Nordvpn-bin breaks every 4 hours

I would appreciate some assistance in troubleshooting an issue I’m having where nordvpn (nordvpn-bin package from aur) will occasionally at seemingly random (maybe once every two or three hours (edit: 3-4, usually 4 hour 20 minutes)) just ‘break’ and in doing so it also breaks my internet connection.

My fix for this currently is to run systemctl restart nordvpnd.service which usually solves the issue (though there was one time where it didn’t and I had to restart to solve it yesterday, but over several days that has only happened once). The process of restarting the vpn service however takes at least a full minute, probably even two so this is quite the inconvenience.

I used journalctl to see if I could get any related error messages but I couldn’t find anything and I’m a bit lost on how to troubleshoot it further.

Update: Managed to create a better workaround

1 Like

NordVPN is a paid service - you will get better result contacting their line of support

https://support.nordvpn.com/

EDIT

Did you add yourself to the nordvpn group?

sudo gpasswd -a $USER nordvpn
3 Likes

What does ‘break’ mean? The VPN connection drops? The application crashes with a fault? Was the nordvpnd service still active before you restarted it to make sure that the service hadn’t stopped?

I don’t know about Nord specifically, but if you have a ‘killswitch’ enabled, it is normal for all internet to be disconnected when the VPN connection drops.

This is a good point. I remember in the past I had problems with the vpn on arch and contacted support but their support eventually said arch wasn’t supported (when they couldn’t figure out how to help me lol)

Seems like this is no longer the case since their site no longer explicitly states it supports only a selection of distros, recommends using nordvpn on " Install the .rpm package and enjoy your favorite Linux distribution" they say now.

Am in the group tho.

@tharangalion I don’t really know what it means. The application does not crash with a fault, I can try to connect even, but it’ll just keep on trying for a long time and eventually say it couldn’t connect to my nordvpn account. Which is the closest thing to an error message I’ve actually gotten.

In other words what seems to be happening is: nordvpn loses connection with it’s login servers for an unknown reason, stops working because of it, and due to the way it’s set up (as intended really) I cannot use the internet when nordvpn is not working, only solution I have found is to restart nordvpnd.service.

I tried last night after posting this to follow some of the steps in here: sysctl - ArchWiki

This is what i did.

#TCP Tweaking
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_slow_start_after_idle = 0

#Use BBR
net.core.default_qdisc = cake
net.ipv4.tcp_congestion_control = bbr

#Disable ICMP Redirects (Security)
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

#Ignore Pings
net.ipv4.icmp_echo_ignore_all = 1
net.ipv6.icmp.echo_ignore_all = 1

It’s too early for the verdict to be out on if it helps or not (idk my internet feels a bit more responsive but it could just be placebo) either way it has not happened for 8 hours, however I was sleeping for those hours and the issue has a tendency to only happen when I’m actually using the computer, so the verdicts not out yet on if it helped or not.

I had similar issues with nord in the best, toggling my WiFi on and off made nord reconnect again until the next time it disconnected itself. I’ve a feeling it was connected to my WiFi switching between 2.4 and 5 but could be wrong.

Yep - that is per-design for a killswitch.

I have done no extensive testing using wireless - mostly using wired connection - and I have no issues with the connection dropping.

I have script in my task bar telling me my wan ip status - if I on on VPN or not.

The script has been coded with proton in mind - the icons is probably from ttf-font-awesome

#!/bin/bash
# root.nix.dk
#

broken=""
state1=""
state2=""
state3=""
connected=""
shield=""
wan=""
vpn=""

network=$(ip a | grep ' state UP' | cut -d' ' -f2 | cut -d':' -f1)
if [[ -z ${network} ]]; then
    echo ${wan} ${broken} ${state1}; sleep 0.5
    echo ${wan} ${broken} ${state2}; sleep 0.5
    echo ${wan} ${broken} ${state3}; sleep 0.5
else
    device=$(ip a | grep 'tun')
    if [[ -z $device ]]; then
        device=$(ip a | grep 'proton')
    fi

    if [[ ${device} == "" ]]; then
        echo ${wan} $(curl -s https://get.geojs.io/v1/ip)
    else
        echo ${shield} $(curl -s https://get.geojs.io/v1/ip)
    fi
fi
2 Likes

It happened again, at the time I ran this

$ nordvpn status
Status: Connected
Current server: nl831.nordvpn.com
Country: Netherlands
City: Amsterdam
Server IP: 178.239.173.187
Current technology: NordLynx
Current protocol: UDP
Transfer: 2.12 GiB received, 64.35 MiB sent
Uptime: 12 hours 14 minutes 18 seconds

Nordvpn seemed to think it was still connected even if I had no connection, I tried to connect it again…

nordvpn connect denmark

And it would just… Well it would do that little loading thing it does but for 2 minutes nothing happened, and I just restarted the nordvpnd service.

