Problem connecting to OpenVPN server on RT-AX88U

[TheLyppardMan]

I've done a further test connection with the VPN this morning and I'm going to try to upload the results, + the results of the iptables command.

 

[TheLyppardMan]

I can't see any of those errors in the log now. Instead, I see this:-

Jun 29 11:05:33 start_ddns: update WWW.ASUS.COM update@asus.com, wan_unit 0
Jun 29 11:05:33 disk_monitor: be idle
Jun 29 11:05:33 start_ddns: Clear ddns cache.
Jun 29 11:05:33 start_ddns: Start Inadyn(10).
Jun 29 11:05:33 inadyn[2669]: In-a-dyn version 2.9.1 -- Dynamic DNS update client.
Jun 29 11:05:33 rc_service: ntpd_synced 2427:notify_rc start_vpnserver1
Jun 29 11:05:33 kernel: tun: Universal TUN/TAP device driver, 1.6
Jun 29 11:05:33 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Jun 29 11:05:33 ovpn-server1[2690]: OpenVPN 2.5.7 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 22 2022
Jun 29 11:05:33 ovpn-server1[2690]: library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.08
Jun 29 11:05:33 ovpn-server1[2691]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 29 11:05:33 ovpn-server1[2691]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Jun 29 11:05:33 ovpn-server1[2691]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jun 29 11:05:33 ovpn-server1[2691]: Diffie-Hellman initialized with 2048 bit key
Jun 29 11:05:33 ovpn-server1[2691]: TUN/TAP device tun21 opened
Jun 29 11:05:33 ovpn-server1[2691]: TUN/TAP TX queue length set to 1000
Jun 29 11:05:33 ovpn-server1[2691]: /usr/sbin/ip link set dev tun21 up mtu 1500
Jun 29 11:05:33 vpnserver1[2694]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Jun 29 11:05:33 ovpn-server1[2691]: /usr/sbin/ip link set dev tun21 up
Jun 29 11:05:33 ovpn-server1[2691]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24
Jun 29 11:05:33 ovpn-server1[2691]: ovpn-up 1 server tun21 1500 1621 10.8.0.1 255.255.255.0 init
Jun 29 11:05:33 inadyn[2669]: Update forced for alias bmjceVFA.asuscomm.com, new IP# 86.148.131.211
Jun 29 11:05:33 ovpn-server1[2691]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Jun 29 11:05:33 ovpn-server1[2691]: UDPv4 link local (bound): [AF_INET][undef]:6163
Jun 29 11:05:33 ovpn-server1[2691]: UDPv4 link remote: [AF_UNSPEC]
Jun 29 11:05:33 ovpn-server1[2691]: MULTI: multi_init called, r=256 v=256
Jun 29 11:05:33 ovpn-server1[2691]: IFCONFIG POOL IPv4: base=10.8.0.2 size=253
Jun 29 11:05:33 ovpn-server1[2691]: Initialization Sequence Completed
Jun 29 11:05:33 inadyn[2669]: alias address=<86.148.131.211>
Jun 29 11:05:33 inadyn[2669]: request<GET /ddns/update.jsp?hostname=bmjceVFA.asuscomm.com&myip=86.148.131.211&model=RT-AX88U&fw_ver=3.0.0.4.386.7_0 HTTP/1.0^M Authorization: Basic MjQ0QkZFMEEwRjQ4OjA0Qzk4QzA0NTFCNjk4MzIyREEyOUJDQTA2REMwMDFG^M Host: ns1.asuscomm.com^M User-Agent: inadyn/2.9.1 https://github.com/troglobit/inadyn/issues^M ^M >
Jun 29 11:05:33 avahi-daemon[2649]: Service "RT-AX88U-0F48" (/tmp/avahi/services/alexa.service) successfully established.
Jun 29 11:05:34 inadyn[2669]: [response_update]HTTP/1.1 200 OK^M Date: Wed, 29 Jun 2022 10:05:34 GMT^M Server: Apache^M Content-Length: 0^M Connection: close^M Content-Type: text/html; charset=UTF-8^M ^M
Jun 29 11:05:34 inadyn[2669]: Updating cache for bmjceVFA.asuscomm.com

 

[TheLyppardMan]

Also, the DDNS information is now being added to the configuration file.

 

[eibgrad]

I've done a further test connection with the VPN this morning and I'm going to try to upload the results, + the results of the iptables command.

Ok, so what are we looking at here? Last we spoke, you finally had the OpenVPN client connected, but remote domain name resolution to your home network wasn't working, which is now corrected. And it appears your DDNS is finally working now as well. The only potential problem remaining (at least as I remember it) is your Android mobile client couldn't connect, at all. But what you've posted now appears to be the output from a Windows client running OpenVPN Connect (and it doesn't even reveal the whole log, just what's visible in the dialogue box).

BTW, I only requested the iptables dump for the purposes of debugging why you couldn't resolve remote domain names (e.g., router.asus.com), but we solved that already by enabling "Advertise DNS to clients" set to Yes.

I'm just not 100% sure what the final remaining problem is, if any.

