What's new

AC88-U OpenVPN Log

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Nairda

Occasional Visitor
I have an issue with OpenVPN connected to BlackVPN on my AC88U. It is an annoyance more than anything else but I hate it when I can't explain what is happening. Anyway my config file is:

Code:
remote vpn.blackvpn.lu 443 udp
nobind
dev tun
redirect-gateway def1
persist-tun
persist-key
comp-lzo adaptive
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
verify-x509-name lux name
tls-timeout 60
cipher AES-256-CBC
rcvbuf 1655368
auth SHA512
key-method 2
fast-io
mute 10
sndbuf 1655368


Every 20 minutes I get the following entries in the system log and as far as I can tell the tunnel stays up and there is no restart. Any thoughts or suggestions appreciated. I am running 380.66 beta 5 firmware but the issue occurs whatever firmware I use.

Code:
May 10 15:49:35 openvpn[9432]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=blackVPN, CN=blackVPN CA, emailAddress=staff@blackvpn.com
May 10 15:49:35 openvpn[9432]: VERIFY KU OK
May 10 15:49:35 openvpn[9432]: Validating certificate extended key usage
May 10 15:49:35 openvpn[9432]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 10 15:49:35 openvpn[9432]: VERIFY EKU OK
May 10 15:49:35 openvpn[9432]: VERIFY X509NAME OK: C=HK, ST=HK, L=HongKong, O=blackVPN, CN=lux, emailAddress=staff@blackvpn.com
May 10 15:49:35 openvpn[9432]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=blackVPN, CN=lux, emailAddress=staff@blackvpn.com
May 10 15:49:35 openvpn[9432]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
May 10 15:49:35 openvpn[9432]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
May 10 15:49:35 openvpn[9432]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
 
For security reasons, OpenVPN will renegotiate the connection every "x" intervals. That interval is usually configurable on the webui under TLS Renegotiation. It's generally a good thing to keep however if it's enabled by default.
 
I have an issue with OpenVPN connected to BlackVPN on my AC88U. It is an annoyance more than anything else but I hate it when I can't explain what is happening. Anyway my config file is:

Code:
remote vpn.blackvpn.lu 443 udp
nobind
dev tun
redirect-gateway def1
persist-tun
persist-key
comp-lzo adaptive
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
verify-x509-name lux name
tls-timeout 60
cipher AES-256-CBC
rcvbuf 1655368
auth SHA512
key-method 2
fast-io
mute 10
sndbuf 1655368


Every 20 minutes I get the following entries in the system log and as far as I can tell the tunnel stays up and there is no restart. Any thoughts or suggestions appreciated. I am running 380.66 beta 5 firmware but the issue occurs whatever firmware I use.

Code:
May 10 15:49:35 openvpn[9432]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=blackVPN, CN=blackVPN CA, emailAddress=staff@blackvpn.com
May 10 15:49:35 openvpn[9432]: VERIFY KU OK
May 10 15:49:35 openvpn[9432]: Validating certificate extended key usage
May 10 15:49:35 openvpn[9432]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 10 15:49:35 openvpn[9432]: VERIFY EKU OK
May 10 15:49:35 openvpn[9432]: VERIFY X509NAME OK: C=HK, ST=HK, L=HongKong, O=blackVPN, CN=lux, emailAddress=staff@blackvpn.com
May 10 15:49:35 openvpn[9432]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=blackVPN, CN=lux, emailAddress=staff@blackvpn.com
May 10 15:49:35 openvpn[9432]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
May 10 15:49:35 openvpn[9432]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
May 10 15:49:35 openvpn[9432]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
In the vpn client web GUI, set TSL renogtiation time to 0 and then apply. See if that fixes it. Worth a try.
 
For security reasons, OpenVPN will renegotiate the connection every "x" intervals. That interval is usually configurable on the webui under TLS Renegotiation. It's generally a good thing to keep however if it's enabled by default.
Thanks for the quick response. I presume the tunnel stays up during this process.

