The latest version of the docker container does not seem to work for me on my synology NAS, even with a freshly generated token. I am receiving an invalid token error

Command Used (the tutorial command)

sudo docker run -ti --cap-add=NET_ADMIN --cap-add=NET_RAW --name vpn \
           -e TOKEN=... \
           -e TECHNOLOGY=NordLynx -d ghcr.io/bubuntux/nordvpn

Expected behavior
This should create a container that runs and connects to NordVPN

Logs

[0m -    -    [31mIt's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support. 
[0mInvalid token.

Additional context
Running on a Synology DS923+
Note setting it up directly through the container manager also fails
this closed bug (389) has some discussion of others encountering similar errors, and as far as I can tell it hasn't been resolved (but its a closed bug, so I'm creating a new issue so it doesn't get lost.)

I think I'm having the same issue. I have not updated my containers in a long time and I am trying to figure out what updates I need to make to my compose file, and I am getting the exact same messages in the logs despite generating a brand new token.

I've attached the full log and my compose file with the token removed.
bubuntux nordvpn invalid token message.txt
bubuntux nordvpn docker compose.txt

I tried wrapping my token in quotes in my Docker compose editor (in portainer) and the log message became: "We couldn't log you in - the access token is not valid. Please check if you've entered the token correctly. If the issue persists, contact our customer support."

I am Also having this issue.

[0mInvalid token.

2023/08/12 21:44:49 | stdout | �[0m -    -    �[31mIt's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support.

Generated fresh token. same error.

Version 3.16.5, still getting the same error.

vpn_1  | Firewall is up, everything has to go through the vpn
vpn_1  | Enabling connection to secure interface and docker network
vpn_1  | No inet6 network
vpn_1  | [custom-init] No custom files found, skipping...
vpn_1  | [ls.io-init] done.
Whoops! /run/nordvpn/nordvpnd.sock not found.
vpn_1  | Invalid token.

Exact same error.

I was able to move to the newer Docker image on my Synology running DSM6. My docker-compose I used is below, hopefully this is helpful.

vpn:
    container_name: vpn
    image: ghcr.io/bubuntux/nordlynx
    cap_add:
      - NET_RAW
      - NET_ADMIN               # Required
      - SYS_MODULE              # Required for TECHNOLOGY=NordLynx
    devices:
      - /dev/net/tun            # Required
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1  # Recomended if using ipv4 only
    security_opt:
      - no-new-privileges:true
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - PRIVATE_KEY=REDACTED
      - CONNECT=NORDVPN_TO_CONNECT_TO
      - TECHNOLOGY=NordLynx
      - GROUPID=0
      - TZ=Europe/London
      - NETWORK=192.168.1.1/24 #Adjust for your local network
      - ALLOWED_IPS=0.0.0.0/1,128.0.0.0/1
      - NET_LOCAL=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
      - "POST_UP=ip -4 route add $$(wg | awk -F'[: ]' '/endpoint/ {print $$5}') via $$(ip route | awk '/default/ {print $$3}')"
      - "PRE_DOWN=ip -4 route del $$(route -n | awk '/255.255.255.255/ {print $$1}') via $$(ip route | awk '/default/ {print $$3}')" 
    ports: 
      - 80:80 #Ports to open

Be sure to Install the Wireguard package. Thanks to @b-kamphorst and the others in the discussion here: bubuntux/nordlynx#41

Been working for months without any issues, and now I am getting the same error message as the rest of you without having changed anything....

Hi there,
I'm facing the same issue after a couple of weeks working fine.
I tried changing the original token both with a new expiring token and an illimited one but still gets stuck
I used the following docker compose on my DS918+ in the Synology Container manager:

version: "3"
services:
vpn:
image: ghcr.io/bubuntux/nordvpn
cap_add:
- NET_ADMIN # Required
- NET_RAW # Required
environment: # Review https://github.com/bubuntux/nordvpn#environment-variables
- TOKEN=e9f2abeb008... # Required
- CONNECT=lu104
- TECHNOLOGY=NordLynx
- NETWORK=192.168.1.0/24 # So it can be accessed within the local network
ports:
- 9880:9880
sysctls:
- net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only

I saw that with wireguard package there is a private key variable but i'm unsure of where it should come from (wireguard packacge setup maybe?).
Maybe updating the bubuntux image with the latest nordvpn release would help?
I see there have been messages about a new version up.

Possibly a coincidence but has worked twice in a row to fix this:

Regen a new token
Connect to nordvpn via a standard client (Eg the android app)
Update the token in your container and restart.

Literally no idea why it works but it does!