I did manage to get some errors out of journalctl this time tho

sep 02 02:18:45 coomerbox3000 nordvpnd[1589]: 2021/09/02 02:18:45 [Error] refresh ipv6
sep 02 02:18:46 coomerbox3000 nordvpnd[1589]: 2021/09/02 02:18:46 [Error] refresh ipv6
sep 02 02:18:46 coomerbox3000 NetworkManager[543]: <info>  [1630549126.7137] manager: (nordvpn-wg): new WireGuard device (/org/freedesktop/NetworkManager/Devices/9)
sep 02 02:18:47 coomerbox3000 nordvpnd[1589]: 2021/09/02 02:18:47 [nordlynx] ip link set mtu 1420 up dev nordlynx
sep 02 02:19:18 coomerbox3000 nordvpnd[1589]: 2021/09/02 02:19:18 [Error] refresh ipv6
sep 02 02:19:19 coomerbox3000 nordvpnd[1589]: 2021/09/02 02:19:19 [Error] refresh ipv6
sep 02 02:19:20 coomerbox3000 NetworkManager[543]: <info>  [1630549160.0728] manager: (nordvpn-wg): new WireGuard device (/org/freedesktop/NetworkManager/Devices/11)
sep 02 02:19:20 coomerbox3000 nordvpnd[1589]: 2021/09/02 02:19:20 [nordlynx] ip link set mtu 1420 up dev nordlynx
sep 02 03:38:37 coomerbox3000 nordvpnd[1589]: 2021/09/02 03:38:37 [Error] refresh ipv6
sep 02 03:38:38 coomerbox3000 nordvpnd[1589]: 2021/09/02 03:38:38 [Error] refresh ipv6
sep 02 03:38:38 coomerbox3000 NetworkManager[543]: <info>  [1630553918.9063] manager: (nordvpn-wg): new WireGuard device (/org/freedesktop/NetworkManager/Devices/13)
sep 02 03:38:39 coomerbox3000 nordvpnd[1589]: 2021/09/02 03:38:39 [nordlynx] ip link set mtu 1420 up dev nordlynx
sep 02 07:16:43 coomerbox3000 nordvpnd[1589]: 2021/09/02 07:16:43 [Error] refresh ipv6
sep 02 07:16:45 coomerbox3000 nordvpnd[1589]: 2021/09/02 07:16:45 [Error] refresh ipv6
sep 02 07:16:45 coomerbox3000 NetworkManager[543]: <info>  [1630567005.9448] manager: (nordvpn-wg): new WireGuard device (/org/freedesktop/NetworkManager/Devices/15)
sep 02 07:16:46 coomerbox3000 nordvpnd[1589]: 2021/09/02 07:16:46 [nordlynx] ip link set mtu 1420 up dev nordlynx
sep 02 09:11:17 coomerbox3000 nordvpnd[1589]: 2021/09/02 09:11:17 [Error] refresh ipv6
sep 02 09:11:19 coomerbox3000 nordvpnd[1589]: 2021/09/02 09:11:19 [Error] refresh ipv6
sep 02 09:11:19 coomerbox3000 NetworkManager[543]: <info>  [1630573879.3581] manager: (nordvpn-wg): new WireGuard device (/org/freedesktop/NetworkManager/Devices/17)
sep 02 09:11:19 coomerbox3000 nordvpnd[1589]: 2021/09/02 09:11:19 [nordlynx] ip link set mtu 1420 up dev nordlynx
sep 02 09:11:50 coomerbox3000 nordvpnd[1589]: 2021/09/02 09:11:50 [Error] refresh ipv6
sep 02 09:11:51 coomerbox3000 nordvpnd[1589]: 2021/09/02 09:11:51 [Error] refresh ipv6
sep 02 09:11:51 coomerbox3000 NetworkManager[543]: <info>  [1630573911.6045] manager: (nordvpn-wg): new WireGuard device (/org/freedesktop/NetworkManager/Devices/19)
sep 02 09:11:51 coomerbox3000 nordvpnd[1589]: 2021/09/02 09:11:51 [nordlynx] ip link set mtu 1420 up dev nordlynx

Most of these seemed to have come up though when I was sleeping except that last batch at 09:11 where I was actually using the machine without issue.

This error is probably completely unrelated.

I have killswitch disabled.

As for disconnecting and reconnecting the wifi, I used to have that problem too and that was actually the first thing I tried when I first encountered this issue but it did not help.

