What's new

OVPN Problem. Asus rt ax56u (latest merlin firmware

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pattox

Regular Contributor
Error when trying to instal ovpn file to Asus router. Exiting due to fatal error. Just don't know what the error is.

# Air VPN | https://airvpn.org | Monday 2nd of October 2023 08:07:56 AM
# OpenVPN Client Configuration
# AirVPN_Canada_UDP-443-Entry3
# --------------------------------------------------------

client
dev tun
remote ca3.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
comp-lzo no
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC
proto udp
auth SHA512
<ca>

Log File
Oct 2 19:04:55 openvpn: Resetting VPN client 1 to default settings
Oct 2 19:05:06 rc_service: httpds 1501:notify_rc start_vpnclient1
Oct 2 19:05:06 ovpn-client1[17873]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 2 19:05:06 ovpn-client1[17873]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.08
Oct 2 19:05:06 ovpn-client1[17874]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 2 19:05:07 ovpn-client1[17874]: TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 2 19:05:07 ovpn-client1[17874]: UDPv4 link local: (not bound)
Oct 2 19:05:07 ovpn-client1[17874]: UDPv4 link remote: [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: TLS: Initial packet from [AF_INET]184.75.221.5:443, sid=816d6d05 dd2bf6b4
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY KU OK
Oct 2 19:05:07 ovpn-client1[17874]: Validating certificate extended key usage
Oct 2 19:05:07 ovpn-client1[17874]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY EKU OK
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Lesath, emailAddress=info@airvpn.org
Oct 2 19:05:07 ovpn-client1[17874]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Oct 2 19:05:07 ovpn-client1[17874]: [Lesath] Peer Connection Initiated with [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Oct 2 19:05:07 ovpn-client1[17874]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Oct 2 19:05:08 ovpn-client1[17874]: SENT CONTROL [Lesath]: 'PUSH_REQUEST' (status=1)
Oct 2 19:05:08 ovpn-client1[17874]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.20.226.1,dhcp-option DNS6 fde6:7a:7d20:10e2::1,tun-ipv6,route-gateway 10.20.226.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:10e2::10da/64 fde6:7a:7d20:10e2::1,ifconfig 10.20.226.220 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: route options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: route-related options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 2 19:05:08 ovpn-client1[17874]: GDG6: remote_host_ipv6=n/a
Oct 2 19:05:08 ovpn-client1[17874]: net_route_v6_best_gw query: dst ::
Oct 2 19:05:08 ovpn-client1[17874]: net_route_v6_best_gw result: via :: dev lo
Oct 2 19:05:08 ovpn-client1[17874]: TUN/TAP device tun11 opened
Oct 2 19:05:08 ovpn-client1[17874]: TUN/TAP TX queue length set to 1000
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip addr add dev tun11 10.20.226.220/24
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip -6 addr add fde6:7a:7d20:10e2::10da/64 dev tun11
Oct 2 19:05:08 ovpn-client1[17874]: Linux ip -6 addr add failed: external program exited with error status: 2
Oct 2 19:05:08 ovpn-client1[17874]: Exiting due to fatal error
Oct 2 19:08:19 openvpn: Resetting VPN client 1 to default settings
Oct 2 19:08:32 rc_service: httpds 1501:notify_rc start_vpnclient1
Oct 2 19:08:32 ovpn-client1[18408]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 2 19:08:32 ovpn-client1[18408]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.08
Oct 2 19:08:32 ovpn-client1[18409]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 2 19:08:34 ovpn-client1[18409]: TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.213:443
Oct 2 19:08:34 ovpn-client1[18409]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 2 19:08:34 ovpn-client1[18409]: UDPv4 link local: (not bound)
Oct 2 19:08:34 ovpn-client1[18409]: UDPv4 link remote: [AF_INET]184.75.223.213:443
Oct 2 19:08:34 ovpn-client1[18409]: TLS: Initial packet from [AF_INET]184.75.223.213:443, sid=a49769ec 3df5d943
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY KU OK
Oct 2 19:08:34 ovpn-client1[18409]: Validating certificate extended key usage
Oct 2 19:08:34 ovpn-client1[18409]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY EKU OK
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Agena, emailAddress=info@airvpn.org
Oct 2 19:08:35 ovpn-client1[18409]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Oct 2 19:08:35 ovpn-client1[18409]: [Agena] Peer Connection Initiated with [AF_INET]184.75.223.213:443
Oct 2 19:08:35 ovpn-client1[18409]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Oct 2 19:08:35 ovpn-client1[18409]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Oct 2 19:08:35 ovpn-client1[18409]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.4.194.1,dhcp-option DNS6 fde6:7a:7d20:c2::1,tun-ipv6,route-gateway 10.4.194.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:c2::1088/64 fde6:7a:7d20:c2::1,ifconfig 10.4.194.138 255.255.255.0,peer-id 2,cipher CHACHA20-POLY1305'
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: route options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: route-related options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 2 19:08:35 ovpn-client1[18409]: GDG6: remote_host_ipv6=n/a
Oct 2 19:08:35 ovpn-client1[18409]: net_route_v6_best_gw query: dst ::
Oct 2 19:08:35 ovpn-client1[18409]: net_route_v6_best_gw result: via :: dev lo
Oct 2 19:08:35 ovpn-client1[18409]: TUN/TAP device tun11 opened
Oct 2 19:08:35 ovpn-client1[18409]: TUN/TAP TX queue length set to 1000
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip addr add dev tun11 10.4.194.138/24
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip -6 addr add fde6:7a:7d20:c2::1088/64 dev tun11
Oct 2 19:08:35 ovpn-client1[18409]: Linux ip -6 addr add failed: external program exited with error status: 2
Oct 2 19:08:35 ovpn-client1[18409]: Exiting due to fatal error
 
