gallahermike
New Around Here
Any help or suggestions would be appreciated.
GT-BE98 Pro replaced my dying RT-AX88U (Running Merlin).
I copied the setting from the old router to the new one and most everything works as expected, but I am having problems with OpenVPN.
Clients can connect but cannot see LAN servers or use the LAN internet connection. They basically don't seem to have a gateway assigned to the adapter and no DNS gets resolved.
General/Advanced Config...
The client opvn file looks mostly like this (Key Edited out)
remote XXXX.asuscomm.com 3500
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 10 30
# for OpenVPN 2.4 or older
comp-lzo no
# for OpenVPN 2.4 or newer
;compress
auth-user-pass
client
auth SHA1
ignore-unknown-option cipher data-ciphers
cipher AES-128-GCM
data-ciphers AES-128-GCM
remote-cert-tls server
On the client side here is an IPconfig /all
and the route table
On the router from the logs I can see the following...
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 TLS: Initial packet from [AF_INET6]::ffff:10.0.10.184:55648 (via ::ffff:73.12.151.5%br0), sid=7934e51f 0ec7de7e
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_VER=2.6.9
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_PLAT=win
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_TCPNL=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_MTU=1600
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_CIPHERS=AES-128-GCM
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_PROTO=990
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_LZO_STUB=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_COMP_STUB=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_COMP_STUBv2=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_GUI_VER=OpenVPN_GUI_11.47.0.0
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_SSO=openurl,webauth,crtext
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 TLS: Username/Password authentication succeeded for username 'Michael' [CN SET]
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1553'
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 [Michael] Peer Connection Initiated with [AF_INET6]::ffff:10.0.10.184:55648 (via ::ffff:73.12.151.5%br0)
Mar 14 17:06:48 vpnserver1[1773]: Michael/10.0.10.184:55648 MULTI_sva: pool returned IPv4=10.10.0.10, IPv6=(Not enabled)
Mar 14 17:06:48 vpnserver1[1773]: Michael/10.0.10.184:55648 MULTI: Learn: 10.10.0.10 -> Michael/10.0.10.184:55648
Mar 14 17:06:48 vpnserver1[1773]: Michael/10.0.10.184:55648 MULTI: primary virtual IP for Michael/10.0.10.184:55648: 10.10.0.10
Mar 14 17:06:49 vpnserver1[1773]: Michael/10.0.10.184:55648 PUSH: Received control message: 'PUSH_REQUEST'
Mar 14 17:06:49 vpnserver1[1773]: Michael/10.0.10.184:55648 SENT CONTROL [Michael]: 'PUSH_REPLY,route 10.0.0.0 255.0.0.0 vpn_gateway 500,route 10.0.0.0 255.0.0.0 vpn_gateway 500,route 10.0.0.0 255.0.0.0 vpn_gateway 500,route 192.168.52.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,dhcp-option DNS 10.0.0.1,route 10.0.0.1,block-outside-dns,route 10.10.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.10.0.10 10.10.0.9,peer-id 1' (status=1)
and looking at the routers "Routing Table" I see the following...
Destination Gateway Genmask Flags Metric Ref Use Type Iface
default 73.12.148.1 0.0.0.0 UG 0 0 0 WAN0 eth0
1.0.0.1 73.12.148.1 255.255.255.255 UGH 1 0 0 WAN0 eth0
1.1.1.1 73.12.148.1 255.255.255.255 UGH 1 0 0 WAN0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 LAN br0
10.10.0.0 10.10.0.2 255.255.255.0 UG 0 0 0 LAN br0
10.10.0.2 * 255.255.255.255 UH 0 0 0 tun21
73.12.148.0 * 255.255.252.0 U 0 0 0 WAN0 eth0
73.12.148.1 * 255.255.255.255 UH 0 0 0 WAN0 eth0
192.168.52.0 * 255.255.255.0 U 0 0 0 br54
Thanks in advance for any advice or help,
Michael
GT-BE98 Pro replaced my dying RT-AX88U (Running Merlin).
