I copied and pasted my relevant certificates/keys into ASUS Merlin on my RT-AC5300. Here are my settings: (I would like to use TAP and bridged mode for my own reasons).
Advanced Settings
Interface Type TAP
Protocol UDP
Server Port (Default : 1194) 1194
Firewall Auto
Authorization Mode TLS
Username/Password Authentication No
Extra HMAC authorization (TLS-Auth) Disable
Auth digest Default
Allocate from DHCP No
Client Address Pool 192.168.2.125 192.168.2.149
Poll Interval minute(s) (Disable : 0)
Direct clients to redirect Internet traffic No
Respond to DNS No
Encryption cipher AES-256-CBC
Compression Adaptive
TLS Renegotiation Time seconds (Default : -1) -1
Global Log verbosity (Between 0 and 11. Default: 3) 3
Manage Client-Specific Options No
Under custom config, I have the following (which I wonder if it overwrites some of the above??):
# Tunnel options
mode server # Set OpenVPN major mode
proto udp # Setup the protocol (server)
port 1194 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of --ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression
# OpenVPN server mode options
client-to-client # tells OpenVPN to internally route client-to-client traffic
duplicate-cn # Allow multiple clients with the same common name
# TLS Mode Options
tls-server # Enable TLS and assume server role during TLS handshake
====
For my connection config file:
client
dev tap
;dev tun
;dev-node MyTap
;proto tcp
proto udp
remote secret.com 1194
route-delay 5
;remote my-server-2 1194
resolv-retry 60
nobind
;user nobody
;group nobody
;auth-user-pass
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
client
dev tap
;dev tun
;dev-node MyTap
;proto tcp
proto udp
remote pupster.asuscomm.com 1194
route-delay 5
;remote my-server-2 1194
resolv-retry 60
nobind
;user nobody
;group nobody
;auth-user-pass
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
====
And here's the logfile error from OpenVPN Gui under Windows 10:
Wed Jun 01 01:19:15 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:19:15 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:19:15 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:19:15 2016 MANAGEMENT: >STATE:1464758355,RECONNECTING,tls-error,,
Wed Jun 01 01:19:15 2016 Restart pause, 2 second(s)
Wed Jun 01 01:19:17 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:19:17 2016 MANAGEMENT: >STATE:1464758357,RESOLVE,,,
Wed Jun 01 01:19:17 2016 UDPv4 link local: [undef]
Wed Jun 01 01:19:17 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:19:17 2016 MANAGEMENT: >STATE:1464758357,WAIT,,,
Wed Jun 01 01:20:17 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:20:17 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:20:17 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:20:17 2016 MANAGEMENT: >STATE:1464758417,RECONNECTING,tls-error,,
Wed Jun 01 01:20:17 2016 Restart pause, 2 second(s)
Wed Jun 01 01:20:19 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:20:19 2016 MANAGEMENT: >STATE:1464758419,RESOLVE,,,
Wed Jun 01 01:20:20 2016 UDPv4 link local: [undef]
Wed Jun 01 01:20:20 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:20:20 2016 MANAGEMENT: >STATE:1464758420,WAIT,,,
Wed Jun 01 01:21:20 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:21:20 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:21:20 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:21:20 2016 MANAGEMENT: >STATE:1464758480,RECONNECTING,tls-error,,
Wed Jun 01 01:21:20 2016 Restart pause, 2 second(s)
Wed Jun 01 01:21:22 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:21:22 2016 MANAGEMENT: >STATE:1464758482,RESOLVE,,,
Wed Jun 01 01:21:22 2016 UDPv4 link local: [undef]
Wed Jun 01 01:21:22 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:21:22 2016 MANAGEMENT: >STATE:1464758482,WAIT,,,
Wed Jun 01 01:22:22 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:22:22 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:22:22 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:22:22 2016 MANAGEMENT: >STATE:1464758542,RECONNECTING,tls-error,,
Wed Jun 01 01:22:22 2016 Restart pause, 2 second(s)
Wed Jun 01 01:22:24 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:22:24 2016 MANAGEMENT: >STATE:1464758544,RESOLVE,,,
Wed Jun 01 01:22:25 2016 UDPv4 link local: [undef]
Wed Jun 01 01:22:25 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:22:25 2016 MANAGEMENT: >STATE:1464758545,WAIT,,,
Wed Jun 01 01:23:25 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:23:25 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:23:25 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:23:25 2016 MANAGEMENT: >STATE:1464758605,RECONNECTING,tls-error,,
Wed Jun 01 01:23:25 2016 Restart pause, 2 second(s)
Wed Jun 01 01:23:27 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:23:27 2016 MANAGEMENT: >STATE:1464758607,RESOLVE,,,
Wed Jun 01 01:23:27 2016 UDPv4 link local: [undef]
Wed Jun 01 01:23:27 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:23:27 2016 MANAGEMENT: >STATE:1464758607,WAIT,,,
