OpenVPN Question

Littlelight

Occasional Visitor
Hello,

I am trying to set up one wifi network on Asus RT-AC68U running 386.5 with OpenVPN. The client file works fine on the mobile with OpenVPN client but appears to give some error in the firmware.

Below is the log, could someone advise what could be the reason? The VPN server is running on a NAT machine on a port 14220. IP address below changed to 000.000.000.000.
Thanks

May 15 18:11:55 rc_service: httpd 567:notify_rc start_vpnclient1
May 15 18:11:55 custom_script: Running /jffs/scripts/service-event (args: start vpnclient1)
May 15 18:11:57 ovpn-client1[18578]: Unrecognized option or missing or extra parameter(s) in config.ovpn:33: block-outside-dns (2.5.6)
May 15 18:11:57 ovpn-client1[18578]: OpenVPN 2.5.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 25 2022
May 15 18:11:57 ovpn-client1[18578]: library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.08
May 15 18:11:57 ovpn-client1[18580]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 15 18:11:57 ovpn-client1[18580]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
May 15 18:11:57 ovpn-client1[18580]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
May 15 18:11:57 ovpn-client1[18580]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
May 15 18:11:57 ovpn-client1[18580]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
May 15 18:11:57 ovpn-client1[18580]: TCP/UDP: Preserving recently used remote address: [AF_INET]000.000.000.000:14220
May 15 18:11:57 ovpn-client1[18580]: Socket Buffers: R=[122880->122880] S=[122880->122880]
May 15 18:11:57 ovpn-client1[18580]: UDP link local: (not bound)
May 15 18:11:57 ovpn-client1[18580]: UDP link remote: [AF_INET]000.000.000.000:14220
May 15 18:11:57 ovpn-client1[18580]: TLS: Initial packet from [AF_INET]000.000.000.000:14220, sid=faa06b3c 83ff3906
May 15 18:11:58 ovpn-client1[18580]: VERIFY OK: depth=1, CN=ChangeMe
May 15 18:11:58 ovpn-client1[18580]: VERIFY KU OK
May 15 18:11:58 ovpn-client1[18580]: Validating certificate extended key usage
May 15 18:11:58 ovpn-client1[18580]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 15 18:11:58 ovpn-client1[18580]: VERIFY EKU OK
May 15 18:11:58 ovpn-client1[18580]: VERIFY OK: depth=0, CN=server
May 15 18:12:00 ovpn-client1[18580]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
May 15 18:12:00 ovpn-client1[18580]: [server] Peer Connection Initiated with [AF_INET]000.000.000.000:14220
May 15 18:12:01 ovpn-client1[18580]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 15 18:12:06 ovpn-client1[18580]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 15 18:12:06 ovpn-client1[18580]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: timers and/or timeouts modified
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: --ifconfig/up options modified
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: route options modified
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: route-related options modified
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: peer-id set
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: adjusting link_mtu to 1624
May 15 18:12:06 ovpn-client1[18580]: OPTIONS IMPORT: data channel crypto options modified
May 15 18:12:06 ovpn-client1[18580]: Data Channel: using negotiated cipher 'AES-256-GCM'
May 15 18:12:06 ovpn-client1[18580]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 15 18:12:06 ovpn-client1[18580]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 15 18:12:06 ovpn-client1[18580]: GDG6: remote_host_ipv6=n/a
May 15 18:12:06 ovpn-client1[18580]: net_route_v6_best_gw query: dst ::
May 15 18:12:06 ovpn-client1[18580]: net_route_v6_best_gw result: via :: dev lo
May 15 18:12:06 ovpn-client1[18580]: TUN/TAP device tun11 opened
May 15 18:12:06 ovpn-client1[18580]: TUN/TAP TX queue length set to 1000
May 15 18:12:06 ovpn-client1[18580]: /usr/sbin/ip link set dev tun11 up mtu 1500
May 15 18:12:06 ovpn-client1[18580]: /usr/sbin/ip link set dev tun11 up
May 15 18:12:06 ovpn-client1[18580]: /usr/sbin/ip addr add dev tun11 10.8.0.2/24
May 15 18:12:06 ovpn-client1[18580]: Linux ip addr add failed: external program exited with error status: 2
May 15 18:12:06 ovpn-client1[18580]: Exiting due to fatal error
 

ColinTaylor

Part of the Furniture
I am trying to set up one wifi network on Asus RT-AC68U running 386.5 with OpenVPN.
What does this mean? Unless you're using a custom script you can't selectively route WiFi clients over a VPN.

Your VPN server seems to be pushing a lot of incompatible Windows-only options to the client. Is this server something you've created yourself or is it commercial like NordVPN?

You also appear to be trying to configure an IPv6 connection which I don't think is supported as the moment.
 

Littlelight

Occasional Visitor
Thanks @ColinTaylor As you have already figured, I have no idea what I am trying to do.

I wanted to have wifi connection to pass through openVPN (Say default 2.GHz one). The OpenVPN client is a custom one so that could be an issue.

I'll try to find another suitable client to see if that work. Thanks for your response, appreciated.
 

Littlelight

Occasional Visitor
Okay got surfshark installed and openvpn is now connected. Is it possible to run all specific WiFI traffic to go through this VPN and LAN traffic on normal IP?
 

ColinTaylor

Part of the Furniture
It might be possible with VPN Director rules if your WiFi clients are using a Guest WiFi network #1. Otherwise you'll probably have to use an add-on script like YazFi.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top