Menu
What's new
By:
Filters Better Search

OpenVPN client connects, but not working (2x RT-AC68U as server&client)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

naabo

New Around Here
Hi,
I have a strange problem with OpenVPN client on RT-AC68U. On a remote location I have another RT-AC68U running OpenVPN server (both Merlin 384.13). I can connect to the server and the log shows nothing unusual, but I can't reach any remote devices including router (server is set for LAN only, if i set for internet that stops working as well). But if I use a client (same configuration file) on win10 computer and all my mobile devices (smartphone, tablet) everything works according to configuration. I've tried different settings on a client side (web GUI) which didn't seem to have an effect on my problem. Since I'm getting a new router (AC86U) on a remote location in a couple of days I might start fresh with factory restore (but I have done that when flashing from 380 to 384). Did anyone have similar issues?
 
OpenVPN client firewall handling changed in 384.12. Not sure it applies to your situation, but worth a shot. I’m not a VPN user myself.
- CHANGED: Inbound traffic sent to you through an OpenVPN client
will now be dropped by default. This can be changed
through the new "Inbound Firewall" parameter found
on the OpenVPN client page. You should only change
this to "Allow" if running a site2site tunnel with
a trusted remote server, or if you do expect
traffic to be forwarded to you through the tunnel.
Click to expand...
 
Thanks, but changing the parameter to "allow" does not help.

Log (remote link modified):

Code: 
Aug 13 07:30:00 ovpn-client1[22858]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 31 2019
Aug 13 07:30:00 ovpn-client1[22858]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
Aug 13 07:30:00 ovpn-client1[22877]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 13 07:30:00 ovpn-client1[22877]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.142.x.x:1195
Aug 13 07:30:00 ovpn-client1[22877]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Aug 13 07:30:00 ovpn-client1[22877]: UDP link local: (not bound)
Aug 13 07:30:00 ovpn-client1[22877]: UDP link remote: [AF_INET]89.142.x.x:1195
Aug 13 07:30:02 ovpn-client1[22877]: TLS: Initial packet from [AF_INET]89.142.x.x:1195, sid=848bc32b fd82e04e
Aug 13 07:30:02 ovpn-client1[22877]: VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug 13 07:30:02 ovpn-client1[22877]: VERIFY KU OK
Aug 13 07:30:02 ovpn-client1[22877]: Validating certificate extended key usage
Aug 13 07:30:02 ovpn-client1[22877]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 13 07:30:02 ovpn-client1[22877]: VERIFY EKU OK
Aug 13 07:30:02 ovpn-client1[22877]: VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug 13 07:30:02 ovpn-client1[22877]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
Aug 13 07:30:02 ovpn-client1[22877]: [RT-AC68U] Peer Connection Initiated with [AF_INET]89.142x.x:1195
Aug 13 07:30:03 ovpn-client1[22877]: SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1)
Aug 13 07:30:03 ovpn-client1[22877]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,route-gateway 10.16.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.16.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM'
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: route options modified
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: route-related options modified
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: peer-id set
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: adjusting link_mtu to 1624
Aug 13 07:30:03 ovpn-client1[22877]: OPTIONS IMPORT: data channel crypto options modified
Aug 13 07:30:03 ovpn-client1[22877]: Data Channel: using negotiated cipher 'AES-128-GCM'
Aug 13 07:30:03 ovpn-client1[22877]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 13 07:30:03 ovpn-client1[22877]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 13 07:30:03 ovpn-client1[22877]: TUN/TAP device tun11 opened
Aug 13 07:30:03 ovpn-client1[22877]: TUN/TAP TX queue length set to 1000
Aug 13 07:30:03 ovpn-client1[22877]: /usr/sbin/ip link set dev tun11 up mtu 1500
Aug 13 07:30:04 ovpn-client1[22877]: /usr/sbin/ip addr add dev tun11 10.16.0.3/24 broadcast 10.16.0.255
Aug 13 07:30:04 ovpn-client1[22877]: updown.sh tun11 1500 1552 10.16.0.3 255.255.255.0 init
Aug 13 07:30:06 ovpn-client1[22877]: /usr/sbin/ip route add 192.168.2.0/24 metric 500 via 10.16.0.1
Aug 13 07:30:06 ovpn-client1[22877]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 13 07:30:06 ovpn-client1[22877]: Initialization Sequence Completed

One thing I have changed recently on remote location router was adding tagged vlan so my IPTV STB works through router lan port. Anyway I'm starting from scratch when I receive new router and try to setup OpenVPN before any other configuration. Not sure though if it's server side problem, as I can connect with my mobile devices&pc without problem.
 
Factory restoring remote router did not help either.