I also run Viscosity on my iMac for better speeds using the same configuration (different BlackVPN server) and I don't see these messages in the Viscosity log.
 
Thanks for the quick response. I presume the tunnel stays up during this process.

I also run Viscosity on my iMac for better speeds using the same configuration (different BlackVPN server) and I don't see these messages in the Viscosity log.

They might be setting reneg-sec to 0. While that works, it's probably safer to keep the renegotiation enabled, especially as this provider seems to be a bit over the top for security, using a SHA512 digest for instance :D
 
In the vpn client web GUI, set TSL renogtiation time to 0 and then apply. See if that fixes it. Worth a try.

They might be setting reneg-sec to 0. While that works, it's probably safer to keep the renegotiation enabled, especially as this provider seems to be a bit over the top for security, using a SHA512 digest for instance :D
The one thing I don't like about BlackVPN is the lack of choice in the security settings, but I have to say that on my iMac I usually get close to maximum speed on both single thread and multi-thread download tests. The speeds via the router VPN client are lower and obviously limited by the capabilities of the router, but they are still very respectable. Overall I am very happy with BlackVPN.
 
Could someone give me some help installing BlackVPN on RT-AC88U with Merlin.

I previously had VPN.ac working, just download the file put in username and password and it worked first time.

BlackVPN don't give particular files for Asus or Merlin but do have files for dd-wrt, pfsense and OpenWRT which all appear to be the same.

I get this message when uploading the file

"Error 9 while importing file - invalid key and/or certificate!
Fix your config file, then import it again."

Are there some extra requirement etc that I need to get it working?

Thanks for any help provided.
 
Could someone give me some help installing BlackVPN on RT-AC88U with Merlin.

I previously had VPN.ac working, just download the file put in username and password and it worked first time.

BlackVPN don't give particular files for Asus or Merlin but do have files for dd-wrt, pfsense and OpenWRT which all appear to be the same.

I get this message when uploading the file

"Error 9 while importing file - invalid key and/or certificate!
Fix your config file, then import it again."

Are there some extra requirement etc that I need to get it working?

Thanks for any help provided.
Tell BlackVPN they need to get with the program and provide instructions for ASUS routers. Tell them that other VPN providers do. Tell them you will change to another provider if they don't provide instructions. There are many out there that do support ASUS. I would dump them in favor of another provider. My provider has instructions for ASUS Merlin and stock ASUS. Rant finished :)

There is a PIA setup guide and a TorGuard setup guide on the VPN forum. You may be able to use those as examples to try and put it all together using BlackVPN instructions for one of the other routers. Perhaps @Nairda will see your post and share screen shots and how to with you.
 
Could someone give me some help installing BlackVPN on RT-AC88U with Merlin.

I previously had VPN.ac working, just download the file put in username and password and it worked first time.

BlackVPN don't give particular files for Asus or Merlin but do have files for dd-wrt, pfsense and OpenWRT which all appear to be the same.

I get this message when uploading the file

"Error 9 while importing file - invalid key and/or certificate!
Fix your config file, then import it again."

Are there some extra requirement etc that I need to get it working?

Thanks for any help provided.
I have been through this with BlackVPN on my RT-AC88U and at last I have it working very well, largely no thanks to BlackVPN support. First of all I am assuming you are using their Privacy package, though I suspect the setup is much the same for the others. I am also assuming you are running the latest 380.66 beta 5 firmware, If you'd rather not update to beta firmware then I believe Merlin will be making the release versioin available very soon and you may prefer to wait.

