Voxel VPN connection problem

[Lord_Vader]

Recently switched from Private Internet Access (PIA) to NordVPN. I always used the semi-automatic procedure to connect to my VPN, works very well in most cases, but not with NordVPN.

When connecting to PIA I hade the following files on my USB-stick:
auth.txt (my username and password)
ca.rsa.2048.txt
crl.rsa.2048.pem
sweden.ovpn

Now on NordVPN:
auth.txt
nordvpn.ovpn

The router dosen't connect to VPN any more..? Tried to compare files, but the difference I see is that nordvpn.ovpn contains the certificate file.

Help appreciated!

NordVPN
---
client
dev tun
proto udp
remote xxx.xxx.xx.xxx xxxx
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

explicit-exit-notify 3

remote-cert-tls server

#mute 10000
auth-user-pass /etc/openvpn/config/client/auth.txt

verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512

<ca>
-----BEGIN CERTIFICATE-----

 

[kamoj]

Make sure to only have one (1) .ovpn file.

Log in with telnet and "print" the log-file to the "telnet console window":

cat /var/log/openvpn-client.log

See here (but change "pia" to "nord"):
https://www.snbforums.com/threads/k...ar-r7800-x4s-and-r9000-x10.48965/#post-435256

See for NordVPN:
https://www.myopenrouter.com/comment/43128#comment-43128

 

[Lord_Vader]

I've read both of the threads and changed username as stated. Unfortunately it didn't help. Here's my log:
root@R7800:/$ cat /var/log/openvpn-client.log

Thu Jan 1 00:00:27 UTC 1970 Voxel: OpenVPNclient stop run: ip route del:

192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1

Tue Nov 27 18:31:07 2018 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Tue Nov 27 18:31:07 2018 library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10

Tue Nov 27 18:31:07 2018 Error opening 'Auth' auth file: nordvpn.auth: No such file or directory (errno=2)

Tue Nov 27 18:31:07 2018 Exiting due to fatal error

Tue Nov 27 18:31:07 2018 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Tue Nov 27 18:31:07 2018 library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10

Tue Nov 27 18:31:07 2018 Error opening 'Auth' auth file: nordvpn.auth: No such file or directory (errno=2)

Tue Nov 27 18:31:07 2018 Exiting due to fatal error

Error: OpenVPN client start failed.

Error: OpenVPN client start failed.

Tue Nov 27 18:33:55 2018 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Tue Nov 27 18:33:55 2018 library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10

Tue Nov 27 18:33:55 2018 Error opening 'Auth' auth file: nordvpn.auth: No such file or directory (errno=2)

Tue Nov 27 18:33:55 2018 Exiting due to fatal error

Error: OpenVPN client start failed.


Thanks for your help as I am a real novice on Linux...

 

[kamoj]

No problem!
We try again:

I think you have not followed the instruction.
Try to read again please.

(The log says you have not put the file nordvpn.auth at the same place as the .ovpn
Or it has the wrong name.

In your first post you say:
auth-user-pass /etc/openvpn/config/client/auth.txt

That line should be changed to:
auth-user-pass nordvpn.txt

and the file name should be nordvpn.txt, not nordvpn.auth)

Tue Nov 27 18:31:07 2018 Error opening 'Auth' auth file: nordvpn.auth: No such file or directory (errno=2)

Thanks for your help as I am a real novice on Linux...

 

[Lord_Vader]

Thanks Kamoj, but I've forgot to write that I renamed the authentication file to nordvpn.auth and changed accordingly in the .ovpn file. That's why I'm confused...

Since I use a usb stick I shouldn't have to copy any files manually? Don't know how to do that anyway

 

[kamoj]

You confuse me too.
If you are new to Linux I suggest you start to follow the instructions to 100%.
That include file names, pathes etc.
Linux is case sensitive. So e.g. nordvpn.txt is not the same as Nordvpn.txt.

Also you should share your log-file as long as you fail, to enable someone to help you.

Good luck!

 

[Lord_Vader]

Well I followed the instructions from https://www.myopenrouter.com/comment/43128#comment-43128
"This is an up-to-date instruction for Voxel FW:

Suppose you have the configuration-file from your provider.