Error when trying to instal ovpn file to Asus router. Exiting due to fatal error. Just don't know what the error is.

# Air VPN | https://airvpn.org | Monday 2nd of October 2023 08:07:56 AM
# OpenVPN Client Configuration
# AirVPN_Canada_UDP-443-Entry3
# --------------------------------------------------------

client
dev tun
remote ca3.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
comp-lzo no
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC
proto udp
auth SHA512
<ca>

Log File
Oct 2 19:04:55 openvpn: Resetting VPN client 1 to default settings
Oct 2 19:05:06 rc_service: httpds 1501:notify_rc start_vpnclient1
Oct 2 19:05:06 ovpn-client1[17873]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 2 19:05:06 ovpn-client1[17873]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.08
Oct 2 19:05:06 ovpn-client1[17874]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 2 19:05:07 ovpn-client1[17874]: TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 2 19:05:07 ovpn-client1[17874]: UDPv4 link local: (not bound)
Oct 2 19:05:07 ovpn-client1[17874]: UDPv4 link remote: [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: TLS: Initial packet from [AF_INET]184.75.221.5:443, sid=816d6d05 dd2bf6b4
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY KU OK
Oct 2 19:05:07 ovpn-client1[17874]: Validating certificate extended key usage
Oct 2 19:05:07 ovpn-client1[17874]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY EKU OK
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Lesath, emailAddress=info@airvpn.org
Oct 2 19:05:07 ovpn-client1[17874]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Oct 2 19:05:07 ovpn-client1[17874]: [Lesath] Peer Connection Initiated with [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Oct 2 19:05:07 ovpn-client1[17874]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Oct 2 19:05:08 ovpn-client1[17874]: SENT CONTROL [Lesath]: 'PUSH_REQUEST' (status=1)
Oct 2 19:05:08 ovpn-client1[17874]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.20.226.1,dhcp-option DNS6 fde6:7a:7d20:10e2::1,tun-ipv6,route-gateway 10.20.226.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:10e2::10da/64 fde6:7a:7d20:10e2::1,ifconfig 10.20.226.220 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: route options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: route-related options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 2 19:05:08 ovpn-client1[17874]: GDG6: remote_host_ipv6=n/a
Oct 2 19:05:08 ovpn-client1[17874]: net_route_v6_best_gw query: dst ::
Oct 2 19:05:08 ovpn-client1[17874]: net_route_v6_best_gw result: via :: dev lo
Oct 2 19:05:08 ovpn-client1[17874]: TUN/TAP device tun11 opened
Oct 2 19:05:08 ovpn-client1[17874]: TUN/TAP TX queue length set to 1000
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip addr add dev tun11 10.20.226.220/24
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip -6 addr add fde6:7a:7d20:10e2::10da/64 dev tun11
Oct 2 19:05:08 ovpn-client1[17874]: Linux ip -6 addr add failed: external program exited with error status: 2
Oct 2 19:05:08 ovpn-client1[17874]: Exiting due to fatal error
Oct 2 19:08:19 openvpn: Resetting VPN client 1 to default settings
Oct 2 19:08:32 rc_service: httpds 1501:notify_rc start_vpnclient1