Here is my config file for the Luxembourg server
Code:
remote vpn.blackvpn.lu 443 udp
nobind
dev tun
redirect-gateway def1
persist-tun
persist-key
comp-lzo adaptive
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
verify-x509-name lux name
tls-timeout 60
cipher AES-256-CBC
rcvbuf 1655368
auth SHA512
key-method 2
fast-io
mute 10
sndbuf 1655368

This should work for all the BlackVPN Privacy servers if you just change the "remote vpn.blackvpn.lu 443 udp" line to the appropriate server as listed on the BlackVPN site. You also need to change the "verify-x509-name lux name" line according to the following list:

Code:
verify-x509-name au name
verify-x509-name br name
verify-x509-name canada name
verify-x509-name cz name
verify-x509-name estonia name
verify-x509-name fr name
verify-x509-name de name
verify-x509-name jp name
verify-x509-name lt name
verify-x509-name lux name
verify-x509-name nl name
verify-x509-name no name
verify-x509-name ro name
verify-x509-name ru name
verify-x509-name es name
verify-x509-name ch name
verify-x509-name ua name
verify-x509-name uk name
verify-x509-name usa name

My setup page for the VPN client is.
Asus BlackVPN.jpg


You will need to use a text editor to copy and paste the CA certificate and the static key in the setup page.
 
I have been through this with BlackVPN on my RT-AC88U and at last I have it working very well, largely no thanks to BlackVPN support. First of all I am assuming you are using their Privacy package, though I suspect the setup is much the same for the others. I am also assuming you are running the latest 380.66 beta 5 firmware, If you'd rather not update to beta firmware then I believe Merlin will be making the release versioin available very soon and you may prefer to wait.

Here is my config file for the Luxembourg server
Code:
remote vpn.blackvpn.lu 443 udp
nobind
dev tun
redirect-gateway def1
persist-tun
persist-key
comp-lzo adaptive
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
verify-x509-name lux name
tls-timeout 60
cipher AES-256-CBC
rcvbuf 1655368
auth SHA512
key-method 2
fast-io
mute 10
sndbuf 1655368

This should work for all the BlackVPN Privacy servers if you just change the "remote vpn.blackvpn.lu 443 udp" line to the appropriate server as listed on the BlackVPN site. You also need to change the "verify-x509-name lux name" line according to the following list:

Code:
verify-x509-name au name
verify-x509-name br name
verify-x509-name canada name
verify-x509-name cz name
verify-x509-name estonia name
verify-x509-name fr name
verify-x509-name de name
verify-x509-name jp name
verify-x509-name lt name
verify-x509-name lux name
verify-x509-name nl name
verify-x509-name no name
verify-x509-name ro name
verify-x509-name ru name
verify-x509-name es name
verify-x509-name ch name
verify-x509-name ua name
verify-x509-name uk name
verify-x509-name usa name

My setup page for the VPN client is.
View attachment 9285

You will need to use a text editor to copy and paste the CA certificate and the static key in the setup page.
 
Hi Nairda and thanks for the help.

I still do not have it working. I do agree that BlackVPN is less than helpful they even suggested to me to go to DD-WRT and then follow the instructions.
VPN.ac which I currently have working just gave me everything in on file no extra past CA or static Keys.

Any more suggestion would be greatly appreciated.

This is what I have tried to upload and paste in.

Config file:

remote australia.vpn.blackvpn.com 443 udp
nobind
dev tun
redirect-gateway def1
persist-tun
persist-key
comp-lzo adaptive
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
verify-x509-name au name
tls-timeout 60
cipher AES-256-CBC
rcvbuf 1655368
auth SHA512
key-method 2
fast-io
mute 10
sndbuf 1655368

