mustafejen
New Around Here
Hi!
I am unsuccessfully connecting to an Ubuntu OpenVPN server
from an ASUS RT-AX56U running Merlin 3004.388.8.4.
My redacted .ovpn file:
client
remote *.*.*.*
dev tun
resolv-retry infinite
verb 4
auth-user-pass
keepalive 10 120
port *
proto tcp
cipher AES-256-GCM
persist-key
persist-tun
remote-cert-tls server
key-direction 1
push-peer-info
<cert>
cetificate
</cert>
<key>
key
</key>
<ca>
ca
</ca>
<tls-auth>
static key
</tls-auth>
My server config:
local *.*.*.*
port *
proto tcp
dev tun0
ca /path/to//ca.crt
cert /path/to//secret.crt
key /path/to//secret.key # This file should be kept secret
dh /path/to//dh.pem
server *.*.*.* *.*.*.*
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway ipv6 def1 bypass-dhcp"
#push "redirect-gateway ipv6 def1"
push "dhcp-option DNS *.*.*.*"
push "dhcp-option DNS *.*.*.*"
keepalive 10 120
tls-auth /path/to//ta.key 0 # This file is secret
cipher AES-256-GCM
persist-key
persist-tun
status /path/to//openvpn-status.log
log /path/to//openvpn.log
log-append /path/to//openvpn.log
verb 4
auth-user-pass-optional
plugin /path/to/openvpn-plugin-auth-pam.so login
client-config-dir ccd
client-to-client
topology subnet
route *.*.*.* *.*.*.*
push "route *.*.*.* *.*.*.*"
route *.*.*.* *.*.*.*
push "route *.*.*.* *.*.*.*"
server-ipv6 *:*:*:*::*/***
push tun-ipv6
push "route-ipv6 *:*:*:*::*/**" #Here you should add the server ipv6 address
push "route-ipv6 ***::/*"
#push "redirect-gateway ipv6 def1 bypass-dhcp"
push "dhcp-option DNS *:*:*:*::add:*"
push "dhcp-option DNS *:*:*:*::add:*"
My System Log on my Aus router says:
May 2 12:19:04 ovpn-client5[3561]: TCP connection established with [AF_INET]*.*.*.*:*
May 2 12:19:04 ovpn-client5[3561]: TCPv4_CLIENT link local: (not bound)
May 2 12:19:04 ovpn-client5[3561]: TCPv4_CLIENT link remote: [AF_INET]*.*.*.*:*
May 2 12:19:04 ovpn-client5[3561]: TLS: Initial packet from [AF_INET]*.*.*.*:*, sid=81306b9b be5e9b73
May 2 12:19:04 ovpn-client5[3561]: VERIFY OK: depth=1, CN=mydomain.org
May 2 12:19:04 ovpn-client5[3561]: VERIFY KU OK
May 2 12:19:04 ovpn-client5[3561]: Validating certificate extended key usage
May 2 12:19:04 ovpn-client5[3561]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 2 12:19:04 ovpn-client5[3561]: VERIFY EKU OK
May 2 12:19:04 ovpn-client5[3561]: VERIFY OK: depth=0, CN=mydomain.org
May 2 12:19:04 ovpn-client5[3561]: Connection reset, restarting [0]
May 2 12:19:04 ovpn-client5[3561]: TCP/UDP: Closing socket
My server log says:
2025-05-02 12:34:05 us=362313 *.*.*.*:* TLS: Initial packet from [AF_INET]*.*.*.*:*, sid=39bedac3 ec945722
2025-05-02 12:34:05 us=481401 *.*.*.*:* Sent fatal SSL alert: unknown
2025-05-02 12:34:05 us=481485 *.*.*.*:* OpenSSL: error:0A0000C7:SSL routines:
eer did not return a certificate:
2025-05-02 12:34:05 us=481498 *.*.*.*:* TLS_ERROR: BIO read tls_read_plaintext error
2025-05-02 12:34:05 us=481507 *.*.*.*:* TLS Error: TLS object -> incoming plaintext read error
2025-05-02 12:34:05 us=481516 *.*.*.*:* TLS Error: TLS handshake failed
2025-05-02 12:34:05 us=481670 *.*.*.*:* Fatal TLS error (check_tls_errors_co), restarting
2025-05-02 12:34:05 us=481695 *.*.*.*:* SIGUSR1[soft,tls-error] received, client-instance restarting
2025-05-02 12:34:05 us=481754 TCP/UDP: Closing socket
What am I doing wrong?
Regards,
Per Gunnarsson
Edit: Thanks for moving this post. I tried connecting with the same config from within the router using OpenVPN Connect and that worked just fine.
The configuration did work on the Asus Merlin router a few hours before the connection problems began.
Edit II: I just found an official Asus firmware update and tried it. Now the OpenVPN connaction works.
