What's new

OpenVPN works in ASUS firmware Not in Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

o0Speaker0o

Occasional Visitor
In the Asus firmware, I can import my ovpn file and it quickly connects, once I upgraded to Merlin, not so much.
I really like the firmware, and want to set some routing rules, so hopefully this will be easy.
When I try to connect with Merlin I get:


Code:
Nov 11 20:03:02 ovpn-client5[1726]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 11 20:03:02 ovpn-client5[1726]: TCP/UDP: Preserving recently used remote address: [AF_INET]**REDACTED**
Nov 11 20:03:02 ovpn-client5[1726]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 11 20:03:02 ovpn-client5[1726]: UDP link local: (not bound)
Nov 11 20:03:02 ovpn-client5[1726]: UDP link remote: [AF_INET]**REDACTED**
Nov 11 20:04:02 ovpn-client5[1726]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 11 20:04:02 ovpn-client5[1726]: TLS Error: TLS handshake failed
Nov 11 20:04:02 ovpn-client5[1726]: SIGUSR1[soft,tls-error] received, process restarting

This is my own server at DigitalOcean, and again, it connects fine with the old firmware, so I'm assuming its not a network or server issue.
any help appreciated.
 
What OpenVPN version is your DIGITAL OCEAN server running?
 
I may be wrong, but I think it needs to be v2.50 depending on the router and firmware you're using.
 
TLS negotiation failure indicates a configuration mismatch.
 
I'm showing 2.4.7 1ubuntu2


Keep in mind that the OpenVPN versions installed on the ASUS stock F/W and the RMerlin's F/W are likely to be different (with RMerlin's usually being the most recently available) which means that some VPN configuration settings may not be quite compatible between different versions. IOW, you might be comparing "apples and apple sauce" when comparing the results of your setup with different firmware.

BTW, I have a VPN Server setup (on a different cloud infrastructure provider) using the OpenVPN 2.4.9 version, and it's been working very well for months so, if you can, I'd suggest using at least that version with your VPN server setup.
 
OK Upgraded server to 2.5.0 can still log in anywhere but in the Merlin firware.

TLS negotiation failure indicates a configuration mismatch.

I have a feeling you are someone that knows :)
honestly, I'm at the "follow the online instructions" stage of knowing how to do things.
Where do I start to look to solve this?
 
OK Upgraded server to 2.5.0 can still log in anywhere but in the Merlin firware.



I have a feeling you are someone that knows :)
honestly, I'm at the "follow the online instructions" stage of knowing how to do things.
Where do I start to look to solve this?

Try turning up the "verbage" (e.g., verb 6). Sometimes the default verbage (3, 4?) masks underlying problems.

Btw, you only showed us the client's log. What about the server? Does it show any contact by the client at all? Contact but w/ errors?
 
OK
on the server log I'm getting
Code:
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed

client says
Code:
 rc_service: httpd 237:notify_rc start_vpnclient5
ovpn-client5[17601]: OpenVPN 2.4.9 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 14 2020
ovpn-client5[17601]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.08
ovpn-client5[17602]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
ovpn-client5[17602]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
ovpn-client5[17602]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
ovpn-client5[17602]: TCP/UDP: Preserving recently used remote address: [AF_INET]
ovpn-client5[17602]: Socket Buffers: R=[122880->122880] S=[122880->122880]
ovpn-client5[17602]: UDP link local: (not bound)
ovpn-client5[17602]: UDP link remote: [AF_INET]
ovpn-client5[17602]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
ovpn-client5[17602]: TLS Error: TLS handshake failed
ovpn-client5[17602]: SIGUSR1[soft,tls-error] received, process restarting
ovpn-client5[17602]: Restart pause, 5 second(s)
 
As I said... configuration mismatch. :cool:
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top