Wed Jun 01 01:24:27 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:24:27 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:24:27 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:24:27 2016 MANAGEMENT: >STATE:1464758667,RECONNECTING,tls-error,,
Wed Jun 01 01:24:27 2016 Restart pause, 2 second(s)
Wed Jun 01 01:24:29 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:24:29 2016 MANAGEMENT: >STATE:1464758669,RESOLVE,,,
Wed Jun 01 01:24:29 2016 UDPv4 link local: [undef]
Wed Jun 01 01:24:29 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:24:29 2016 MANAGEMENT: >STATE:1464758669,WAIT,,,
Wed Jun 01 01:25:29 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:25:29 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:25:29 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:25:29 2016 MANAGEMENT: >STATE:1464758729,RECONNECTING,tls-error,,
Wed Jun 01 01:25:29 2016 Restart pause, 2 second(s)
Wed Jun 01 01:25:31 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:25:31 2016 MANAGEMENT: >STATE:1464758731,RESOLVE,,,
Wed Jun 01 01:25:31 2016 UDPv4 link local: [undef]
Wed Jun 01 01:25:31 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:25:31 2016 MANAGEMENT: >STATE:1464758731,WAIT,,,
Wed Jun 01 01:26:31 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:26:31 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:26:31 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:26:31 2016 MANAGEMENT: >STATE:1464758791,RECONNECTING,tls-error,,
Wed Jun 01 01:26:31 2016 Restart pause, 2 second(s)
Wed Jun 01 01:26:33 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:26:33 2016 MANAGEMENT: >STATE:1464758793,RESOLVE,,,
Wed Jun 01 01:26:33 2016 UDPv4 link local: [undef]
Wed Jun 01 01:26:33 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:26:33 2016 MANAGEMENT: >STATE:1464758793,WAIT,,,
Wed Jun 01 01:27:33 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:27:33 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:27:33 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:27:33 2016 MANAGEMENT: >STATE:1464758853,RECONNECTING,tls-error,,
Wed Jun 01 01:27:33 2016 Restart pause, 2 second(s)
Wed Jun 01 01:27:35 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:27:35 2016 MANAGEMENT: >STATE:1464758855,RESOLVE,,,
Wed Jun 01 01:27:35 2016 UDPv4 link local: [undef]
Wed Jun 01 01:27:35 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:27:35 2016 MANAGEMENT: >STATE:1464758855,WAIT,,,
====
Any ideas why this is not working when connecting to Tomato/AsusMerlin? It connects just fine if I use DDWRT, but I prefer the Merlin interface.
Advanced Settings
Interface Type TAP
Protocol UDP
Server Port (Default : 1194) 1194
Firewall Auto
Authorization Mode TLS
Username/Password Authentication No
Extra HMAC authorization (TLS-Auth) Disable
Auth digest Default
Allocate from DHCP No
Client Address Pool 192.168.2.125 192.168.2.149
Poll Interval minute(s) (Disable : 0)
Direct clients to redirect Internet traffic No
Respond to DNS No
Encryption cipher AES-256-CBC
Compression Adaptive
TLS Renegotiation Time seconds (Default : -1) -1
Global Log verbosity (Between 0 and 11. Default: 3) 3
Manage Client-Specific Options No
Under custom config, I have the following (which I wonder if it overwrites some of the above??):
# Tunnel options
mode server # Set OpenVPN major mode
proto udp # Setup the protocol (server)
port 1194 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of --ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression
# OpenVPN server mode options
client-to-client # tells OpenVPN to internally route client-to-client traffic
duplicate-cn # Allow multiple clients with the same common name
# TLS Mode Options
tls-server # Enable TLS and assume server role during TLS handshake
====
For my connection config file:
client
dev tap
;dev tun
;dev-node MyTap
;proto tcp
proto udp
remote secret.com 1194
route-delay 5
;remote my-server-2 1194
resolv-retry 60
nobind
;user nobody
;group nobody
;auth-user-pass
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
client
dev tap
;dev tun
;dev-node MyTap
;proto tcp
proto udp
remote pupster.asuscomm.com 1194
route-delay 5
;remote my-server-2 1194
resolv-retry 60
nobind
;user nobody
;group nobody
;auth-user-pass
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
====
And here's the logfile error from OpenVPN Gui under Windows 10:
Wed Jun 01 01:19:15 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:19:15 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:19:15 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:19:15 2016 MANAGEMENT: >STATE:1464758355,RECONNECTING,tls-error,,
Wed Jun 01 01:19:15 2016 Restart pause, 2 second(s)
Wed Jun 01 01:19:17 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:19:17 2016 MANAGEMENT: >STATE:1464758357,RESOLVE,,,
Wed Jun 01 01:19:17 2016 UDPv4 link local: [undef]
Wed Jun 01 01:19:17 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:19:17 2016 MANAGEMENT: >STATE:1464758357,WAIT,,,
