What's new

Problem setting up OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TheLyppardMan

Very Senior Member
I'm have set up an OpenVPN server on my RT-AX88U router, but I can't get clients to connect. As I have a dynamic IP from my ISP, I have registered for a DDNS account with ASUS and that is showing as being active. I have set up the user names and passwords in readiness and then exported the configuration file to my Samasung Galaxy A22 mobile. I've successfully added it to the OpenVPN app on my mobile, but it won't connect (I have remembered to disconnect the phone from my Wi-Fi). Any ideas how I can troubleshoot this? I'm uploading a screenshot of the VPN advanced in case that helps with a diagnosis. Also, here is a redacted version of what is in my VPN configuration file:-

# Config generated by Asuswrt-Merlin 386.5, requires OpenVPN 2.4.0 or newer.

client
dev tun
proto udp
remote [user name removed for security reasons].asuscomm.com 6xxx
resolv-retry infinite
nobind
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
Removed for security reasons
-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
Removed for security reasons
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
Removed for security reasons
-----END PRIVATE KEY-----

</key>

Screenshot - 13_05_2022 , 19_39_03.jpg
 
Look at the log file of the app. Also look at the router's System Log when attempting to connect.
 
The app log file has this; "Transport Error: DNS resolve error on '******.asuscomm.com' for UDP session: Host not found (authoritative)" Nothing relevant in the system log (I've just cleared it and it's remained blank during attempted connection).
 
Update: this has just appeared in the system log:-
May 13 20:15:00 rc_service: service 6245:notify_rc restart_letsencrypt
May 13 20:15:00 Let's_Encrypt: Err, DDNS update failed.
 
I thought I'd cracked it as I noticed that this was set to "Internal":-

Screenshot - 13_05_2022 , 20_37_32.jpg


Also, I had accidentally used the VPN configuation file I had used for the stock firmware, but it still won't connect and now there are quite a few entries in the ASUS log:-

May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 TLS: Initial packet from [AF_INET]213.205.242.131:47358 (via [AF_INET]86.142.248.156%ppp0), sid=64108897 5f9bfe8c
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=RT-AX88U, emailAddress=me@asusrouter.lan
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_VER=3.git::662eae9a:Release
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_PLAT=android
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_NCP=2
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_TCPNL=1
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_PROTO=2
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_SSO=openurl
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 peer info: IV_BS64DL=1
May 13 20:35:00 vpnserver1[4119]: PLUGIN AUTH-PAM: BACKGROUND: user 'password removed' failed to authenticate: unknown user
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn-plugin-auth-pam.so
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 TLS Auth Error: Auth Username/Password verification failed for peer
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1541'
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 1024 bit RSA, signature: RSA-SHA256
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 [client] Peer Connection Initiated with [AF_INET]213.205.242.131:47358 (via [AF_INET]86.142.248.156%ppp0)
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 PUSH: Received control message: 'PUSH_REQUEST'
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 Delayed exit in 5 seconds
May 13 20:35:00 ovpn-server1[4116]: 213.205.242.131:47358 SENT CONTROL [client]: 'AUTH_FAILED' (status=1)
May 13 20:35:03 ovpn-server1[4116]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
May 13 20:35:05 ovpn-server1[4116]: 213.205.242.131:47358 SIGTERM[soft,delayed-exit] received, client-instance exiting
 
It's working!!! Another stupid error on my part (I know I'm tired, so perhaps that's why). I had got the user name and password the wrong way round!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top