Help - Turning on openvpn fails?

[WildSioux]

I've read the wiki on how to set this up. Created the keys and pasted them in. But when I go to turn it on it proceeds but fails sand the little short goes back to Off.

Checked the log and it has some error on DH cert. I've tried the windows way and ssh into router that way. It seems either way it fails on creating. Especially the windows.

Any other way of making the certificates? It just simply doesn't turn on no matter what I do.

Thanks

 

[RMerlin]

I've read the wiki on how to set this up. Created the keys and pasted them in. But when I go to turn it on it proceeds but fails sand the little short goes back to Off.

Checked the log and it has some error on DH cert. I've tried the windows way and ssh into router that way. It seems either way it fails on creating. Especially the windows.

Any other way of making the certificates? It just simply doesn't turn on no matter what I do.

Thanks

I remember OpenVPN was more picky as to how you paste the DH compared to the other certs for some reason. When pasting the DH, make sure there is no extra linefeed either at the start or the end of it.

 

[WildSioux]

Did as you suggested merlin. But still won't turn on.

Aug 18 17:13:11 rc_service: httpd 304:notify_rc start_vpnserver1
Aug 18 17:13:11 openvpn[469]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 24 2013
Aug 18 17:13:11 openvpn[469]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Aug 18 17:13:11 openvpn[469]: Diffie-Hellman initialized with 1024 bit key
Aug 18 17:13:11 openvpn[469]: Cannot load certificate file server.crt: error:0906D06C:lib(9):func(109):reason(108): error:140AD009:lib(20):func(173):reason(9)
Aug 18 17:13:11 openvpn[469]: Exiting due to fatal error

One thing to mention. It appears the DH worked. But "cannot load certificate file server.crt.

Problem is, the Server.crt file is empty?

 

[RMerlin]

Did as you suggested merlin. But still won't turn on.



One thing to mention. It appears the DH worked. But "cannot load certificate file server.crt.

Problem is, the Server.crt file is empty?

Re-check what you pasted on the webui for Server Certificate. Remember that it must be the block of data between BEGIN and END, including these two lines themselves.

 

[WildSioux]

Yes, I have included those lines before and after "beginning" "end"

Problem is, I don't think it is generating anything in the Server certificate file. When I open in editpad, it is empty (no text). Plus I am getting these errors in cmd.

The system cannot find the path specified.
WARNING: can't open config file: /etc/ssl/openssl.cnf

failed to update database
TXT_DB error number 2
unable to write 'random state'

That may be why I'm getting the error about server certificate failing to initialize or load in the router log. DH appears to be working. But if I can figure out how to get an actual Server certificate generated with code I think it will work.

Thanks merlin!

 

[RMerlin]

Let's start from the beginning then. How are you generating the certificates?

 

[WildSioux]

I've tried two ways. Windows and trying the easy-RSA via ssh through router with USB drive. My last attempt was through the windows command prompt (administrator).

Seems like the only hold up is the server certificate = 0 bytes

 

[RMerlin]

I've tried two ways. Windows and trying the easy-RSA via ssh through router with USB drive. My last attempt was through the windows command prompt (administrator).

Seems like the only hold up is the server certificate = 0 bytes

Show me in details how you generate the certificates. You must be skipping one step if you have the same issue in both environments.

 

[WildSioux]

I actually got it to generate a server cert and it turned on! Not sure how I did but the initial errors I did have when I first started went away.

So far, I've been able to connect using my android Note 2 and the open VPN for android app to connect. Only tested over 4g, not Wi-Fi yet. But I printed a test page to my network printer. I can also view the settings GUI pages for the router, IP cameras and printer. Haven't been able to access my network drive though.

A quick question... But what does the client settings do for open VPN? I have it running as a server. I can't think of a reason to run a router as a client?

 

[RMerlin]

A quick question... But what does the client settings do for open VPN? I have it running as a server. I can't think of a reason to run a router as a client?

There are OpenVPN service providers out there who provide tunnels for people in need of either encryption (as they don't trust their ISP or the local authorities to not snoop on their traffic), or hiding their geographical location (to be able to access content or services not available to users located in their country). Having the client on the router means you can then have all your local devices route their traffic through that OpenVPN tunnel.

Another use would be to have one place always be connected remotely to another location (like a remote office, for instance), bridging the two networks together over a tunnel.

 

[WildSioux]

Thank you Merlin for the great service for us Asus owners looking for more but stock quality.

I won't need the client VPN. But I am stumped. When I first tried the basic Asus VPN I was able to access my NAS over 4g using my phone and the ES File Explorer. Could even scan and it would find it. Now, after setting up certificates and keys using the OpenVPN method I'm not able to access. It pops up with unable to access SMB share no Wi-Fi connection.

Not sure what changed other than method of logging in is more secure. And I'm really not sure how to fix it. I'm able to view ipcams, print, and view setup pages of each including my NAS. But not access the SMB share. Can't even scan as it pops up no Wi-Fi error.

Any ideas? I don't have my NAS smb port forward. But was able to connect and browse just fine with basic VPN. what gives?