Ca.crt:
-----BEGIN CERTIFICATE-----
MIIGVDCCBDygAwIBAgIJAMW28AAiBO9QMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNV
BAYTAkhLMQswCQYDVQQIEwJISzERMA8GA1UEBxMISG9uZ0tvbmcxETAPBgNVBAoT
CGJsYWNrVlBOMRQwEgYDVQQDEwtibGFja1ZQTiBDQTEhMB8GCSqGSIb3DQEJARYS
c3RhZmZAYmxhY2t2cG4uY29tMB4XDTE0MDQxNTE2MDUzMloXDTI0MDQxMjE2MDUz
MloweTELMAkGA1UEBhMCSEsxCzAJBgNVBAgTAkhLMREwDwYDVQQHEwhIb25nS29u
ZzERMA8GA1UEChMIYmxhY2tWUE4xFDASBgNVBAMTC2JsYWNrVlBOIENBMSEwHwYJ
KoZIhvcNAQkBFhJzdGFmZkBibGFja3Zwbi5jb20wggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQCz5+UWONEZudpWPQBHWg2jpc6hYepUtUhp8XFkPRIFZT1p
RnxpoOqbtlKdZA/4D9enBUkxP48I8JzE+WgDOZ08EdKaAlfpDVriD8tuF1u4Nstp
DWi4EJnsRJgmCQO8BFPX4JZ+/po6ttjBTdAPsBvz8RHxGqu7Q9/Cm1T2dI54pc8r
y415ndRRzs9zyB3yezlPr+swuZWTTP8bSLZAc9eiCLGFrpgGKDR5OhgKs6DI/xWa
G2dXhclSNRKW7lqt+YufcEtX4ZlEin95yJPoWJHC35nOJP5L1mcKdezzDs8Vk4L8
MUB6W+h190IxRqsPs0X4vJrmtOm2ZgGM1AlMtOqPHzE2PmQBaY4Il9ioRVBpmCKO
57fi/DWFShsEeYW5BQ4Shhkja0ucLl1g5bORXtVgwPTqBoWsAHh4LcDlQBIndVT1
QIUHWm/TCDDQPXKWSNmYaSMFhdMqVY2iqwjf/98bh1uWtG39phGa41eibXoAKTGJ
6abKy0G7WXu3mEjT8XLlqcmljZQ1zjAPD31rjceEAJ01EzSoigRc/ZVrZ7z8xVNk
rvIoAi2BMrPJ7fgapGWCWfs0NOWzTyrZDh6ilva1Yz6yB4GjoN58PcEUQj9iBvyK
00tOm5/lTj3d7FKobjNVMR3Ys/jTcV0tPdnMF+uwiPwWXLctAj6pOCsSKQZk5QID
AQABo4HeMIHbMB0GA1UdDgQWBBRxKALS+hm9Vs9vBYV6vNhA6al7XzCBqwYDVR0j
BIGjMIGggBRxKALS+hm9Vs9vBYV6vNhA6al7X6F9pHsweTELMAkGA1UEBhMCSEsx
CzAJBgNVBAgTAkhLMREwDwYDVQQHEwhIb25nS29uZzERMA8GA1UEChMIYmxhY2tW
UE4xFDASBgNVBAMTC2JsYWNrVlBOIENBMSEwHwYJKoZIhvcNAQkBFhJzdGFmZkBi
bGFja3Zwbi5jb22CCQDFtvAAIgTvUDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4ICAQAgczyIABr/KeRqg/pdYcGrLRcihvuGLFCfvOw3yEvWzVpjV3vugXoY
UK3twZUtyNJAhfUBDyBauzzdJ9nTVnyqnrrsPitrFFqYu5rk6eH5MWTCFljR2e7u
6vBbY3TJLkgC6f6Zfu6Pc5s806iDO1ZXKfw6HtZm9iRZTqO1NaT8HSyeRcmjBd6+
IKGubGBGwkyfRrywH7SwDBgf0wygFy77AOoaN3BJqJ0vMuZzaryr2JpcoTx0g7hk
QvB4oEsFLnxIYretPmk/dF3EsNJa3lvx1qFkS7MZJi37Ipq4h/7897RM7nSOCXR3
SreXmIZSN1nHnlRGLb89yq2VjZzg0xX8Efpl5rzOVFo4+u7rWGIYsttH8dWzm6ao
BWcDcIyonovVj1WrEVW3oCZrxHyfTgqRlomBBkAT7JNVk8yG5COBB4Mo3AMbC41U
LpGVovgAZGv2EockGC9qxJ0n2083MBvYQkDgJewULJMw4jI94i4AICEqjWIu8oVU
OC/CR+qcBLqTD0oaP2yH+xqLD0U5AnwFYc4jqcAii1XJsYsctYf/awLb2RiB5qnk
43m1EKC8A3SuamAMIWs41wmHz5Lb1bDNLXIK7Sk9wJzeSbcGO5MOvFeKIeedU++R
ukDrB5r5M64Vp86WxUnsMeesV14agg2u6vlF9LxrQwxjCdZSvuq2VA==
-----END CERTIFICATE-----

