OpenVPN Client Settings for Mullvad VPN?

[JohnDrake]

I'm trying to configure my router running Asuswrt-Merlin to work with the OpenVPN client and the Mullvad VPN service.

Does anyone have a list of the OpenVPN client settings for Mullvad? I've spent hours Googling this with no luck.

Thanks in advance for any assistance you can offer...

 

[cosmoxl]

https://www.mullvad.net/en/setup/ddwrt/

does that not have enough info? down at the very bottom they say you need to log in and download the crt and key files. you'll have to copy and paste the data from those files into the proper section in your openvpn client setup.

 

[JohnDrake]

https://www.mullvad.net/en/setup/ddwrt/
does that not have enough info?

Actually, no.

The DD-WRT and Asuswrt setup screens are different and I'm not sure which settings go where:

http://bayimg.com/EAAGoAAgG

Also, I did enter the three crypto keys.

Thanks for your help...

 

[lurice0]

Actually, no.

The DD-WRT and Asuswrt setup screens are different and I'm not sure which settings go where:

http://bayimg.com/EAAGoAAgG

Also, I did enter the three crypto keys.

Thanks for your help...

Hey by the three crypto keys do you mean the two cert and the 1 key from https://mullvad.net/en/setup/ddwrt/? Please where exactly did you enter them? THanks

 

[cosmoxl]

look at the authorization mode line in the openvpn client page

there's a link there to the right for entering keys and certs

 

[lurice0]

setting up mullvad

will the 'static key' field be left blank? Answer: yes

Using Port 1194 i got it working! AND loading pages from VPN! Use the settings in the pic by JohnDrake here. or open your .conf file with text edit and read the ports and other settings it suggests. Uploading a .ovpn file or .conf file does most of the work for you, however that method doesnt work perfectly for me for various reasons... port 53 has been letting me stay (unless i quit using net for ext time then i gotta reboot router, i always have to reboot router when i stop using internet for ext periods of time... I'm not sure how to fix it, so i look at the log and:

Always common in my log and sticks out: 'WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.' The link explains, but i can't think of the Mullvad Common Name under the OpenVPN Settings tab on Merlin, under 'Verify Server Certificate' option? Answer: it works without Verify Server Cert, and if I check yes under settings that i want to verify server cert, it asks for the Common name: im not sure what to put because the log always says this:

VERIFY X509NAME ERROR: /C=NA/ST=None/L=None/O=Mullvad/CN=xxx.mullvad.net/emailAddress=info@mullvad.net, must be (whatever i entered for the Common name, in the settings)

so, what exactly do i enter for the common name, so to verify server cert????
the client key and client cert text files offered some clues but i cant get it.

*I am trying to use Mullvad VPN on my ASUS rt-ac56u router with merlin on it.

Now if you have lag on ps3 multiplayer, its because your ping is now messed up.

 

[stoof]

Please post WRT settings for ASUS RT-AC66U

Hi

I have exactly the same challenge, connecting it with Mullvad VPN using ASUSWRT-Merlin.

Could you please post a Picture of your router settings, that would be really useful to compare your working ones with mine. Stating the obvious your old pics are no longer online...

Many thanks

 

[lurice0]

Hey stoof. Hey everyone. I am having troubles with mullvad on merlin again. I cant get it to verify server cert. and i cant get it to stay online when im not using it.

some of those settings in the pics i uploaded are still good. but use the settings of the .ovpn/.conf file mullvad provided. either upload them or read from them as a text edit file.

 

[cosmoxl]

ns-cert-type server

I believe that line needs to be in your custom config.

However, from the looks of the mullvad web site https://www.mullvad.net/en/setup/openvpn/ it looks as though you should be able to download ovpn config files complete with certs/keys.

If so, all you have to do is upload the ovpn file to the routers via the openvpn client GUI, apply to save, and turn it on.

 

[cosmoxl]

the custom configuration space is just at the bottom of the openvpn client page.

you shouldn't have to mess with anything though. as I said, just upload the ovpn configs, click apply, and turn it on.

 

[lurice0]

You are totally right cosmoxl thanks for your help, i updated my settings with the ovpn configs, but i still cant get the verify server certificate part. it asks for the Common name? the system log always says this:

VERIFY X509NAME ERROR: /C=NA/ST=None/L=None/O=Mullvad/CN=nl2.mullvad.net/emailAddress=info@mullvad.net, must be (*** Whatever i entered as the common name shows up in the log here ***)

also, im hoping after this is fixed, it will stop messing up--its making me reboot the router after every small period of inactivity.

 

[john9527]

For the server verify error, try setting Verify server certificate to No, and add this line to the custom config section

remote-cert-tls server

For the disconnect issue, try these lines in custom config

inactive 0
keepalive 5 60

These work for me on PIA VPN.

 

[lurice0]

For the server verify error, try setting Verify server certificate to No, and add this line to the custom config section

remote-cert-tls server

For the disconnect issue, try these lines in custom config

inactive 0
keepalive 5 60

These work for me on PIA VPN.

thanks but,
remote-cert-tls server
is already in my custom config file but not typed in under custom config on the Merlin VPN settings page. i will try typing it in there... i usually delete it because vpn doesnt work when all that extra stuff is typed in down there. but i found i only needed to delete these lines under custom config on the Merlin VPN settings page after uploading the Mullvad provided .conf file:

tun-ipv6
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

originally i was deleting everything but the tls cipher code...

NOW i have no sytem log errors noticeable by me and hopefully it will fix my disconnect issues.

i wish that when i upload the .conf file that it would update the keys & certificates but it doesn't. in the .conf it lists:

ca ca.crt
cert mullvad.crt
key mullvad.key

crl-verify crl.pem

i dont know where to copy paste the 'crl-verify crl.pem' file.

if you look under where you copy paste the keys & certificates there is a fourth box called Static Key. maybe 'crl-verify crl.pem' needs copy pasted there? ANyway i think its ok now.

for the disconnect issue,
inactive and keepalive arent in my custom config,
however that would change my 'tls renegotiation time'? which is -1 for default
and 'connection retry' which is set at -1 for infinite.?
'Poll Interval' is 0....
i will try messing around with typing it in under custom config on the Merlin VPN settings page...
now it has 'ping-restart 60'
and ping 10