]
:FWDI_public_log - [0:0]
:FWDI_public_post - [0:0]
:FWDI_public_pre - [0:0]
:FWDO_libvirt - [0:0]
:FWDO_libvirt_allow - [0:0]
:FWDO_libvirt_deny - [0:0]
:FWDO_libvirt_log - [0:0]
:FWDO_libvirt_post - [0:0]
:FWDO_libvirt_pre - [0:0]
:FWDO_public - [0:0]
:FWDO_public_allow - [0:0]
:FWDO_public_deny - [0:0]
:FWDO_public_log - [0:0]
:FWDO_public_post - [0:0]
:FWDO_public_pre - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_direct - [0:0]
:IN_libvirt - [0:0]
:IN_libvirt_allow - [0:0]
:IN_libvirt_deny - [0:0]
:IN_libvirt_log - [0:0]
:IN_libvirt_post - [0:0]
:IN_libvirt_pre - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:IN_public_post - [0:0]
:IN_public_pre - [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j LIBVIRT_INP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j LIBVIRT_OUT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eth0 -g FWDI_public
-A FORWARD_IN_ZONES -i virbr0 -g FWDI_libvirt
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
-A FORWARD_OUT_ZONES -o virbr0 -g FWDO_libvirt
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_libvirt -j FWDI_libvirt_pre
-A FWDI_libvirt -j FWDI_libvirt_log
-A FWDI_libvirt -j FWDI_libvirt_deny
-A FWDI_libvirt -j FWDI_libvirt_allow
-A FWDI_libvirt -j FWDI_libvirt_post
-A FWDI_libvirt -j ACCEPT
-A FWDI_public -j FWDI_public_pre
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -j FWDI_public_post
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_libvirt -j FWDO_libvirt_pre
-A FWDO_libvirt -j FWDO_libvirt_log
-A FWDO_libvirt -j FWDO_libvirt_deny
-A FWDO_libvirt -j FWDO_libvirt_allow
-A FWDO_libvirt -j FWDO_libvirt_post
-A FWDO_libvirt -j ACCEPT
-A FWDO_public -j FWDO_public_pre
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A FWDO_public -j FWDO_public_post
-A INPUT_ZONES -i eth0 -g IN_public
-A INPUT_ZONES -i virbr0 -g IN_libvirt
-A INPUT_ZONES -g IN_public
-A IN_libvirt -j IN_libvirt_pre
-A IN_libvirt -j IN_libvirt_log
-A IN_libvirt -j IN_libvirt_deny
-A IN_libvirt -j IN_libvirt_allow
-A IN_libvirt -j IN_libvirt_post
-A IN_libvirt -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 67 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 547 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 69 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p icmp -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p ipv6-icmp -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_post -j REJECT --reject-with icmp-port-unreachable
-A IN_public -j IN_public_pre
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -j IN_public_post
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Sun Apr 12 13:50:34 2020

After establishing VPN connection

For nordpy test, I used Standard server type, TCP, and server ca398. Use of NetworkManager is not enabled in advanced settings.

ping 8.8.8.8 to verify connection.

ping -i 4 -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=43.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=36.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=38.8 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 8010ms
rtt min/avg/max/mdev = 36.741/39.721/43.611/2.877 ms

ping www.github.com to verify dns

ping -i 4 -c 4 www.github.com
PING github.com (140.82.112.4) 56(84) bytes of data.
64 bytes from lb-140-82-112-4-iad.github.com (140.82.112.4): icmp_seq=1 ttl=55 time=107 ms
64 bytes from lb-140-82-112-4-iad.github.com (140.82.112.4): icmp_seq=2 ttl=55 time=101 ms
64 bytes from lb-140-82-112-4-iad.github.com (140.82.112.4): icmp_seq=3 ttl=55 time=101 ms
64 bytes from lb-140-82-112-4-iad.github.com (140.82.112.4): icmp_seq=4 ttl=55 time=101 ms

--- github.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 12011ms
rtt min/avg/max/mdev = 100.999/102.720/107.351/2.676 ms

/etc/resolv.conf

# Appended by NordPy
nameserver 103.86.96.100
nameserver 103.86.99.100
# Generated by NetworkManager
search intranet.mydomain.com winauth.mydomain.com mydomain.com

ip r

0.0.0.0/1 via 10.7.7.1 dev tun0 
default via 192.168.1.254 dev eth0 proto dhcp metric 100 
10.7.7.0/24 dev tun0 proto kernel scope link src 10.7.7.8 
128.0.0.0/1 via 10.7.7.1 dev tun0 
172.83.40.198 via 192.168.1.254 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.203 metric 100 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 

