First of all, forgive my english.. it's not my primary language and it's very rusty.
I bought an AC66U yesterday and i'm having trouble making an ovpn server. I don't know much about the subject so it's most definitely my fault.
I tried both the default certificates it creates and custom ones i made with easyrsa. I'm going to show the key's but i don't mind since i'll create new ones.
First the default ones
These are the default settings: http://i.imgur.com/KWo8dtK.png
These are the keys it makes: http://i.imgur.com/xfeeauU.png
It doesn't create a static key. Exporting the ovpn file and trying it on my phone leads to this in the logs:
Enabeling tls (bidirectional if i recall) creates a static key: http://i.imgur.com/O7D1Yo6.png
Exporting the ovpn file and trying it, leads to this:
Ok, so.. trying the certificates and keys i made with easyrsa: http://i.imgur.com/ahKDCKm.png
"asus" is the name of the client.. i also used that name in the common field as advised.
This is what i get: http://i.imgur.com/DnwXjfi.png
The problem is.. i don't know what to put in the static key.. i don't even know if it's needed or not so i just let that default one.
The ovpn file it creates looks like this:
In the "paste client certificate data here" i put the asus.crt data
In the "paste client key data here" i paste the asus.key data.
It still can't connect. The logs shows again:
I clearly don't know what i'm doing.. although i configured an openvpn server on my orange pi and had no problems. Anyone can give a hand?
Another 2 "problems" i found:
Yesterday i put the router to reset itself everyday at 5am, today when i woke up i had no internet. The front page of the router said there was a problem with my isp DHCP (docsis3 cable modem). I have no problems with my old router.
I noticed that every time i hit the "reboot" button, the router couldn't connect online. As soon as i disconnected the cable connecting it to the modem, it immediately connected. Changing some wan options did nothing.
Doing a factory reset worked.. i can reboot the router and it connects to my isp with no problems.. importing the settings and jffs file brings back the problem.
Doing a factory reset and going to the trouble of manually setting my own preferences, works.. at least until now. I didn't do everything i did yesterday (like creating a pptp server, messing with qos and messing with statistics logging to usb), so i dont know if that was the problem...(disabling qos didn't fix the problem with the old settings) is this normal? Seems like a bug.
Another thing i want to ask since i'm here.
I don't have this page with these nice graphs.. : https://www.snbforums.com/attachments/screen1-jpg.4186/
Does my model lacks it? I thought it was a global merlin "thing".
Thanks in advance
I bought an AC66U yesterday and i'm having trouble making an ovpn server. I don't know much about the subject so it's most definitely my fault.
I tried both the default certificates it creates and custom ones i made with easyrsa. I'm going to show the key's but i don't mind since i'll create new ones.
First the default ones
These are the default settings: http://i.imgur.com/KWo8dtK.png
These are the keys it makes: http://i.imgur.com/xfeeauU.png
It doesn't create a static key. Exporting the ovpn file and trying it on my phone leads to this in the logs:
Code:
May 16 14:19:38 openvpn[1251]: 192.168.2.118 TLS: Initial packet from [AF_INET6]::ffff:192.168.2.118:52386, sid=d2ab236b e3042be3[/SIZE][/SIZE]
[SIZE=3][SIZE=4]
May 16 14:19:48 openvpn[1251]: 192.168.2.118 TLS: Initial packet from [AF_INET6]::ffff:192.168.2.118:45844, sid=ff821a1d 42a79b30
May 16 14:19:58 openvpn[1251]: 192.168.2.118 TLS: Initial packet from [AF_INET6]::ffff:192.168.2.118:52247, sid=0190c28c ef54c8ba
May 16 14:20:08 openvpn[1251]: 192.168.2.118 TLS: Initial packet from [AF_INET6]::ffff:192.168.2.118:34454, sid=e61a6134 077cec14
Enabeling tls (bidirectional if i recall) creates a static key: http://i.imgur.com/O7D1Yo6.png
Exporting the ovpn file and trying it, leads to this:
Code:
May 16 14:27:11 openvpn[2063]: 192.168.2.118 TLS: Initial packet from [AF_INET6]::ffff:192.168.2.118:35993, sid=f02f6a57 ac62e609
May 16 14:27:13 openvpn[2063]: 192.168.2.118 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1494941241) Tue May 16 14:27:21 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
May 16 14:27:13 openvpn[2063]: 192.168.2.118 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:192.168.2.118:35993
May 16 14:27:15 openvpn[2063]: 192.168.2.118 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1494941241) Tue May 16 14:27:21 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
May 16 14:27:15 openvpn[2063]: 192.168.2.118 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:192.168.2.118:35993
May 16 14:27:17 openvpn[2063]: 192.168.2.118 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1494941241) Tue May 16 14:27:21 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Ok, so.. trying the certificates and keys i made with easyrsa: http://i.imgur.com/ahKDCKm.png
"asus" is the name of the client.. i also used that name in the common field as advised.
This is what i get: http://i.imgur.com/DnwXjfi.png
The problem is.. i don't know what to put in the static key.. i don't even know if it's needed or not so i just let that default one.
