[HowTo] Permanent NordVPN tunnel on OSMC

Hey chojin, I spent the last month trying to setup Netflix on my raspberry using a vpn.

So far, the only working combination I got was to use openvpn and chromium (with prebuilt widevine support). But this is far from perfect since I don’t want to play around with mouse and keyboard Everytime I turn on the TV.

Now I’m trying to use Netflix add-on on Kodi and as vpn manager this plugin:

But I get the same error as @BBLyons, searching for those error on inputstream.adaptive repository it looks like that vpn is not supported at all and the error is expected.

Now, since raspberry and vero4k are not so different I wonder what could be the problem. You did not had any problem with inputstream.adaptive?

As soon as I started to bypass the VPN for Netflix by adding static routes to my default gateway for all Netflix ip-ranges and additionally for all Amazon AWS ip ranges, I had no problems with inputstream.adaptive.
Without any bypassing, I got an http error 420, indicating that Netflix didn’t want to serve over VPN.
Then after bypassing only the netflix ip ranges, the error was less clear and more some kind of timeout. But after also bypassing the AWS ip ranges, It just started to work, as none of the netflix traffic was now going through the VPN.

I may have misinterpreted some of the last comments, but what I was saying is that I don’t want to bypass the vpn, that is why I’m gonna try openpyn and see if the --netflix option works for me or I still get inputstream errors.

You might want to be aware. Currently, Netfilx is broken. I suspect you’ll have to wait until the devs resolve their issue with it before you can do any useful testing.

I’m not experiencing any problem with the netflix plugin but i can confirm that openpyn doesn’t work with inputstream.adaptive connecting to netflix.

EDIT:
according to this issue: Ca'nt connect with a VPN- AGAIN. · Issue #181 · CastagnaIT/plugin.video.netflix · GitHub
the problem is platform independent, @chojin the Netflix through VPN section is misleading since it doesn’t work with the netflix plugin.

Openpyn (as well as openvpn and service.vpn.manager) works well with netflix in browser but definitively not with inputstream.adaptive plugin.

@chojin thanks for this guide!
Just one question: what if I don’t want Kodi (and its add-ons, for example BBC etc) to go through the tunnel? Or the other way around: only have Kodi go through the tunnel.
What if I only want apps like rTorrent/Transmission/Flexget to go through the tunnel?
I have tried playing with network namespaces but it’s way over my head:

Also, there is another approach that I didn’t fully understand:
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

Perhaps this is something that could work in combination with your solution?

Sorry for the delay :wink:

I can see new entries in IP tables after running the script bypass_vpn_static_routes.sh start.
Unfortunately, I have an error when trying to traceroute:
traceroute to amazonaws.com (207.171.166.22), 30 hops max, 38 byte packets
1traceroute: sendto: Operation not permitted

And I still can’t curl ip-ranges.amazonaws.com once I’ve added the routes :confused:

Hi, Thanks for this info @chojin
I have an issue though, and not done much of this type of thing before but i get the following error

Dec 16 17:46:15 osmc systemd[1]: Starting NordVPN connection manager…
Dec 16 17:46:20 osmc systemd[1]: Started NordVPN connection manager.
Dec 16 17:48:29 osmc openpyn[4403]: 2019-12-16 17:48:29 [ERROR] There was an ambiguous exception, Check Your Network Connection. forgot to flush iptables? (openpyn -x)
Dec 16 17:48:29 osmc openpyn[4403]: There was an ambiguous exception, Check Your Network Connection. forgot to flush iptables? (openpyn -x)
Dec 16 17:48:29 osmc systemd[1]: openpyn.service: Main process exited, code=exited, status=1/FAILURE
Dec 16 17:48:30 osmc openpyn[4545]: 2019-12-16 17:48:30 [WARNING] Killing the running processes
Dec 16 17:48:30 osmc openpyn[4545]: Killing the running processes
Dec 16 17:48:30 osmc sudo[4549]: root : TTY=unknown ; PWD=/usr/local/lib/python3.5/dist-packages/openpyn ; USER=root ; COMMAND=/bin/cat /etc/resolv.conf
Dec 16 17:48:30 osmc sudo[4549]: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 17:48:30 osmc sudo[4549]: pam_unix(sudo:session): session closed for user root
Dec 16 17:48:30 osmc sudo[4563]: root : TTY=unknown ; PWD=/usr/local/lib/python3.5/dist-packages/openpyn ; USER=root ; COMMAND=/usr/bin/killall openpyn-management
Dec 16 17:48:30 osmc sudo[4563]: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 17:48:30 osmc sudo[4563]: pam_unix(sudo:session): session closed for user root
Dec 16 17:48:30 osmc sudo[4578]: root : TTY=unknown ; PWD=/usr/local/lib/python3.5/dist-packages/openpyn ; USER=root ; COMMAND=/bin/cat /etc/resolv.conf
Dec 16 17:48:30 osmc sudo[4578]: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 17:48:30 osmc sudo[4578]: pam_unix(sudo:session): session closed for user root
Dec 16 17:48:30 osmc sudo[4592]: root : TTY=unknown ; PWD=/usr/local/lib/python3.5/dist-packages/openpyn ; USER=root ; COMMAND=/usr/bin/killall openpyn
Dec 16 17:48:30 osmc sudo[4592]: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 17:48:30 osmc sudo[4592]: pam_unix(sudo:session): session closed for user root
Dec 16 17:48:30 osmc systemd[1]: openpyn.service: Unit entered failed state.
Dec 16 17:48:30 osmc systemd[1]: openpyn.service: Failed with result ‘exit-code’.

this happens after 2 mins each time i start the service, ive just done a clean install on vero 4k and still no dice.