iptables-save

# Generated by iptables-save v1.8.3 on Sun Apr 12 13:55:31 2020
*nat
:PREROUTING ACCEPT [21:9537]
:INPUT ACCEPT [6:897]
:OUTPUT ACCEPT [66:5041]
:POSTROUTING ACCEPT [50:3661]
COMMIT
# Completed on Sun Apr 12 13:55:31 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:55:31 2020
*mangle
:PREROUTING ACCEPT [4112:28756381]
:INPUT ACCEPT [4110:28755603]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3702:395177]
:POSTROUTING ACCEPT [3698:395908]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:LIBVIRT_PRT - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -j POSTROUTING_direct
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:55:31 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:55:31 2020
*raw
:PREROUTING ACCEPT [4112:28756381]
:OUTPUT ACCEPT [3702:395177]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_libvirt_allow -p udp -m udp --dport 69 -j CT --helper tftp
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:55:31 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:55:31 2020
*security
:INPUT ACCEPT [3956:28702359]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3695:395207]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Sun Apr 12 13:55:31 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:55:31 2020
*filter
:INPUT DROP [36:10566]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [34:2316]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT
-A INPUT -s 172.83.40.198/32 -i eth0 -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 172.83.40.198/32 -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
COMMIT
# Completed on Sun Apr 12 13:55:31 2020

After disconnecting VPN session

ping 8.8.8.8 to verify connection.

ping -i 4 -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=20.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=20.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=19.9 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 8009ms
rtt min/avg/max/mdev = 19.920/20.077/20.329/0.179 ms

ping www.github.com to verify dns

ping -i 4 -c 4 www.github.com
PING github.com (140.82.112.3) 56(84) bytes of data.
64 bytes from lb-140-82-112-3-iad.github.com (140.82.112.3): icmp_seq=1 ttl=51 time=84.0 ms
64 bytes from lb-140-82-112-3-iad.github.com (140.82.112.3): icmp_seq=2 ttl=51 time=82.8 ms
64 bytes from lb-140-82-112-3-iad.github.com (140.82.112.3): icmp_seq=3 ttl=51 time=82.2 ms
64 bytes from lb-140-82-112-3-iad.github.com (140.82.112.3): icmp_seq=4 ttl=51 time=81.7 ms

--- github.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 12013ms
rtt min/avg/max/mdev = 81.736/82.662/84.001/0.853 ms

/etc/resolv.conf

# Generated by NetworkManager
search intranet.mydomain.com winauth.mydomain.com mydomain.com
nameserver 192.168.3.31
nameserver 192.168.3.32

ip r

default via 192.168.1.254 dev eth0 proto dhcp metric 100 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.203 metric 100 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 