Oct 2 19:08:32 ovpn-client1[18408]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 2 19:08:32 ovpn-client1[18408]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.08
Oct 2 19:08:32 ovpn-client1[18409]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 2 19:08:34 ovpn-client1[18409]: TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.213:443
Oct 2 19:08:34 ovpn-client1[18409]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 2 19:08:34 ovpn-client1[18409]: UDPv4 link local: (not bound)
Oct 2 19:08:34 ovpn-client1[18409]: UDPv4 link remote: [AF_INET]184.75.223.213:443
Oct 2 19:08:34 ovpn-client1[18409]: TLS: Initial packet from [AF_INET]184.75.223.213:443, sid=a49769ec 3df5d943
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY KU OK
Oct 2 19:08:34 ovpn-client1[18409]: Validating certificate extended key usage
Oct 2 19:08:34 ovpn-client1[18409]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY EKU OK
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Agena, emailAddress=info@airvpn.org
Oct 2 19:08:35 ovpn-client1[18409]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Oct 2 19:08:35 ovpn-client1[18409]: [Agena] Peer Connection Initiated with [AF_INET]184.75.223.213:443
Oct 2 19:08:35 ovpn-client1[18409]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Oct 2 19:08:35 ovpn-client1[18409]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Oct 2 19:08:35 ovpn-client1[18409]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.4.194.1,dhcp-option DNS6 fde6:7a:7d20:c2::1,tun-ipv6,route-gateway 10.4.194.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:c2::1088/64 fde6:7a:7d20:c2::1,ifconfig 10.4.194.138 255.255.255.0,peer-id 2,cipher CHACHA20-POLY1305'
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: route options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: route-related options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 2 19:08:35 ovpn-client1[18409]: GDG6: remote_host_ipv6=n/a
Oct 2 19:08:35 ovpn-client1[18409]: net_route_v6_best_gw query: dst ::
Oct 2 19:08:35 ovpn-client1[18409]: net_route_v6_best_gw result: via :: dev lo
Oct 2 19:08:35 ovpn-client1[18409]: TUN/TAP device tun11 opened
Oct 2 19:08:35 ovpn-client1[18409]: TUN/TAP TX queue length set to 1000
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip addr add dev tun11 10.4.194.138/24
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip -6 addr add fde6:7a:7d20:c2::1088/64 dev tun11
Oct 2 19:08:35 ovpn-client1[18409]: Linux ip -6 addr add failed: external program exited with error status: 2
Oct 2 19:08:35 ovpn-client1[18409]: Exiting due to fatal error


I notice you have this log entry:

“Linux ip -6 addr add failed: external program exited with error status: 2”

I ran a Google search on that message and came up with this:



Have a look at the reply from AirVPN to the first post and see if that helps.
 
Last edited:
Error when trying to instal ovpn file to Asus router. Exiting due to fatal error. Just don't know what the error is.

# Air VPN | https://airvpn.org | Monday 2nd of October 2023 08:07:56 AM
# OpenVPN Client Configuration
# AirVPN_Canada_UDP-443-Entry3
# --------------------------------------------------------

client
dev tun
remote ca3.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
comp-lzo no
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC
proto udp
auth SHA512
<ca>

