Unable to start OpenVPN on 380.59

[gazzer82]

I am running AsusWRT Merlin 380.59 on my ASUS RT-AC68P and am trying to get the OpenVPN server setup, and failing miserably.

I have just enabled OpenVPN1, added a user, and clicked apply. But instead of being able to download the cons and certificates i have an error stating:

OpenVPN server daemon failed to start.
Please check your device environment or contents on the Advanced Setting page.

I have looked in the logs, and the only line that indicates there is any kind of error is as follows:

WARNING: Failed running command (--up/--down): external program exited with error

Which doesn't really tell me anything useful.

I have attempted doing a full reset from the GUI, which didn't help, i have also deleted all files from the /jffs/openvpn folder and restarted the router. That also didn't help.

I am running an openVPN client on the router also, but i have tried disabling that and it makes no difference.

Any suggestions on what i can try to fix this?

Thanks

Gareth

 

[octopus]

Post your openvpn settings. Probably something there.

 

[gazzer82]

Here you go, thanks!

 

[octopus]

Set Encryption chirper and Auth digest.
Have you generated all certs and upload or let router do it?

 

[gazzer82]

The only certificate i have added is the Certificate Authority for my OpenVPN client connection, other than that i have allowed the router to generate all the certs. The only thing i have done is enable the server, add a user, and click apply.

 

[gazzer82]

What should i be setting the Encryption Chipher and Auth Digest to?

 

[octopus]

What should i be setting the Encryption Chipher and Auth Digest to?

Depend what you want to use, but start with: AES-128-CBS and SHA1

 

[gazzer82]

Ok, i've set those, but i'm still getting the same error message that the Deamon can't start.

Any other ideas, i'm contemplating doing a complete reset, but i don't want to have to setup all my other settings from scratch again if i can avoid it.

 

[gazzer82]

I've enabled more verbose logging, this is the whole section of it trying to connect, including the config it's loading, maybe there are some clues in it . .