I did however manage to make things a little bearable by reducing the systemd timeout to like 5 seconds so restarting nordvpnd.service now only takes that long instead of 2 minutes. Small victories ftw.

1 Like

I’ve timed the issue now, it’s actually happening every 3-4 hours. sometimes won’t happen when I’m afk. I contacted nordvpn support and they were about as helpful as expected:

The error message you are receiving is known and our developers are already working on a solution.

In the meantime, please run the following commands:
nordvpn set ipv6 on
sudo systemctl restart nordvpnd

As for when the issue itself will be fixed, unfortunately, we would rather not give you an estimation when we do not actually have one for certain. I understand that waiting is rather frustrating and I can only apologize for the inconveniences. I can assure you that your account is active and you will be able to connect to the VPN using other devices.

However, if the commands above do not work, I can only suggest using the manual connection method:
How can I connect to NordVPN using Linux Terminal? | NordVPN Support

So there’s that, they basically just told me to turn on ipv6 and if that doesn’t help, connect via openvpn without the nordvpn client (but I actually want to use nordlynx, their wireguard implementation)

I did try to turn on ipv6 btw, and what happened is that it completely broke nordvpn, needed a system restart to fix. The issue with nordvpn when ipv6 was enabled was that it simply wouldn’t connect at all 8 times out of 10. It managed to connect two times, once with autoconnect upon restart, once with autoconnect upon daemon restart. Never on a manual connection attempt.

It was, in fact, almost like enabling ipv6 would re-create the original issue without a 3-4 hour wait time.

So now I’m digging into why that might happen, first thing I found after looking into it was this setting with sysctl:

net.ipv6.conf.default.disable_ipv6 = 1

e.g. ipv6 is (I think) disabled by default on all my devices (confirmed it was disabled for my wireless as well as nordlynx according to sysctl as well, gonna see if changing this affects the issue).

ran sudo sysctl net.ipv6.conf.all.disable_ipv6=0

this seemed to help with the issue, but I noticed a few minutes later that it reset to 1

I also created a file containing this setting in sysctl.d:

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0

But after a restart these settings were forcefully configured to 1, maybe this is actually a manjaro issue? This is not normal behavior I think…

Edit: It was nordvpn that was doing it!

If nordvpn has ipv6 set to off, it forces ipv6 off for sysctl, (i tried setting nordvpn ipv6 off and it changed the setting according to sysctl, I then tried re-enabling ipv6 through nordvpn, but it kept the setting off)

This creates a not so sane system config because the hosts file still contains ipv6 addresses which can cause breakages with this config :expressionless:

But now that I got ipv6 working with nordvpn lets see if that solves the issue, maybe the issue was because if ipv6 addresses in the hosts file but ipv6 disabled in the system all along?

Getting confusing…

If you disable IPv6 (systemwide) you must comment or remove the IPv6 references in /etc/hosts.

I did some troubleshooting on NordVPN a few days ago - a DNS issue I didn’t bother to troubleshoot earlier - and found that switching resolver from the default (openresolv) to systemd-resolved fixed my DNS issues.

Now I cannot guarantee anything - but I reckon it is worth a try :slight_smile:

1 Like

@linux-aarhus
I also added ipv6_disable=1 to the grub for be sure ipv6 totally deactivate (or is it useless???)

I’ve tried now both with ipv6 disabled (after fixing hosts file) and with ipv6 enabled. Issue was the same (I noticed it frequently happens exactly around the 4 hour 20 minute mark after connecting to nordvpn)

Next up I’m trying your dns thingy, I don’t even understand what problem it is supposed to solve though, I mean in practice.

Sure it resets the DNS properly after nordvpn disconnects, but I still can’t use the internet when nordvpn is disconnected in the first place so I’m not sure what it’s really supposed to do to help.

I noted from your journal that you have set NordVPN to nordlynx - is it the same with OpenVPN?

I am going to test nordlynx extensively today.

Started NordVPN using nordlynx @ 2021-09-06T05:40:00Z

Running …

Stopped @ 2021-09-06T18:40:00Z

No problems

1 Like

I don’t know how nordlynx works, and as you want to use wireguard, ask Nord about you installing wireguard-tools, and them sending a config file for each wireguard server (you need) that also include the keys per server.

I use that with another VPN provider, and all you need to connect in the terminal is wg-quick up servername or disconnect wg-quick down servername.

