Menu
What's new
By:
Filters Better Search

OpenVPN client help

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

TT7

Occasional Visitor
Hi,

I'm new to all of this DD-WRT, Tomato and other custom firmware options so please be understanding.
We had DrayTek Vigor 2930n router and it developed some problems.
This router has VPN client already in firmware and it worked well for us while it lasted.
DrayTek router was replaced with Asus RT-N66U. Router was updated to 3.0.0.4.246 firmware and after that Merlin's custom firmware (3.0.0.4.220.18) was installed on it.
For some reason we are unable to use VPN client to connect to Astrill VPN service.

I have followed instructions to setup Tomato router at Astrill's web site on Asus RT-N66U.

https://www.astrill.com/knowledge-b...igure-OpenVPN-on-Tomato-firmware-routers.html

I understand that instructions are for Tomato firmware but from what I can see in Merlin's firmware rules & options are almost the same.
I posted router client setup screen shots showing VPN client configuration and error message from System Log.

http://img100.imageshack.us/slideshow/webplayer.php?id=90485157.jpg

Any help to setup this VPN client would be greatly appreciated.
 
Remove PORT in IP-number field, it's in next field. 207.126.92.3 8292<=remove.
 
Hi octopus,

Thank you for your help.

I tried to remove port number but router won't let me do it.
Error message is "Please enter a value between 1 to 65535"
I also tried default port 1194 with the same result as in my first post.
 
I tried different VPN server and got it working. :)
Now I have another problem. As soon as VPN connection is established I'm unable to open any web sites and vice versa. :confused:

===================================================

Oct 22 10:31:55 notify_rc : start_vpnclient2
Oct 22 10:31:55 kernel: tun: Universal TUN/TAP device driver, 1.6
Oct 22 10:31:55 openvpn[1723]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Sep 24 2012
Oct 22 10:31:55 openvpn[1723]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 22 10:31:55 openvpn[1723]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Oct 22 10:31:56 openvpn[1723]: LZO compression initialized
Oct 22 10:31:56 openvpn[1723]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Oct 22 10:31:56 openvpn[1723]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Oct 22 10:31:56 openvpn[1723]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Oct 22 10:31:56 openvpn[1728]: UDPv4 link local: [undef]
Oct 22 10:31:56 openvpn[1728]: UDPv4 link remote: 206.217.222.30:8292
Oct 22 10:31:56 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Oct 22 10:31:56 openvpn[1728]: TLS: Initial packet from 206.217.222.30:8292, sid=01b9d4da ab748e15
Oct 22 10:31:56 openvpn[1728]: VERIFY OK: depth=1, /C=../ST=../L=../O=../OU=../CN=ASCA/emailAddress=..
Oct 22 10:31:56 openvpn[1728]: VERIFY OK: depth=0, /C=../ST=../L=../O=../OU=../CN=server-206.217.222.30/emailAddress=..
Oct 22 10:31:57 openvpn[1728]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Oct 22 10:31:57 openvpn[1728]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 22 10:31:57 openvpn[1728]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Oct 22 10:31:57 openvpn[1728]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 22 10:31:57 openvpn[1728]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Oct 22 10:31:57 openvpn[1728]: [server-206.217.222.30] Peer Connection Initiated with 206.217.222.30:8292
Oct 22 10:32:00 openvpn[1728]: SENT CONTROL [server-206.217.222.30]: 'PUSH_REQUEST' (status=1)
Oct 22 10:32:05 openvpn[1728]: SENT CONTROL [server-206.217.222.30]: 'PUSH_REQUEST' (status=1)
Oct 22 10:32:05 openvpn[1728]: PUSH: Received control message: 'PUSH_REPLY,sndbuf 262144,rcvbuf 262144,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 5.5.0.1,ping 10,ping-restart 90,comp-lzo no,route-gateway 5.5.0.1,topology subnet,ifconfig 5.5.5.70 255.255.240.0'
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: LZO parms modified
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Oct 22 10:32:05 openvpn[1728]: Socket Buffers: R=[131072->229376] S=[131072->229376]
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: route options modified
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: route-related options modified
Oct 22 10:32:05 openvpn[1728]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 22 10:32:05 openvpn[1728]: TUN/TAP device tun12 opened
Oct 22 10:32:05 openvpn[1728]: TUN/TAP TX queue length set to 100
Oct 22 10:32:28 openvpn[1728]: Replay-window backtrack occurred [10]
 
