RT-AX56U clients can't connect to OpenVPN server

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Lauryca

New Around Here
Hello!
I have a RT-AX56U with Asuswrt Merlin Firmware Version:384.18 and I setup a OpenVpn server. I imported the certificate from server and the problem is the clients from Android or Windows 10 can't connect to the Openvpn server.

On ther server side on RT-AX56U:

Oct 28 21:34:34 ovpn-server2[18300]: MULTI: multi_create_instance called
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Re-using SSL/TLS context
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 TLS: Initial packet from [AF_INET]192.168.50.218:53237, sid=35e6ddb0 8a1dd964
Oct 28 21:35:34 ovpn-server2[18300]: 192.168.50.218:53237 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 28 21:35:34 ovpn-server2[18300]: 192.168.50.218:53237 TLS Error: TLS handshake failed
Oct 28 21:35:34 ovpn-server2[18300]: 192.168.50.218:53237 SIGUSR1[soft,tls-error] received, client-instance restarting
Oct 28 21:35:39 ovpn-server2[18300]: MULTI: multi_create_instance called
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Re-using SSL/TLS context
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 TLS: Initial packet from [AF_INET]192.168.50.218:57000, sid=26a6871e c31f638c


and on the client side (Win 10):

Wed Oct 28 21:34:23 2020 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
Wed Oct 28 21:34:23 2020 OpenVPN 2.5_rc3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 19 2020
Wed Oct 28 21:34:23 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Wed Oct 28 21:34:23 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Wed Oct 28 21:34:34 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:34:34 2020 UDP link local: (not bound)
Wed Oct 28 21:34:34 2020 UDP link remote: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:35:34 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Wed Oct 28 21:35:34 2020 SIGUSR1[soft,ping-restart] received, process restarting
Wed Oct 28 21:35:39 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:35:39 2020 UDP link local: (not bound)
Wed Oct 28 21:35:39 2020 UDP link remote: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:36:39 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Wed Oct 28 21:36:39 2020 SIGUSR1[soft,ping-restart] received, process restarting
Wed Oct 28 21:36:45 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:36:45 2020 UDP link local: (not bound)
Wed Oct 28 21:36:45 2020 UDP link remote: [AF_INET]100.117.54.49:1194


Can somebody tell me why clients can't connect to the OpenVpn server.
 

ColinTaylor

Part of the Furniture
The problem is that your VPN server does not have a public IP address. It has a CGNAT address so it is not reachable from the internet.
 

Lauryca

New Around Here
I use the DDNS provided by Asus. This is the log from my android phone :

22:56:26.347 -- Server poll timeout, trying next remote entry...

22:56:26.348 -- EVENT: RECONNECTING

22:56:26.352 -- EVENT: RESOLVE

22:56:26.360 -- Contacting 100.117.54.49:1194 via UDP

22:56:26.360 -- EVENT: WAIT

22:56:26.364 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:56:36.351 -- Server poll timeout, trying next remote entry...

22:56:36.352 -- EVENT: RECONNECTING

22:56:36.357 -- EVENT: RESOLVE

22:56:36.365 -- Contacting 100.117.54.49:1194 via UDP

22:56:36.365 -- EVENT: WAIT

22:56:36.368 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:56:46.356 -- Server poll timeout, trying next remote entry...

22:56:46.359 -- EVENT: RECONNECTING

22:56:46.364 -- EVENT: RESOLVE

22:56:46.391 -- Contacting 100.117.54.49:1194 via UDP

22:56:46.392 -- EVENT: WAIT

22:56:46.394 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:56:56.365 -- Server poll timeout, trying next remote entry...

22:56:56.367 -- EVENT: RECONNECTING

22:56:56.372 -- EVENT: RESOLVE

22:56:56.377 -- Contacting 100.117.54.49:1194 via UDP

22:56:56.378 -- EVENT: WAIT

22:56:56.387 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:57:06.366 -- Server poll timeout, trying next remote entry...

22:57:06.367 -- EVENT: RECONNECTING

22:57:06.370 -- EVENT: RESOLVE

22:57:06.374 -- Contacting 100.117.54.49:1194 via UDP

22:57:06.374 -- EVENT: WAIT

22:57:06.385 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:57:16.369 -- Server poll timeout, trying next remote entry...

22:57:16.371 -- EVENT: RECONNECTING

22:57:16.376 -- EVENT: RESOLVE

22:57:16.413 -- Contacting 100.117.54.49:1194 via UDP

22:57:16.415 -- EVENT: WAIT

22:57:16.417 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

As you can see the client reaches the sever but can't connect because of a TLS error.
 

ColinTaylor

Part of the Furniture
DDNS has nothing to do with it. Your log shows that it doesn't reach the server.

22:56:26.364 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4
22:56:36.351 -- Server poll timeout, trying next remote entry...


Some of the confusion comes from the fact that in your original post you were testing from a client attached to your LAN (192.168.50.218) rather than a client on the internet.
 
Last edited:

Lauryca

New Around Here
That was the problem. I discovered that my ISP makes carrier-grade NAT and was behind another router, so my wan ip was different than my public ip. I rebooted my router and got a public address (luckily) and now it's working.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top