The ovpn file it creates looks like this:
Code:
client
dev tun
proto udp
remote ##removed## 1194
float
ncp-ciphers AES-128-GCM
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIIDezCCAuSgAwIBAgIJALDvwSzdpHq0MA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD
VQQGEwJQVDEQMA4GA1UECBMHU2V0dWJhbDEPMA0GA1UEBxMGQWxtYWRhMQ4wDAYD
VQQKEwVOaWtrbzEOMAwGA1UECxMFTmlra28xDTALBgNVBAMTBGFzdXMxEDAOBgNV
BCkTB0Vhc3lSU0ExEzARBgkqhkiG9w0BCQEWBE5vbmUwHhcNMTcwNTE1MjE1OTU5
WhcNMjcwNTEzMjE1OTU5WjCBhjELMAkGA1UEBhMCUFQxEDAOBgNVBAgTB1NldHVi
YWwxDzANBgNVBAcTBkFsbWFkYTEOMAwGA1UEChMFTmlra28xDjAMBgNVBAsTBU5p
a2tvMQ0wCwYDVQQDEwRhc3VzMRAwDgYDVQQpEwdFYXN5UlNBMRMwEQYJKoZIhvcN
AQkBFgROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC89XRoxUpbkhLW
SEaJQh7no1wWXWjMGFsm3xOAM2aJsB2cBSSgKeQpA3+dVlDL5yfHjm877SRdRaFj
jQOm9SSNs3CpyrytENiI88isYlFCIVlJdTijHzR3zyF3uAaKI1mT5+JujcYv7yMk
uFZiDJJCZHnSZ3S8CWBns6F99fNEZwIDAQABo4HuMIHrMB0GA1UdDgQWBBTsdgF2
C7qpWnm1wIBHjnA2J9FEXTCBuwYDVR0jBIGzMIGwgBTsdgF2C7qpWnm1wIBHjnA2
J9FEXaGBjKSBiTCBhjELMAkGA1UEBhMCUFQxEDAOBgNVBAgTB1NldHViYWwxDzAN
BgNVBAcTBkFsbWFkYTEOMAwGA1UEChMFTmlra28xDjAMBgNVBAsTBU5pa2tvMQ0w
CwYDVQQDEwRhc3VzMRAwDgYDVQQpEwdFYXN5UlNBMRMwEQYJKoZIhvcNAQkBFgRO
b25lggkAsO/BLN2kerQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAN
xc3zdLve7uzXMXxOMoAKfQtT30oW5rSJBEZJqwrHXv8f7qcfAxumPQ8JznbZJb5F
OSNf48YmtELpBCiVE/D1jdnfBSBej+ryePMSPXIbKgYQO2Hf2YRoPgpeTRWFSO4+
aHcMAoKFyxqWx4Ma7DK91UWpxth3ylxvwHaEOUgDqA==
-----END CERTIFICATE-----
</ca>
<cert>
paste client certificate data here
</cert>
<key>
paste client key data here
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
c0ba6380e98528507070190e50585f5d
8b38dcaa23e789e028c298224d44381b
b45e240a5ac40b053514a0e608e037fb
8e143dd3811aaafdc0b034682484251b
3aa4c0e685431489c6973adfd1d58bf4
558fb750740759214c767b2da9962116
70b8681073f5ae570f517435ec28af34
82e6c28d041fb2fcdbd6d322d8a2e6a3
d30a2b993d8d79348b9d95786191768e
0ae257d84fb51fefdd281eb0b72fb866
752a10c34b1deaddd33191fa309e4775
2faa49e0cf8921657d6d50d9f80310f6
d5c4eb70924700a782a874f874fc46a6
b747d151d1835eed327d7097fb13cc32
2ef59fcc13c85779c58e6042fba49f9b
9dee452f585c7c801c15ef6cb1dcb1e2
-----END OpenVPN Static key V1-----
</tls-auth>
resolv-retry infinite
nobind
In the "paste client certificate data here" i put the asus.crt data
In the "paste client key data here" i paste the asus.key data.
It still can't connect. The logs shows again:
Code:
May 16 14:44:31 openvpn[2748]: 192.168.2.118 TLS: Initial packet from [AF_INET6]::ffff:192.168.2.118:40962, sid=2c8c5bc6 60a583ef
May 16 14:44:33 openvpn[2748]: 192.168.2.118 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1494942281) Tue May 16 14:44:41 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
May 16 14:44:33 openvpn[2748]: 192.168.2.118 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:192.168.2.118:40962
May 16 14:44:35 openvpn[2748]: 192.168.2.118 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1494942281) Tue May 16 14:44:41 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
I clearly don't know what i'm doing.. although i configured an openvpn server on my orange pi and had no problems. Anyone can give a hand?
Another 2 "problems" i found:
Yesterday i put the router to reset itself everyday at 5am, today when i woke up i had no internet. The front page of the router said there was a problem with my isp DHCP (docsis3 cable modem). I have no problems with my old router.
I noticed that every time i hit the "reboot" button, the router couldn't connect online. As soon as i disconnected the cable connecting it to the modem, it immediately connected. Changing some wan options did nothing.
Doing a factory reset worked.. i can reboot the router and it connects to my isp with no problems.. importing the settings and jffs file brings back the problem.
Doing a factory reset and going to the trouble of manually setting my own preferences, works.. at least until now. I didn't do everything i did yesterday (like creating a pptp server, messing with qos and messing with statistics logging to usb), so i dont know if that was the problem...(disabling qos didn't fix the problem with the old settings) is this normal? Seems like a bug.
Another thing i want to ask since i'm here.
I don't have this page with these nice graphs.. : https://www.snbforums.com/attachments/screen1-jpg.4186/
Does my model lacks it? I thought it was a global merlin "thing".
Thanks in advance
Last edited: