openVPN/strongVPN doesnt work. 264.22

[purezerg]

I tried connecting to strongVPN via openVPN, but it's not working.

however, if i connect via openVPN GUI provided by strongVPN. I'm able to secure an connection. please advise.

this is the error message i got.

Jan 1 08:21:27 openvpn[814]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 1 08:21:27 openvpn[814]: TLS Error: TLS handshake failed
Jan 1 08:21:27 openvpn[814]: TCP/UDP: Closing socket
Jan 1 08:21:27 openvpn[814]: SIGUSR1[soft,tls-error] received, process restarting
Jan 1 08:21:27 openvpn[814]: Restart pause, 2 second(s)
Jan 1 08:21:29 openvpn[814]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 1 08:21:29 openvpn[814]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 08:21:29 openvpn[814]: Re-using SSL/TLS context
Jan 1 08:21:29 openvpn[814]: LZO compression initialized
Jan 1 08:21:29 openvpn[814]: Control Channel MTU parms [ L:1546 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jan 1 08:21:29 openvpn[814]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Jan 1 08:21:29 openvpn[814]: Data Channel MTU parms [ L:1546 D:1390 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 1 08:21:29 openvpn[814]: Fragmentation MTU parms [ L:1546 D:1390 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Jan 1 08:21:29 openvpn[814]: UDPv4 link local: [undef]
Jan 1 08:21:29 openvpn[814]: UDPv4 link remote: xx.xx.xx.xx:1289



-----------------------------------------

remote xx.xx.xx.xx 1289 udp
remote xx.xx.xx.xx 123 udp
remote xx.xx.xx.xx 53 udp
key-direction 1
cipher BF-CBC
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
verb 4
reneg-sec 86400
echo vpnxx ovpnxxx
tun-mtu 1500
route-method exe
route-delay 2
redirect-gateway def1
comp-lzo no
explicit-exit-notify 2
fragment 1390
mssfix 1390
hand-window 30

 

[purezerg]

this is the log of the openVPN GUI software.