May 27 12:43:03 openvpn[6008]: NOTE: debug verbosity (--verb 11) is enabled but this build lacks debug support.
May 27 12:43:03 openvpn[6008]: Current Parameter Settings:
May 27 12:43:03 openvpn[6008]: config = 'config.ovpn'
May 27 12:43:03 openvpn[6008]: mode = 1
May 27 12:43:03 openvpn[6008]: persist_config = DISABLED
May 27 12:43:03 openvpn[6008]: persist_mode = 1
May 27 12:43:03 openvpn[6008]: show_ciphers = DISABLED
May 27 12:43:03 openvpn[6008]: show_digests = DISABLED
May 27 12:43:03 openvpn[6008]: show_engines = DISABLED
May 27 12:43:03 openvpn[6008]: genkey = DISABLED
May 27 12:43:03 openvpn[6008]: key_pass_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: show_tls_ciphers = DISABLED
May 27 12:43:03 openvpn[6008]: Connection profiles [default]:
May 27 12:43:03 openvpn[6008]: proto = udp
May 27 12:43:03 openvpn[6008]: local = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: local_port = 1194
May 27 12:43:03 openvpn[6008]: remote = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: remote_port = 1194
May 27 12:43:03 openvpn[6008]: remote_float = DISABLED
May 27 12:43:03 openvpn[6008]: bind_defined = DISABLED
May 27 12:43:03 openvpn[6008]: bind_local = ENABLED
May 27 12:43:03 openvpn[6008]: connect_retry_seconds = 5
May 27 12:43:03 openvpn[6008]: connect_timeout = 10
May 27 12:43:03 openvpn[6008]: connect_retry_max = 0
May 27 12:43:03 openvpn[6008]: tun_mtu = 1500
May 27 12:43:03 openvpn[6008]: tun_mtu_defined = ENABLED
May 27 12:43:03 openvpn[6008]: link_mtu = 1500
May 27 12:43:03 openvpn[6008]: link_mtu_defined = DISABLED
May 27 12:43:03 openvpn[6008]: tun_mtu_extra = 0
May 27 12:43:03 openvpn[6008]: tun_mtu_extra_defined = DISABLED
May 27 12:43:03 openvpn[6008]: mtu_discover_type = -1
May 27 12:43:03 openvpn[6008]: fragment = 0
May 27 12:43:03 openvpn[6008]: mssfix = 1450
May 27 12:43:03 openvpn[6008]: explicit_exit_notification = 0
May 27 12:43:03 openvpn[6008]: Connection profiles END
May 27 12:43:03 openvpn[6008]: remote_random = DISABLED
May 27 12:43:03 openvpn[6008]: ipchange = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: dev = 'tun21'
May 27 12:43:03 openvpn[6008]: dev_type = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: dev_node = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: lladdr = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: topology = 3
May 27 12:43:03 openvpn[6008]: tun_ipv6 = DISABLED
May 27 12:43:03 openvpn[6008]: ifconfig_local = '10.8.0.1'
May 27 12:43:03 openvpn[6008]: ifconfig_remote_netmask = '255.255.255.0'
May 27 12:43:03 openvpn[6008]: ifconfig_noexec = DISABLED
May 27 12:43:03 openvpn[6008]: ifconfig_nowarn = DISABLED
May 27 12:43:03 openvpn[6008]: ifconfig_ipv6_local = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: ifconfig_ipv6_netbits = 0
May 27 12:43:03 openvpn[6008]: ifconfig_ipv6_remote = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: shaper = 0
May 27 12:43:03 openvpn[6008]: mtu_test = 0
May 27 12:43:03 openvpn[6008]: mlock = DISABLED
May 27 12:43:03 openvpn[6008]: keepalive_ping = 15
May 27 12:43:03 openvpn[6008]: keepalive_timeout = 60
May 27 12:43:03 openvpn[6008]: inactivity_timeout = 0
May 27 12:43:03 openvpn[6008]: ping_send_timeout = 15
May 27 12:43:03 openvpn[6008]: ping_rec_timeout = 120
May 27 12:43:03 openvpn[6008]: ping_rec_timeout_action = 2
May 27 12:43:03 openvpn[6008]: ping_timer_remote = DISABLED
May 27 12:43:03 openvpn[6008]: remap_sigusr1 = 0
May 27 12:43:03 openvpn[6008]: persist_tun = DISABLED
May 27 12:43:03 openvpn[6008]: persist_local_ip = DISABLED
May 27 12:43:03 openvpn[6008]: persist_remote_ip = DISABLED
May 27 12:43:03 openvpn[6008]: persist_key = DISABLED