Log File
Oct 2 19:04:55 openvpn: Resetting VPN client 1 to default settings
Oct 2 19:05:06 rc_service: httpds 1501:notify_rc start_vpnclient1
Oct 2 19:05:06 ovpn-client1[17873]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 2 19:05:06 ovpn-client1[17873]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.08
Oct 2 19:05:06 ovpn-client1[17874]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 2 19:05:07 ovpn-client1[17874]: TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 2 19:05:07 ovpn-client1[17874]: UDPv4 link local: (not bound)
Oct 2 19:05:07 ovpn-client1[17874]: UDPv4 link remote: [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: TLS: Initial packet from [AF_INET]184.75.221.5:443, sid=816d6d05 dd2bf6b4
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY KU OK
Oct 2 19:05:07 ovpn-client1[17874]: Validating certificate extended key usage
Oct 2 19:05:07 ovpn-client1[17874]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY EKU OK
Oct 2 19:05:07 ovpn-client1[17874]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Lesath, emailAddress=info@airvpn.org
Oct 2 19:05:07 ovpn-client1[17874]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Oct 2 19:05:07 ovpn-client1[17874]: [Lesath] Peer Connection Initiated with [AF_INET]184.75.221.5:443
Oct 2 19:05:07 ovpn-client1[17874]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Oct 2 19:05:07 ovpn-client1[17874]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Oct 2 19:05:08 ovpn-client1[17874]: SENT CONTROL [Lesath]: 'PUSH_REQUEST' (status=1)
Oct 2 19:05:08 ovpn-client1[17874]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.20.226.1,dhcp-option DNS6 fde6:7a:7d20:10e2::1,tun-ipv6,route-gateway 10.20.226.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:10e2::10da/64 fde6:7a:7d20:10e2::1,ifconfig 10.20.226.220 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: route options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: route-related options modified
Oct 2 19:05:08 ovpn-client1[17874]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 2 19:05:08 ovpn-client1[17874]: GDG6: remote_host_ipv6=n/a
Oct 2 19:05:08 ovpn-client1[17874]: net_route_v6_best_gw query: dst ::
Oct 2 19:05:08 ovpn-client1[17874]: net_route_v6_best_gw result: via :: dev lo
Oct 2 19:05:08 ovpn-client1[17874]: TUN/TAP device tun11 opened
Oct 2 19:05:08 ovpn-client1[17874]: TUN/TAP TX queue length set to 1000
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip addr add dev tun11 10.20.226.220/24
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:05:08 ovpn-client1[17874]: /usr/sbin/ip -6 addr add fde6:7a:7d20:10e2::10da/64 dev tun11
Oct 2 19:05:08 ovpn-client1[17874]: Linux ip -6 addr add failed: external program exited with error status: 2
Oct 2 19:05:08 ovpn-client1[17874]: Exiting due to fatal error
Oct 2 19:08:19 openvpn: Resetting VPN client 1 to default settings
Oct 2 19:08:32 rc_service: httpds 1501:notify_rc start_vpnclient1
Oct 2 19:08:32 ovpn-client1[18408]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 2 19:08:32 ovpn-client1[18408]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.08
Oct 2 19:08:32 ovpn-client1[18409]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 2 19:08:34 ovpn-client1[18409]: TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.213:443
Oct 2 19:08:34 ovpn-client1[18409]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 2 19:08:34 ovpn-client1[18409]: UDPv4 link local: (not bound)
Oct 2 19:08:34 ovpn-client1[18409]: UDPv4 link remote: [AF_INET]184.75.223.213:443
Oct 2 19:08:34 ovpn-client1[18409]: TLS: Initial packet from [AF_INET]184.75.223.213:443, sid=a49769ec 3df5d943
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY KU OK
Oct 2 19:08:34 ovpn-client1[18409]: Validating certificate extended key usage
Oct 2 19:08:34 ovpn-client1[18409]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY EKU OK
Oct 2 19:08:34 ovpn-client1[18409]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Agena, emailAddress=info@airvpn.org
Oct 2 19:08:35 ovpn-client1[18409]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Oct 2 19:08:35 ovpn-client1[18409]: [Agena] Peer Connection Initiated with [AF_INET]184.75.223.213:443
Oct 2 19:08:35 ovpn-client1[18409]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Oct 2 19:08:35 ovpn-client1[18409]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Oct 2 19:08:35 ovpn-client1[18409]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.4.194.1,dhcp-option DNS6 fde6:7a:7d20:c2::1,tun-ipv6,route-gateway 10.4.194.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:c2::1088/64 fde6:7a:7d20:c2::1,ifconfig 10.4.194.138 255.255.255.0,peer-id 2,cipher CHACHA20-POLY1305'
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: route options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: route-related options modified
Oct 2 19:08:35 ovpn-client1[18409]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 2 19:08:35 ovpn-client1[18409]: GDG6: remote_host_ipv6=n/a
Oct 2 19:08:35 ovpn-client1[18409]: net_route_v6_best_gw query: dst ::
Oct 2 19:08:35 ovpn-client1[18409]: net_route_v6_best_gw result: via :: dev lo
Oct 2 19:08:35 ovpn-client1[18409]: TUN/TAP device tun11 opened
Oct 2 19:08:35 ovpn-client1[18409]: TUN/TAP TX queue length set to 1000
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip addr add dev tun11 10.4.194.138/24
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up mtu 1500
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip link set dev tun11 up
Oct 2 19:08:35 ovpn-client1[18409]: /usr/sbin/ip -6 addr add fde6:7a:7d20:c2::1088/64 dev tun11
Oct 2 19:08:35 ovpn-client1[18409]: Linux ip -6 addr add failed: external program exited with error status: 2
Oct 2 19:08:35 ovpn-client1[18409]: Exiting due to fatal error
Hello,
I suffered that same error some time ago.
The only thing is that your vpn client is trying to get a ipv6 address, while your ISP doesn't suport IPv6.
I solved it by commenting on VPN client's config the following line:

Code:
# setenv UV_IPV6 yes

I hope this helps.
Regards.
 
