NordVPN Docker issue

[PhatTrance]

Hello All.

hope you are doing fine, nice to see the site still up and doing well.

I’m trying to setup the official NordVPN Docker, I had this running on PI4 previously no issues.
when I try to configure Nord Docker container I am getting the following.

[2021-06-20T12:49:32+00:00] Firewall is up, everything has to go through the vpn
[2021-06-20T12:49:32+00:00] Enabling connection to secure interfaces
[2021-06-20T12:49:32+00:00] Enabling connection to nordvpn group
iptables: No chain/target/match by that name.
[2021-06-20T12:49:32+00:00] group match failed, fallback to open necessary ports
[2021-06-20T12:49:32+00:00] Enabling connection to docker network
[2021-06-20T12:49:32+00:00] Enabling connection to network 192.168.1.0/24
[2021-06-20T12:49:32+00:00] Restarting the service
[2021-06-20T12:49:32+00:00] Waiting for the service to start
[2021-06-20T12:49:32+00:00] Logging in

Any help much appreciated. thanks Chris

 

[Rusty]

Hello All.

hope you are doing fine, nice to see the site still up and doing well.

I’m trying to setup the official NordVPN Docker, I had this running on PI4 previously no issues.
when I try to configure Nord Docker container I am getting the following.

[2021-06-20T12:49:32+00:00] Firewall is up, everything has to go through the vpn
[2021-06-20T12:49:32+00:00] Enabling connection to secure interfaces
[2021-06-20T12:49:32+00:00] Enabling connection to nordvpn group
iptables: No chain/target/match by that name.
[2021-06-20T12:49:32+00:00] group match failed, fallback to open necessary ports
[2021-06-20T12:49:32+00:00] Enabling connection to docker network
[2021-06-20T12:49:32+00:00] Enabling connection to network 192.168.1.0/24
[2021-06-20T12:49:32+00:00] Restarting the service
[2021-06-20T12:49:32+00:00] Waiting for the service to start
[2021-06-20T12:49:32+00:00] Logging in

Any help much appreciated. thanks Chris

What exact image are you using?

Can you share your code your are running?

 

[PhatTrance]

Hi Rusty.

hope your well.

I am using ghcr.io/bubuntux/nordvpn
Using the following compose in a stack.

version: "3"
version: "3"
services:
vpn:
image: ghcr.io/bubuntux/nordvpn
cap_add:
- NET_ADMIN # Required
environment: # Review bubuntux/nordvpn
- USER=[email protected] # Required
- "PASS=pas$word" # Required
- CONNECT=GB
- TECHNOLOGY=NordLynx
- NETWORK=192.168.1.0/24 # So it can be accessed within the local network
ports:
- 8080:8080
Then I’d just declare the ports when needed.

-- post merged: 20. Jun 2021 --

I was running this image on a omv image before just fine.
thinking it’s something with IP tables but bit beyond me.
Surely syno Docker isn’t that restricted.

 

[Rusty]

Hi Rusty.

hope your well.

I am using ghcr.io/bubuntux/nordvpn
Using the following compose in a stack.

version: "3"
version: "3"
services:
vpn:
image: ghcr.io/bubuntux/nordvpn
cap_add:
- NET_ADMIN # Required
environment: # Review bubuntux/nordvpn
- USER=[email protected] # Required
- "PASS=pas$word" # Required
- CONNECT=GB
- TECHNOLOGY=NordLynx
- NETWORK=192.168.1.0/24 # So it can be accessed within the local network
ports:
- 8080:8080
Then I’d just declare the ports when needed.

Is there a reason you have 2 declarations of versions?

Just to be clear are you able to create and run the container or it doesn’t even get created?

 

[PhatTrance]

Typo mate. Sorry about that.

Let me get to my rig.

-- post merged: 20. Jun 2021 --

Hey, so just to confirm, when I start the container I get:

2021-06-20T17:38:40+00:00] Firewall is up, everything has to go through the vpn

[2021-06-20T17:38:41+00:00] Enabling connection to secure interfaces

[2021-06-20T17:38:41+00:00] Enabling connection to nordvpn group

iptables: No chain/target/match by that name.

[2021-06-20T17:38:41+00:00] group match failed, fallback to open necessary ports

[2021-06-20T17:38:41+00:00] Enabling connection to docker network

[2021-06-20T17:38:41+00:00] Enabling connection to network 192.168.1.0/24

[2021-06-20T17:38:42+00:00] Restarting the service

start-stop-daemon: warning: failed to kill 108: No such process

[2021-06-20T17:38:42+00:00] Waiting for the service to start

[2021-06-20T17:38:43+00:00] Logging in

Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.

[2021-06-20T17:38:49+00:00] Setting up NordVPN Version 3.10.0

DNS is already set to '1.1.1.1'.

Technology is already set to 'NordLynx'.

Subnet 172.17.0.0/16 is whitelisted successfully.

