OpenVPN no bytes in

[Mobo1964]

For two years I had a Asus RT66AC router with OpenVPN working, two weeks ago this router died.
Now I have a new (RT66AC) one and I am not abble to get OpenVPN working, the backup is not a solution.

I have tried a fresh install, created new keys, new clients but it is only sending bytes out, but not receiving it waiting for server.

Merlin Firmware:378.52_2 is used.
Anyone a suggestion?

Regards,
Marco

 

[RMerlin]

Check the System Log on your router, it might give more info as to what is going on at connection time.

 

[Mobo1964]

In the system log there is when I try to connect: TLS Error: TLS handshake failed

I disabled the FW on the router without success.

iptables -L | grep 443
TRIGGER udp -- anywhere anywhere udp dpt:https TRIGGER typeut udp match:443 relate:443

Ipaddress router 192.168.0.254
DHCP Scope 192.168.0.100 - 192.168.0.200

My server openvpn.conf (Asus RT66AC)
# Automatically generated configuration
daemon
server 192.168.10.0 255.255.255.0
proto udp
port 443
dev tun21
cipher AES-256-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.0.0 255.255.255.0"
client-config-dir ccd
client-to-client
duplicate-cn
push "dhcp-option DNS 192.168.0.254"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
duplicate-cn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

# Custom Configuration
username-as-common-name
push "route 192.168.10.0 255.255.255.0

##Android 5.02
Client.ovpn
client
dev tun
proto udp
remote thuis.asuscomm.com 443
float
cipher AES-256-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
ca ca.crt
cert thuis.crt
key thuis.key

resolv-retry infinite
nobind

 

[RMerlin]

In the system log there is when I try to connect: TLS Error: TLS handshake failed

We'll need the entire context, please post the content of syslog, including the surrounding lines. Chances are you have a more explicit reason shown just before the handshake failed one.

 

[Mobo1964]

Attached syslog and stripped nvram.log

 

[RMerlin]

Attached syslog and stripped nvram.log

Try testing from outside of your LAN, otherwise you might be having issues related to the NAT loopback.

 

[Mobo1964]

I created the certificates on the Asus router. The OpenVPN setup is adding Certificate Authority, Server Certificate and Server Key in the configuration. I assumed this where the created files on the server (Asus Router) with easy-rsa. When controlling the CA with https://www.sslshopper.com/certificate-decoder.html I saw that the CA information was from Asus and not the one I created.
Changing the files by the one I created the problem was solved.

 

[Raphael Paulino Goncalves]

Hello Merlin!

I have the same isse.
When I try to connect, no bytes in. The screen is the same of Mobo1964.
I am teying also to connect trought PPTP, but also unable.
Do you have any ideas?
I am attaching the syslog
Thanks!

 

[RMerlin]

Hello Merlin!

I have the same isse.
When I try to connect, no bytes in. The screen is the same of Mobo1964.
I am teying also to connect trought PPTP, but also unable.
Do you have any ideas?
I am attaching the syslog
Thanks!

There isn't a single entry related to OpenVPN in that log.

 

[Raphael Paulino Goncalves]

Hum...

I tried to connect several times using OpenVPN and PPTP.
If the log file does not show a single entry, what else could be? Is there any configuration in the router that could might be blocking the packages I am sending? And by doing so, the router does not identify any action and therefore does not write it at the log? I tried to disable the router firewall but I got no luck...


Thanks for your time
Raphael

 

[RMerlin]

Could be anything, from failure to start the OpenVPN server, to your modem blocking the port, or a configuration issue on your end with the client. Start by looking at the log content right after you start the OpenVPN server.

 

[InkyRag]

Hum...

I tried to connect several times using OpenVPN and PPTP.
If the log file does not show a single entry, what else could be? Is there any configuration in the router that could might be blocking the packages I am sending? And by doing so, the router does not identify any action and therefore does not write it at the log? I tried to disable the router firewall but I got no luck...


Thanks for your time
Raphael

You need to change the protocol from UDP to TLS on the VPN Details page and then regenerate your credentials. Android doesn't work with UDP.

 

[Raphael Paulino Goncalves]

Merlin, InkRag,

I solved the issue.
When Merlin said that "There isn't a single entry related to OpenVPN in that log", that gave me the clue that the problem could might be related to something else than the router, since the VPN client wasn't even able to reach the server.
I am using the NO-IP service for DDNS and I found that my settings under NO-IP website was messed up.
I fixed my account settings and now it is working again, the problem was not related to the router, but to my DDNS account (NO-IP.com)

Thanks for your help and time.
Regards