May 27 12:43:03 openvpn[6008]: passtos = DISABLED
May 27 12:43:03 openvpn[6008]: resolve_retry_seconds = 1000000000
May 27 12:43:03 openvpn[6008]: username = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: groupname = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: chroot_dir = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: cd_dir = '/etc/openvpn/server1'
May 27 12:43:03 openvpn[6008]: writepid = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: up_script = 'updown.sh'
May 27 12:43:03 openvpn[6008]: down_script = 'updown.sh'
May 27 12:43:03 openvpn[6008]: down_pre = DISABLED
May 27 12:43:03 openvpn[6008]: up_restart = DISABLED
May 27 12:43:03 openvpn[6008]: up_delay = DISABLED
May 27 12:43:03 openvpn[6008]: daemon = ENABLED
May 27 12:43:03 openvpn[6008]: inetd = 0
May 27 12:43:03 openvpn[6008]: log = DISABLED
May 27 12:43:03 openvpn[6008]: suppress_timestamps = DISABLED
May 27 12:43:03 openvpn[6008]: nice = 0
May 27 12:43:03 openvpn[6008]: verbosity = 11
May 27 12:43:03 openvpn[6008]: mute = 0
May 27 12:43:03 openvpn[6008]: status_file = 'status'
May 27 12:43:03 openvpn[6008]: status_file_version = 2
May 27 12:43:03 openvpn[6008]: status_file_update_freq = 10
May 27 12:43:03 openvpn[6008]: occ = ENABLED
May 27 12:43:03 openvpn[6008]: rcvbuf = 0
May 27 12:43:03 openvpn[6008]: sndbuf = 0
May 27 12:43:03 openvpn[6008]: mark = 0
May 27 12:43:03 openvpn[6008]: sockflags = 0
May 27 12:43:03 openvpn[6008]: fast_io = DISABLED
May 27 12:43:03 openvpn[6008]: lzo = 7
May 27 12:43:03 openvpn[6008]: route_script = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: route_default_gateway = '10.8.0.2'
May 27 12:43:03 openvpn[6008]: route_default_metric = 0
May 27 12:43:03 openvpn[6008]: route_noexec = DISABLED
May 27 12:43:03 openvpn[6008]: route_delay = 0
May 27 12:43:03 openvpn[6008]: route_delay_window = 30
May 27 12:43:03 openvpn[6008]: route_delay_defined = DISABLED
May 27 12:43:03 openvpn[6008]: route_nopull = DISABLED
May 27 12:43:03 openvpn[6008]: route_gateway_via_dhcp = DISABLED
May 27 12:43:03 openvpn[6008]: max_routes = 100
May 27 12:43:03 openvpn[6008]: allow_pull_fqdn = DISABLED
May 27 12:43:03 openvpn[6008]: management_addr = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: management_port = 0
May 27 12:43:03 openvpn[6008]: management_user_pass = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: management_log_history_cache = 250
May 27 12:43:03 openvpn[6008]: management_echo_buffer_size = 100
May 27 12:43:03 openvpn[6008]: management_write_peer_info_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: management_client_user = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: management_client_group = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: management_flags = 0
May 27 12:43:03 openvpn[6008]: shared_secret_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: key_direction = 0
May 27 12:43:03 openvpn[6008]: ciphername_defined = ENABLED
May 27 12:43:03 openvpn[6008]: ciphername = 'AES-128-CBC'
May 27 12:43:03 openvpn[6008]: authname_defined = ENABLED
May 27 12:43:03 openvpn[6008]: authname = 'SHA1'
May 27 12:43:03 openvpn[6008]: prng_hash = 'SHA1'
May 27 12:43:03 openvpn[6008]: prng_nonce_secret_len = 16
May 27 12:43:03 openvpn[6008]: keysize = 0
May 27 12:43:03 openvpn[6008]: engine = DISABLED
May 27 12:43:03 openvpn[6008]: replay = ENABLED
May 27 12:43:03 openvpn[6008]: mute_replay_warnings = DISABLED
May 27 12:43:03 openvpn[6008]: replay_window = 64
May 27 12:43:03 openvpn[6008]: replay_time = 15
May 27 12:43:03 openvpn[6008]: packet_id_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: use_iv = ENABLED
May 27 12:43:03 openvpn[6008]: test_crypto = DISABLED