 

[TheLyppardMan]

Ok, so what are we looking at here? Last we spoke, you finally had the OpenVPN client connected, but remote domain name resolution to your how network wasn't working, which is now corrected. And it appears your DDNS is finally working now as well. The only potential problem remaining (at least as I remember it) is your Android mobile client couldn't connect, at all. But what you've posted now appears to be the output from a Windows client running OpenVPN Connect (and it doesn't even reveal the whole log, just what's visible in the dialogue box).

BTW, I only requested the iptables dump for the purposes of debugging why you couldn't resolve remote domain names (e.g., router.asus.com), but we solved that already by enabling "Advertise DNS to clients" set to Yes.

I'm just not 100% sure what the final remaining problem is, if any.

You're correct, it is a Windows device. I think I said I was going to try again this morning to see if there were still any relevant errors in the log file, which now as you say, seem to be cleared. So the only remaining problem is why I can't connect to the VPN with my phone, but since it's a fairly-new device, I can't be sure that this wasn't a problem from the start. Do you think it would be worthwhile my sending a support message to OpenVPN to see if they could throw some light on the problem?

 

[eibgrad]

You're correct, it is a Windows device. I think I said I was going to try again this morning to see if there were still any relevant errors in the log file, which now as you say, seem to be cleared. So the only remaining problem is why I can't connect to the VPN with my phone, but since it's a fairly-new device, I can't be sure that this wasn't a problem from the start. Do you think it would be worthwhile my sending a support message to OpenVPN to see if they could throw some light on the problem?

Doesn't your smartphone offer a log that we can examine? So far, all you've reported is it doesn't work at all. But we've never been presented w/ any relevant information, neither the client nor server logs (the latter of which would show the connection attempt, but ultimately failing).

 

[TheLyppardMan]

Doesn't your smartphone offer a log that we can examine? So far, all you've reported is it doesn't work at all. But we've never been presented w/ any relevant information, neither the client nor server logs (the latter of which would show the connection attempt, but ultimately failing).

I don't think it gets that far to be able to register a server log (I didn't see anything last time I tried, but if I'm wrong, I'll upload some details).

You can see what happens if you check out the short video I have uploaded to my dropbox account:-

VPN Connection Attempts (Galaxy Mobile).mp4

Shared with Dropbox

www.dropbox.com

 

[eibgrad]

I don't think it gets that far to be able to register a server log (I didn't see anything last time I tried, but if I'm wrong, I'll upload some details).

You can see what happens if you check out the short video I have uploaded to my dropbox account:-

VPN Connection Attempts (Galaxy Mobile).mp4

Shared with Dropbox

www.dropbox.com

The fact is stops IMMEDIATELY suggests there's something wrong w/ the config file (e.g., missing, invalid, or incompatible directive).

Notice in the very upper edge of that video there's an icon (right of center) for showing the client log. What does it show?

 

[TheLyppardMan]

The fact is stops IMMEDIATELY suggests there's something wrong w/ the config file (e.g., missing, invalid, or incompatible directive).

Notice in the very upper edge of that video there's an icon (right of center) for showing the client log. What does it show?

It just says, "You don't have any logs yet"

 

[TheLyppardMan]

Perhaps I should try a fresh configuration file to see if that makes any difference.

 

[eibgrad]

Perhaps I should try a fresh configuration file to see if that makes any difference.

Perhaps it might be prudent to reinstall the app on the smartphone too, just to be sure the install didn't get corrupted.

 

[TheLyppardMan]

OK, I'll try these ideas and see if it makes a difference.

 

[TheLyppardMan]

Unfortunately, there's no change.

 

[ColinTaylor]

Your router's IP address has changed (according to your video). It no longer matches your DDNS address. Re-import your VPN config file that contains the DDNS name.

 

[TheLyppardMan]

Your router's IP address has changed (according to your video). It no longer matches your DDNS address. Re-import your VPN config file that contains the DDNS name.

I've just done that, but the mobile still refuses to connect.

 

[eibgrad]

Did you import the client config file into the smartphone app directly, w/o changes? What I'm thinking is if you edited that file using a Windows/DOS editor like Notepad, which uses different EOL chars than Linux files, it might have made the imported file unreadable by the smartphone. Very speculative, but that's all I got at the moment.

 

[TheLyppardMan]

Did you import the client config file into the smartphone app directly, w/o changes? What I'm thinking is if you edited that file using a Windows/DOS editor like Notepad, which uses different EOL chars than Linux files, it might have made the imported file unreadable by the smartphone. Very speculative, but that's all I got at the moment.

I did amend the name. I'll try again without making any changes.

 

[TheLyppardMan]

That doesn't work either.

 

[TheLyppardMan]

I've just found a forum for OpenVPN, so I think I'll post something on there to see if anyone has been having similar problems.

 

[eibgrad]

That doesn't work either.

If you have access to a commercial OpenVPN provider like ExpressVPN or NordVPN, try importing one their client config files. See if works. IOW, we need to determine if this a problem that applies *only* to your own OpenVPN server's client config file, or *any* client config file.