Wed Jun 01 01:20:17 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:20:17 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:20:17 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:20:17 2016 MANAGEMENT: >STATE:1464758417,RECONNECTING,tls-error,,
Wed Jun 01 01:20:17 2016 Restart pause, 2 second(s)
Wed Jun 01 01:20:19 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:20:19 2016 MANAGEMENT: >STATE:1464758419,RESOLVE,,,
Wed Jun 01 01:20:20 2016 UDPv4 link local: [undef]
Wed Jun 01 01:20:20 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:20:20 2016 MANAGEMENT: >STATE:1464758420,WAIT,,,
Wed Jun 01 01:21:20 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:21:20 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:21:20 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:21:20 2016 MANAGEMENT: >STATE:1464758480,RECONNECTING,tls-error,,
Wed Jun 01 01:21:20 2016 Restart pause, 2 second(s)
Wed Jun 01 01:21:22 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:21:22 2016 MANAGEMENT: >STATE:1464758482,RESOLVE,,,
Wed Jun 01 01:21:22 2016 UDPv4 link local: [undef]
Wed Jun 01 01:21:22 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:21:22 2016 MANAGEMENT: >STATE:1464758482,WAIT,,,
Wed Jun 01 01:22:22 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:22:22 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:22:22 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:22:22 2016 MANAGEMENT: >STATE:1464758542,RECONNECTING,tls-error,,
Wed Jun 01 01:22:22 2016 Restart pause, 2 second(s)
Wed Jun 01 01:22:24 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:22:24 2016 MANAGEMENT: >STATE:1464758544,RESOLVE,,,
Wed Jun 01 01:22:25 2016 UDPv4 link local: [undef]
Wed Jun 01 01:22:25 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:22:25 2016 MANAGEMENT: >STATE:1464758545,WAIT,,,
Wed Jun 01 01:23:25 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:23:25 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:23:25 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:23:25 2016 MANAGEMENT: >STATE:1464758605,RECONNECTING,tls-error,,
Wed Jun 01 01:23:25 2016 Restart pause, 2 second(s)
Wed Jun 01 01:23:27 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:23:27 2016 MANAGEMENT: >STATE:1464758607,RESOLVE,,,
Wed Jun 01 01:23:27 2016 UDPv4 link local: [undef]
Wed Jun 01 01:23:27 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:23:27 2016 MANAGEMENT: >STATE:1464758607,WAIT,,,
Wed Jun 01 01:24:27 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:24:27 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:24:27 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:24:27 2016 MANAGEMENT: >STATE:1464758667,RECONNECTING,tls-error,,
Wed Jun 01 01:24:27 2016 Restart pause, 2 second(s)
Wed Jun 01 01:24:29 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:24:29 2016 MANAGEMENT: >STATE:1464758669,RESOLVE,,,
Wed Jun 01 01:24:29 2016 UDPv4 link local: [undef]
Wed Jun 01 01:24:29 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:24:29 2016 MANAGEMENT: >STATE:1464758669,WAIT,,,
Wed Jun 01 01:25:29 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:25:29 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:25:29 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:25:29 2016 MANAGEMENT: >STATE:1464758729,RECONNECTING,tls-error,,
Wed Jun 01 01:25:29 2016 Restart pause, 2 second(s)
Wed Jun 01 01:25:31 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:25:31 2016 MANAGEMENT: >STATE:1464758731,RESOLVE,,,
Wed Jun 01 01:25:31 2016 UDPv4 link local: [undef]
Wed Jun 01 01:25:31 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:25:31 2016 MANAGEMENT: >STATE:1464758731,WAIT,,,
Wed Jun 01 01:26:31 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:26:31 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:26:31 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:26:31 2016 MANAGEMENT: >STATE:1464758791,RECONNECTING,tls-error,,
Wed Jun 01 01:26:31 2016 Restart pause, 2 second(s)
Wed Jun 01 01:26:33 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:26:33 2016 MANAGEMENT: >STATE:1464758793,RESOLVE,,,
Wed Jun 01 01:26:33 2016 UDPv4 link local: [undef]
Wed Jun 01 01:26:33 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:26:33 2016 MANAGEMENT: >STATE:1464758793,WAIT,,,
Wed Jun 01 01:27:33 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 01 01:27:33 2016 TLS Error: TLS handshake failed
Wed Jun 01 01:27:33 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 01 01:27:33 2016 MANAGEMENT: >STATE:1464758853,RECONNECTING,tls-error,,
Wed Jun 01 01:27:33 2016 Restart pause, 2 second(s)
Wed Jun 01 01:27:35 2016 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Jun 01 01:27:35 2016 MANAGEMENT: >STATE:1464758855,RESOLVE,,,
Wed Jun 01 01:27:35 2016 UDPv4 link local: [undef]
Wed Jun 01 01:27:35 2016 UDPv4 link remote: [AF_INET]secret.ip.address.com:1194
Wed Jun 01 01:27:35 2016 MANAGEMENT: >STATE:1464758855,WAIT,,,
====
Any ideas why this is not working when connecting to Tomato/AsusMerlin? It connects just fine if I use DDWRT, but I prefer the Merlin interface.