Hello TT7
i have the same problem like you. i can not connect toastrill server can you show me your setup what i have to choose?

i tried the server with the openvpn application on windows, and there itworks. but i m not ableto connect with the router to astrill. maybe you can give me a hint how the setup should look like.

thank

br dave
 
hello

thanks for the reply
i have nothing to adjust or change in the advanced section?

in my openvpn.conf file are 4 keys, i don t know if i have to use every four or only the three like in the tutorial you attached in your posting.

greets dave
 
verkehrsminister said:
hello

thanks for the reply
i have nothing to adjust or change in the advanced section?

in my openvpn.conf file are 4 keys, i don t know if i have to use every four or only the three like in the tutorial you attached in your posting.

greets dave
Click to expand...

Just follow the tutorial exactly as they posted it, it should work. Asuswrt-Merlin has exactly the same options as Tomato which is used as the reference in that tutorial.

They don't change anything on the Advanced tab on the tutorial, so you shouldn't have to either.
 
i got every time the same log entries:

Nov 29 19:09:38 openvpn[791]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 29 19:09:38 openvpn[791]: TLS Error: TLS handshake failed
Nov 29 19:09:38 openvpn[791]: TCP/UDP: Closing socket
Nov 29 19:09:38 openvpn[791]: SIGUSR1[soft,tls-error] received, process restarting
Nov 29 19:09:38 openvpn[791]: Restart pause, 2 second(s)
Nov 29 19:09:40 openvpn[791]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 29 19:09:40 openvpn[791]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Nov 29 19:09:40 openvpn[791]: Re-using SSL/TLS context
Nov 29 19:09:40 openvpn[791]: LZO compression initialized
Nov 29 19:09:40 openvpn[791]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 29 19:09:40 openvpn[791]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Nov 29 19:09:40 openvpn[791]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 29 19:09:40 openvpn[791]: UDPv4 link local: [undef]
Nov 29 19:09:40 openvpn[791]: UDPv4 link remote: 107.6.116.64:8292
 
Double check your settings, especially the port and the IP.

You can also try increasing the amount of debug info being written:

nvram set vpn_loglevel=9
nvram commit
Click to expand...

Then reboot your router.

To revert back to the default value once you are done troubleshooting, set it back to "3".
 
the problem was that astrill is using from now on 4 keys. and i have to adjust some setting in the advande section, but now it works.
now i have to do the next steps.

thanks for the help
 
Can you post the details on how you got it working? That way other users of that VPN service will also be able to get it working :)
 
My setup for astrill
bild1pdbos7u504.jpg



and also this
bild2bg5lxyh4r1.jpg



and now 4 keys are needed
bild351k7onmiwe.jpg
 
Actually, it's two keys and two certificates. :) So they also require the entry of a static key for user authentication.

Thanks for posting the details!
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
357
elorimer
E
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
439
Grefyne
G
S
VPN blocking MMS text messages
Replies
8
Views
619
Piotrek
P
S
OpenVPN cloudconnexa connector egress configuration in Merlin GT-AXE16000
Replies
4
Views
757
blackdot
B
J
Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config
Replies
2
Views
648
jkbach
J
Similar threads
Thread starter Title Forum Replies Date
B No internet after turn on OpenVPN client Asuswrt-Merlin 4
Z Port forwarding for client connected to OpenVPN server Asuswrt-Merlin 0
J Reverse internet access through Asus-Merlin OpenVPN client. Asuswrt-Merlin 0
P Connect OpenVPN server with Client networks Asuswrt-Merlin 3
J Asus RT-AC68R /w latest Merlin 386.12 firmware - Openvpn client issue Asuswrt-Merlin 2
F OpenVPN client not resolving server local DNS names Asuswrt-Merlin 9
A Devices connect to my openvpn server correctly but no traffic from server to client Asuswrt-Merlin 6
A Port forwarding from OpenVPN Client Asuswrt-Merlin 4
S How to auto-restart remote clients (an Asus RT-AC68U) OpenVPN client Asuswrt-Merlin 45
P OpenVPN Client will use VPN to access... Asuswrt-Merlin 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 771 (members: 32, guests: 739)
Top