FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
+1 vote
1,100 views 5 comments
by

I try establish OpenVPN connection between server - RUT240  and three clients - TRB145.

RUT240 -> FW ver.: RUT2XX_R_00.01.12.3

TRB145 - FW ver.: TRB1_R_00.02.04.3

Server configuration:

Client configuration:

When I try connect to server, I have error in logs:

Fri Sep 18 07:14:42 2020 kern.notice kernel: openvpn configuration has been changed

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10

Fri Sep 18 07:14:43 2020 daemon.warn openvpn(VPN_CLT)[10146]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: LZO compression initializing

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]

Fri Sep 18 07:14:43 2020 daemon.err openvpn(VPN_CLT)[10146]: Assertion failed at socket.c:337

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: Exiting due to fatal error

Fri Sep 18 07:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: sending renew to 10.205.166.25

Fri Sep 18 07:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: lease of 10.205.166.24 obtained, lease time 7200

Fri Sep 18 08:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: sending renew to 10.205.166.25

Fri Sep 18 08:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: lease of 10.205.166.24 obtained, lease time 7200

Fri Sep 18 08:30:12 2020 kern.notice kernel: firewall configuration has been changed

Fri Sep 18 08:30:12 2020 kern.notice kernel: openvpn configuration has been changed

Fri Sep 18 08:30:23 2020 kern.notice kernel: firewall configuration has been changed

Fri Sep 18 08:30:23 2020 kern.notice kernel: openvpn configuration has been changed

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10

Fri Sep 18 08:30:25 2020 daemon.warn openvpn(VPN_CLT)[10080]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: LZO compression initializing

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]

Fri Sep 18 08:30:25 2020 daemon.err openvpn(VPN_CLT)[10080]: Assertion failed at socket.c:337

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: Exiting due to fatal error

I try also connect to RUT240 server with OpenVPN windows client. Client connect to the server and get public IP. But I cannot ping server (adress: 10.0.0.1) .

1 Answer

0 votes
by anonymous

Hi,

Sorry, but I can't see the log you've attached, could you please try adding a better quality one or output the text you get in the log?

Also, have you checked the routes? It seems that you didn't push any of the routes and your devices are lost.

The next thing to check would be if you have initiated a connection at all: ifconfig should show you a new interface with the name of OpenVPN client or server interface. Also, you should see the IPs there too.

Regarding Windows - make sure your firewall is off and try again, if you see that your windows got a new network adapter that has an active connection and IP in 10.0.0.0 subnet - you should be able to ping, unless (again) the RUT240 firewall isn't configured to allow incoming pings from OpenVPN side. 

EB.

by anonymous
Also, reference this thread as a reference: https://community.teltonika-networks.com/22214/openvpn-site-to-site-connection-between-rutx11-and-rut955?show=22214#q22214

There you will find a link to the wiki, and some route examples - that might also help you in configuring.

EB.
by

My logs:

Fri Sep 18 07:14:42 2020 kern.notice kernel: openvpn configuration has been changed

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10

Fri Sep 18 07:14:43 2020 daemon.warn openvpn(VPN_CLT)[10146]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: LZO compression initializing

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]

Fri Sep 18 07:14:43 2020 daemon.err openvpn(VPN_CLT)[10146]: Assertion failed at socket.c:337

Fri Sep 18 07:14:43 2020 daemon.notice openvpn(VPN_CLT)[10146]: Exiting due to fatal error

Fri Sep 18 07:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: sending renew to 10.205.166.25

Fri Sep 18 07:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: lease of 10.205.166.24 obtained, lease time 7200

Fri Sep 18 08:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: sending renew to 10.205.166.25

Fri Sep 18 08:16:39 2020 daemon.notice netifd: mob1s1a1_4 (4309): udhcpc: lease of 10.205.166.24 obtained, lease time 7200

Fri Sep 18 08:30:12 2020 kern.notice kernel: firewall configuration has been changed

Fri Sep 18 08:30:12 2020 kern.notice kernel: openvpn configuration has been changed

