I can't add openvpn users

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

perseus

New Around Here
Hello!
I have Asus RT AX 88 with merlin wrt (386_2_4 version).
I have a problem. I can't add users in my openvpn server. I write username, password, push add, apply, and the user don't apear in the list.
Somebody have some ideas?
 

RMerlin

Asuswrt-Merlin dev
That issue was fixed with 386.2_0 back in March. Double check which firmware version you are actually using.
 

perseus

New Around Here
This is my firmware version.
I turn off the router, i swhitched on/off openvpn server and still i can't add users.
 

Attachments

  • ASUS-Wireless-Router-RT-AX88U-Network-Map.png
    ASUS-Wireless-Router-RT-AX88U-Network-Map.png
    142.2 KB · Views: 65

RMerlin

Asuswrt-Merlin dev
I just tested it, and it's working for me. Try a different browser.
 

perseus

New Around Here
I tried 4 separate browsers. Today I will try to do a factory reset and see if it works.
 

maestr0

Occasional Visitor
Have the same issue. Am on 386.2_6 on an AC88U. Have tried FF, Chrome, Edge Chromium, IE. Am not able to delete/create VPN users. No entries in system log when I try to delete/create users.
 

RMerlin

Asuswrt-Merlin dev
Open your browser console and look for any Javascript error message.
 

maestr0

Occasional Visitor
The console shows me the following when I navigate to VPN Server, delete a VPN users and choose apply. Note sure if these messages are really causing the issue I'm facing.

1623349958507.png
 

RMerlin

Asuswrt-Merlin dev
Those screenshots are impossible to read.
 

maestr0

Occasional Visitor
Have waited on the 386.3 firmware to see if that might solve my issue in some way. Unfortunately it didn't. I still can add/remove VPN users. The console shows me this when trying to remove a VPN user.

1627419754590.png
 

AndrewL733

New Around Here
Hello, I have the same issue reported by @perseus. I am running 382.2_6 on an RT-AC86U. No user that I have added in the past 8-9 months is able to authenticate when connecting to the OpenVPN server. I am unable to add any new users. When I add the new user and click on Apply, after the browser is finished doing it's "Applying Settings" thing, the new user is not actually there in the user list. Similarly, if I delete an existing user in the UI and click on "Apply", the user fails to delete.

I am running macOS and have the same issue with Chrome, Firefox and Safari. My macOS and the browsers are all up to date. Similarly, I have tried on Ubuntu Linux 16.04 with Firefox and see the exact same behavior.

For me at the moment, the only user account that works with the VPN is the router's "admin" account.

@RMerlin, I know you say this was previously fixed but I don't think so. Or it broke again (maybe an inadvertent reversion to the broken code?)
 

AndrewL733

New Around Here
Oh, I forgot to cross reference the ticket I created yesterday:

 

AndrewL733

New Around Here
Here is the console output from Linux Firefox:

17:41:44.598 WebExtensions: reset-default-search: starting. api.js:183
17:41:44.598 WebExtensions: reset-default-search: has already ran once and saw panel, exit. api.js:210
17:41:47.493 [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIAppStartup.secondsSinceLastOSRestart]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: resource:///modules/BrowserGlue.jsm :: _collectStartupConditionsTelemetry :: line 1623" data: no] BrowserGlue.jsm:1623:9
17:41:48.131 Unknown category for SetEventRecordingEnabled: fxmonitor
17:41:48.935 this._searchProviderInfo is null 2 SearchSERPTelemetry.jsm:438
17:41:53.306 Error: Can't find profile directory. 6 XULStore.jsm:66:15
17:41:53.583 Key event not available on some keyboard layouts: key=\u201cr\u201d modifiers=\u201caccel,alt\u201d id=\u201ckey_toggleReaderMode\u201d browser.xhtml
17:41:53.583 Key event not available on some keyboard layouts: key=\u201ci\u201d modifiers=\u201caccel,alt,shift\u201d id=\u201ckey_browserToolbox\u201d browser.xhtml
17:41:53.876 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443
17:41:54.137 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443 3
17:41:54.801 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443 2
17:41:56.316 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443
17:42:57.336 TypeError: composedTarget is null ClickHandlerChild.jsm:40:7
17:43:39.280 update.locale file doesn't exist in either the application or GRE directories UpdateUtils.jsm:149
17:44:19.348 NS_ERROR_FAILURE: Couldn't decrypt string 3 crypto-SDR.js:200