Hi,

Same issue as fellow users have described above. Is there an update?
Using Synology= DS1520+
OS version= DSM 7.2-64570 Update 3
Docker Compose on Portainer (via Stacks)

Bubuntux: https://github.com/sponsors/bubuntux
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 911
User GID: 911
───────────────────────────────────────
No inet6 network
Enabling connection to network 192.xxx.xxx.xxx
RTNETLINK answers: Invalid argument
[custom-init] No custom files found, skipping...
[ls.io-init] done.

A new version of NordVPN is available! Please update the application.

It's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support.
Invalid token.
[migrations] started
[migrations] no migrations found
fix-attrs: warning: fix-attrs is deprecated, please fix volume permissions in your container manager instead
Firewall is up, everything has to go through the vpn
Enabling connection to secure interface and docker network
No inet6 network
usermod: no changes
───────────────────────────────────────

| | | | | | | |
| --| | | | | | | | | | | |
|||| |_| |||||
_____ __ __ _ __ ____
| __ | | | | | | \
| __ -| | | | || | |
||__||_____|____/
Based on images from linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Bubuntux: https://github.com/sponsors/bubuntux
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
Enabling connection to network 192.xxx.xxx.xxx
User UID: 911
User GID: 911
───────────────────────────────────────
RTNETLINK answers: Invalid argument
[custom-init] No custom files found, skipping...
[ls.io-init] done.

A new version of NordVPN is available! Please update the application.

It's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support.
Invalid token.
[migrations] started
[migrations] no migrations found
fix-attrs: warning: fix-attrs is deprecated, please fix volume permissions in your container manager instead
Firewall is up, everything has to go through the vpn
Enabling connection to secure interface and docker network
usermod: no changes
No inet6 network
───────────────────────────────────────

| | | | | | | |
| --| | | | | | | | | | | |
|||| |_| |||||
_____ __ __ _ __ ____
| __ | | | | | | \
| __ -| | | | || | |
||__||_____|____/
Based on images from linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Bubuntux: https://github.com/sponsors/bubuntux
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 911
User GID: 911
───────────────────────────────────────
Enabling connection to network 192.xxx.xxx.xxx
RTNETLINK answers: Invalid argument
[custom-init] No custom files found, skipping...
[ls.io-init] done.

A new version of NordVPN is available! Please update the application.

It's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support.
Invalid token.

Docker Compose setup:

version: "3"
services:
vpn:
container_name: NordVPN
image: ghcr.io/bubuntux/nordvpn
cap_add:
- NET_ADMIN
- NET_RAW
environment:
- TOKEN=e9f2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- CONNECT={Country}
- TECHNOLOGY=NordLynx
- NETWORK=192.xxx.xxx.xxx/24
ports:
- 8080:8080
sysctls:
- net.ipv6.conf.all.disable_ipv6=1

Possibly a coincidence but has worked twice in a row to fix this:

Regen a new token Connect to nordvpn via a standard client (Eg the android app) Update the token in your container and restart.

Literally no idea why it works but it does!

I've missed all the discussion on the move towards token authentication.

What is the format to entering the Token into the yaml file, is it the username or the password... or both username and password together as one long string? It isn't documented on the main page for this image.

Possibly a coincidence but has worked twice in a row to fix this:

Regen a new token Connect to nordvpn via a standard client (Eg the android app) Update the token in your container and restart.

Literally no idea why it works but it does!

Tried this and doesn't work for me.

I wanted to throw some additional context in here - I hope this helps, I spent a lot of time and headaches around this issue.

• originally used this image for my syno - https://hub.docker.com/r/dyonr/qbittorrentvpn/ but ran into issues where WG connections would not work and the container would terminate.

• Switched to https://github.com/bubuntux/nordvpn and had much more success until I was hit with the "invalid token" issue. I tried all the Logical (and illogical tests) I could think of and found greater success with seemingly odd steps.
  - I found that if I stressed the CPU prior to launching the NordVPN container (higher CPU load) I would see more successful launches.
  - I found that certain connections to certain servers were fine, where as others I could never get to work (using a server in Europe vs South America)
  - I did also experience a similar issue with TCP / UDP configs via dyonr's image (linked above) and the solution was to first give the config files to Syno and have it make a TCP / UDP connection - then have dyonr/QBT use that specific config = 100% success.

  My solution to the token issue was to migrate to Ubuntu on a custom build PC. instantly 100% of the issues are gone. This to me says that the issue is rooted in a Syno process or handling of the wg kernel / connection. in some rounds of testing with GPT :) - I felt like issue had to do with the container "pushing" the Token to the Syno WG kernel too fast - and being "rejected". in particular how the WG kernel handles the storage and management of secret keys?

Some of my observations align with others comments here but the solutions are just as odd as the problem itself.

You can see my compose files here - https://github.com/spencercnorton/globalentry/blob/main/GlobeNet/docker-compose.yml

I have the same issue here, I got the "Invalid token." error, there is any update in this issue?

Make sure you are disconnected from the VPN in the DSM Network Settings

This fixed the issue for me