Issue with openvpn client connection

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

lazyme

Occasional Visitor
Hi,
I have an issue with open vpn client connection, full log below. Can someone advice what is wrong here? Merlin 386.2_6 and AX88u here.

Jul 16 07:44:35 ovpn-client1[19288]: OpenVPN 2.5.2 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 6 2021
Jul 16 07:44:35 ovpn-client1[19288]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.08
Jul 16 07:44:35 ovpn-client1[19289]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 16 07:44:35 ovpn-client1[19289]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 16 07:44:35 ovpn-client1[19289]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 16 07:44:35 ovpn-client1[19289]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 16 07:44:35 ovpn-client1[19289]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 16 07:44:35 ovpn-client1[19289]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Jul 16 07:44:35 ovpn-client1[19289]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Jul 16 07:44:35 ovpn-client1[19289]: UDP link local: (not bound)
Jul 16 07:44:35 ovpn-client1[19289]: UDP link remote: [AF_INET]x.x.x.x:1194
Jul 16 07:44:35 ovpn-client1[19289]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=ffdd5ad2 b13136d4
Jul 16 07:44:35 ovpn-client1[19289]: VERIFY OK: depth=1, CN=ChangeMe
Jul 16 07:44:35 ovpn-client1[19289]: VERIFY KU OK
Jul 16 07:44:35 ovpn-client1[19289]: Validating certificate extended key usage
Jul 16 07:44:35 ovpn-client1[19289]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jul 16 07:44:35 ovpn-client1[19289]: VERIFY EKU OK
Jul 16 07:44:35 ovpn-client1[19289]: VERIFY OK: depth=0, CN=server
Jul 16 07:44:35 ovpn-client1[19289]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Jul 16 07:44:35 ovpn-client1[19289]: [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Jul 16 07:44:36 ovpn-client1[19289]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jul 16 07:44:36 ovpn-client1[19289]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 172.26.0.2,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: route options modified
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: route-related options modified
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: peer-id set
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: adjusting link_mtu to 1624
Jul 16 07:44:36 ovpn-client1[19289]: OPTIONS IMPORT: data channel crypto options modified
Jul 16 07:44:36 ovpn-client1[19289]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 16 07:44:36 ovpn-client1[19289]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 16 07:44:36 ovpn-client1[19289]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 16 07:44:36 ovpn-client1[19289]: GDG6: remote_host_ipv6=n/a
Jul 16 07:44:36 ovpn-client1[19289]: net_route_v6_best_gw query: dst ::
Jul 16 07:44:36 ovpn-client1[19289]: net_route_v6_best_gw result: via :: dev lo
Jul 16 07:44:36 ovpn-client1[19289]: TUN/TAP device tun11 opened
Jul 16 07:44:36 ovpn-client1[19289]: TUN/TAP TX queue length set to 1000
Jul 16 07:44:36 ovpn-client1[19289]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jul 16 07:44:36 ovpn-client1[19289]: /usr/sbin/ip link set dev tun11 up
Jul 16 07:44:36 ovpn-client1[19289]: /usr/sbin/ip addr add dev tun11 10.8.0.2/24
Jul 16 07:44:36 ovpn-client1[19289]: Linux ip addr add failed: external program exited with error status: 2
Jul 16 07:44:36 ovpn-client1[19289]: Exiting due to fatal error
 

lazyme

Occasional Visitor
if I run command from ssh I get following error

/usr/sbin/ip addr add dev tun11 10.8.0.2/24
RTNETLINK answers: File exists
 

RMerlin

Asuswrt-Merlin dev
IPv6 is not supported. Try adding these lines to your Custom Settings to filter it out:

Code:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "router-ipv6"
 

lazyme

Occasional Visitor
IPv6 is not supported. Try adding these lines to your Custom Settings to filter it out:

Code:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "router-ipv6"
thank you very much, that's was it.

reading wiki to setup proper routing
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top