I copied the setting from the old router to the new one and most everything works as expected, but I am having problems with OpenVPN.
Clients can connect but cannot see LAN servers or use the LAN internet connection. They basically don't seem to have a gateway assigned to the adapter and no DNS gets resolved.
General/Advanced Config...
The client opvn file looks mostly like this (Key Edited out)
remote XXXX.asuscomm.com 3500
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 10 30
# for OpenVPN 2.4 or older
comp-lzo no
# for OpenVPN 2.4 or newer
;compress
auth-user-pass
client
auth SHA1
ignore-unknown-option cipher data-ciphers
cipher AES-128-GCM
data-ciphers AES-128-GCM
remote-cert-tls server
On the client side here is an IPconfig /all
and the route table
On the router from the logs I can see the following...
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 TLS: Initial packet from [AF_INET6]::ffff:10.0.10.184:55648 (via ::ffff:73.12.151.5%br0), sid=7934e51f 0ec7de7e
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_VER=2.6.9
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_PLAT=win
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_TCPNL=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_MTU=1600
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_CIPHERS=AES-128-GCM
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_PROTO=990
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_LZO_STUB=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_COMP_STUB=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_COMP_STUBv2=1
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_GUI_VER=OpenVPN_GUI_11.47.0.0
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 peer info: IV_SSO=openurl,webauth,crtext
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 TLS: Username/Password authentication succeeded for username 'Michael' [CN SET]
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1553'
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Mar 14 17:06:48 vpnserver1[1773]: 10.0.10.184:55648 [Michael] Peer Connection Initiated with [AF_INET6]::ffff:10.0.10.184:55648 (via ::ffff:73.12.151.5%br0)
Mar 14 17:06:48 vpnserver1[1773]: Michael/10.0.10.184:55648 MULTI_sva: pool returned IPv4=10.10.0.10, IPv6=(Not enabled)
Mar 14 17:06:48 vpnserver1[1773]: Michael/10.0.10.184:55648 MULTI: Learn: 10.10.0.10 -> Michael/10.0.10.184:55648
Mar 14 17:06:48 vpnserver1[1773]: Michael/10.0.10.184:55648 MULTI: primary virtual IP for Michael/10.0.10.184:55648: 10.10.0.10
Mar 14 17:06:49 vpnserver1[1773]: Michael/10.0.10.184:55648 PUSH: Received control message: 'PUSH_REQUEST'
Mar 14 17:06:49 vpnserver1[1773]: Michael/10.0.10.184:55648 SENT CONTROL [Michael]: 'PUSH_REPLY,route 10.0.0.0 255.0.0.0 vpn_gateway 500,route 10.0.0.0 255.0.0.0 vpn_gateway 500,route 10.0.0.0 255.0.0.0 vpn_gateway 500,route 192.168.52.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,dhcp-option DNS 10.0.0.1,route 10.0.0.1,block-outside-dns,route 10.10.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.10.0.10 10.10.0.9,peer-id 1' (status=1)
and looking at the routers "Routing Table" I see the following...
Destination Gateway Genmask Flags Metric Ref Use Type Iface
default 73.12.148.1 0.0.0.0 UG 0 0 0 WAN0 eth0
1.0.0.1 73.12.148.1 255.255.255.255 UGH 1 0 0 WAN0 eth0
1.1.1.1 73.12.148.1 255.255.255.255 UGH 1 0 0 WAN0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 LAN br0
10.10.0.0 10.10.0.2 255.255.255.0 UG 0 0 0 LAN br0
10.10.0.2 * 255.255.255.255 UH 0 0 0 tun21
73.12.148.0 * 255.255.252.0 U 0 0 0 WAN0 eth0
73.12.148.1 * 255.255.255.255 UH 0 0 0 WAN0 eth0
192.168.52.0 * 255.255.255.0 U 0 0 0 br54
Thanks in advance for any advice or help,
Michael