WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RTUX11 OPENVNP status INACTIVE

0 votes
562 views 2 comments
by anonymous

I am trying to create an OVPN server in the RUTX11 routers, following all the wiki tutorials on this subject, for which I created this configuration file server.ovpn

port 1194

proto udp4

dev tun

ca ca.crt

cert server.crt

key server.key  

dh dh2048.pem

server 172.16.1.0 255.255.240.0

ifconfig-pool-persist ipp.txt

keepalive 10 120

tls-auth ta.key 0

cipher BF-CBC 128

max-clients 10

persist-key

persist-tun

status openvpn-status.log

verb 3

explicit-exit-notify 1

like that I have tried with multiple options and I always have the same result... STATUS INACTIVE

Do you have any suggestions, something I can check?

Thanks

1 Answer

+1 vote
by anonymous

Hi, the problem is most likely that the paths to the certificate files are not correctly specified in the configuration file. Set up everything the same but in the WebUI and upload the certificate files in the same place. Like here - https://wiki.teltonika-networks.com/view/RUTX11_VPN#OpenVPN_Server

To view the details, for what reason it does not work, you need to connect to the router via SSH and, after authorization, execute the command logread | grep openvpn - for log output or logread -f | grep openvpn - for real time log output.

Best regards, Anton

by anonymous

after reviewing your comments, when reviewing the log file, it shows me this:




Wed May 4 16:48:06 2022 daemon.warn openvpn(CCTV)[16478]: DEPRECATED OPTION: 



--cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-1



28-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. 



Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data



-ciphers-fallback 'AES-256-CBC' to silence this warning. 



Wed May 4 16:48:06 2022 daemon.err openvpn(CCTV)[16478]: Cannot pre-load tls-



auth keyfile (C:\Program Files\OpenVPN\config\ta.key) 




















 












by 
anonymous
















You have exactly such a situation as I wrote in the first message. OpenVPN cannot find certificate and key files. The log shows the path to the authorization key in the Windows file system. And accordingly, such a path does not exist in the router's file system.



There are two ways to go here: 



    


  • The first is to set up an OpenVPN server from WebUI and upload certificate and key files there (generated in advance in any way).
    • 


  • The second is to manually upload keys and certificates via SSH to one of the folders in the router's file system and specify the correct path to these files in the configuration file.