What's new

Raspberry PI (PIVPN) VPN-Server with Asus AC-86U ISSUE

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

vpnoob

New Around Here
Hello,
i tried a lot and my best but I´m not very fit into that topic. I try to explain as easy as possible and hope I´m not repeating.
1. Goal: I want to have remote control over my camera for surveillance. But I got an LTE Contract and my Provider dont give me an public IP (I dont get the right NAT (I think its NAT 3), IP6 is not available, DNS isnt working also cause of that. DNS on PI-server side is working well)
->So i wanted to setup an openvpn connection through the Asus Router AC86U to get it and can look whats happening with the cam.
2. I setup a VPN-Server with an Rasberry Pi over Pivpn and connected from outside with Openvpn-GUI over my PC. Its working so far and I´m happy thats I did everything right, it seems.
3. I want to do it over the router of course, so I got newest Asus Merlin Firmware and setup everything in different combinations. -> don´t connect in any way. Either its says my client config is wrong, or it tries to connect but stops on a certain point (see pic systemlog).-> So I´ll guess when GUI on PC works, its the special config in the router right? There must be sth different, but I dont know what it is though.
4. In Asus Systemlog it comes to a certain point, then there is blank line and thats it for a while, then its standard TLS-Handshake error and trying again (scrypt-mistake or sth?)
5. I´ll guess its wrong routing or wrong custom settings, but in reality I have no idea. I tested out a lot of different combinations to eliminate, but nothing helped (cause in reality i have no idea -again)
I hope I gathered all information, here it is (CAPITAL LETTERS ARE MY DATA) (but if GUI is working itself why should be a mistake here?)
CLIENT CONF:
client
dev tun
proto udp
remote DNSADRESS SERVER PORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_NAME name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
KEY
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
KEY
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
KEY
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
KEY
-----END OpenVPN Static key V1-----
</tls-crypt>

SERVER.CONF:
dev tun
proto udp
port 11948
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_NAME.crt
key /etc/openvpn/easy-rsa/pki/private/server_NAME.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.234.0 255.255.255.0 "

# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS LOCAL SERVER IP"

# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

PS:
The custom settings are different once, I used different suggestions, but maybe you can tell some, that have to be 100% in it. I have the feeling the problem lays here in general. The once in the picture are not made by me but i tried a lot there. In Advanced Settings i tried all different combinations. GUI seems to do sth automated, that the Router doesn´t do...

I´m desperated and my patience is decreasing more and more.
 

Attachments

  • IP6.JPG
    IP6.JPG
    55.5 KB · Views: 843
  • log.JPG
    log.JPG
    92.2 KB · Views: 753
  • VPN1.JPG
    VPN1.JPG
    69.6 KB · Views: 770
  • VPN2.JPG
    VPN2.JPG
    74 KB · Views: 649
  • WAN.JPG
    WAN.JPG
    64.9 KB · Views: 782
Hi,
When you create your openvpn profil did you have password?
Or did you use this command ?

pivpn add nopass

if not create a new profil with nopass and it should work.
 
Hello, its working!!! So much headache because of it and such an easy solution. You are superhero! Thank you sooooo much!! I hope this may help others too.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top