VPN setup Asuswrt Merlin

[rt2016]

Hi all,
hope you are able to help me with my VPN setup. I struggle a bit with the final result.
The attached screen dumps shows my actual value's for PureVPN. The moment when I try to get service state changed from off to on the system is applying but the state is still off.

And I do have a second point where I like to get the VPN running for some of the clients only. I guess that might be possible, but I'm afraid

if I afterwards still can reach my Router GUI on the former address 192.168.99.1?

Do I have to change something under WAN as well?

Thanks in advance for your help.

best regards
rt2016

 

[Huberer]

Did you check the settings here? And did you also enter your key-files (eg. ca.crt,...). You can do that by clicking on the yellow text "Content modification...." which you can see on your above screen direct beside "Authorization Mode"

 

[rt2016]

@Huberer, I missed the part around placing the key files into "Content Modification" that solved the first problem so far and the service state is on.

After that step I tried to check my IP which didn't change to the US.
Settings are made in the way that I can select the device I would go through from VPN or WAN.
I did also fix the IP address for my laptop via the DHCP server, after that I did a restart of my laptop and still no change to US.

Right now I haven't a clue what goes wrong here.

 

[Duc]

Did you ever figure this out? I could connect with openvpn but then couldn't connect to any websites so I went with pptp instead. Also how do you have only certain clients go through VPN?

Sent from my SM-N920W8 using Tapatalk

 

[octopus]

Try to remove "route 0.0.0.0 0.0.0.0"
and set Auth digest to SHA1
maby Extra HMAC Authorization to "disabled"

 

[rt2016]

I did the changes and still not yet do have success to get IP from US.

The log tells something like:

Aug 29 15:34:57 openvpn[1573]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Aug 29 15:34:57 openvpn[1573]: TLS Error: TLS handshake failed
Aug 29 15:34:57 openvpn[1573]: SIGUSR1[soft,tls-error] received, process restarting
Aug 29 15:34:59 openvpn[1573]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 29 15:34:59 openvpn[1573]: UDPv4 link local: [undef]
Aug 29 15:34:59 openvpn[1573]: UDPv4 link remote: [AF_INET]107.167.228.2:53

 

[octopus]

Aha, set your Extra HMAC Authorization to: outgoing (1)

 

[rt2016]

I have only outgoing (1) I did the change and still not working.

Aug 29 15:49:20 openvpn[1665]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Aug 29 15:49:20 openvpn[1665]: TLS_ERROR: BIO read tls_read_plaintext error
Aug 29 15:49:20 openvpn[1665]: TLS Error: TLS object -> incoming plaintext read error
Aug 29 15:49:20 openvpn[1665]: TLS Error: TLS handshake failed
Aug 29 15:49:20 openvpn[1665]: SIGUSR1[soft,tls-error] received, process restarting

 

[octopus]

I have only outgoing (1) I did the change and still not working.

Aug 29 15:49:20 openvpn[1665]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Aug 29 15:49:20 openvpn[1665]: TLS_ERROR: BIO read tls_read_plaintext error
Aug 29 15:49:20 openvpn[1665]: TLS Error: TLS object -> incoming plaintext read error
Aug 29 15:49:20 openvpn[1665]: TLS Error: TLS handshake failed
Aug 29 15:49:20 openvpn[1665]: SIGUSR1[soft,tls-error] received, process restarting

Okey that was right setting but have you specified any "remote-cert-tls server" in config?

 

[rt2016]

I filled the following values:

 

[octopus]

Have you specified any "remote-cert-tls server" in custom config?

 

[rt2016]

I don't know where to find that settings? So I guess I did not.

 

[octopus]

Have you specified any "remote-cert-tls server" in custom config?

Just copy "remote-cert-tls server" and wite it in custom config with your other raws. (same as you removed 0.0.0.0 0.0.0.0 from.

 

[rt2016]

Just added and still same problem:

log:

Aug 29 16:13:53 openvpn[1738]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 29 16:13:53 openvpn[1738]: UDPv4 link local: [undef]
Aug 29 16:13:53 openvpn[1738]: UDPv4 link remote: [AF_INET]192.173.149.3:53
Aug 29 16:13:54 openvpn[1738]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Aug 29 16:13:54 openvpn[1738]: TLS_ERROR: BIO read tls_read_plaintext error
Aug 29 16:13:54 openvpn[1738]: TLS Error: TLS object -> incoming plaintext read error
Aug 29 16:13:54 openvpn[1738]: TLS Error: TLS handshake failed
Aug 29 16:13:54 openvpn[1738]: SIGUSR1[soft,tls-error] received, process restarting

 

[octopus]

Okey, try this. Remove remote-cert-tls server from custom config.
Click checkbox "Verify Server Certificate" to yes and Put xxx-ovpn-purevpn.net in common name.
Replace xxx- with what you have masked out.

 

[octopus]

client
dev tun
proto udp
remote usil1-ovpn-udp.purevpn.net 53
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1  <<<=== this makes me wonder.
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

 

[rt2016]

So far no success:

 

[octopus]

You have put wrong settings in Common Name: it should be: xxx-ovpn-purevpn.net i don't know what -xxx stand for. Probably - usfl1
Soon I will no have no more suggestions

https://support.purevpn.com/an-easy-guide-for-setting-up-openvpn-on-asus-rt-n66u-2

 

[rt2016]

@octopus, many thanks for your guidance. I did a complete new setup yesterday evening and now I got it working. The only problem I do face is an "error routing conflict"; but I guess I can live with it as the VPN is working fine.

 

[Duc]

@octopus, many thanks for your guidance. I did a complete new setup yesterday evening and now I got it working. The only problem I do face is an "error routing conflict"; but I guess I can live with it as the VPN is working fine.

How did you set it up so it works?

Sent from my SM-N920W8 using Tapatalk