 

[gazzer82]

May 27 12:43:03 openvpn[6008]: tls_server = ENABLED
May 27 12:43:03 openvpn[6008]: tls_client = DISABLED
May 27 12:43:03 openvpn[6008]: key_method = 2
May 27 12:43:03 openvpn[6008]: ca_file = 'ca.crt'
May 27 12:43:03 openvpn[6008]: ca_path = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: dh_file = 'dh.pem'
May 27 12:43:03 openvpn[6008]: cert_file = 'server.crt'
May 27 12:43:03 openvpn[6008]: extra_certs_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: priv_key_file = 'server.key'
May 27 12:43:03 openvpn[6008]: pkcs12_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: cipher_list = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: tls_verify = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: tls_export_cert = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: verify_x509_type = 0
May 27 12:43:03 openvpn[6008]: verify_x509_name = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: crl_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: ns_cert_type = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_ku = 0
May 27 12:43:03 openvpn[6008]: remote_cert_eku = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: ssl_flags = 0
May 27 12:43:03 openvpn[6008]: tls_timeout = 2
May 27 12:43:03 openvpn[6008]: renegotiate_bytes = 0
May 27 12:43:03 openvpn[6008]: renegotiate_packets = 0
May 27 12:43:03 openvpn[6008]: renegotiate_seconds = 3600
May 27 12:43:03 openvpn[6008]: handshake_window = 60
May 27 12:43:03 openvpn[6008]: transition_window = 3600
May 27 12:43:03 openvpn[6008]: single_session = DISABLED
May 27 12:43:03 openvpn[6008]: push_peer_info = DISABLED
May 27 12:43:03 openvpn[6008]: tls_exit = DISABLED
May 27 12:43:03 openvpn[6008]: tls_auth_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: server_network = 10.8.0.0
May 27 12:43:03 openvpn[6008]: server_netmask = 255.255.255.0
May 27 12:43:03 openvpn[6008]: server_network_ipv6 = ::
May 27 12:43:03 openvpn[6008]: server_netbits_ipv6 = 0
May 27 12:43:03 openvpn[6008]: server_bridge_ip = 0.0.0.0
May 27 12:43:03 openvpn[6008]: server_bridge_netmask = 0.0.0.0
May 27 12:43:03 openvpn[6008]: server_bridge_pool_start = 0.0.0.0
May 27 12:43:03 openvpn[6008]: server_bridge_pool_end = 0.0.0.0
May 27 12:43:03 openvpn[6008]: push_entry = 'route 10.0.1.0 255.255.255.0'
May 27 12:43:03 openvpn[6008]: push_entry = 'route-gateway 10.8.0.1'
May 27 12:43:03 openvpn[6008]: push_entry = 'topology subnet'
May 27 12:43:03 openvpn[6008]: push_entry = 'ping 15'
May 27 12:43:03 openvpn[6008]: push_entry = 'ping-restart 60'
May 27 12:43:03 openvpn[6008]: ifconfig_pool_defined = ENABLED
May 27 12:43:03 openvpn[6008]: ifconfig_pool_start = 10.8.0.2
May 27 12:43:03 openvpn[6008]: ifconfig_pool_end = 10.8.0.253
May 27 12:43:03 openvpn[6008]: ifconfig_pool_netmask = 255.255.255.0
May 27 12:43:03 openvpn[6008]: ifconfig_pool_persist_filename = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: ifconfig_pool_persist_refresh_freq = 600
May 27 12:43:03 openvpn[6008]: ifconfig_ipv6_pool_defined = DISABLED
May 27 12:43:03 openvpn[6008]: ifconfig_ipv6_pool_base = ::
May 27 12:43:03 openvpn[6008]: ifconfig_ipv6_pool_netbits = 0
May 27 12:43:03 openvpn[6008]: n_bcast_buf = 256
May 27 12:43:03 openvpn[6008]: tcp_queue_limit = 64
May 27 12:43:03 openvpn[6008]: real_hash_size = 256
May 27 12:43:03 openvpn[6008]: virtual_hash_size = 256
May 27 12:43:03 openvpn[6008]: client_connect_script = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: learn_address_script = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: client_disconnect_script = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: client_config_dir = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: ccd_exclusive = DISABLED
May 27 12:43:03 openvpn[6008]: tmp_dir = '/tmp'
May 27 12:43:03 openvpn[6008]: push_ifconfig_defined = DISABLED
May 27 12:43:03 openvpn[6008]: push_ifconfig_local = 0.0.0.0
May 27 12:43:03 openvpn[6008]: push_ifconfig_remote_netmask = 0.0.0.0
May 27 12:43:03 openvpn[6008]: push_ifconfig_ipv6_defined = DISABLED
May 27 12:43:03 openvpn[6008]: push_ifconfig_ipv6_local = ::/0
May 27 12:43:03 openvpn[6008]: push_ifconfig_ipv6_remote = ::
May 27 12:43:03 openvpn[6008]: enable_c2c = DISABLED
May 27 12:43:03 openvpn[6008]: duplicate_cn = ENABLED
May 27 12:43:03 openvpn[6008]: cf_max = 0
May 27 12:43:03 openvpn[6008]: cf_per = 0
May 27 12:43:03 openvpn[6008]: max_clients = 1024
May 27 12:43:03 openvpn[6008]: max_routes_per_client = 256
May 27 12:43:03 openvpn[6008]: auth_user_pass_verify_script = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: auth_user_pass_verify_script_via_file = DISABLED
May 27 12:43:03 openvpn[6008]: port_share_host = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: port_share_port = 0
May 27 12:43:03 openvpn[6008]: client = DISABLED
May 27 12:43:03 openvpn[6008]: pull = DISABLED
May 27 12:43:03 openvpn[6008]: auth_user_pass_file = '[UNDEF]'
May 27 12:43:03 openvpn[6008]: OpenVPN 2.3.10 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 10 2016
May 27 12:43:03 openvpn[6008]: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.08
May 27 12:43:03 openvpn[6009]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 27 12:43:03 openvpn[6009]: Diffie-Hellman initialized with 2048 bit key
May 27 12:43:03 openvpn[6009]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
May 27 12:43:03 openvpn[6009]: TLS-Auth MTU parms [ L:1558 D:1212 EF:38 EB:0 ET:0 EL:3 ]
May 27 12:43:03 openvpn[6009]: Socket Buffers: R=[122880->122880] S=[122880->122880]
May 27 12:43:03 openvpn[6009]: TUN/TAP device tun21 opened
May 27 12:43:03 openvpn[6009]: TUN/TAP TX queue length set to 100
May 27 12:43:03 openvpn[6009]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 27 12:43:03 openvpn[6009]: /usr/sbin/ip link set dev tun21 up mtu 1500
May 27 12:43:03 openvpn[6009]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24 broadcast 10.8.0.255
May 27 12:43:03 openvpn[6009]: updown.sh tun21 1500 1558 10.8.0.1 255.255.255.0 init
May 27 12:43:05 openvpn[6009]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
May 27 12:43:05 openvpn[6009]: Exiting due to fatal error

