I'm attempting to set up a lan to lan vpn between two Asus routers running Merlin firmware. I've read through numerous threads on this topic in the forum but none seems to match the issue I see.
Server side:
Network: 172.26.2.0/24
Router: Asus RT-AC3200 with Merlin fw 384.13_10
Generated openvpn config:
From /tmp/syslog:
Server side:
Network: 172.26.2.0/24
Router: Asus RT-AC3200 with Merlin fw 384.13_10
Generated openvpn config:
Code:
admin@RT-AC3200-F4D0:/tmp/home/root# cat /etc/openvpn/server1/config.ovpn
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun21
txqueuelen 1000
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
comp-lzo adaptive
keepalive 15 60
verb 5
push "route 172.26.2.0 255.255.255.0 vpn_gateway 500"
client-config-dir ccd
client-to-client
duplicate-cn
route 172.26.1.0 255.255.255.0
push "route 172.26.1.0 255.255.255.0"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up updown.sh
down updown.sh
status-version 2
status status 5
# Custom Configuration
Code:
admin@RT-AC3200-F4D0:/tmp/home/root# cat /etc/openvpn/server1/ccd/limeoffice
iroute 172.26.1.0 255.255.255.0
From /tmp/syslog:
Code:
Aug 3 17:30:28 ovpn-server1[2107]: MULTI: multi_create_instance called
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 Re-using SSL/TLS context
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 LZO compression initializing
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 TLS: Initial packet from [AF_INET6]::ffff:85.11.56.254:30739, sid=286712f9 a629a7fb
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC3200, emailAddress=me@myhost.mydomain
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_VER=2.4.3
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_PLAT=linux
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_PROTO=2
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_NCP=2
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_LZ4=1
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_LZ4v2=1
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_LZO=1
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_COMP_STUB=1
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_COMP_STUBv2=1
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 peer info: IV_TCPNL=1
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 3 17:30:28 ovpn-server1[2107]: 85.11.56.254:30739 TLS: Username/Password authentication succeeded for username 'limeoffice'
Aug 3 17:30:29 ovpn-server1[2107]: 85.11.56.254:30739 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug 3 17:30:29 ovpn-server1[2107]: 85.11.56.254:30739 [client] Peer Connection Initiated with [AF_INET6]::ffff:85.11.56.254:30739
Aug 3 17:30:29 ovpn-server1[2107]: client/85.11.56.254:30739 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug 3 17:30:29 ovpn-server1[2107]: client/85.11.56.254:30739 MULTI: Learn: 10.8.0.2 -> client/85.11.56.254:30739
Aug 3 17:30:29 ovpn-server1[2107]: client/85.11.56.254:30739 MULTI: primary virtual IP for client/85.11.56.254:30739: 10.8.0.2
Aug 3 17:30:30 ovpn-server1[2107]: client/85.11.56.254:30739 PUSH: Received control message: 'PUSH_REQUEST'
Aug 3 17:30:30 ovpn-server1[2107]: client/85.11.56.254:30739 SENT CONTROL [client]: 'PUSH_REPLY,route 172.26.2.0 255.255.255.0 vpn_gateway 500,route 172.26.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Aug 3 17:30:30 ovpn-server1[2107]: client/85.11.56.254:30739 Data Channel: using negotiated cipher 'AES-128-GCM'
Aug 3 17:30:30 ovpn-server1[2107]: client/85.11.56.254:30739 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Aug 3 17:30:30 ovpn-server1[2107]: client/85.11.56.254:30739 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 3 17:30:30 ovpn-server1[2107]: client/85.11.56.254:30739 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key