What's new

RT-AX56U clients can't connect to OpenVPN server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Lauryca

New Around Here
Hello!
I have a RT-AX56U with Asuswrt Merlin Firmware Version:384.18 and I setup a OpenVpn server. I imported the certificate from server and the problem is the clients from Android or Windows 10 can't connect to the Openvpn server.

On ther server side on RT-AX56U:

Oct 28 21:34:34 ovpn-server2[18300]: MULTI: multi_create_instance called
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Re-using SSL/TLS context
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Oct 28 21:34:34 ovpn-server2[18300]: 192.168.50.218:53237 TLS: Initial packet from [AF_INET]192.168.50.218:53237, sid=35e6ddb0 8a1dd964
Oct 28 21:35:34 ovpn-server2[18300]: 192.168.50.218:53237 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 28 21:35:34 ovpn-server2[18300]: 192.168.50.218:53237 TLS Error: TLS handshake failed
Oct 28 21:35:34 ovpn-server2[18300]: 192.168.50.218:53237 SIGUSR1[soft,tls-error] received, client-instance restarting
Oct 28 21:35:39 ovpn-server2[18300]: MULTI: multi_create_instance called
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Re-using SSL/TLS context
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Oct 28 21:35:39 ovpn-server2[18300]: 192.168.50.218:57000 TLS: Initial packet from [AF_INET]192.168.50.218:57000, sid=26a6871e c31f638c


and on the client side (Win 10):

Wed Oct 28 21:34:23 2020 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
Wed Oct 28 21:34:23 2020 OpenVPN 2.5_rc3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 19 2020
Wed Oct 28 21:34:23 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Wed Oct 28 21:34:23 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Wed Oct 28 21:34:34 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:34:34 2020 UDP link local: (not bound)
Wed Oct 28 21:34:34 2020 UDP link remote: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:35:34 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Wed Oct 28 21:35:34 2020 SIGUSR1[soft,ping-restart] received, process restarting
Wed Oct 28 21:35:39 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:35:39 2020 UDP link local: (not bound)
Wed Oct 28 21:35:39 2020 UDP link remote: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:36:39 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Wed Oct 28 21:36:39 2020 SIGUSR1[soft,ping-restart] received, process restarting
Wed Oct 28 21:36:45 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.117.54.49:1194
Wed Oct 28 21:36:45 2020 UDP link local: (not bound)
Wed Oct 28 21:36:45 2020 UDP link remote: [AF_INET]100.117.54.49:1194


Can somebody tell me why clients can't connect to the OpenVpn server.
 
The problem is that your VPN server does not have a public IP address. It has a CGNAT address so it is not reachable from the internet.
 
I use the DDNS provided by Asus. This is the log from my android phone :

22:56:26.347 -- Server poll timeout, trying next remote entry...

22:56:26.348 -- EVENT: RECONNECTING

22:56:26.352 -- EVENT: RESOLVE

22:56:26.360 -- Contacting 100.117.54.49:1194 via UDP

22:56:26.360 -- EVENT: WAIT

22:56:26.364 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:56:36.351 -- Server poll timeout, trying next remote entry...

22:56:36.352 -- EVENT: RECONNECTING

22:56:36.357 -- EVENT: RESOLVE

22:56:36.365 -- Contacting 100.117.54.49:1194 via UDP

22:56:36.365 -- EVENT: WAIT

22:56:36.368 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:56:46.356 -- Server poll timeout, trying next remote entry...

22:56:46.359 -- EVENT: RECONNECTING

22:56:46.364 -- EVENT: RESOLVE

22:56:46.391 -- Contacting 100.117.54.49:1194 via UDP

22:56:46.392 -- EVENT: WAIT

22:56:46.394 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:56:56.365 -- Server poll timeout, trying next remote entry...

22:56:56.367 -- EVENT: RECONNECTING

22:56:56.372 -- EVENT: RESOLVE

22:56:56.377 -- Contacting 100.117.54.49:1194 via UDP

22:56:56.378 -- EVENT: WAIT

22:56:56.387 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:57:06.366 -- Server poll timeout, trying next remote entry...

22:57:06.367 -- EVENT: RECONNECTING

22:57:06.370 -- EVENT: RESOLVE

22:57:06.374 -- Contacting 100.117.54.49:1194 via UDP

22:57:06.374 -- EVENT: WAIT

22:57:06.385 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

22:57:16.369 -- Server poll timeout, trying next remote entry...

22:57:16.371 -- EVENT: RECONNECTING

22:57:16.376 -- EVENT: RESOLVE

22:57:16.413 -- Contacting 100.117.54.49:1194 via UDP

22:57:16.415 -- EVENT: WAIT

22:57:16.417 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4

As you can see the client reaches the sever but can't connect because of a TLS error.
 
DDNS has nothing to do with it. Your log shows that it doesn't reach the server.

22:56:26.364 -- Connecting to [lauryca.asuscomm.com]:1194 (100.117.54.49) via UDPv4
22:56:36.351 -- Server poll timeout, trying next remote entry...


Some of the confusion comes from the fact that in your original post you were testing from a client attached to your LAN (192.168.50.218) rather than a client on the internet.
 
Last edited:
That was the problem. I discovered that my ISP makes carrier-grade NAT and was behind another router, so my wan ip was different than my public ip. I rebooted my router and got a public address (luckily) and now it's working.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top