Hello,
I suffered that same error some time ago.
The only thing is that your vpn client is trying to get a ipv6 address, while your ISP doesn't suport IPv6.
I solved it by commenting on VPN client's config the following line:

Code:
# setenv UV_IPV6 yes

I hope this helps.
Regards.
Thank you Martinr and also Juanantonio.
Enabling ipv6 in the router fixed the problem.
Without the benefit of Martinr's reply my next step would have been to contact Airvpn. Nevertheless your input has saved me a lot of time and I am truly grateful. Thank you again.
 
Hello,
I suffered that same error some time ago.
The only thing is that your vpn client is trying to get a ipv6 address, while your ISP doesn't suport IPv6.
I solved it by commenting on VPN client's config the following line:

Code:
# setenv UV_IPV6 yes

I hope this helps.
Regards.
Enabling ipv6 did allow the ovpn file to install successfully. A problem arose because my isp's DNS also showed up on an ipleak test. In turn the website redirected my browser back to my home country website rather than to the website where the vpn server was located. Disabling both ipv6 on the merlin f/w router and setting "Accept DNS Config" to exclusive did not fix the dns leak. However once I also changed the config file to "setenv UV_IPV6 to "no" the dns leak stopped.
So in case others have this problem with "region blocking or filtering websites" one needs to either set ipv6 to on (or else edit the OVPN config file setenv comment) to install the the ovpn file initially in the router. Then, once installed, to stop the dns leak, one needs to disable IPV6 in the router settings and also change the setenv setting to "no".
 
Enabling ipv6 did allow the ovpn file to install successfully. A problem arose because my isp's DNS also showed up on an ipleak test. In turn the website redirected my browser back to my home country website rather than to the website where the vpn server was located. Disabling both ipv6 on the merlin f/w router and setting "Accept DNS Config" to exclusive did not fix the dns leak. However once I also changed the config file to "setenv UV_IPV6 to "no" the dns leak stopped.
So in case others have this problem with "region blocking or filtering websites" one needs to either set ipv6 to on (or else edit the OVPN config file setenv comment) to install the the ovpn file initially in the router. Then, once installed, to stop the dns leak, one needs to disable IPV6 in the router settings and also change the setenv setting to "no".
Hi,
I had this same problem and I solved it by adding an entry on DNSDirector with the DNS addresses of my VPN supplier (both ipv6 and ipv4).
I didn't disable ip6 on the router because I didn't need to.
Best.
1697995066718.png
 
Last edited:
I hadn’t noticed that option in dns director. In my case thought that wouldn’t help because my vpn client ovpn configuration files are at a national level. eg client 1 is “USA”. So when this is enabled it will connect to a specific server and dns in the USA. However there might be twenty or more possible servers it can connect to so the server dns ip address is unknown it after the connection is made.

Thinking about all of this, my own fix does work but it is clunky and inelegant. I might contact my vpn provider to see if there is a simpler or neater solution.
 
My VPN provider says "This is a very good method. It will no longer be necessary, we think, when the Asus Merlin environment will be able to tunnel IPv6 over IPv4 properly, which it currently can't".
 
By the way, you can get rid of those DNS leaks also by activating 'Kill Switch' on your Open VPN client's configuration.
 
By the way, you can get rid of those DNS leaks also by activating 'Kill Switch' on your Open VPN client's configuration.
The kill switch only closes the connection to vpn connected devices if the vpn tunnel becomes inactive. It has no effect on dns. In my situation the kill switch was always active in the various configurations yet the dns leaks continued until made the above changes to the ovpn configuration files.
As an aside i since discovered that my vpn provider has a configuration generator tool whereby you can choose to generate an “only ipv4” ovpn file. I tried this. Using the resulting “ipv4 only” config file works perfectly, avoids the earlier ipv6 installation issues and tweaks, and tweaks needed to the ovpn config file to eliminate the dns leaks.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top