I am unsuccessfully connecting to an Ubuntu OpenVPN server
from an ASUS RT-AX56U running Merlin 3004.388.8.4.
My redacted .ovpn file:
client
remote *.*.*.*
dev tun
resolv-retry infinite
verb 4
auth-user-pass
keepalive 10 120
port *
proto tcp
cipher AES-256-GCM
persist-key
persist-tun
remote-cert-tls server
key-direction 1
push-peer-info
<cert>
cetificate
</cert>
<key>
key
</key>
<ca>
ca
</ca>
<tls-auth>
static key
</tls-auth>
My server config:
local *.*.*.*
port *
proto tcp
dev tun0
ca /path/to//ca.crt
cert /path/to//secret.crt
key /path/to//secret.key # This file should be kept secret
dh /path/to//dh.pem
server *.*.*.* *.*.*.*
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway ipv6 def1 bypass-dhcp"
#push "redirect-gateway ipv6 def1"
push "dhcp-option DNS *.*.*.*"
push "dhcp-option DNS *.*.*.*"
keepalive 10 120
tls-auth /path/to//ta.key 0 # This file is secret
cipher AES-256-GCM
persist-key
persist-tun
status /path/to//openvpn-status.log
log /path/to//openvpn.log
log-append /path/to//openvpn.log
verb 4
auth-user-pass-optional
plugin /path/to/openvpn-plugin-auth-pam.so login
client-config-dir ccd
client-to-client
topology subnet
route *.*.*.* *.*.*.*
push "route *.*.*.* *.*.*.*"
route *.*.*.* *.*.*.*
push "route *.*.*.* *.*.*.*"
server-ipv6 *:*:*:*::*/***
push tun-ipv6
push "route-ipv6 *:*:*:*::*/**" #Here you should add the server ipv6 address
push "route-ipv6 ***::/*"
#push "redirect-gateway ipv6 def1 bypass-dhcp"
push "dhcp-option DNS *:*:*:*::add:*"
push "dhcp-option DNS *:*:*:*::add:*"
My System Log on my Aus router says:
May 2 12:19:04 ovpn-client5[3561]: TCP connection established with [AF_INET]*.*.*.*:*
May 2 12:19:04 ovpn-client5[3561]: TCPv4_CLIENT link local: (not bound)
May 2 12:19:04 ovpn-client5[3561]: TCPv4_CLIENT link remote: [AF_INET]*.*.*.*:*
May 2 12:19:04 ovpn-client5[3561]: TLS: Initial packet from [AF_INET]*.*.*.*:*, sid=81306b9b be5e9b73
May 2 12:19:04 ovpn-client5[3561]: VERIFY OK: depth=1, CN=mydomain.org
May 2 12:19:04 ovpn-client5[3561]: VERIFY KU OK
May 2 12:19:04 ovpn-client5[3561]: Validating certificate extended key usage
May 2 12:19:04 ovpn-client5[3561]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 2 12:19:04 ovpn-client5[3561]: VERIFY EKU OK
May 2 12:19:04 ovpn-client5[3561]: VERIFY OK: depth=0, CN=mydomain.org
May 2 12:19:04 ovpn-client5[3561]: Connection reset, restarting [0]
May 2 12:19:04 ovpn-client5[3561]: TCP/UDP: Closing socket
My server log says:
2025-05-02 12:34:05 us=362313 *.*.*.*:* TLS: Initial packet from [AF_INET]*.*.*.*:*, sid=39bedac3 ec945722
2025-05-02 12:34:05 us=481401 *.*.*.*:* Sent fatal SSL alert: unknown
2025-05-02 12:34:05 us=481485 *.*.*.*:* OpenSSL: error:0A0000C7:SSL routines:
eer did not return a certificate:2025-05-02 12:34:05 us=481498 *.*.*.*:* TLS_ERROR: BIO read tls_read_plaintext error
2025-05-02 12:34:05 us=481507 *.*.*.*:* TLS Error: TLS object -> incoming plaintext read error
2025-05-02 12:34:05 us=481516 *.*.*.*:* TLS Error: TLS handshake failed
2025-05-02 12:34:05 us=481670 *.*.*.*:* Fatal TLS error (check_tls_errors_co), restarting
2025-05-02 12:34:05 us=481695 *.*.*.*:* SIGUSR1[soft,tls-error] received, client-instance restarting
2025-05-02 12:34:05 us=481754 TCP/UDP: Closing socket
What am I doing wrong?
Regards,
Per Gunnarsson
Edit: Thanks for moving this post. I tried connecting with the same config from within the router using OpenVPN Connect and that worked just fine.
The configuration did work on the Asus Merlin router a few hours before the connection problems began.
Edit II: I just found an official Asus firmware update and tried it. Now the OpenVPN connaction works.
Last edited:
