Issue with OpenVPN after firmware update.

[NoValidTitle]

I was running a build from sometime in August and just updated yesterday and now my OpenVPN has stopped working. The system log doesn't show anything related to the vpn. When I go to the VPN details page it says all VPNs are stopped. I turn on the VPN server but it says initializing and it may take a few minutes but it stays that way for hours. I've tried rebooting the router and that didn't change anything.

http://i.imgur.com/Ss3zZnG.png

eidt* it's an AC66R

 

[L&LD]

I don't use VPN's, but reading here I'm pretty sure you need to do a reset to defaults (via the web gui), pull the power on the router (you don't say which model you're using) and manually enter any settings required.

After that is done, you will need to setup the VPN from scratch (the old keys will not work).

You might also want to assign a new ssid to your wireless bands, or, on each device 'forget' the network setting for the original ssid and then re-associate each device. This will ensure you will not have issues going forward (even if it seems to be working, for now).

 

[Ramorous]

I'm having similar issues.

Firmware: 3.0.0.4.374.38_2

System Log:

Jan 29 12:39:44 openvpn[30825]: OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 17 2014
Jan 29 12:39:44 openvpn[30825]: Diffie-Hellman initialized with 1024 bit key
Jan 29 12:39:44 openvpn[30825]: Cannot load CA certificate file ca.crt (OpenSSL)
Jan 29 12:39:44 openvpn[30825]: Exiting due to fatal error

When I navigate to /tmp/etc/openvpn/server1, ca.crt is present. Is there a command I can run from ssh to reload VPN server?

 

[RMerlin]

I'm having similar issues.

Firmware: 3.0.0.4.374.38_2

System Log:


When I navigate to /tmp/etc/openvpn/server1, ca.crt is present. Is there a command I can run from ssh to reload VPN server?

Go to VPN Details, click on the link to edit keys/certs, and re-enter them. Your CA might either be corrupted, or not matching the other certs you are using.

 

[NoValidTitle]

Go to VPN Details, click on the link to edit keys/certs, and re-enter them. Your CA might either be corrupted, or not matching the other certs you are using.

Any ideas on my issue? I don't even get a single log entry for openvpn.

 

[Ramorous]

Go to VPN Details, click on the link to edit keys/certs, and re-enter them. Your CA might either be corrupted, or not matching the other certs you are using.

Done already, checked them both in there and at command prompt. Re-entered all the certs as well.

 

[RMerlin]

Done already, checked them both in there and at command prompt. Re-entered all the certs as well.

Make sure they are in PEM format, and include the ---BEGIN/---END lines as well.

 

[RMerlin]

Any ideas on my issue? I don't even get a single log entry for openvpn.

Same as mentionned in the other reply - go to Details, erase all existing keys/certs, then return to VPNServer and re-enable the instance. It should take a few minutes to generate a new set of key/certs.

Make sure your WAN connection is working while doing so.

 

[NoValidTitle]

Same as mentionned in the other reply - go to Details, erase all existing keys/certs, then return to VPNServer and re-enable the instance. It should take a few minutes to generate a new set of key/certs.

Make sure your WAN connection is working while doing so.

I wiped the keys and tried to start the VPN again and it's been sitting for over 20 minutes now at the same screenshot I posted in the OP. Also, wouldn't wiping the keys mean I have to reconfigure every client as well? =\

 

[Ramorous]

Make sure they are in PEM format, and include the ---BEGIN/---END lines as well.

Yes, all proper PEM files (working in previous firmware build, 34 I think). I removed them all, let the defaults go in, turned it off re-added them, turned it back on, did the same to Server2...

The weird thing is, default certs work fine. I'll rebuild a new CA, etc... and try those out.

 

[NoValidTitle]

Same as mentionned in the other reply - go to Details, erase all existing keys/certs, then return to VPNServer and re-enable the instance. It should take a few minutes to generate a new set of key/certs.

Make sure your WAN connection is working while doing so.

Just to update I let it sit overnight with this and it's still at square one.

 

[Ramorous]

Was able to resolve the problem by creating a new CA. Find it very odd that before firmware update it worked just perfectly without issue. No worries though.

 

[NoValidTitle]

Still haven't resolved my issue.

 

[NoValidTitle]

Still haven't been able to get OpenVPN running on the newer firmware. I wiped all of the OpenVPN keys, generated new ones and I still have the same exact issue.

*edit*

I factory reset the router and it works now, something was screwed up somewhere.

 

[Deleted member 27741]

Because I have run into a similar issue to the OP, I keep my certs in a txt file ready to be cut and pasted into the openvpn server when I upgrade firmware or otherwise mess around with the router. Luckily I have not needed a full factory reset though!