Menu
What's new
By:
Filters Better Search

Can someone help in why this OpenVPN config doesn't work with merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

ComputerSteve

Senior Member
I am using VPN.asia or trying to. The config they provide always doesn't work and instead produces the error check configuration: Is there something wrong with this config,

client
dev tun
remote us-nyc.321inter.net 53 udp
auth-user-pass
auth-nocache
nobind
auth SHA256
cipher AES-256-GCM
tls-client
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
remote-cert-eku "TLS Web Server Authentication"
persist-key
persist-tun
compress lz4-v2

<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
5a406c73bc41f6765ee9f7e082155b66
c7cff844c57e04528166f3b5b3c20330
36ab9a3ef4b8734b938e1e2650be9656
8ec1b72cf32bbe67cc3cf6b87be007b4
10f49fae4266bdbb23925edc725995bc
eaebd017b072738dac55c3309c735a43
7b05c64f4ffcb214ecb4b5ed470f768c
e667f3f678c5da89be34917be1324fde
d515c0ca61762b8a60846ae8939452ec
c9b0dd4bc28df79e8dd9ac975f9098c3
7140c326deee3ed61ce5402cc2ae0293
3a56f68ac2b1148ba661af4970f2c654
791e7cbbf13da7b5819355bd6f43e1b9
93cafbf035d4a187bc9ee3175e706563
3f5ae8f6356b3d33f18dd831235a03d7
a6eea38085fed6927e9a604b82c3ccc1
-----END OpenVPN Static key V1-----
</tls-crypt>

<ca>
-----BEGIN CERTIFICATE-----
MIIB6TCCAW+gAwIBAgIJAO7HEvJxfUUCMAoGCCqGSM49BAMCMBcxFTATBgNVBAMM
DDMyMWludGVyLm5ldDAeFw0xOTA1MjExMzI3NDlaFw0yOTA1MTgxMzI3NDlaMBcx
FTATBgNVBAMMDDMyMWludGVyLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABGja
TAidcTxY9ud7w3Jr1y6BSS7trkeu3kZqDg/TDCxE4k0Ay6AXVkooORyidfco+SGx
zR8oxcit7JGjCf5+JCufjKjl3s/yULt7gYfQnfBYN4ULcr1gpKCZQMIlORnvHaOB
hjCBgzAdBgNVHQ4EFgQUThoKRpgMcQwcQwlfjfzf5vE2mOUwRwYDVR0jBEAwPoAU
ThoKRpgMcQwcQwlfjfzf5vE2mOWhG6QZMBcxFTATBgNVBAMMDDMyMWludGVyLm5l
dIIJAO7HEvJxfUUCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49
BAMCA2gAMGUCMCL6jOfO1j5lC6q0DN5Z8Aw0GQ5SAFlmlvyAkk1/dGSgA1gzV5/T
4c53qemB1vz4SQIxAN7onHBiSvGwnCePjDSoonHA9CUlWUX9hurwIdFFqLWyRQHn
Nqxoy1tXLIfKApc8CQ==
-----END CERTIFICATE-----
</ca>
 
Post the OpenVPN messages shown in the router's System Log. It should tell you what the problem is.
 
so this is what it says:
Apr 11 13:38:24 custom_script: Running /jffs/scripts/service-event-end (args: start vpnclient4)
Apr 11 13:38:24 ovpn-client4[13118]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 11 13:38:24 ovpn-client4[13118]: OpenSSL: error:0908F066:lib(9):func(143):reason(102)
Apr 11 13:38:24 ovpn-client4[13118]: Cannot load CA certificate file ca.crt (no entries were read)
Apr 11 13:38:24 ovpn-client4[13118]: Exiting due to fatal error
 
However there is a CA thing listed in edit keys and certificates it shows this exactly:

-----BEGIN CERTIFICATE-----
MIIB6TCCAW+gAwIBAgIJAO7HEvJxfUUCMAoGCCqGSM49BAMCMBcxFTATBgNVBAMM
DDMyMWludGVyLm5ldDAeFw0xOTA1MjExMzI3NDlaFw0yOTA1MTgxMzI3NDlaMBcx
FTATBgNVBAMMDDMyMWludGVyLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABGja
TAidcTxY9ud7w3Jr1y6BSS7trkeu3kZqDg/TDCxE4k0Ay6AXVkooORyidfco+SGx
zR8oxcit7JGjCf5+JCufjKjl3s/yULt7gYfQnfBYN4ULcr1gpKCZQMIlORnvHaOB
hjCBgzAdBgNVHQ4EFgQUThoKRpgMcQwcQwlfjfzf5vE2mOUwRwYDVR0jBEAwPoAU
ThoKRpgMcQwcQwlfjfzf5vE2mOWhG6QZMBcxFTATBgNVBAMMDDMyMWludGVyLm5l
dIIJAO7HEvJxfUUCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49
BAMCA2gAMGUCMCL6jOfO1j5lC6q0DN5Z8Aw0GQ5SAFlmlvyAkk1/dGSgA1gzV5/T
4c53qemB1vz4SQIxAN7onHBiSvGwnCePjDSoonHA9CUlWUX9hurwIdFFqLWyRQHn
Nqxoy1tXLIfKApc8CQ==
-----END CERTIFICATE-----
 
Make sure your VPN client is turned off.

Then SSH into the router and check the /jffs and /tmp filesystems:
Code: 
df -h /jffs /tmp

Then remove any corrupted entries for that VPN client:
Code: 
rm -fr /tmp/etc/openvpn/client4

Try starting the VPN client now.

If that doesn't work my guess would be that the router doesn't support that tls-cipher. Check it with the following command:
Code: 
openvpn --show-tls
 
Last edited:
You must log in or register to reply here.

Similar threads

D
ASUS RT-AX86U OpenVPN Server Error - Key Too Small
Replies
4
Views
201
Tech9
Tech9
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
407
nino_070
N
B
OpenVPN TLS Error: tls-crypt unwrapping failed
Replies
1
Views
2K
brzvlg
B
lewtrocki
Problem with routing only specific IP with OpenVPN client on Asuswrt router
Replies
3
Views
1K
IvanSB
I
S
Explicit oVPN routing
Replies
4
Views
704
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
C Can someone help with this code... Asuswrt-Merlin 7
M Can someone read my syslog and tell me why I keep losing internet? Asuswrt-Merlin 21
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
P Help with traffic filtering Asuswrt-Merlin 0
C Need some help with a DHCP problem Asuswrt-Merlin 9
S Help Required AC68U (TM-AC1900) troubleshooting after power outage Asuswrt-Merlin 3
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
Spydawg need help with network loop. Asuswrt-Merlin 9
J Help - duckdns has started returning an IPv6 IP address Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,091 (members: 43, guests: 1,048)
Top