ta.key:
-----BEGIN OpenVPN Static key V1-----
b790ea189139a6482df3c54dc1996921
8627b6df4d936641ad96e4a3f34e4cfb
5930684c142c0f3485c7b2633a34165d
d67d005b7148c6b26aea1e6322696e96
d81e9e6fa4b4c9bc394870e2986c59e3
6a21b700fe829d3cd01ca35d94538d5f
7194a27fac3c90f6be605e223a37fbd2
1ef499acd3aeccb79661f6f7029880d1
924b356f68cb1c7f174b55812684037d
886bb8cd81c0e524155148a10eba62e7
065b96328e977db0f5e92f27e19f6f3f
5c9480f2fff0870b4fb902d7fed50c35
7ebc4777fc57ffbca0448d2e2165af71
7182e050804283acb82350d82d0230da
ece1fc4be9eea7bdba08e24e8fa3f1d0
7b39bc883519ff38eaf4514859b824f2
-----END OpenVPN Static key V1-----


Still it does not work.




Here is log
May 13 11:00:14 disk_monitor: Got SIGALRM...
May 13 11:05:36 rc_service: httpd 551:notify_rc start_vpnclient2
May 13 11:05:38 openvpn[6296]: Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory
May 13 11:05:38 openvpn[6296]: Options error: Please correct this error.
May 13 11:05:38 openvpn[6296]: Use --help for more information.
May 13 11:12:01 rc_service: httpd 551:notify_rc start_vpnclient2
May 13 11:12:03 openvpn[7493]: OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 8 2017
May 13 11:12:03 openvpn[7493]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
May 13 11:12:03 openvpn[7493]: ERROR: username from Auth authfile 'up' is empty
May 13 11:12:03 openvpn[7493]: Exiting due to fatal error
 
May 13 11:12:03 openvpn[7493]: ERROR: username from Auth authfile 'up' is empty

Make sure you specify your username and passwords.
 
Here is log
May 13 11:00:14 disk_monitor: Got SIGALRM...
May 13 11:05:36 rc_service: httpd 551:notify_rc start_vpnclient2
May 13 11:05:38 openvpn[6296]: Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory
May 13 11:05:38 openvpn[6296]: Options error: Please correct this error.
May 13 11:05:38 openvpn[6296]: Use --help for more information.
May 13 11:12:01 rc_service: httpd 551:notify_rc start_vpnclient2
May 13 11:12:03 openvpn[7493]: OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 8 2017
May 13 11:12:03 openvpn[7493]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
May 13 11:12:03 openvpn[7493]: ERROR: username from Auth authfile 'up' is empty
May 13 11:12:03 openvpn[7493]: Exiting due to fatal error

Hi
You should not be seeing these error lines.

"Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory"

is only used on pure unix/Linux systems as far as I know and the references to up and down scripts must be lurking somewhere in your configuration. I suggest you start again using one of the other VPN client slots on the router that you haven't so far played around with. All sorts of things seem to get cached and in my experience - I am not an expert - are the very devil to get rid of. When I first tried to set up OpenVPN on my router I used the Linux configuration files from BlackVPN which had all sorts of things in that you don't need. The one I posted here definitely works for me.

As Merlin said, have you entered you username and password?

Also make sure that when you create your configuration file you use a pure text editor. Also use a text editor to open the certificate and key files, the contents of which which you then copy and paste into the relevant fields in the VPN setup page.