 

[gazzer82]

Could someone upload a known working config that I can try loading?

Thanks

Gareth

 

[octopus]

Do you have some configs in "custom Configuration" ?

Have you generated all certificates and upload or let router do it?

 

[gazzer82]

Do you have some configs in "custom Configuration" ?

Have you generated all certificates and upload or let router do it?

Nothing custom at all, configured as per the above screenshot. All certs generated by the router.

 

[octopus]

Have you your client at same port 1194 as your Server?
If you have turn off client.
Your system time is working and show right time?

 

[gazzer82]

Client has been on 1194, but i have moved both client and server to different ports and it has made no difference. Currently OpenVPN Server is on port 1184.

System time is correct, it's updating from NTP, but i can't even start the OpenVPN service so i don't think it would be date/time related.

 

[octopus]

my /etc/openvpn/server1/configs.ovpn

# Automatically generated configuration
daemon
topology subnet
server 10.8.30.0 255.255.255.0
proto udp
port 1194
dev tun21
cipher AES-128-CBC
auth SHA1
comp-lzo yes
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0"
client-config-dir ccd
client-to-client
duplicate-cn
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 10

# Custom Configuration
fast-io
tls-version-min 1.0

 

[rodak]

Do you have openvpn-event script in /jffs/scripts?

Skickat från min Nexus 5X via Tapatalk

 

[octopus]

If you cant get that work i suggest do a nvram reset from gui and start over again. Only with vpn configs and test.

my /etc/openvpn/server1/configs.ovpn

# Automatically generated configuration
daemon
topology subnet
server 10.8.30.0 255.255.255.0
proto udp
port 1194
dev tun21
cipher AES-128-CBC
auth SHA1
comp-lzo yes
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0"
client-config-dir ccd
client-to-client
duplicate-cn
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 10

# Custom Configuration
fast-io
tls-version-min 1.0