Does anyone have an idea what im doing wrong ?

I’m on NOV update and previously had the vpn running with the bhornsby method then that failed and i had this one running with no problems for over a year. then i dunno what happened but nothing was working !!!:cold_sweat:

thanks

Ian

Thanks for the comment, I added a disclaimer to the Netflix through VPN section clearing out that I can’t test this for myself and that it will probably not work according to the issue you mention.

I have all netflix and aws traffic routed through my default gateway instead of through the VPN using the script I described in the instructions, and that way I don’t experience any troubles with the plugin nor with inputstream.adaptive

I’m sorry, but I have no idea what is going on in your setup…
curl ip-ranges.amazonaws.com gives me a 301 - moved permanently, but that is normal.
I get a JSON with ip-ranges when I call curl -s https://ip-ranges.amazonaws.com/ip-ranges.json as my script does…
traceroute amazonaws.com shows me that the first hop to amazonaws is my own gateway while traceroute to some random other server shows me that the first hop is some NordVPN ip, as expected.
Currently, after running bypass_vpn_static_routes.sh start I end up with 1375 entries in my routing table where 0.0.0.0/1 via <NordVPN gw> and default via 192.168.0.1 are the first entries (192.168.0.1 being my own gateway)

Maybe this closed openpyn issue can give some clues to the issue you are experiencing: There was an ambiguous exception, Check Your Network Connection. · Issue #198 · jotyGill/openpyn-nordvpn · GitHub
But I myself have no connection with openpyn development whatsoever, and it looks to me as a pure openpyn issue, so maybe you could try there to reach for some help ? If you find a solution, of course feel free to document it here.

I was getting the same error after changing my dns servers to 1.1.1.1 The link given by chojin shows the problem nicely, changing dns to the Google ones or my isp ones solved it for me

Upgrade to Debian Buster and Python to 3.7.3

I’m getting the following even after upgrading OpenPyn:

Oct 16 18:49:40 osmc openpyn[28133]: Traceback (most recent call last):
Oct 16 18:49:40 osmc openpyn[28133]:   File "/usr/local/bin/openpyn", line 7, in <module>
Oct 16 18:49:40 osmc openpyn[28133]:     from openpyn.openpyn import main
Oct 16 18:49:40 osmc openpyn[28133]: ModuleNotFoundError: No module named 'openpyn'

Anyone else faced this?

Did you install openpyn for the new python version?
python3.7 -m pip install openpyn

OK, I did but then realized that i needed to update the openpyn.service as it was still referencing the 3.5 folder and then reload systemctl and restart the service.
Now it’s all working fine.

Thanks.

For anyone else having to deal with this after the Buster update…

I had to update wheel: sudo python3.7 -m pip install wheel --upgrade

Update openpyn: sudo python3.7 -m pip install openpyn --upgrade

Update the service config: sudo nano /etc/systemd/system/openpyn.service

(change the python reference to 3.7 from whatever it currently has)

upload the changes: sudo systemctl daemon-reload

this still failed, the last step was to save my NordVPN credentials in the 3.7 folder:

cd /usr/local/lib/python3.7/dist-packages
sudo openpyn -c US

follow the prompts to enter credentials, then shutdown the tunnel (ctrl-c)

then restart the service: sudo systemctl restart openpyn

1 Like

NordVPN has already released a debian package which i’ve tested and works on OSMC. This package allows connections using the NordLynx protocol as well as OpenVPN, and is officially supported.

Instructions to get this installed are at: Installing NordVPN on Debian, Ubuntu, Raspberry Pi, Elementary OS & Linux Mint | NordVPN Support

In addition, I had to disable IPv6 by adding the below lines to /etc/sysctl.conf

# Disable IPv6 as suggested by https://support.nordvpn.com/Connectivity/Linux/1047409212/How-to-disable-IPv6-on-Linux.htm

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1

I’ve been able to connect trivially with that.

osmc@osmc:~$ nordvpn status
Status: Connected
Current server: us8531.nordvpn.com
Country: United States
City: San Francisco
Server IP: 192.145.118.142
Current technology: NORDLYNX
Current protocol: UDP
Transfer: 115.92 MiB received, 1.77 MiB sent
Uptime: 6 minutes 19 seconds

Hope this helps.