What's new

Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B0GDAN

New Around Here
Hello all,

I've set up PiVPN on my RPi4 and set it up to run as an OpenVPN server. While my clients run ok on Windows and Android I can't say the same about the VPN client of my Asus router.
The errors I get are the following and the router asks me to check my config (Error - check configuration!)

Code:
Oct 27 20:13:41 ovpn-client4[30344]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 27 20:13:41 ovpn-client4[30344]: VERIFY EKU OK
Oct 27 20:13:41 ovpn-client4[30344]: VERIFY X509NAME OK: CN=xxx
Oct 27 20:13:41 ovpn-client4[30344]: VERIFY OK: depth=0, CN=xxx
Oct 27 20:14:41 ovpn-client4[30344]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 27 20:14:41 ovpn-client4[30344]: TLS Error: TLS handshake failed
Oct 27 20:14:41 ovpn-client4[30344]: SIGUSR1[soft,tls-error] received, process restarting
Oct 27 20:14:41 ovpn-client4[30344]: Restart pause, 1 second(s)
Oct 27 20:14:42 ovpn-client4[30344]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 27 20:14:42 ovpn-client4[30344]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:1194
Oct 27 20:14:42 ovpn-client4[30344]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Oct 27 20:14:42 ovpn-client4[30344]: UDPv4 link local: (not bound)
Oct 27 20:14:42 ovpn-client4[30344]: UDPv4 link remote: [AF_INET]xxx:1194
Oct 27 20:14:42 ovpn-client4[30344]: TLS: Initial packet from [AF_INET]xxx:1194, sid=8aa186d7 ed501b60
Oct 27 20:14:42 ovpn-client4[30344]: VERIFY OK: depth=1, CN=Easy-RSA CA
Oct 27 20:14:42 ovpn-client4[30344]: VERIFY KU OK
Oct 27 20:14:42 ovpn-client4[30344]: Validating certificate extended key usage

So far all I did was import the ovpn file and set the service state to on.
Would like to mention that everything appears to be working fine with the Softether VPN server, also configured as OpenVPN.
Can you help me debug my config?

Thanks
Bogdan
 
The syslog as presented doesn't provide much useful information. It just seems to be trying to connect and failing to reach the intended destination IP/port.

Is the router (acting as the client) actually remote to the RPi (i.e., on a different private IP network), or on the same IP network?

I'm asking because it's quite common for users to test such a setup using the same local IP network for client and server. But even if you get connected, it proves nothing since any local IP reference by either the client or server will remain local to its respective side of the tunnel, thus starving the tunnel of traffic.

The only meaningful configuration is when the client and server are actually remote from each other and using different local IP networks (e.g., 192.168.1.x and 192.168.2.x).
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top