FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,529 views 9 comments
by anonymous

I'm not able to connect with the router (RUT240) from an external network. I have followed the procedure : https://wiki.teltonika.lt/view/How_to_generate_TLS_certificates_(Windows)%3F

## How to setup OpenVPN client?

## 1. Install OpenVPN software on your platform.

## 2. Double click STAL4.ovpn file to create new connection profile.

## 3. Type username and password while connection.

client

dev tun

proto udp

remote <ip address> 1194

resolv-retry infinite

keepalive 5 10

nobind

persist-key

persist-tun

verb 3

<ca>

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>

<cert>

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</cert>

<key>

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

</key>

for the ca I used the data in the file ca.crt

for the cert I used the data in file client.crt

for the key I used the data in file client.key

When I try to connect I get the following (from the log of openvpn)

Fri Jun 14 11:23:56 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342

Fri Jun 14 11:23:56 2019 Need hold release from management interface, waiting...

Fri Jun 14 11:23:56 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342

Fri Jun 14 11:23:56 2019 MANAGEMENT: CMD 'state on'

Fri Jun 14 11:23:56 2019 MANAGEMENT: CMD 'log all on'

Fri Jun 14 11:23:56 2019 MANAGEMENT: CMD 'echo all on'

Fri Jun 14 11:23:56 2019 MANAGEMENT: CMD 'bytecount 5'

Fri Jun 14 11:23:56 2019 MANAGEMENT: CMD 'hold off'

Fri Jun 14 11:23:56 2019 MANAGEMENT: CMD 'hold release'

Fri Jun 14 11:23:56 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Fri Jun 14 11:23:56 2019 MANAGEMENT: >STATE:1560504236,RESOLVE,,,,,,

Fri Jun 14 11:23:56 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.yy.zz.aa:1194

Fri Jun 14 11:23:56 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Jun 14 11:23:56 2019 UDP link local: (not bound)

Fri Jun 14 11:23:56 2019 UDP link remote: [AF_INET]xx.yy.zz.aa:1194

Who can help me with this?

Thanks in advance.

Johan

by anonymous

Below is what I see when I got to the openVPN part of the router:

Thu Jun 20 10:41:15 2019 daemon.err openvpn(7365727665725F525554)[26137]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:15 2019 daemon.warn openvpn(7365727665725F525554)[26137]: Use --help for more information.

Thu Jun 20 10:41:20 2019 daemon.err openvpn(7365727665725F525554)[26170]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:20 2019 daemon.warn openvpn(7365727665725F525554)[26170]: Use --help for more information.

Thu Jun 20 10:41:25 2019 daemon.err openvpn(7365727665725F525554)[26192]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:25 2019 daemon.warn openvpn(7365727665725F525554)[26192]: Use --help for more information.

Thu Jun 20 10:41:30 2019 daemon.err openvpn(7365727665725F525554)[26211]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:30 2019 daemon.warn openvpn(7365727665725F525554)[26211]: Use --help for more information.

Thu Jun 20 10:41:35 2019 daemon.err openvpn(7365727665725F525554)[26263]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:35 2019 daemon.warn openvpn(7365727665725F525554)[26263]: Use --help for more information.

Thu Jun 20 10:41:40 2019 daemon.err openvpn(7365727665725F525554)[26305]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:40 2019 daemon.warn openvpn(7365727665725F525554)[26305]: Use --help for more information.

Thu Jun 20 10:41:40 2019 daemon.info procd: Instance openvpn::7365727665725F525554 s in a crash loop 6 crashes, 0 seconds since last crash

Thu Jun 20 10:41:41 2019 daemon.err openvpn(7365727665725F525554)[26339]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:41 2019 daemon.warn openvpn(7365727665725F525554)[26339]: Use --help for more information.

Thu Jun 20 10:41:42 2019 local1.notice fwblock[26364]: Started fwblock

Thu Jun 20 10:41:42 2019 local1.notice fwblock[26364]: Applying SSH blocks

Thu Jun 20 10:41:42 2019 local1.notice fwblock[26364]: Applying WebUI blocks

Thu Jun 20 10:41:42 2019 authpriv.info dropbear[26376]: Exit before auth: No matching algo mac c->s

Thu Jun 20 10:41:43 2019 authpriv.info dropbear[26402]: Exit before auth: No matching algo mac c->s

Thu Jun 20 10:41:48 2019 local1.crit luci-reload[26485]: START==1

Thu Jun 20 10:41:48 2019 authpriv.info dropbear[26480]: Exit before auth: Exited normally

Thu Jun 20 10:41:55 2019 daemon.err openvpn(7365727665725F525554)[26609]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:41:55 2019 daemon.warn openvpn(7365727665725F525554)[26609]: Use --help for more information.

Thu Jun 20 10:42:00 2019 daemon.err openvpn(7365727665725F525554)[26642]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route (2.4.5)

Thu Jun 20 10:42:00 2019 daemon.warn openvpn(7365727665725F525554)[26642]: Use --help for more information.

I do not see anything happen when I'm trying to login.
by anonymous
When do logread -f you don't see any firewall messages.

1 Answer

0 votes
by anonymous

Hello,

Are you using an OpenVPN client on windows?

The config that you pasted seems to be missing a remote IP address or did you redact it before pasting it here?

Also did you copy the whole content from .crt file or just the certificate part? You only need a certificate part

Example:

-----BEGIN CERTIFICATE-----
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000==
-----END CERTIFICATE-----

Also can you try using this manual instead for your configuration?  OpenVPN manual

by anonymous

A remote IP is in the config but filtered this out for this topic. I copied the complete text as in your example to the config.

Are you using an OpenVPN client on windows? => Yes

by anonymous
Can you send the routers troubleshoot file to me as a private message?
by anonymous
Hello,

From a troubleshoot file you provided I noticed that you don't have a public IP address on your router and OpenVPN server must have one or have port forwarded to your private IP. I think in this case you are connected to a mobile network and operator is leasing you a private IP.

/Danius
by anonymous

I have accomplished now that I have a really public IP address on the router. 

I still don't get the openVPN working,

I created the certification confirm youre website: https://wiki.teltonika.lt/view/How_to_generate_TLS_certificates_(Windows)%3F

I getting the result below once trying to connect:

WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Jun 20 09:58:19 2019 MANAGEMENT: >STATE:1561017499,RESOLVE,,,,,,

Thu Jun 20 09:58:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]178.225

by anonymous
Hello, what do router logs show?

/Danius
by anonymous
I was looking into the router but could not find these logs. Where can I find these logs? It would be great to see why it's not succeeding.

I have create other ovpn files as well for other servers and these working fine.
by anonymous
You can connect to the router via ssh using some kind of ssh client (Putty for windows or through terminal using Linux/Mac), user name is root when connecting through ssh and password is the one you use to connect to web interface.

Run a command: logread -f and you can see logs in real time

alternatively you can download the troubleshoot file your self and log file will be in there, but in my opinion it would be better to see them in real time via ssh.