Sun Dec 23 02:20:49 2012 OpenVPN 2.3_beta1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Sep 14 2012
Sun Dec 23 02:20:49 2012 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.10:25340
Sun Dec 23 02:20:49 2012 Need hold release from management interface, waiting...
Sun Dec 23 02:20:50 2012 MANAGEMENT: Client connected from [AF_INET]127.0.0.10:25340
Sun Dec 23 02:20:50 2012 MANAGEMENT: CMD 'state on'
Sun Dec 23 02:20:50 2012 MANAGEMENT: CMD 'log all on'
Sun Dec 23 02:20:50 2012 MANAGEMENT: CMD 'hold off'
Sun Dec 23 02:20:50 2012 MANAGEMENT: CMD 'hold release'
Sun Dec 23 02:20:50 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Dec 23 02:20:50 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Dec 23 02:20:50 2012 Control Channel Authentication: tls-auth using INLINE static key file
Sun Dec 23 02:20:50 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 23 02:20:50 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 23 02:20:50 2012 LZO compression initialized
Sun Dec 23 02:20:50 2012 Control Channel MTU parms [ L:1546 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Dec 23 02:20:50 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Dec 23 02:20:50 2012 Data Channel MTU parms [ L:1546 D:1390 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Dec 23 02:20:50 2012 Fragmentation MTU parms [ L:1546 D:1390 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Sun Dec 23 02:20:50 2012 Local Options String: 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Dec 23 02:20:50 2012 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Dec 23 02:20:50 2012 Local Options hash (VER=V4): '551868c6'
Sun Dec 23 02:20:50 2012 Expected Remote Options hash (VER=V4): 'e34c1722'
Sun Dec 23 02:20:50 2012 UDPv4 link local: [undef]
Sun Dec 23 02:20:50 2012 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1289
Sun Dec 23 02:20:50 2012 MANAGEMENT: >STATE:1356200450,WAIT,,,
Sun Dec 23 02:20:50 2012 MANAGEMENT: >STATE:1356200450,AUTH,,,
Sun Dec 23 02:20:50 2012 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1289, sid=a5d4e9ee 526f8de4
Sun Dec 23 02:20:51 2012 VERIFY OK: depth=1, C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=ovpn186, emailAddress=techies@reliablehosting.com
Sun Dec 23 02:20:51 2012 VERIFY OK: depth=0, C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=vpn22, emailAddress=techies@reliablehosting.com
Sun Dec 23 02:20:52 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Dec 23 02:20:52 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 23 02:20:52 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Dec 23 02:20:52 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 23 02:20:52 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Dec 23 02:20:52 2012 [vpn22] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1289
Sun Dec 23 02:20:53 2012 MANAGEMENT: >STATE:1356200453,GET_CONFIG,,,
Sun Dec 23 02:20:54 2012 SENT CONTROL [vpn22]: 'PUSH_REQUEST' (status=1)
Sun Dec 23 02:20:54 2012 PUSH: Received control message: 'PUSH_REPLY,ping 1,ping-restart 60,route-delay 2,route-metric 1,dhcp-option DNS 207.204.224.10,dhcp-option DNS 68.68.32.123,route 10.8.5.209,topology net30,ifconfig 10.8.5.214 10.8.5.213'
Sun Dec 23 02:20:54 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sun Dec 23 02:20:54 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Dec 23 02:20:54 2012 OPTIONS IMPORT: route options modified
Sun Dec 23 02:20:54 2012 OPTIONS IMPORT: route-related options modified
Sun Dec 23 02:20:54 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Dec 23 02:20:54 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Dec 23 02:20:54 2012 MANAGEMENT: >STATE:1356200454,ASSIGN_IP,,10.8.5.214,
Sun Dec 23 02:20:54 2012 open_tun, tt->ipv6=0
Sun Dec 23 02:20:54 2012 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{1E9EE446-48B7-4393-BA39-C63C472E9572}.tap
Sun Dec 23 02:20:54 2012 TAP-Windows Driver Version 9.9
Sun Dec 23 02:20:54 2012 TAP-Windows MTU=1500
Sun Dec 23 02:20:54 2012 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.5.214/255.255.255.252 on interface {1E9EE446-48B7-4393-BA39-C63C472E9572} [DHCP-serv: 10.8.5.213, lease-time: 31536000]
Sun Dec 23 02:20:54 2012 DHCP option string: 0608cfcc e00a4444 207b
Sun Dec 23 02:20:54 2012 Successful ARP Flush on interface [29] {1E9EE446-48B7-4393-BA39-C63C472E9572}
Sun Dec 23 02:20:56 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Dec 23 02:20:56 2012 C:\Windows\system32\route.exe ADD xx.xx.xx.xx MASK 255.255.255.255 192.168.1.1
Sun Dec 23 02:20:56 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 23 02:20:56 2012 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.5.213
Sun Dec 23 02:20:56 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 23 02:20:56 2012 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.5.213
Sun Dec 23 02:20:56 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 23 02:20:56 2012 MANAGEMENT: >STATE:1356200456,ADD_ROUTES,,,
Sun Dec 23 02:20:56 2012 C:\Windows\system32\route.exe ADD 10.8.5.209 MASK 255.255.255.255 10.8.5.213 METRIC 1
Sun Dec 23 02:20:56 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 23 02:20:56 2012 Initialization Sequence Completed
Sun Dec 23 02:20:56 2012 MANAGEMENT: >STATE:1356200456,CONNECTED,SUCCESS,10.8.5.214,xx.xx.xx.xx

 