Fri Sep 18 08:30:23 2020 kern.notice kernel: firewall configuration has been changed

Fri Sep 18 08:30:23 2020 kern.notice kernel: openvpn configuration has been changed

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10

Fri Sep 18 08:30:25 2020 daemon.warn openvpn(VPN_CLT)[10080]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: LZO compression initializing

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]

Fri Sep 18 08:30:25 2020 daemon.err openvpn(VPN_CLT)[10080]: Assertion failed at socket.c:337

Fri Sep 18 08:30:25 2020 daemon.notice openvpn(VPN_CLT)[10080]: Exiting due to fatal error

by

On server I have new interface. IFCONFIG on server:

root@Teltonika-RUT240:~# ifconfig                                             

br-lan    Link encap:Ethernet  HWaddr 00:1E:42:2F:C8:CC

          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0 

          inet6 addr: fe80::21e:42ff:fe2f:c8cc/64 Scope:Link                                           

          RX packets:25833 errors:0 dropped:0 overruns:0 frame:0                                       

                                                                                                       

          TX packets:12532 errors:0 dropped:0 overruns:0 carrier:0                                     

          RX bytes:2709449 (2.5 MiB)  TX bytes:5340686 (5.0 MiB)   

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                                           

          RX packets:25880 errors:0 dropped:47 overruns:0 frame:0                                      

          collisions:0 txqueuelen:1000 pped:0 overruns:0 carrier:0                                     

                                                                                                       

          RX bytes:3073931 (2.9 MiB)  TX bytes:5340128 (5.0 MiB)                                       

          Interrupt:5                                                                                  

eth1      Link encap:Ethernet  HWaddr 00:1E:42:2F:C8:CD                                                

                                                                                                       

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0                                           

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                                         

                                                                                                       

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)                                                       

          Interrupt:4                                                                                  

                                                                                                       

lo        Link encap:Local Loopback                                                                    

          inet addr:127.0.0.1  Mask:255.0.0.0                                                          

                                                                                                       

          UP LOOPBACK RUNNING  MTU:65536  Metric:1                                                     

          RX packets:4248 errors:0 dropped:0 overruns:0 frame:0                                        

                                                                                                       

          collisions:0 txqueuelen:0 ropped:0 overruns:0 carrier:0                                      

          RX bytes:309430 (302.1 KiB)  TX bytes:309430 (302.1 KiB)                                     

                                                                                                       

tun_s_ZGK_KatyW Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00              

          inet addr:10.0.0.1  P-t-P:10.0.0.2  Mask:255.255.255.255

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0Metric:1

          TX packets:37 errors:0 dropped:0 overruns:0 carrier:0 

          RX bytes:0 (0.0 B)  TX bytes:3108 (3.0 KiB)                                                

          inet addr:87.251.236.220  Bcast:87.251.236.223  Mask:255.255.255.248                         

          inet6 addr: fe80::746d:6eff:fed0:ebd5/64 Scope:Link                                                                                                             

          RX packets:17551 errors:0 dropped:0 overruns:0 frame:0:1                                     

          TX packets:18911 errors:0 dropped:0 overruns:0 carrier:0                                     

          RX bytes:3402619 (3.2 MiB)  TX bytes:2083578 (1.9 MiB)  

But on client TRB145 I don't have new interface. VPN status is disconnected.

by

Regarding Windows, I try connect, when firewall is off. I have new network adapter:

 

But I cannot ping server (addres: 10.0.0.1). I check server firewall configuration and now it is like on picture:

 

by anonymous

Could you try redoing it?

I just tested myself with the same configuration as yours (except I didn't configure TLS clients, left it empty, and set the HMAC authentication algorithm to SHA256 (You will have to generate certificates newly with SHA1 changed to SHA256 if you're going to try SHA256).

And everything works, I'm able to ping 10.0.0.1 from the client and 10.0.0.6 from the server.

So try to configure everything one by one.

The only hiccup I had was that the OpenVPN client didn't start after configuring it on TRB145, had to restart the gateway and only then it got up.

So just reset the routers and try again as there is something that stops you and it's unknown.

EB.