Subnet 192.168.1.0/24 is whitelisted successfully.

[2021-06-20T17:38:49+00:00] Connecting...

Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.
Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.

 

[Rusty]

Typo mate. Sorry about that.

Let me get to my rig.

-- post merged: 20. Jun 2021 --

Hey, so just to confirm, when I start the container I get:

2021-06-20T17:38:40+00:00] Firewall is up, everything has to go through the vpn

[2021-06-20T17:38:41+00:00] Enabling connection to secure interfaces

[2021-06-20T17:38:41+00:00] Enabling connection to nordvpn group

iptables: No chain/target/match by that name.

[2021-06-20T17:38:41+00:00] group match failed, fallback to open necessary ports

[2021-06-20T17:38:41+00:00] Enabling connection to docker network

[2021-06-20T17:38:41+00:00] Enabling connection to network 192.168.1.0/24

[2021-06-20T17:38:42+00:00] Restarting the service

start-stop-daemon: warning: failed to kill 108: No such process

[2021-06-20T17:38:42+00:00] Waiting for the service to start

[2021-06-20T17:38:43+00:00] Logging in

Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.

[2021-06-20T17:38:49+00:00] Setting up NordVPN Version 3.10.0

DNS is already set to '1.1.1.1'.

Technology is already set to 'NordLynx'.

Subnet 172.17.0.0/16 is whitelisted successfully.

Subnet 192.168.1.0/24 is whitelisted successfully.

[2021-06-20T17:38:49+00:00] Connecting...

Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.
Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.

So it’s a Wireguard protocol in use. Haven’t tested this image before, but are you sure your account is working in the first place?

 

[PhatTrance]

So it’s a Wireguard protocol in use. Haven’t tested this image before, but are you sure your account is working in the first place?

Yeah my account is working ok. I have Nord client installed on my Debian Buster build working just fine. :S

 

[Rusty]

Yeah my account is working ok. I have Nord client installed on my Debian Buster build working just fine. :S

Then I guess I can only help by running this myself and try and help that way.

I’ll be at home in a few hours and get back to you on this.

Been looking to test Nord Lynx myself.

 

[PhatTrance]

Ok thanks! Yeah it's been running really well under Buster pretty good stable speeds.
but just got myself a DS220+ for some raid and plex etc...

 

[Rusty]

Ok thanks! Yeah it's been running really well under Buster pretty good stable speeds.
but just got myself a DS220+ for some raid and plex etc...

Ok tested it and it works, but not on the `latest` image (3.10.0). There is an open ticket on Github about 15 days ago.

Running with 3.9.5-1, it runs just fine:

[2021-06-20T20:53:24+00:00] Firewall is up, everything has to go through the vpn
[2021-06-20T20:53:24+00:00] Enabling connection to secure interfaces
[2021-06-20T20:53:24+00:00] Enabling connection to nordvpn group
iptables: No chain/target/match by that name.
[2021-06-20T20:53:24+00:00] group match failed, fallback to open necessary ports
[2021-06-20T20:53:24+00:00] ip6 group match failed, fallback to open necessary ports
[2021-06-20T20:53:24+00:00] Enabling connection to docker network
[2021-06-20T20:53:24+00:00] Enabling connection to network 192.168.1.0/24
[2021-06-20T20:53:24+00:00] Restarting the service
[2021-06-20T20:53:24+00:00] Waiting for the service to start
[2021-06-20T20:53:25+00:00] Logging in
Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.
[2021-06-20T20:53:27+00:00] Setting up NordVPN Version 3.9.5
Technology is successfully set to 'NordLynx'.
Subnet 172.24.0.0/16 is whitelisted successfully.
Subnet 192.168.1.0/24 is whitelisted successfully.
[2021-06-20T20:53:27+00:00] Connecting...
Connecting to Switzerland #240 (ch240.nordvpn.com)
You are connected to Switzerland #240 (ch240.nordvpn.com)!

version: "3.5"
services:
  vpn:
    image: bubuntux/nordvpn:v3.9.5-1
    cap_add:
      - NET_ADMIN               # Required
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - USER=     # Required
      - PASS=       # Required
      - CONNECT=Switzerland
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.1.0/24  # So it can be accessed within the local network
    ports:
      - 9091:9091
  torrent:
    image: ghcr.io/linuxserver/transmission:latest
    network_mode: service:vpn
    depends_on:
      - vpn
    restart: always

Just as a test run I did stack a torrent client as well and tested its access towards the Internet:

root@cd21fa659b77:/#
root@cd21fa659b77:/#
root@cd21fa659b77:/# curl ifconfig.me

195.242.213.148

root@cd21fa659b77:/#

That IP resolves as Swis server, as it should. Hope this helps.