[purezerg]

this is what i got after i did this

nvram set vpn_loglevel=9
nvram commit



Jan 1 08:06:48 openvpn[893]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 1 08:06:48 openvpn[893]: TLS Error: TLS handshake failed
Jan 1 08:06:48 openvpn[893]: TCP/UDP: Closing socket
Jan 1 08:06:48 openvpn[893]: SIGUSR1[soft,tls-error] received, process restarting
Jan 1 08:06:48 openvpn[893]: Restart pause, 2 second(s)
Jan 1 08:06:50 openvpn[893]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 1 08:06:50 openvpn[893]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 08:06:50 openvpn[893]: Re-using SSL/TLS context
Jan 1 08:06:50 openvpn[893]: LZO compression initialized
Jan 1 08:06:50 openvpn[893]: Control Channel MTU parms [ L:1546 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jan 1 08:06:50 openvpn[893]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Jan 1 08:06:50 openvpn[893]: Data Channel MTU parms [ L:1546 D:1390 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 1 08:06:50 openvpn[893]: Fragmentation MTU parms [ L:1546 D:1390 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Jan 1 08:06:50 openvpn[893]: UDPv4 link local: [undef]
Jan 1 08:06:50 openvpn[893]: UDPv4 link remote: 207.204.232.61:1289
Jan 1 08:06:51 openvpn[893]: event_wait returned 0
Jan 1 08:06:52 openvpn[893]: event_wait returned 0
Jan 1 08:06:52 openvpn[893]: event_wait returned 1
Jan 1 08:06:52 openvpn[893]: UDPv4 WRITE [42] to 207.204.232.61:1289: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=2fbf54fa 19dc4ee0 tls_hmac=5a5c7c43 1112260f a74d335d 5de65544 171b11a1 pid=[ #2 / time = (1293840410) Sat Jan 1 08:06:50 2011 ] [ ] pid=0 DATA
Jan 1 08:06:52 openvpn[893]: UDPv4 write returned 42
Jan 1 08:06:54 openvpn[893]: event_wait returned 0
Jan 1 08:06:55 openvpn[893]: event_wait returned 0
Jan 1 08:06:56 openvpn[893]: event_wait returned 0
Jan 1 08:06:56 openvpn[893]: event_wait returned 1
Jan 1 08:06:56 openvpn[893]: UDPv4 WRITE [42] to 207.204.232.61:1289: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=2fbf54fa 19dc4ee0 tls_hmac=1a8bf064 3b4f7307 eb91d946 6e268ffb 4082941b pid=[ #3 / time = (1293840410) Sat Jan 1 08:06:50 2011 ] [ ] pid=0 DATA
Jan 1 08:06:56 openvpn[893]: UDPv4 write returned 42
Jan 1 08:06:57 openvpn[893]: event_wait returned 0
Jan 1 08:06:58 openvpn[893]: event_wait returned 0

 

[Txdk]

change to tcp instead of udp

I tried connecting to strongVPN via openVPN, but it's not working.

however, if i connect via openVPN GUI provided by strongVPN. I'm able to secure an connection. please advise.

this is the error message i got.

Jan 1 08:21:27 openvpn[814]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 1 08:21:27 openvpn[814]: TLS Error: TLS handshake failed
Jan 1 08:21:27 openvpn[814]: TCP/UDP: Closing socket
Jan 1 08:21:27 openvpn[814]: SIGUSR1[soft,tls-error] received, process restarting
Jan 1 08:21:27 openvpn[814]: Restart pause, 2 second(s)
Jan 1 08:21:29 openvpn[814]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 1 08:21:29 openvpn[814]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 08:21:29 openvpn[814]: Re-using SSL/TLS context
Jan 1 08:21:29 openvpn[814]: LZO compression initialized
Jan 1 08:21:29 openvpn[814]: Control Channel MTU parms [ L:1546 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jan 1 08:21:29 openvpn[814]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Jan 1 08:21:29 openvpn[814]: Data Channel MTU parms [ L:1546 D:1390 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 1 08:21:29 openvpn[814]: Fragmentation MTU parms [ L:1546 D:1390 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Jan 1 08:21:29 openvpn[814]: UDPv4 link local: [undef]
Jan 1 08:21:29 openvpn[814]: UDPv4 link remote: xx.xx.xx.xx:1289



-----------------------------------------

remote xx.xx.xx.xx 1289 udp
remote xx.xx.xx.xx 123 udp
remote xx.xx.xx.xx 53 udp
key-direction 1
cipher BF-CBC
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
verb 4
reneg-sec 86400
echo vpnxx ovpnxxx
tun-mtu 1500
route-method exe
route-delay 2
redirect-gateway def1
comp-lzo no
explicit-exit-notify 2
fragment 1390
mssfix 1390
hand-window 30

 

[RMerlin]

Your clock isn't set properly, it still shows January 1st, so any SSL handshaking will fail.