With windows client I can connect and access remote network.
Log from remote router when connecting:
Code: 
Aug 16 10:50:48 ovpn-server2[5408]: TCP connection established with [AF_INET6]::ffff:89.212.x.x:62777
Aug 16 10:50:49 ovpn-server2[5408]: 89.212.x.x:62777 TLS: Initial packet from [AF_INET6]::ffff:89.212.x.x:62777, sid=cb8b9660 f8c010f8
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_VER=2.4.6
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_PLAT=win
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_PROTO=2
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_NCP=2
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_LZ4=1
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_LZ4v2=1
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_LZO=1
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_COMP_STUB=1
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_COMP_STUBv2=1
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_TCPNL=1
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 1024 bit RSA
Aug 16 10:50:50 ovpn-server2[5408]: 89.212.x.x:62777 [client] Peer Connection Initiated with [AF_INET6]::ffff:89.212.x.x:62777
Aug 16 10:50:50 ovpn-server2[5408]: client/89.212.x.x:62777 MULTI_sva: pool returned IPv4=10.16.0.2, IPv6=(Not enabled)
Aug 16 10:50:50 ovpn-server2[5408]: client/89.212.x.x:62777 MULTI: Learn: 10.16.0.2 -> client/89.212.x.x:62777
Aug 16 10:50:50 ovpn-server2[5408]: client/89.212.x.x:62777 MULTI: primary virtual IP for client/89.212.x.x:62777: 10.16.0.2
Aug 16 10:50:51 ovpn-server2[5408]: client/89.212.x.x:62777 PUSH: Received control message: 'PUSH_REQUEST'
Aug 16 10:50:51 ovpn-server2[5408]: client/89.212.x.x:62777 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.2.1,redirect-gateway def1,route-gateway 10.16.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.16.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Aug 16 10:50:51 ovpn-server2[5408]: client/89.212.x.x:62777 Data Channel: using negotiated cipher 'AES-128-GCM'
Aug 16 10:50:51 ovpn-server2[5408]: client/89.212.x.x:62777 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 16 10:50:51 ovpn-server2[5408]: client/89.212.x.x:62777 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key

Connected with router I can't access anything.
Log:
Code: 
Aug 16 10:57:39 ovpn-server2[5408]: TCP connection established with [AF_INET6]::ffff:89.212.x.x:51493
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 TLS: Initial packet from [AF_INET6]::ffff:89.212.x.x:51493, sid=d4f7b1db 89956d6c
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_VER=2.4.7
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_PLAT=linux
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_PROTO=2
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_NCP=2
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_LZ4=1
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_LZ4v2=1
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_LZO=1
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_COMP_STUB=1
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_COMP_STUBv2=1
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 peer info: IV_TCPNL=1
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
Aug 16 10:57:40 ovpn-server2[5408]: 89.212.x.x:51493 [client] Peer Connection Initiated with [AF_INET6]::ffff:89.212.x.x:51493
Aug 16 10:57:40 ovpn-server2[5408]: client/89.212.x.x:51493 MULTI_sva: pool returned IPv4=10.16.0.2, IPv6=(Not enabled)
Aug 16 10:57:40 ovpn-server2[5408]: client/89.212.x.x:51493 MULTI: Learn: 10.16.0.2 -> client/89.212.x.x:51493
Aug 16 10:57:40 ovpn-server2[5408]: client/89.212.x.x:51493 MULTI: primary virtual IP for client/89.212.x.x:51493: 10.16.0.2
Aug 16 10:57:41 ovpn-server2[5408]: client/89.212.x.x:51493 PUSH: Received control message: 'PUSH_REQUEST'
Aug 16 10:57:41 ovpn-server2[5408]: client/89.212.x.x:51493 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.2.1,redirect-gateway def1,route-gateway 10.16.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.16.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Aug 16 10:57:41 ovpn-server2[5408]: client/89.212.x.x:51493 Data Channel: using negotiated cipher 'AES-128-GCM'
Aug 16 10:57:41 ovpn-server2[5408]: client/89.212.x.x:51493 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 16 10:57:41 ovpn-server2[5408]: client/89.212.x.x:51493 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key

Not sure if this is of any help understanding what's going on.
 
Just to let you know that I solved my problem by downgrading both routers to 384.9 (just because it is known to work) and factory reset/initialize. My guess would be that something was not right with the client side router, so it might have worked even If I just factory restored that one (without downgrading).
 
A few more observations on this - fw version does not really matter, I now have the latest version, but apparently It only works the first time the client gets configured. If I change any setting on client (eg. forgot to set innbound firewall to "allow" for site-to-site configuration) and even changing it back results in not working anymore (connected but nothing reachable). It doesn't help if you reboot router (soft or hard, one or both) or defaulting client and loading configuration file again or setting server again. The only thing that works is initializing the router. Reading other posts (https://www.snbforums.com/threads/solved-rt-ac68u-how-to-reset-openvpn-server.25806/) the router might have stored openvpn info that causes the client to stop functioning if any setting is changed and does not get deleted with reboot or any other re-configuration. The solution would probably be to SSH router.
 
You must log in or register to reply here.

Similar threads

M
OpenVPN Server - route back to client
Replies
7
Views
165
mekabe remain
M
T
[Help] Problems setting up OpenVPN
Replies
7
Views
281
Thookie
T
H
Extremely low speed on ac86u with openvpn client
Replies
7
Views
511
hassangh
H
G
Using VPN Director to route only torrent traffic through VPN
Replies
8
Views
410
eibgrad
eibgrad
N
Access Network on the VPN Client Side? CGNAT troubles!
Replies
6
Views
854
Anthonywkho
A
Similar threads
Thread starter Title Forum Replies Date
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7
eibgrad OpenVPN Client: mishandled route directives Asuswrt-Merlin 7
B No internet after turn on OpenVPN client Asuswrt-Merlin 4
Z Port forwarding for client connected to OpenVPN server Asuswrt-Merlin 0
J Reverse internet access through Asus-Merlin OpenVPN client. Asuswrt-Merlin 0
P Connect OpenVPN server with Client networks Asuswrt-Merlin 3
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 583 (members: 19, guests: 564)
Top