VPN Client not starting on OpenWRT

I was configuring OpenVPN client on raspberrypi, using nordvpn as server.
I used mine user wich has mfa, and everything was doing ok until I shutdown the raspi and turned back on, after a couple of days, and the vpn service was gone. I mean it's there but it's not connecting.
Im sending some error code on log too.

Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: TCP/UDP: Preserving recently used remote address: [AF_INET]91.205.230.201:1194
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: UDP link local: (not bound)
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: UDP link remote: [AF_INET]91.205.230.201:1194
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: TLS: Initial packet from [AF_INET]91.205.230.201:1194, sid=8c58d8c4 49556a4d
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: VERIFY KU OK
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: Validating certificate extended key usage
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: VERIFY EKU OK
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: VERIFY X509NAME OK: CN=pt67.nordvpn.com
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: VERIFY OK: depth=0, CN=pt67.nordvpn.com
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Sun Jul  2 23:09:23 2023 daemon.notice openvpn(client)[4504]: [pt67.nordvpn.com] Peer Connection Initiated with [AF_INET]91.205.230.201:1194
Sun Jul  2 23:09:24 2023 daemon.notice openvpn(client)[4504]: SENT CONTROL [pt67.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Jul  2 23:09:29 2023 daemon.notice openvpn(client)[4504]: SENT CONTROL [pt67.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Jul  2 23:09:29 2023 daemon.notice openvpn(client)[4504]: AUTH: Received control message: AUTH_FAILED
Sun Jul  2 23:09:29 2023 daemon.notice openvpn(client)[4504]: SIGTERM[soft,auth-failure] received, process exiting

imagem1087×104 7.25 KB

So you noted MFA - can you explain how you or your router complete the multi-factor authentication to re-login?

BTW, your screenshot seems to show your VPN interface is not assigned to a firewall zone.

How come?
.
.
.
I used multi-factor authenticator the first time I connected and it worked... I dont see the issue.

Nord recently changed its authentication, so have a look at Nords website.

The log shows an authentication problem.

What advice does NordVPN offer regarding mixing MFA with non-interactive VPN sessions such as from a router?

(As a NordVPN customer myself, I can't help but wonder about the vendor's approach to MFA. There are better ways of doing it, but it seems almost as if the vendor intentionally set out to make it as user-unfriendly as possible...)

Does this help?

The color (grey) indicates no firewall zone assigned.

Then since MFA is enabled, I would surmise one needs to use MFA every time a login is attempted. The VPN company can clarify that.

Odd, because I see a major issue if you're agreeing that you aren't using MFA on subsequent logon attempts.

It's probably the mfa.
Thank you.

I did saw that guide, and my config is pretty similar.
It was working a few days ago, I guess it's the MFA.
I'll try without it.
.
.
.

Didn't found anything about that on the web.

Come again?

As a paying customer of NordVPN you're entitled to support. When you made use of that entitlement and approached NordVPN for support, what advice did you receive?

Didnt try that, yet... I will.