 

[SynoMan]

I've been testing this, but for some reason, I get better speed with image markusmcnugen/qbittorrentvpn:latest that you have described here qBittorrent via VPN docker container running on Synology NAS then with this:

version: "3.5"
services:
  vpn:
    image: bubuntux/nordvpn:v3.9.5-1
    cap_add:
      - NET_ADMIN               # Required
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - USER=     # Required
      - PASS=       # Required
      - CONNECT=Switzerland
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.1.0/24  # So it can be accessed within the local network
    ports:
      - 9091:9091
  torrent:
    image: ghcr.io/linuxserver/transmission:latest
    network_mode: service:vpn
    depends_on:
      - vpn
    restart: always

Interesting.

 

[PhatTrance]

Ok tested it and it works, but not on the `latest` image (3.10.0). There is an open ticket on Github about 15 days ago.

Running with 3.9.5-1, it runs just fine:

[2021-06-20T20:53:24+00:00] Firewall is up, everything has to go through the vpn
[2021-06-20T20:53:24+00:00] Enabling connection to secure interfaces
[2021-06-20T20:53:24+00:00] Enabling connection to nordvpn group
iptables: No chain/target/match by that name.
[2021-06-20T20:53:24+00:00] group match failed, fallback to open necessary ports
[2021-06-20T20:53:24+00:00] ip6 group match failed, fallback to open necessary ports
[2021-06-20T20:53:24+00:00] Enabling connection to docker network
[2021-06-20T20:53:24+00:00] Enabling connection to network 192.168.1.0/24
[2021-06-20T20:53:24+00:00] Restarting the service
[2021-06-20T20:53:24+00:00] Waiting for the service to start
[2021-06-20T20:53:25+00:00] Logging in
Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.
[2021-06-20T20:53:27+00:00] Setting up NordVPN Version 3.9.5
Technology is successfully set to 'NordLynx'.
Subnet 172.24.0.0/16 is whitelisted successfully.
Subnet 192.168.1.0/24 is whitelisted successfully.
[2021-06-20T20:53:27+00:00] Connecting...
Connecting to Switzerland #240 (ch240.nordvpn.com)
You are connected to Switzerland #240 (ch240.nordvpn.com)!

version: "3.5"
services:
  vpn:
    image: bubuntux/nordvpn:v3.9.5-1
    cap_add:
      - NET_ADMIN               # Required
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - USER=     # Required
      - PASS=       # Required
      - CONNECT=Switzerland
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.1.0/24  # So it can be accessed within the local network
    ports:
      - 9091:9091
  torrent:
    image: ghcr.io/linuxserver/transmission:latest
    network_mode: service:vpn
    depends_on:
      - vpn
    restart: always

Just as a test run I did stack a torrent client as well and tested its access towards the Internet:

root@cd21fa659b77:/#
root@cd21fa659b77:/#
root@cd21fa659b77:/# curl ifconfig.me

195.242.213.148

root@cd21fa659b77:/#

That IP resolves as Swis server, as it should. Hope this helps.

Hi Rusty,

Yes I had seen that discussion, unfortunately I still cannot get even V3.9.5.1 to work.
I just get "oops we cannot connect to x server right now! I've tried GID UID permissions and some other networking
like specifying the DNS but no joy...

-- post merged: 21. Jun 2021 --

btw just to add I added it to a portioner stack instead of compose D

 

[Rusty]

Even with different countries?

 

[PhatTrance]

Even with different countries?

Yeah, must be something with my networking but I have never had any issues using Nord Docker before, I had it running sweet on my PI tunnelling several apps through it. :s

-- post merged: 21. Jun 2021 --

Connecting to Switzerland #216 (ch216.nordvpn.com)
- - Whoops! We couldn't connect you to 'Switzerland'. Please try again. If the problem persists, contact our customer support. I did try logging into NORD with my Shield ok and macOS just fine.

 

[PhatTrance]

Hey all,

So I finally managed to get this thing working! thank you to @Rusty for you assistance also.

Note: this now works on the latest Version 3.10.0!

First thing is the tun module needs to be enabled for this to work.

So head over to Rustys site enable tun and follow on from "Check the tun module status". to get this enabled.

Once you have checked tun is installed and rebooted, it's time to add your compose I have used portainer in a stack due to the fact we require NET_ADMIN ENV.

Now use this compose only changing "changeme" variables. and you should be good.
on some early testing it looks like the firewall ENV needs to be Disabled for this to work.

version: "3.5"
services:

  vpn:
    image: bubuntux/nordvpn:latest

    cap_add:
      - NET_ADMIN
    
    environment: # Review https://github.com/bubuntux/nordvpn#environment-variables
      - USER="changeme"
      - PASS="changeme"
      - CONNECT="changeme" ## you can use country codes example GB, US DE.
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.1.0/24 ## or 192.168.0.0/24
      - PUID="changeme"
      - PGID="changeme"
      - FIREWALL=Disable

    ports:
      - 6789:6789 # Nzbget ## Just set your application ports here
      - 7878:7878 # Radarr
      - 8989:8989 # Sonarr

Cheers!