I have working openvpn servers running on two machines, and several clients (primarily Tunnelblick) that connect to those servers. I would like to move from client connections to Asuswrt-Merlin, so I created a .ovpn file for my ASUS RT-AC66U and uploaded it to OpenVPN Client 1. When I slide the enable switch from on to off, it says processing for a while and then returns to the OpenVPN Client window with slider turned back off. The server log file contains no mention of a connection attempt. I have elided things that don't need to be posted with "...".
Any ideas on what might be wrong or how to debug this?
One question: my certificate authority create ECDSA keys by default. Is this supported by Asuswrt-Merlin?
Here is the uploaded .ovpn file:
# Mode
client
# IP Protocol
proto udp
# Local UDP port for packet transport
nobind
# Internet address of maple.killian.com
remote 216.229.97.145 1194
# Enable compression
comp-lzo
# Choose encryption algorithm
reneg-sec 1800
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-128-CBC
# Choose digest algorithm
auth SHA256
#
# Authentication/encryption
#
# In SSL/TLS key exchange, we will assume the client role
tls-client
# Verify maple.killian.com's CN
verify-x509-name '...' subject
# Certificate Authority file
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<crl-verify>
-----BEGIN X509 CRL-----
...
-----END X509 CRL-----
</crl-verify>
# Our certificate/public key
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
# Our private key
<key>
-----BEGIN EC PARAMETERS-----
...
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
</key>
Any ideas on what might be wrong or how to debug this?
One question: my certificate authority create ECDSA keys by default. Is this supported by Asuswrt-Merlin?
Here is the uploaded .ovpn file:
# Mode
client
# IP Protocol
proto udp
# Local UDP port for packet transport
nobind
# Internet address of maple.killian.com
remote 216.229.97.145 1194
# Enable compression
comp-lzo
# Choose encryption algorithm
reneg-sec 1800
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-128-CBC
# Choose digest algorithm
auth SHA256
#
# Authentication/encryption
#
# In SSL/TLS key exchange, we will assume the client role
tls-client
# Verify maple.killian.com's CN
verify-x509-name '...' subject
# Certificate Authority file
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<crl-verify>
-----BEGIN X509 CRL-----
...
-----END X509 CRL-----
</crl-verify>
# Our certificate/public key
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
# Our private key
<key>
-----BEGIN EC PARAMETERS-----
...
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
</key>