I have also found it necessary sometimes when making major changes to a configuration to turn the VPN off, reboot the router then turn the VPN on again. I had all sorts of odd problems with the VPN clearly starting correctly but LAN clients being unable to access the WAN either directly or via the VPN.
 
Hi
You should not be seeing these error lines.

"Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory"

is only used on pure unix/Linux systems as far as I know and the references to up and down scripts must be lurking somewhere in your configuration. I suggest you start again using one of the other VPN client slots on the router that you haven't so far played around with. All sorts of things seem to get cached and in my experience - I am not an expert - are the very devil to get rid of. When I first tried to set up OpenVPN on my router I used the Linux configuration files from BlackVPN which had all sorts of things in that you don't need. The one I posted here definitely works for me.

As Merlin said, have you entered you username and password?

Also make sure that when you create your configuration file you use a pure text editor. Also use a text editor to open the certificate and key files, the contents of which which you then copy and paste into the relevant fields in the VPN setup page.

I have also found it necessary sometimes when making major changes to a configuration to turn the VPN off, reboot the router then turn the VPN on again. I had all sorts of odd problems with the VPN clearly starting correctly but LAN clients being unable to access the WAN either directly or via the VPN.
 
Hi Nairda,

Your post was very helpful. I already wonder how I could ever be sure that all previous settings where cleared out.

To be completely sure I did a factory reset of the router back to Asus-WRT the installed the lasts version of Merlin 380.66.

I then used your script with the changes for the Australian server.

It has now started to work but I can not do a web search from on computer on the network so I think there must be some small setting that is not correct, but this is the most progress so far.

Any thoughts on what could need changing?

Many thanks for your help.

Screen Shot 2017-05-14 at 8.53.31 am.png
 
Hi Nairda,

Your post was very helpful. I already wonder how I could ever be sure that all previous settings where cleared out.

To be completely sure I did a factory reset of the router back to Asus-WRT the installed the lasts version of Merlin 380.66.

I then used your script with the changes for the Australian server.

It has now started to work but I can not do a web search from on computer on the network so I think there must be some small setting that is not correct, but this is the most progress so far.

Any thoughts on what could need changing?

Many thanks for your help.

View attachment 9298
Try changing Accept DNS Configuration to Exclusive or Strict and test with each one of those settings.
 
Hi Nairda , Just change it to exclusive and also the "start with WAN' to yes and it is now working.

What is the difference between Exclusive and strict?

Are there any other settings that I should be aware of?

And what about the (Enable with fallback) what does it mean.

Just try to understand it a bit better so I get the best results and can in future may be answer my own question.

Thanks again.
 
Hi Nairda , Just change it to exclusive and also the "start with WAN' to yes and it is now working.

What is the difference between Exclusive and strict?
I can't remember, but it has been discussed in these forums, it is something to do with how it uses the DNS servers. I have "Accept DNS Configuration" set to Exclusive and I always connect to the BlackVPN name server. You should also make sure your normal router DNS is se to something other than your ISP's servers. I use non-logging servers in Germany, but that might be a bit far for you

Are there any other settings that I should be aware of?
You should set "Verify Server Certificate" to YES

And what about the (Enable with fallback) what does it mean.
I think it just means that if your chosen cipher fails for some reason there is something else it can use. BlackVPN don't have anything other than the one they specify as far as I know.

Just try to understand it a bit better so I get the best results and can in future may be answer my own question.
I know the feeling as I have struggled with this but I have learnt a lot along the way. I am certainly no expert by any stretch of the imagination but I like to help where I can as pay back for the help I have received from other people.

Let me know how you get on.
 
And what about the (Enable with fallback) what does it mean.
I disable Cipher Negotiation on my configuration. Most VPN providers have a one to one relationship between cipher and port. For example, if you choose AES-128-CBC, the port must be set to 80. So even if AES-128-CBC fails for some reason and the client selects the next cipher in the list, it will still fail because the port is not set to support the next cipher in the list. This is a OpenVPN 2.4 feature. And I am not aware of any VPN providers who have implemented 2.4 on the server side yet.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top