1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Help with OpenVPN Server; .11; AC68U

Discussion in 'Asuswrt-Merlin' started by Skagnola, May 19, 2019.

  1. Skagnola

    Skagnola New Around Here

    Joined:
    May 19, 2019
    Messages:
    1
    Hello - long time lurker and user of Asuswrt-Merlin!

    Need a little help with getting the OpenVPN Server to behave as expected. Kinda new to using it. I have gone through some how-tos with setting up /starting OpenVPN server on the AC68U. This one as an example.

    After the VPN Server is enabled and launched, I am not seeing the service actually listening while SSHed into the router. I notice at the bottom of the server list there is a 1194:

    # netstat -l
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 0.0.0.0:5473 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:3394 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com: printer 0.0.0.0:* LISTEN
    tcp 0 0 localhost.localdomain:netbios-ssn 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:netbios-ssn 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:7788 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:laserjet 0.0.0.0:* LISTEN
    tcp 0 0 localhost.localdomain:www 0.0.0.0:* LISTEN
    tcp 0 0 10.8.0.1:domain 0.0.0.0:* LISTEN
    tcp 0 0 localhost.localdomain:domain 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:domain 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:ssh 0.0.0.0:* LISTEN
    tcp 0 0 localhost.localdomain:8443 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:8443 0.0.0.0:* LISTEN
    tcp 0 0 localhost.localdomain:445 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:445 0.0.0.0:* LISTEN
    tcp 0 0 router.asus.com:3838 0.0.0.0:* LISTEN
    udp 0 0 0.0.0.0:9999 0.0.0.0:*
    udp 0 0 0.0.0.0:42000 0.0.0.0:*
    udp 0 0 localhost.localdomain:42032 0.0.0.0:*
    udp 0 0 10.8.0.1:domain 0.0.0.0:*
    udp 0 0 localhost.localdomain:domain 0.0.0.0:*
    udp 0 0 router.asus.com:domain 0.0.0.0:*
    udp 0 0 0.0.0.0:bootps 0.0.0.0:*
    udp 0 0 0.0.0.0:5474 0.0.0.0:*
    udp 0 0 0.0.0.0:18018 0.0.0.0:*
    udp 0 0 0.0.0.0:7788 0.0.0.0:*
    udp 0 0 0.0.0.0:38000 0.0.0.0:*
    udp 0 0 0.0.0.0:59000 0.0.0.0:*
    udp 0 0 192.168.1.255:netbios-ns 0.0.0.0:*
    udp 0 0 router.asus.com:netbios-ns 0.0.0.0:*
    udp 0 0 0.0.0.0:netbios-ns 0.0.0.0:*
    udp 0 0 192.168.1.255:netbios-dgm 0.0.0.0:*
    udp 0 0 router.asus.com:netbios-dgm 0.0.0.0:*
    udp 0 0 0.0.0.0:netbios-dgm 0.0.0.0:*
    udp 0 0 localhost.localdomain:38032 0.0.0.0:*
    udp 0 0 localhost.localdomain:59032 0.0.0.0:*
    udp 0 0 0.0.0.0:5353 0.0.0.0:*
    udp 0 0 0.0.0.0:43000 0.0.0.0:*
    udp 0 0 localhost.localdomain:61689 0.0.0.0:*
    udp 0 0 0.0.0.0:38394 0.0.0.0:*

    udp 0 0 :::1194 :::*
    Active UNIX domain sockets (only servers)
    Proto RefCnt Flags Type State I-Node Path
    unix 2 [ ACC ] STREAM LISTENING 1536 /var/nmbd/unexpected
    unix 2 [ ACC ] STREAM LISTENING 1571 /var/run/lldpd.socket
    unix 2 [ ACC ] STREAM LISTENING 1080 /var/run/nt_center_socket
    unix 2 [ ACC ] STREAM LISTENING 3412 /etc/cfgmnt_ipc_socket
    unix 2 [ ACC ] STREAM LISTENING 1143 /etc/wlcnt_socket
    unix 2 [ ACC ] STREAM LISTENING 1441 /var/run/avahi-daemon/socket
    unix 2 [ ACC ] STREAM LISTENING 1191 /var/run/nt_actMail_socket
    unix 2 [ ACC ] STREAM LISTENING 1381290 /tmp/dropbear-3c7e9890/auth-307ce569-7
    unix 2 [ ACC ] STREAM LISTENING 957 /var/run/protect_srv_socket
    unix 2 [ ACC ] STREAM LISTENING 1734 /etc/amas_lib_socket

    I see there are a couple proc running

    # ps | grep "openvpn*"
    6113 4816 S /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn
    6115 4708 S /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn


    If I probe the router for running services, I don't see the VPN running under 1194

    nmap 192.168.1.1
    Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-19 13:52 Central Daylight Time
    Nmap scan report for router.asus.com (192.168.1.1)
    Host is up (0.00031s latency).
    Not shown: 993 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    53/tcp open domain
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    515/tcp open printer
    8443/tcp open https-alt
    9100/tcp open jetdirect
    MAC Address: (Asustek Computer)

    Nmap done: 1 IP address (1 host up) scanned in 1.24 seconds

    Below is the OpenVPN server config

    # Automatically generated configuration
    daemon ovpn-server1
    topology subnet
    server 10.8.0.0 255.255.255.0
    proto udp
    port 1194
    dev tun21
    txqueuelen 1000
    ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
    comp-lzo adaptive
    keepalive 15 60
    verb 4
    push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
    duplicate-cn
    push "dhcp-option DNS 192.168.1.1"
    plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
    verify-client-cert none
    username-as-common-name
    ca ca.crt
    dh dh.pem
    cert server.crt
    key server.key
    status-version 2
    status status 5

    # Custom Configuration

    The VPN startup log is attached as syslog.txt. Not sure if there is something I have configured incorrectly or missing, etc.

     

    Attached Files:

  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,379
    Location:
    Canada
    Your server runs on 1194 UDP, but your nmap only scans for TCP.