Hello all,
Not sure if it's Merlin specific but i have some issues connecting to my secondary router via OpenVPN.
Situation as following:
Remote router model: AC87 (Internal IP 192.168.199.x)
Local router model: AC68 (Internal IP 192.168.99.1)
Mask on both 255.255.255.0
With OpenVPN client on my laptop i use the same OpenVpn config file as uploaded and this works flawless but when i try to connect from the AC68 to the AC87 i cant get a working connection.
I use a TAP connection as i want both lans to be connected (with TUN i run into some issues as i have some shirtty Chinese cams where i had to block their internet access)
This is the log from the AC68 trying to connect to the remote AC87: (The same profile i use for the OpenVPN client on a laptop that works)
Config router AC87 (the Server side)
Config router AC68 (the Client side)
What do i wrong?
Not sure if it's Merlin specific but i have some issues connecting to my secondary router via OpenVPN.
Situation as following:
Remote router model: AC87 (Internal IP 192.168.199.x)
Local router model: AC68 (Internal IP 192.168.99.1)
Mask on both 255.255.255.0
With OpenVPN client on my laptop i use the same OpenVpn config file as uploaded and this works flawless but when i try to connect from the AC68 to the AC87 i cant get a working connection.
I use a TAP connection as i want both lans to be connected (with TUN i run into some issues as i have some shirtty Chinese cams where i had to block their internet access)
This is the log from the AC68 trying to connect to the remote AC87: (The same profile i use for the OpenVPN client on a laptop that works)
Code:
Sep 7 13:31:19 rc_service: httpd 285:notify_rc start_vpnclient1
Sep 7 13:31:21 kernel: device tap11 entered promiscuous mode
Sep 7 13:31:21 kernel: ADDRCONF(NETDEV_UP): tap11: link is not ready
Sep 7 13:31:21 ovpn-client1[2351]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 4 2018
Sep 7 13:31:21 ovpn-client1[2351]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.08
Sep 7 13:31:21 ovpn-client1[2352]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 7 13:31:22 ovpn-client1[2352]: TCP/UDP: Preserving recently used remote address: [AF_INET][Remote-IP]:1195
Sep 7 13:31:22 ovpn-client1[2352]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 7 13:31:22 ovpn-client1[2352]: UDP link local: (not bound)
Sep 7 13:31:22 ovpn-client1[2352]: UDP link remote: [AF_INET][Remote-IP]:1195
Sep 7 13:31:22 ovpn-client1[2352]: TLS: Initial packet from [AF_INET][Remote-IP]:1195, sid=33a83bc3 89d68afa
Sep 7 13:31:22 ovpn-client1[2352]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sep 7 13:31:22 ovpn-client1[2352]: VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Sep 7 13:31:22 ovpn-client1[2352]: VERIFY KU OK
Sep 7 13:31:22 ovpn-client1[2352]: Validating certificate extended key usage
Sep 7 13:31:22 ovpn-client1[2352]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sep 7 13:31:22 ovpn-client1[2352]: VERIFY EKU OK
Sep 7 13:31:22 ovpn-client1[2352]: VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Sep 7 13:31:22 ovpn-client1[2352]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sep 7 13:31:22 ovpn-client1[2352]: [RT-AC87U] Peer Connection Initiated with [AF_INET][Remote-IP]:1195
Sep 7 13:31:23 ovpn-client1[2352]: SENT CONTROL [RT-AC87U]: 'PUSH_REQUEST' (status=1)
Sep 7 13:31:23 ovpn-client1[2352]: PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 255.255.255.255 net_gateway,route-gateway 192.168.199.1,redirect-gateway def1,route-gateway dhcp,ping 15,ping-restart 60,peer-id 0,cipher AES-128-GCM'
Sep 7 13:31:23 ovpn-client1[2352]: OPTIONS IMPORT: timers and/or timeouts modified
Sep 7 13:31:23 ovpn-client1[2352]: OPTIONS IMPORT: route options modified
Sep 7 13:31:23 ovpn-client1[2352]: OPTIONS IMPORT: route-related options modified
Sep 7 13:31:23 ovpn-client1[2352]: OPTIONS IMPORT: peer-id set
Sep 7 13:31:23 ovpn-client1[2352]: OPTIONS IMPORT: adjusting link_mtu to 1657
Sep 7 13:31:23 ovpn-client1[2352]: OPTIONS IMPORT: data channel crypto options modified
Sep 7 13:31:23 ovpn-client1[2352]: Data Channel: using negotiated cipher 'AES-128-GCM'
Sep 7 13:31:23 ovpn-client1[2352]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sep 7 13:31:23 ovpn-client1[2352]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sep 7 13:31:23 ovpn-client1[2352]: TUN/TAP device tap11 opened
Sep 7 13:31:23 ovpn-client1[2352]: TUN/TAP TX queue length set to 100
Sep 7 13:31:23 kernel: ADDRCONF(NETDEV_CHANGE): tap11: link becomes ready
Sep 7 13:31:25 ovpn-client1[2352]: /usr/sbin/ip route add [Remote-IP]/32 via 192.168.0.1
Sep 7 13:31:25 ovpn-client1[2352]: /usr/sbin/ip route add 0.0.0.0/1 via 192.168.199.1
Sep 7 13:31:25 ovpn-client1[2352]: ERROR: Linux route add command failed: external program exited with error status: 2
Sep 7 13:31:25 ovpn-client1[2352]: /usr/sbin/ip route add 128.0.0.0/1 via 192.168.199.1
Sep 7 13:31:25 ovpn-client1[2352]: ERROR: Linux route add command failed: external program exited with error status: 2
Sep 7 13:31:25 ovpn-client1[2352]: /usr/sbin/ip route add 0.0.0.0/32 via 192.168.0.1
Sep 7 13:31:25 ovpn-client1[2352]: Initialization Sequence CompletedConfig router AC87 (the Server side)
Config router AC68 (the Client side)
What do i wrong?
