AC86U 382.1_beta3 OpenVPN Server Help

[vwsplitty1980]

i use the ios openvpn app to connect to my router, this was working fine with my old setup using rt-n66u but since i have transfered over to the AC86U i keep getting an error in the ios app no matter what settings i use in the config of the open vpn server. The error i keep getting in the app is:

"openvpn error: polarSSL: error parsing ca certificate : X509 - the CRT/CRL/CSR format is invalid, eg different type expected"

config one tried:
client
dev tun
proto udp
remote (removed ip and port)
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
</ca>
resolv-retry infinite
nobind

another config tried:
client
dev tun
proto udp
remote (removed ip and port)
float
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
</ca>
resolv-retry infinite
nobind



edit:

it would seem none of the certs/fill fill the boxes with any information?

 

[JDB]

The way the VPN is configured (stored in the back end) in 382 is vastly different from 380. I’d go back to the latest non beta release if I were you. You may have to re-build all the config from scratch anyway to make it work. Hopefully you have a backup you can restore...


Sent from my iPhone using Tapatalk

 

[thelonelycoder]

The way the VPN is configured (stored in the back end) in 382 is vastly different from 380. I’d go back to the latest non beta release if I were you. You may have to re-build all the config from scratch anyway to make it work. Hopefully you have a backup you can restore...


Sent from my iPhone using Tapatalk

Does the 86U have 380.x based firmware? Maybe stock Asus but definitely not Asuswrt-Merlin.

 

[JDB]

Does the 86U have 380.x based firmware? Maybe stock Asus but definitely not Asuswrt-Merlin.

Well either way not on a beta version!

At least that would confirm if it’s a router migration/config thing or a beta issue.


Sent from my iPhone using Tapatalk

 

[RMerlin]

Did you enter the content of your CA? Your <ca> block is empty.

Sent from my Nexus 5X using Tapatalk

 

[vwsplitty1980]

im using 382.1 beta 3 as in here http://www.mediafire.com/file/7fvibpmwdnaz84h/RT-AC86U_382.1_beta3.zip

i did start the config from scratch but just copied over what settings i used before in the n66u. i also just used the default setting in server 2 and exported that config.

in the old firmware the cert and key boxes were auto populated it would seem after i input my setting.

in this version i get blank boxes in the keys and certs field?

 

[RMerlin]

im using 382.1 beta 3 as in here http://www.mediafire.com/file/7fvibpmwdnaz84h/RT-AC86U_382.1_beta3.zip

i did start the config from scratch but just copied over what settings i used before in the n66u. i also just used the default setting in server 2 and exported that config.

in the old firmware the cert and key boxes were auto populated it would seem after i input my setting.

in this version i get blank boxes in the keys and certs field?

Those are only automatically created if you start from a non-configured instance and you enable it for the first time. Reset your server to its default settings, then enable it. A CA will be generated then, as well as a DH and a client key/cert pair.

 

[vwsplitty1980]

Those are only automatically created if you start from a non-configured instance and you enable it for the first time. Reset your server to its default settings, then enable it. A CA will be generated then, as well as a DH and a client key/cert pair.

Yes that was I did in the first place. But just to be sure I have done as you said and defaulted the Server config. I still get the same error that no certs are populated- Server 1 and 2 give the same result.

And just to be double sure I reset the whole router to defaults put in no other settings other that the ones at start up to get internet.

Generated a default OpenVPN Server config but still nothing in the Certs and keys section.

I am at a bit of a lost as what it could be?

One thing to not le I guess is I am using the Asia version of the router with language set to English and wireless set to Europe but not sure how/if this could affect it.

 

[alons]

Did you try to enable the 2nd server?, do you have the certificate field populated?, you may work around this by using only user/password till you get this sorted out

 

[vwsplitty1980]

Did you try to enable the 2nd server?, do you have the certificate field populated?, you may work around this by using only user/password till you get this sorted out

Hi

Yes tried on both the second and first server but still the same.

I am using user and password to log in?

 

[alons]

Hi

Yes tried on both the second and first server but still the same.

I am using user and password to log in?

You can define a user/pw mode only and ignore certificate verification, set user / password auth.only to 'yes'. Again it's a temp solution only.

 

[RMerlin]

Not sure what else to tell you, it's working correctly for me.

Maybe try to click on Apply before clicking on the Export button, see if it makes a difference in the exported ovpn file (the content should be there in the <ca> block).

 

[vwsplitty1980]

Not sure what else to tell you, it's working correctly for me.

Maybe try to click on Apply before clicking on the Export button, see if it makes a difference in the exported ovpn file (the content should be there in the <ca> block).

Yes all very strange indeed.

I was going to try and load the lastest official ASUS firmware and give it a go.
Do I need to do anything special either than resetting to default before loading the official ASUS release over this?

 

[RMerlin]

No, just make sure to do the factory default reset after flashing.