What's new

Open VPN Client Issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

tstewart

Occasional Visitor
I am trying to get the Open VPN client to connect to privateinternetaccess.com but can't seem to get it to work. From the logs it looks like it is connecting but while the VPN Client is on I do not get any internet access. Once I turn the VPN CLient off then the internet access comes back. Here is the log from my last connection.

Sep 28 22:57:31 notify_rc : start_vpnclient1
Sep 28 22:57:31 kernel: tun: Universal TUN/TAP device driver, 1.6
Sep 28 22:57:31 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Sep 28 22:57:31 openvpn[1221]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Sep 24 2012
Sep 28 22:57:31 openvpn[1221]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sep 28 22:57:31 openvpn[1221]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 28 22:57:31 openvpn[1221]: LZO compression initialized
Sep 28 22:57:32 openvpn[1221]: RESOLVE: NOTE: us-midwest.privateinternetaccess.com resolves to 3 addresses
Sep 28 22:57:32 openvpn[1227]: UDPv4 link local: [undef]
Sep 28 22:57:32 openvpn[1227]: UDPv4 link remote: 208.53.158.93:1194
Sep 28 22:57:33 openvpn[1227]: [server] Peer Connection Initiated with 208.53.158.93:1194
Sep 28 22:57:35 openvpn[1227]: TUN/TAP device tun11 opened
Sep 28 22:57:35 openvpn[1227]: /sbin/ifconfig tun11 10.162.102.10 pointopoint 10.162.102.9 mtu 1500
Sep 28 22:57:35 openvpn[1227]: updown.sh tun11 1500 1542 10.162.102.10 10.162.102.9 init
Sep 28 22:57:35 openvpn[1227]: Initialization Sequence Completed

I followed the this tutorial for setting it up.

https://www.privateinternetaccess.c...-setup-for-newer-branches-including-tomatousb

Has anyone been able to get the VPN Client working with privateinternetaccess.com or do you have any suggestions on what I can try.


Thank You
 
Hi, for the routing make in Custom Configuration -> script-security 2

can you post a scrennshot or the output

cat /tmp/etc/openvpn/client1/config.ovpn
 
# Automatically generated configuration
daemon
client
dev tun11
proto udp
remote us-midwest.privateinternetaccess.com 1194
resolv-retry 30
reneg-sec 0
nobind
persist-key
persist-tun
comp-lzo adaptive
verb 3
script-security 2
up updown.sh
down updown.sh
ca ca.crt
auth-user-pass up
status-version 2
status status

# Custom Configuration
script-security 2
auth-nocache
persist-key
persist-tun
tls-client
comp-lzo
verb 1
 
Hi, ich see Merlin has the script security integrated.
I think your Custom Config is to much.

Is the reneg-sec 0 correct?
 
Hi, ich see Merlin has the script security integrated.
I think your Custom Config is to much.

Is the reneg-sec 0 correct?

All of the items in the Custom Config came from the tutorial except for the Script-security 2" and "auth-nocache". I added these because of errors and warnings I was seeing in the log.

It looks like the reneg-sec setting maps to TLS Renegotiation Time. From the Tomato tutorial that is what it said to set it at. I wonder if 0 in tomato means default. In merlin's the default is -1. The problem is the UI will not allow the minus sign to be entered. This is true for the Connection Retry setting also, for the default setting you are suppose to enter -1 but you can't enter a minus sign.

I changed the TLS Renegotiation Time setting to 10 and not I get this in the log.

Sep 29 10:28:40 notify_rc : start_vpnclient1
Sep 29 10:28:40 kernel: tun: Universal TUN/TAP device driver, 1.6
Sep 29 10:28:40 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Sep 29 10:28:41 openvpn[1527]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Sep 24 2012
Sep 29 10:28:41 openvpn[1527]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sep 29 10:28:41 openvpn[1527]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 29 10:28:41 openvpn[1527]: LZO compression initialized
Sep 29 10:28:41 openvpn[1527]: RESOLVE: NOTE: us-midwest.privateinternetaccess.com resolves to 3 addresses
Sep 29 10:28:41 openvpn[1535]: UDPv4 link local: [undef]
Sep 29 10:28:41 openvpn[1535]: UDPv4 link remote: 208.53.158.116:1194
Sep 29 10:28:41 openvpn[1535]: [server] Peer Connection Initiated with 208.53.158.116:1194
Sep 29 10:28:43 openvpn[1535]: TUN/TAP device tun11 opened
Sep 29 10:28:43 openvpn[1535]: /sbin/ifconfig tun11 10.175.101.6 pointopoint 10.175.101.5 mtu 1500
Sep 29 10:28:43 openvpn[1535]: updown.sh tun11 1500 1542 10.175.101.6 10.175.101.5 init
Sep 29 10:28:44 openvpn[1535]: Initialization Sequence Completed
Sep 29 10:28:51 openvpn[1535]: ERROR: could not read Auth username from stdin
Sep 29 10:28:51 openvpn[1535]: Exiting
Sep 29 10:28:51 openvpn[1535]: /sbin/ifconfig tun11 0.0.0.0
Sep 29 10:28:51 openvpn[1535]: updown.sh tun11 1500 1542 10.175.101.6 10.175.101.5 init

It looks like now it is having trouble reading the user name.
 
To help with debugging you can increase OpenVPN's debugging output level. Over telnet:

nvram set vpn_loglevel=15
nvram commit

The vpn_loglevel value must be between 0 and 15 (3 is the default).

There is also a bug that will be fixed in the next release where vpn_client1_useronly has no default value, and can therefore not be set through the webui. Try setting it over telnet:

nvram set vpn_client1_useronly=0
nvram commit

(0 = disable, 1 = enable)

Note that accessing the webui might possibly erase the value.
 
I set the VPN log level to 15 but I do not get any more information in the log file. I did notice that looking at the Custom Configuration part of the config.ovpn file there is an extra ^M character. I am guessing this is from Chrome on Windows since Windows uses carriage return line feed at the end of lines. I also added the vpn_client1_useronly setting and set it to 0. I am still getting the same error.

Sep 29 11:31:00 openvpn[2022]: Initialization Sequence Completed
Sep 29 11:31:08 openvpn[2022]: ERROR: could not read Auth username from stdin
Sep 29 11:31:08 openvpn[2022]: Exiting
Sep 29 11:31:08 openvpn[2022]: /sbin/ifconfig tun11 0.0.0.0
Sep 29 11:31:08 openvpn[2022]: updown.sh tun11 1500 1542 10.121.100.6 10.121.100.5 init
 
This is the password line from the config file. auth-user-pass up. I set the Username/Password Authentication setting to no so I could play around with this setting in the Custom Configuration area. I changed this to auth-user-pass up1 and got the error that the file did not exist. Then when I changed it back to up I get the ERROR: could not read Auth username from stdin error again. The way it looks the openvpn script can not read the username/password from the file.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top