The config files are downloaded and moved into etc/wireguard.
The ones from my VPN provider have this structure:

[Interface]
PrivateKey = dPy2Q...
Address = 
DNS = 

[Peer]
PublicKey = YQ0fi8...
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = wg-servername:port number
PersistentKeepalive = 25
1 Like

I have yet to test with OpenVPN, but the thing is each test run takes at least 3 hours, sometimes 4 hours and 20 minutes, but I do not recall any point it didn’t disconnect after 4 hours and 20 minutes except once or twice when I was entirely afk. I can’t always test this everyday cuz sometimes I’m troubleshooting other issues I’m having (audio and some issues with VMs which sometimes break my host when I run them :grimacing: and I haven’t even gotten the VMs to work right yet) and those require me to restart sometimes frequently; meaning they’d interrupt any testing of this specific issue.

This also means that testing to see if possible reconfigurations help solve the issue can take a quarter of a day, so even the smallest tweak takes that long to test.

@tharangalion this might actually be worth a try, I heard nordvpn used to provide such files to people who asked but I saw a thread from 2020 where people were complaining about them having stopped doing it, (probably because they just want people to be using nordlynx instead).

It looks like I found an actual workaround that prevents the issue from occurring, If, before the point of disconnection I run the nordvpn c command it seems to reset whatever is causing the issue.

This of course still results in a periodic disconnect, but it prevents the actual breakage. I have created a script that automatically does this every 4 hours.

#!/bin/bash

#SERVER=$(nordvpn status | grep -o "[a-z]\{2\}[0-9]\+")
COUNTRY=$(nordvpn status | grep Country | sed 's/Country: //g' | sed 's: :_:g')

nordvpn c $COUNTRY

To run every four hours I use the command crontab -e and add this line:

 */4 * * * /path/to/the/script

(If anyone’s actually following this, don’t forget to make the script executable).

To try and prevent any server switching related issues I made sure the client will always connect to the same country too. (There’s an option for connecting to the same server instead of country, but I sometimes had issues with it)

Update: I have been running with this workaround active for a few days now and nordvpn has not broken once.

Update: Changed 3 hours to 4 hours, have tested it for a couple of days and it’s fine this way too.

Update: Thanks to TheMikiey, script can now connect to the same server rather than just the same country.

Update: Nordvpn suddenly started spitting out errors when trying to connect to a specific server instead of to a country, reverted to just connecting to the same country instead.

1 Like

I was having similar issue with the vpn, I searched many place to solve the issue. On of my friend suggested me Ivacy vpn to give it a try and It really works good.

I have been having issues recently with nordvpn disconnecting randomly. I connect via Network Manager and openvpn as my speeds are about the same with NordLynx. The error in the journal is this:

nm-openvpn ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted

I followed the guide at the following link and so far it seems fixed, but I just implemented and will have to wait and see. I had to enable systemd-networkd as it was not enabled by default on my system and then I masked systemd-networkd-wait-online.service as I don’t need that. The creation of the nm-openvn@.service, I couldn’t make work. The bottom post labeled “correction” is what I am using.

https://bbs.archlinux.org/viewtopic.php?pid=1881081

Update: It stayed connected according to the icon in the taskbar, but I could not connect to any websites when I returned home after 3 hours. Reconnecting to VPN via network Manager/ OpenVpn worked fine. I reversed the fix outlined above.

1 Like

Not getting any errors related to tun.

But I did notice some possibly related errors from nordvpnd:

ERROR: (nordlynx) 2021/09/06 02:45:32 - Failed to send handshake initiation: network is unreachable
ERROR: (nordlynx) 2021/09/06 03:50:04 - Failed to send data packet: network is unreachable
2021/09/06 23:57:55 [Error] connected to nordlynx server but there is no internet as a result
nordvpnd[1690]: 2021/09/07 12:29:56 [Error] refresh ipv6
nordvpnd[1690]: 2021/09/07 12:29:54 [Error] refresh ipv6

I saw this thread and thought I would add my recent problems with Nordvpn. I have been using it for several years and until last Sunday (5th Sept) had no problems with it. Since then there have been many. First of all autoconnect stopped working, and manual connections were extremely slow, very often after a long wait, I would end up being connected not to the country I had asked for but to Israel instead (always Israel, nothing else). Looking at Nord help files one of their suggestions was to logout and login again to your nord account, so I did this and now every time I try to connect with nordvpn-bin I get told that my account has expired. It has about 14 months left to run.
After that nothing worked as everything I did ended up on their ‘update your subscription page’.
I decided to try nordpy instead (I had used it before) this would not connect via my usual ikev2 protocol but at least it didn’t tell me that my account was out of date, so I tried switching protocols to UDP and surprisingly I got a connection so that is what I am using now.
I emailed their support, but I don’t hold out much hope there, but basically my experiences coupled with the OP’s report must point to a recent problem with Nord and Manjaro whilst using nordvpn-bin though not with nordpy?