10456 questions

12462 answers

19387 comments

21897 members

0 votes
106 views 3 comments
by

Hello,

I am trying to setup a vpn client on my RUT950. Last try using the latest firmware the RUT9_R_00.07.01.4
The server is open vpn setup in a cloud. Both udp and tcp are active server side but I guess UDP only should be fine on client.

I have try many options, from file, or manually with different settings and unfortunatly it stays disconnected.
Here are some logs and a screenshoot of the last config try.

Have a nice day,
Thank you in advance

SSH logs :

Tue Apr 26 11:20:15 2022 kern.notice kernel: openvpn configuration has been changed

Tue Apr 26 11:20:15 2022 kern.notice kernel: profiles configuration has been changed

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[20030]: SIGTERM[hard,init_instance] received, process exiting

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: OpenVPN 2.5.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10

Tue Apr 26 11:20:18 2022 daemon.warn openvpn(one950)[3069]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Tue Apr 26 11:20:18 2022 daemon.warn openvpn(one950)[3069]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: TCP/UDP: Preserving recently used remote address: [AF_INET]163.172.136.91:1194

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: UDP link local: (not bound)

Tue Apr 26 11:20:18 2022 daemon.notice openvpn(one950)[3069]: UDP link remote: [AF_INET]163.172.136.91:1194

by

Hello,

Could you please allow the OpenVPN tunnel to try connecting to the server for a few minutes, then generate a troubleshoot file and attach it here or send it to me via private message? I'll leave instructions regarding how to generate the troubleshoot file as well as brief description about what it is below.

What's a troubleshoot file and how to generate it?

A Troubleshoot file contains the device's event logs, configuration files and other information useful for diagnostics. It can be downloaded from your device's WebUI, Troubleshoot page:

System → Administration → Troubleshoot

In addition, please verify whether OpenVPN server is actually accepting TCP/UDP connections on port 1194, by using another client device if possible - please make sure that the server firewall is not rejecting/dropping incoming packets from the outside world.

Best regards,

Tomas.

1 Answer

0 votes
by

Hello,

Could you please allow the OpenVPN tunnel to try connecting to the server for a few minutes, then generate a troubleshoot file and attach it here or send it to me via private message? I'll leave instructions regarding how to generate the troubleshoot file as well as brief description about what it is below.

What's a troubleshoot file and how to generate it?

A Troubleshoot file contains the device's event logs, configuration files and other information useful for diagnostics. It can be downloaded from your device's WebUI, Troubleshoot page:

System → Administration → Troubleshoot

In addition, please verify whether OpenVPN server is actually accepting TCP/UDP connections on port 1194, by using another client device if possible - please make sure that the server firewall is not rejecting/dropping incoming packets from the outside world.

Best regards,

Tomas.

by
I retried generating a troubleshoot.

I write you everything by private message.

Using the same certificate from another device works. I give you also the certificate I will destroy it later.

Have a nice day,
by

Hello,

It seems that the issue is related to IPv6 interaction with OpenVPN, this is the error from logs, which causes the tunnel to fail:

daemon.err openvpn(2ndTry)[25427]: Linux can't add IPv6 to interface tun_c_2ndTry

Could you try adding the following options in the OpenVPN configuration, "Extra options" field to see if it resolves the issue:

pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6

These commands should force the client side to ignore any IPv6 settings, which are being pushed from the server to the client. Please let me know if it makes things work for you.

Best regards,

Tomas.