What's new

Need help setting up ProtonVPN in AsusWRT-merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

orudie

Occasional Visitor
Hello Support,

I am trying to set up my ASUS router running WRT-Merlin firmware with ProtonVPN. In the VPN Client section I uploaded the .ovpn config which I downloaded from the router section downloads on protonvpn website. I indicate my protonvpn user and password on the same page, but getting authentication failed error message. Below is the log from the router. Please assist.


Mar 4 20:45:01 rc_service: httpd 839:notify_rc start_vpnclient1
Mar 4 20:45:02 ovpn-client1[12966]: OpenVPN 2.5.5 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 1 2022
Mar 4 20:45:02 ovpn-client1[12966]: library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.08
Mar 4 20:45:02 ovpn-client1[12969]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 4 20:45:02 ovpn-client1[12969]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mar 4 20:45:02 ovpn-client1[12969]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mar 4 20:45:02 ovpn-client1[12969]: TCP/UDP: Preserving recently used remote address: [AF_INET]62.112.9.165:80
Mar 4 20:45:02 ovpn-client1[12969]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Mar 4 20:45:02 ovpn-client1[12969]: UDP link local: (not bound)
Mar 4 20:45:02 ovpn-client1[12969]: UDP link remote: [AF_INET]62.112.9.165:80
Mar 4 20:45:02 ovpn-client1[12969]: TLS: Initial packet from [AF_INET]62.112.9.165:80, sid=9a88716c 9c14baa6
Mar 4 20:45:03 ovpn-client1[12969]: VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Mar 4 20:45:03 ovpn-client1[12969]: VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Mar 4 20:45:03 ovpn-client1[12969]: VERIFY KU OK
Mar 4 20:45:03 ovpn-client1[12969]: Validating certificate extended key usage
Mar 4 20:45:03 ovpn-client1[12969]: ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Mar 4 20:45:03 ovpn-client1[12969]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Mar 4 20:45:03 ovpn-client1[12969]: ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
Mar 4 20:45:03 ovpn-client1[12969]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
Mar 4 20:45:03 ovpn-client1[12969]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 4 20:45:03 ovpn-client1[12969]: VERIFY EKU OK
Mar 4 20:45:03 ovpn-client1[12969]: VERIFY OK: depth=0, CN=nl-01.protonvpn.net
Mar 4 20:45:03 ovpn-client1[12969]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
Mar 4 20:45:03 ovpn-client1[12969]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Mar 4 20:45:03 ovpn-client1[12969]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
Mar 4 20:45:03 ovpn-client1[12969]: [nl-01.protonvpn.net] Peer Connection Initiated with [AF_INET]62.112.9.165:80
Mar 4 20:45:04 ovpn-client1[12969]: SENT CONTROL [nl-01.protonvpn.net]: 'PUSH_REQUEST' (status=1)
Mar 4 20:45:09 ovpn-client1[12969]: SENT CONTROL [nl-01.protonvpn.net]: 'PUSH_REQUEST' (status=1)
Mar 4 20:45:09 ovpn-client1[12969]: AUTH: Received control message: AUTH_FAILED
Mar 4 20:45:09 ovpn-client1[12969]: SIGTERM[soft,auth-failure] received, process exiting
 

Attachments

  • wrt-merlin1.png
    wrt-merlin1.png
    167.5 KB · Views: 258
  • wrt-merlin2.png
    wrt-merlin2.png
    133.8 KB · Views: 235
If your vpn provider use certificates you must click "Username / Password Auth. Only" to NO
 
Guys, the router is connected to ProtonVPN however, on the computer connected to the router when I point the browser to whatismyip.com and .speedtest.net it shows my real location IP and ISP instead of the ProtonVPN server's IP.
 

Attachments

  • wrt-merlin3.png
    wrt-merlin3.png
    25.5 KB · Views: 179
I have done everything but at Public, it keeps giving unknown see here:

Connected (Local: 10.96.0.3 - Public: unknown)

Also in the log, I see this:

NOTE: setsockopt TCP_NODELAY=1 failed

What I'm doing wrong?
 
It seems I found the issue. If you have 2 different VPN clients you need to close the one you use in order to use the other one (new one). This was the case with me.

No issues here. I have 5 concurrent ones running with various devices connected/routed via VPNDirector
 
No issues here. I have 5 concurrent ones running with various devices connected/routed via VPNDirector

Yes, but I'm talking about using a main connection to all devices. I thought that maybe you need to see all the IPs of them all to work. not just connected. If you divided them into different devices as you have done then yes they work, but do you see the IPs at Connected (Local: 10.96.0.3 - here --->Public? Or do you see one and the rest are Public: unknown?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top