iptables-save

# Generated by iptables-save v1.8.3 on Sun Apr 12 13:59:24 2020
*nat
:PREROUTING ACCEPT [41:14080]
:INPUT ACCEPT [1:64]
:OUTPUT ACCEPT [75:5752]
:POSTROUTING ACCEPT [75:5752]
:LIBVIRT_PRT - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_direct - [0:0]
:POST_libvirt - [0:0]
:POST_libvirt_allow - [0:0]
:POST_libvirt_deny - [0:0]
:POST_libvirt_log - [0:0]
:POST_libvirt_post - [0:0]
:POST_libvirt_pre - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:POST_public_post - [0:0]
:POST_public_pre - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING_ZONES -o eth0 -g POST_public
-A POSTROUTING_ZONES -o virbr0 -g POST_libvirt
-A POSTROUTING_ZONES -g POST_public
-A POST_libvirt -j POST_libvirt_pre
-A POST_libvirt -j POST_libvirt_log
-A POST_libvirt -j POST_libvirt_deny
-A POST_libvirt -j POST_libvirt_allow
-A POST_libvirt -j POST_libvirt_post
-A POST_public -j POST_public_pre
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A POST_public -j POST_public_post
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:59:24 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:59:24 2020
*mangle
:PREROUTING ACCEPT [167:28257]
:INPUT ACCEPT [167:28257]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [126:10937]
:POSTROUTING ACCEPT [132:11345]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:LIBVIRT_PRT - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -j POSTROUTING_direct
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:59:24 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:59:24 2020
*raw
:PREROUTING ACCEPT [167:28257]
:OUTPUT ACCEPT [126:10937]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_libvirt - [0:0]
:PRE_libvirt_allow - [0:0]
:PRE_libvirt_deny - [0:0]
:PRE_libvirt_log - [0:0]
:PRE_libvirt_post - [0:0]
:PRE_libvirt_pre - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
:PRE_public_post - [0:0]
:PRE_public_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -i virbr0 -g PRE_libvirt
-A PREROUTING_ZONES -g PRE_public
-A PRE_libvirt -j PRE_libvirt_pre
-A PRE_libvirt -j PRE_libvirt_log
-A PRE_libvirt -j PRE_libvirt_deny
-A PRE_libvirt -j PRE_libvirt_allow
-A PRE_libvirt -j PRE_libvirt_post
-A PRE_libvirt_allow -p udp -m udp --dport 69 -j CT --helper tftp
-A PRE_public -j PRE_public_pre
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
-A PRE_public -j PRE_public_post
COMMIT
# Completed on Sun Apr 12 13:59:24 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:59:24 2020
*security
:INPUT ACCEPT [127:14241]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [126:10937]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Sun Apr 12 13:59:24 2020
# Generated by iptables-save v1.8.3 on Sun Apr 12 13:59:24 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [120:10517]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_direct - [0:0]
:FWDI_libvirt - [0:0]
:FWDI_libvirt_allow - [0:0]
:FWDI_libvirt_deny - [0:0]
:FWDI_libvirt_log - [0:0]
:FWDI_libvirt_post - [0:0]
:FWDI_libvirt_pre - [0:0]
:FWDI_public - [0:0]
:FWDI_public_allow - [0:0]
:FWDI_public_deny - [0:0]
:FWDI_public_log - [0:0]
:FWDI_public_post - [0:0]
:FWDI_public_pre - [0:0]
:FWDO_libvirt - [0:0]
:FWDO_libvirt_allow - [0:0]
:FWDO_libvirt_deny - [0:0]
:FWDO_libvirt_log - [0:0]
:FWDO_libvirt_post - [0:0]
:FWDO_libvirt_pre - [0:0]
:FWDO_public - [0:0]
:FWDO_public_allow - [0:0]
:FWDO_public_deny - [0:0]
:FWDO_public_log - [0:0]
:FWDO_public_post - [0:0]
:FWDO_public_pre - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_direct - [0:0]
:IN_libvirt - [0:0]
:IN_libvirt_allow - [0:0]
:IN_libvirt_deny - [0:0]
:IN_libvirt_log - [0:0]
:IN_libvirt_post - [0:0]
:IN_libvirt_pre - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:IN_public_post - [0:0]
:IN_public_pre - [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j LIBVIRT_INP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j LIBVIRT_OUT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eth0 -g FWDI_public
-A FORWARD_IN_ZONES -i virbr0 -g FWDI_libvirt
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
-A FORWARD_OUT_ZONES -o virbr0 -g FWDO_libvirt
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_libvirt -j FWDI_libvirt_pre
-A FWDI_libvirt -j FWDI_libvirt_log
-A FWDI_libvirt -j FWDI_libvirt_deny
-A FWDI_libvirt -j FWDI_libvirt_allow
-A FWDI_libvirt -j FWDI_libvirt_post
-A FWDI_libvirt -j ACCEPT
-A FWDI_public -j FWDI_public_pre
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -j FWDI_public_post
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_libvirt -j FWDO_libvirt_pre
-A FWDO_libvirt -j FWDO_libvirt_log
-A FWDO_libvirt -j FWDO_libvirt_deny
-A FWDO_libvirt -j FWDO_libvirt_allow
-A FWDO_libvirt -j FWDO_libvirt_post
-A FWDO_libvirt -j ACCEPT
-A FWDO_public -j FWDO_public_pre
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A FWDO_public -j FWDO_public_post
-A INPUT_ZONES -i eth0 -g IN_public
-A INPUT_ZONES -i virbr0 -g IN_libvirt
-A INPUT_ZONES -g IN_public
-A IN_libvirt -j IN_libvirt_pre
-A IN_libvirt -j IN_libvirt_log
-A IN_libvirt -j IN_libvirt_deny
-A IN_libvirt -j IN_libvirt_allow
-A IN_libvirt -j IN_libvirt_post
-A IN_libvirt -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 67 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 547 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p udp -m udp --dport 69 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p icmp -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_allow -p ipv6-icmp -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_libvirt_post -j REJECT --reject-with icmp-port-unreachable
-A IN_public -j IN_public_pre
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -j IN_public_post
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Sun Apr 12 13:59:24 2020

Contributing

@morpheusthewhite been meaning to reach out to you for some time to offer myself for testing. I want to contribute! Let me know how I can best help.

[morpheusthewhite]

@rharmonson thank you so much, you did a great work

[rharmonson]

My pleasure.

Reach out to me if you need further testing for Fedora 31 and CentOS 7. I am, also, using PopOS on my laptop--love it, but not setup a virtual template for it. Eventually, I will make a virtual template for it and CentOS 8.

I use nordpy daily and love it.

[morpheusthewhite]

@ShinJii89 can you try to update to Fedora 32 and verify again if the problem is still present?

[ShinJii89]

@ShinJii89 can you try to update to Fedora 32 and verify again if the problem is still present?

Hi, I don't know if I want to have the same problems (or not:D)
Version 1.3.2 is still working fine :P

[morpheusthewhite]

I'll close this since it seems to be related to some very specific environment variables which at the moment I am not able to reproduce (thanks also to @rharmonson)