I've updated my F4-424 Max to TOS 6.0.770. Since the update, I cannot connect the built-in VPN client within TOS to any NordVPN servers.
I have added the "script-security 2" variable in the .ovpn file as advised in another topic and NordVPN provides explicit IP addresses. Regardless, the connection fails and there seems to be an issue with the "update-route.sh" script (see openvpn output below).
Any help would be really appreciated...
Code: Select all
2025-08-19 18:12:55 us=559490 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2025-08-19 18:12:55 us=559495 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: ************************
🔐 Enter Auth Password: ************************
2025-08-19 18:13:12 us=921407 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2025-08-19 18:13:12 us=921421 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-08-19 18:13:12 us=922487 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2025-08-19 18:13:12 us=922500 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2025-08-19 18:13:12 us=922552 Control Channel MTU parms [ L:1654 D:1140 EF:110 EB:0 ET:0 EL:3 ]
2025-08-19 18:13:12 us=922567 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
2025-08-19 18:13:12 us=922587 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
2025-08-19 18:13:12 us=922591 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
2025-08-19 18:13:12 us=922598 TCP/UDP: Preserving recently used remote address: [AF_INET]212.15.86.213:1194
2025-08-19 18:13:12 us=922610 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-08-19 18:13:12 us=922615 UDP link local: (not bound)
2025-08-19 18:13:12 us=922619 UDP link remote: [AF_INET]212.15.86.213:1194
WR2025-08-19 18:13:13 us=9140 TLS: Initial packet from [AF_INET]212.15.86.213:1194, sid=0051c9ad aa1ef015
W2025-08-19 18:13:13 us=9218 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRWRWRWRWR2025-08-19 18:13:13 us=186672 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2025-08-19 18:13:13 us=186814 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA10
2025-08-19 18:13:13 us=186914 VERIFY KU OK
2025-08-19 18:13:13 us=186917 Validating certificate extended key usage
2025-08-19 18:13:13 us=186919 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-08-19 18:13:13 us=186921 VERIFY EKU OK
2025-08-19 18:13:13 us=186922 VERIFY X509NAME OK: CN=ca1827.nordvpn.com
2025-08-19 18:13:13 us=186924 VERIFY OK: depth=0, CN=ca1827.nordvpn.com
WRWRW2025-08-19 18:13:13 us=273067 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2025-08-19 18:13:13 us=273087 [ca1827.nordvpn.com] Peer Connection Initiated with [AF_INET]212.15.86.213:1194
R2025-08-19 18:13:13 us=358909 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.100.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.100.0.2 255.255.0.0,peer-id 26,cipher AES-256-GCM'
2025-08-19 18:13:13 us=358972 OPTIONS IMPORT: timers and/or timeouts modified
2025-08-19 18:13:13 us=358977 OPTIONS IMPORT: explicit notify parm(s) modified
2025-08-19 18:13:13 us=358980 OPTIONS IMPORT: compression parms modified
2025-08-19 18:13:13 us=358984 OPTIONS IMPORT: --ifconfig/up options modified
2025-08-19 18:13:13 us=358991 OPTIONS IMPORT: route options modified
2025-08-19 18:13:13 us=358994 OPTIONS IMPORT: route-related options modified
2025-08-19 18:13:13 us=358997 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2025-08-19 18:13:13 us=359000 OPTIONS IMPORT: peer-id set
2025-08-19 18:13:13 us=359002 OPTIONS IMPORT: adjusting link_mtu to 1657
2025-08-19 18:13:13 us=359005 OPTIONS IMPORT: data channel crypto options modified
2025-08-19 18:13:13 us=359010 Data Channel: using negotiated cipher 'AES-256-GCM'
2025-08-19 18:13:13 us=359017 Data Channel MTU parms [ L:1585 D:1450 EF:53 EB:411 ET:32 EL:3 ]
2025-08-19 18:13:13 us=359066 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-08-19 18:13:13 us=359069 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-08-19 18:13:13 us=359078 net_route_v4_best_gw query: dst 0.0.0.0
2025-08-19 18:13:13 us=359128 net_route_v4_best_gw result: via 192.168.1.254 dev eth1
2025-08-19 18:13:13 us=359144 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=eth1 HWADDR=6c:bf:b5:04:62:65
2025-08-19 18:13:13 us=359279 TUN/TAP device tun0 opened
2025-08-19 18:13:13 us=359284 do_ifconfig, ipv4=1, ipv6=0
2025-08-19 18:13:13 us=359291 net_iface_mtu_set: mtu 1500 for tun0
2025-08-19 18:13:13 us=359313 net_iface_up: set tun0 up
2025-08-19 18:13:13 us=359396 net_addr_v4_add: 10.100.0.2/16 dev tun0
2025-08-19 18:13:13 us=359442 /etc/openvpn/update-route.sh tun0 1500 1585 10.100.0.2 255.255.0.0 init
/etc/openvpn/update-route.sh: line 6: 5=10.100.0.2: command not found
Error: Nexthop has invalid gateway.
2025-08-19 18:13:13 us=416969 WARNING: Failed running command (--up/--down): external program exited with error status: 2
2025-08-19 18:13:13 us=416987 Exiting due to fatal error