Recheck your NTP settings.

 

[purezerg]

I tried TCP. win7 couldnt secure the connection. I guess china is blocking or something went wrong. I tried 443, 83 and 1434 on tun-mtu1100 and tun-mtu1500 for each 3 ports.


as for UDP1289, win7 is able to connect
what else am i missing. I have changed NTP server. now the time correct





Dec 23 13:23:17 openvpn[624]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 23 13:23:17 openvpn[624]: TLS Error: TLS handshake failed
Dec 23 13:23:17 openvpn[624]: TCP/UDP: Closing socket
Dec 23 13:23:17 openvpn[624]: SIGUSR1[soft,tls-error] received, process restarting
Dec 23 13:23:17 openvpn[624]: Restart pause, 2 second(s)
Dec 23 13:23:19 openvpn[624]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Dec 23 13:23:19 openvpn[624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 23 13:23:19 openvpn[624]: Re-using SSL/TLS context
Dec 23 13:23:19 openvpn[624]: LZO compression initialized
Dec 23 13:23:19 openvpn[624]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1100)
Dec 23 13:23:19 openvpn[624]: Control Channel MTU parms [ L:1146 D:166 EF:66 EB:0 ET:0 EL:0 ]
Dec 23 13:23:19 openvpn[624]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Dec 23 13:23:19 openvpn[624]: Data Channel MTU parms [ L:1146 D:1146 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 23 13:23:19 openvpn[624]: Fragmentation MTU parms [ L:1146 D:1146 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Dec 23 13:23:19 openvpn[624]: UDPv4 link local: [undef]

 

[RMerlin]

I tried TCP. win7 couldnt secure the connection. I guess china is blocking or something went wrong. I tried 443, 83 and 1434 on tun-mtu1100 and tun-mtu1500 for each 3 ports.

If you are in China then yes, they recently started blocking VPN technologies in the recent weeks.

 

[purezerg]

ok. i went back to UDP 1289. am able to connect via WIN7. but my RT-AC66U is still not able to connect.

remote 207.204.232.61 1289 udp
remote 207.204.232.61 123 udp
remote 207.204.232.61 53 udp
key-direction 1
cipher BF-CBC
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
verb 4
reneg-sec 86400
echo vpn22 ovpn186
tun-mtu 1100
route-method exe
route-delay 2
redirect-gateway def1
comp-lzo no
explicit-exit-notify 2
fragment 1390
mssfix 1390
hand-window 30
<ca>

 

[CaptainSTX]

China OpenVPN Blocking - Strong VPN

Go to Stong's web site and start an on line chat. They are aware of the problem/blocking in China and have come up with a work around.

In my case, I use an E3000 with Sabai's software, and Strong has come up with a modified script that I could download for my router which would let me run OpenVPN in China if that is what I wanted to do.

I'm sure that they can give you the comparable settings for your setup.

 

[purezerg]

i give up. I was online with tech support for 3 hours and we were swapping servers 8 times and we still couldnt connect. I got my laptop to work as a NAT/L2TP router for the time being until I build a new NAT/L2TP/SSTP server.

any ideas which i should go?
cisco
draytek
DIY router/server

currently posting from shanghai.

openVPN has got so much problems but PPTP/SSTP/L2TP has been flawless so far.

I just found it odd that I am force to put a wifi router BEHIND a server rather than infront of the server.

currently my network is configured like this dlink 855 <-> laptop <-> RT-AC66U <-> workstation/handphones/other laptops

 

[purezerg]

decided to use my workstation as the interim VPN client until there's a way to resolve this.

asus RT-AC66U <-> WS <-> VPN <-> WS <-> DIR-855 <-> HD7

my HD7 can now finally connect to facebook via wifi.

the only sucks part is the whole "router" is now officially a 700ws router

 

[weiyu99]

If you are in China then yes, they recently started blocking VPN technologies in the recent weeks.

