OpenVPN works in ASUS firmware Not in Merlin

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

o0Speaker0o

Occasional Visitor
In the Asus firmware, I can import my ovpn file and it quickly connects, once I upgraded to Merlin, not so much.
I really like the firmware, and want to set some routing rules, so hopefully this will be easy.
When I try to connect with Merlin I get:


Code:
Nov 11 20:03:02 ovpn-client5[1726]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 11 20:03:02 ovpn-client5[1726]: TCP/UDP: Preserving recently used remote address: [AF_INET]**REDACTED**
Nov 11 20:03:02 ovpn-client5[1726]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 11 20:03:02 ovpn-client5[1726]: UDP link local: (not bound)
Nov 11 20:03:02 ovpn-client5[1726]: UDP link remote: [AF_INET]**REDACTED**
Nov 11 20:04:02 ovpn-client5[1726]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 11 20:04:02 ovpn-client5[1726]: TLS Error: TLS handshake failed
Nov 11 20:04:02 ovpn-client5[1726]: SIGUSR1[soft,tls-error] received, process restarting

This is my own server at DigitalOcean, and again, it connects fine with the old firmware, so I'm assuming its not a network or server issue.
any help appreciated.
 

L&LD

Part of the Furniture
What OpenVPN version is your DIGITAL OCEAN server running?
 

L&LD

Part of the Furniture
I may be wrong, but I think it needs to be v2.50 depending on the router and firmware you're using.
 

RMerlin

Asuswrt-Merlin dev
TLS negotiation failure indicates a configuration mismatch.
 

Martinski

Occasional Visitor
I'm showing 2.4.7 1ubuntu2


Keep in mind that the OpenVPN versions installed on the ASUS stock F/W and the RMerlin's F/W are likely to be different (with RMerlin's usually being the most recently available) which means that some VPN configuration settings may not be quite compatible between different versions. IOW, you might be comparing "apples and apple sauce" when comparing the results of your setup with different firmware.

BTW, I have a VPN Server setup (on a different cloud infrastructure provider) using the OpenVPN 2.4.9 version, and it's been working very well for months so, if you can, I'd suggest using at least that version with your VPN server setup.
 

o0Speaker0o

Occasional Visitor
OK Upgraded server to 2.5.0 can still log in anywhere but in the Merlin firware.

TLS negotiation failure indicates a configuration mismatch.

I have a feeling you are someone that knows :)
honestly, I'm at the "follow the online instructions" stage of knowing how to do things.
Where do I start to look to solve this?
 

eibgrad

Very Senior Member
OK Upgraded server to 2.5.0 can still log in anywhere but in the Merlin firware.



I have a feeling you are someone that knows :)
honestly, I'm at the "follow the online instructions" stage of knowing how to do things.
Where do I start to look to solve this?

Try turning up the "verbage" (e.g., verb 6). Sometimes the default verbage (3, 4?) masks underlying problems.

Btw, you only showed us the client's log. What about the server? Does it show any contact by the client at all? Contact but w/ errors?
 

o0Speaker0o

Occasional Visitor
OK
on the server log I'm getting
Code:
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed

client says
Code:
 rc_service: httpd 237:notify_rc start_vpnclient5
ovpn-client5[17601]: OpenVPN 2.4.9 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 14 2020
ovpn-client5[17601]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.08
ovpn-client5[17602]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
ovpn-client5[17602]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
ovpn-client5[17602]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
ovpn-client5[17602]: TCP/UDP: Preserving recently used remote address: [AF_INET]
ovpn-client5[17602]: Socket Buffers: R=[122880->122880] S=[122880->122880]
ovpn-client5[17602]: UDP link local: (not bound)
ovpn-client5[17602]: UDP link remote: [AF_INET]
ovpn-client5[17602]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
ovpn-client5[17602]: TLS Error: TLS handshake failed
ovpn-client5[17602]: SIGUSR1[soft,tls-error] received, process restarting
ovpn-client5[17602]: Restart pause, 5 second(s)
 

RMerlin

Asuswrt-Merlin dev
As I said... configuration mismatch. :cool:
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top