Here are the console messages from mac Chrome:

Code:
jquery.js:5 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
send @ jquery.js:5
ajax @ jquery.js:5
nvramGet @ httpApi.js:60
faqURL @ httpApi.js:580
initial @ Advanced_VPN_OpenVPN.asp:170
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004472?callback=jQuery110207435840333061305_1627595559634&_=1627595559635 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.js:5
ajax @ jquery.js:5
faqURL @ httpApi.js:610
initial @ Advanced_VPN_OpenVPN.asp:171
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004466?callback=jQuery110207435840333061305_1627595559638&_=1627595559639 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.js:5
ajax @ jquery.js:5
faqURL @ httpApi.js:610
initial @ Advanced_VPN_OpenVPN.asp:173
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004469?callback=jQuery110207435840333061305_1627595559632&_=1627595559633 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.js:5
ajax @ jquery.js:5
faqURL @ httpApi.js:610
initial @ Advanced_VPN_OpenVPN.asp:170
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004471?callback=jQuery110207435840333061305_1627595559636&_=1627595559637 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
 

RMerlin

Asuswrt-Merlin dev
@RMerlin, I know you say this was previously fixed but I don't think so. Or it broke again (maybe an inadvertent reversion to the broken code?)
There was a specific issue at the time which I was able to reproduce and fix. The issue was strictly preventing from adding new users, it didn't affect the existing ones in any way. If people are experiencing authentication issues now, then it's completely different, and so far in all my tests I have been unable to reproduce it.

My first guess would be some users have a browser addons that messes with the DOM and corrupts the password. Or, they are using an addon that manipulates usernames/passwords and also corrupts them as they aren't properly dealing with the fact they are now encrypted.
 

torstein

Regular Contributor
Did you guys find a solution? I am suddenly for no reason at all experiencing this same issue with merlin 386.3_2 on ax86u.

I cannot add or remove users on my OpenVPN-server. I can connect just fine to the vpn with the usernames who are already there, but adding or removing usernames does nothing. Rebooting router doesn't help, tried several browsers with and without add-ons.

Do I have to reset my router to fix this?
 
Last edited:

eibgrad

Very Senior Member
I have no idea what the problem is either, but I threw together the following little script that allows you to define and install your username/passwords directly into nvram. After specifying your own username/passwords, simply open an ssh session and copy/paste it into the window.

Code:
clist='
user1 password1
user2 password2
user3 password3
'
x=''
OIFS="$IFS"; IFS=$'\n'
for i in $clist; do
    x="$x<$(echo $i | awk '{print $1}')>$(echo $i | awk '{print $2}')"
done
IFS="$OIFS"
nvram set vpn_serverx_clientlist="$x"
nvram commit

Just be careful since the script does NOT prevent invalid characters (<>&) or allow embedded blanks in username or password.

It obviously doesn't address the underlying problem, but at least you can get your username/passwords operational. It would be interesting to know if once these were installed correctly using the script, then you hit Apply (or even rebooted), whether they became corrupted again.
 
Last edited:

torstein

Regular Contributor
Thanks, I'm gonna reset it anyways, I think. I want to get rid of skynet and have a clean merlin firmware.
 

maestr0

Occasional Visitor
I noticed by accident, that the hashed passwords in shadow and shadow.openvpn in /etc changed for some users after a reboot. Those users were then not able to logon because of authentication failures. After the reboot those files had a timestamp of May 5th 2018 (whereas before the reboot they had a much later timestamp). Have no idea what might be causing this.
 

torstein

Regular Contributor
Any way to reset the shadow.openvpn?
 

RMerlin

Asuswrt-Merlin dev

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top