Hi,

Any chance you could add the pptp-client feature in the Asuswrt-Merlin build?

PPTP seems working fine in China now but not Openvpn.

thanks,
Dennis

 

[Tailhappy]

Perhaps we should just trade routers since I want OpenVPN (exclusive to the RT-66 FW load) and you need PPTP (exclusive to the RT-N16 FW load)

Of course if China allows it, you've got to wonder how effective it is.

 

[weiyu99]

Perhaps we should just trade routers since I want OpenVPN (exclusive to the RT-66 FW load) and you need PPTP (exclusive to the RT-N16 FW load)

Of course if China allows it, you've got to wonder how effective it is.

Unfortunately, OpenVPN for RT-N16 can be enabled by custom compile the firmware (that's what I did) but PPTP-client is not (or at least I haven't figure out)

 

[purezerg]

PPTP does drop connection once a while. maybe every 1-2 hours then you might have to release the modem's IP
but so far SSTP and L2TP is the most stable. here in shanghai PPTP and openVPN, successfully having a connection more than 2 hours is near impossible.

from what i noticed, SSTP and L2TP are used by china banks also. PPTP is blocked at the local district area. meaning, PPTP, once the conection is dropped, I'm not able to establish the connection again, until
I release the modem's IP and making sure that it's a very different IP. eg,
218.82.221.165 vs 116.230.247.167

so it seems that SSTP and L2TP are the best methods for stable connection, at least from shanghai.

 

[mortov]

i give up. I was online with tech support for 3 hours and we were swapping servers 8 times and we still couldnt connect. I got my laptop to work as a NAT/L2TP router for the time being until I build a new NAT/L2TP/SSTP server.

any ideas which i should go?
cisco
draytek
DIY router/server

currently posting from shanghai.

openVPN has got so much problems but PPTP/SSTP/L2TP has been flawless so far.

I just found it odd that I am force to put a wifi router BEHIND a server rather than infront of the server.

currently my network is configured like this dlink 855 <-> laptop <-> RT-AC66U <-> workstation/handphones/other laptops

I've used OpenVPN (as a client) before from Shanghai (and elsewhere in China) without problems (since just about everything back in US/Canada/UK was blocked until I used the VPN link).

OpenVPN would normally work and Draytek are starting to add OpenVPN into their routers as a new feature - right now on the 3200 model. Since you were already considering Draytek, I think you should look at that as an option as they also support IPSEC, PPTP and L2TP so you have all the sensible options available on the Draytek.

The most likely thing is TCP RESET being sent by the [Great] firewall to try and force connection drops. I would vary the port being used and switch between UDP and TCP negotiation.

My experience was running the OpenVPN server on TCP 443 was most reliable as it then appeared to be HTTP SSL traffic to inspection but I do know there is talk of deeper certificate inspection and MITM attacking which OpenVPN is likely to detect and reject. Switching port to another well known one may work (e.g. IMAPS - 993 - was another I've used too).

It is difficult to properly debug without being able to inspect arriving traffic at the server side too.

Just my thoughts for now.

 

[purezerg]

here's a twist.. I bought a WL-330N3G for my hotel use and since it's powered by USB, I managed to get AC66U to power 330N3G.
330N3G is capable of doing PPTP and L2TP.

so far it seems to be working good. thou it's not 450mbps type. but at least it's 150mbps. not bad for a router that's the size of a 10 stick cigarette pack.

 

[roundaway]

Unfortunately, OpenVPN for RT-N16 can be enabled by custom compile the firmware (that's what I did) but PPTP-client is not (or at least I haven't figure out)

I would prefer OpenVPN to PPTP on RT-N16. Currently using .266.23.

If you're on the same version would you mind posting your build. If that's not allowed then a quick tutorial on how to compile it.

Thanks.