1 Rename the file to: nordvpn.ovpn
2 Edit nordvpn.ovpn by changing the "auth-user-pass" line to: auth-user-pass nordvpn.auth
3 Create nordvpn.auth. It shall contain exactly 2 lines. The 1st line with your (at NORD VPN) USERNAME, the 2nd line with PASSWORD.
4 Copy both files (nordvpn.ovpn and nordvpn.auth) to /etc/openvpn/config/client. (Remove all other files from there!)
5 Reboot or start manually: /etc/init.d/openvpn-client start"

I changed that again to nordvpn.txt. Maybe there are leftovers in /etc/openvpn/config/client? Don't even know how to browse to that directory via Telnet nor copy files. USB-stick is convenient when it works ;-)

This is my log as for now:
Wed Nov 28 17:05:26 2018 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Wed Nov 28 17:05:26 2018 library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10

Wed Nov 28 17:05:26 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Wed Nov 28 17:05:26 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Nov 28 17:05:26 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Wed Nov 28 17:05:26 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Wed Nov 28 17:05:26 2018 nice -20 succeeded

Wed Nov 28 17:05:26 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]178.132.78.135:1194

Wed Nov 28 17:05:26 2018 Socket Buffers: R=[163840->1048576] S=[163840->1048576]

Wed Nov 28 17:05:26 2018 UDP link local: (not bound)

Wed Nov 28 17:05:26 2018 UDP link remote: [AF_INET]178.132.78.135:1194

Wed Nov 28 17:05:26 2018 TLS: Initial packet from [AF_INET]178.132.78.135:1194, sid=d5580e9f 30c57711

Wed Nov 28 17:05:26 2018 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

Wed Nov 28 17:05:26 2018 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA2

Wed Nov 28 17:05:26 2018 VERIFY KU OK

Wed Nov 28 17:05:26 2018 Validating certificate extended key usage

Wed Nov 28 17:05:26 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Wed Nov 28 17:05:26 2018 VERIFY EKU OK

Wed Nov 28 17:05:26 2018 VERIFY OK: depth=0, CN=se16.nordvpn.com

Wed Nov 28 17:05:28 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Wed Nov 28 17:05:28 2018 [se16.nordvpn.com] Peer Connection Initiated with [AF_INET]178.132.78.135:1194

Wed Nov 28 17:05:29 2018 SENT CONTROL [se16.nordvpn.com]: 'PUSH_REQUEST' (status=1)

Wed Nov 28 17:05:29 2018 AUTH: Received control message: AUTH_FAILED

Wed Nov 28 17:05:29 2018 SIGTERM received, sending exit notification to peer

Wed Nov 28 17:05:32 2018 SIGTERM[soft,exit-with-notification] received, process exiting

Error: OpenVPN client start failed.

 

[Lord_Vader]

The ovpn file looks like this:
client
dev tun
proto udp
remote 178.132.78.135 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
auth-user-pass nordvpn.txt
comp-lzo no

explicit-exit-notify 3

remote-cert-tls server

#mute 10000


verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
key key key...
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
key key key...
-----END OpenVPN Static key V1-----
</tls-auth>

 

[kamoj]

This indicates that the username and/or password in nordvpn.txt are wrong.
Both are case sensitive, and the file should be with Unix/Linux format, not created with e.g. notepad.

You can create the file with correct format from the telnet command prompt:
(Replace username and password (keeping the citation marks!) with your own private credentials at nordvpn)

echo "username" >/etc/openvpn/config/client/nordvpn.txt
echo "password" >>/etc/openvpn/config/client/nordvpn.txt

 

[Lord_Vader]

After a reboot that did the trick! Thank you very, very much! I've created a file on my Android in an app called "jota+" and exported the file in linux format to my USB-stick. Seems to work.

Since you have contributed to Voxel's firmware, do you have any suggestions how to improve the speed in the .ovpn file (as of my .ovpn file above?) Or has your tips and tricks been merged to Voxel's latest firmware already?

Once again, thanks!

 

[kamoj]

You are welcome!
I'm glad for your success!

Voxel have much of the optimizations already. Not only in the .ovpn-file.
You can experiment with your .ovpn. Please share your findings/settings!!!

Some of Voxel's optimizations are unfortunately overwritten and lost at boot time.
This is due to bad Netgear bootup design, not Voxel's fault.

A workaround for this is to manually stop and start the openvpn-client !

If you have an R7800 and have installed my Information Add-on
(https://www.snbforums.com/threads/k...800-x4s-and-r9000-x10-temperatures-a-o.49907/),
you can see the change at "CPU Governors and Frequencies".
If it reads "ondemand", all optimizations are not running!

There are quite many more optimizations possible that I use my own. But they may effect USB speed and Disk performance and temperatures.
So, not to risk the luring anger, I have not published my optimizations.

With Voxel 61SF I get a 256-bit encryption openvpn speed of max 80-90 Mbps.
I have not tested it lately after doing the stop/start trick though. That should boost another 5 Mbps or so if you are lucky.
With my optimizations I get max 110-120 Mbps. So not so big difference.
What download speed do you get?

 

[Lord_Vader]

Well that gives the debug page a new life; lovely!
CPU Governors and Frequencies 0: userspace 4% 1.725 GHz (100.0 %) 1: userspace 2% 1.725 GHz (100.0 %)

Would be nice to see you implement some further changes, I wouldn't mind a slower USB-speed myself and faster VPN

Via Nordvpn through the R7800:
Down 78 Mbps
Up 80 Mbps.

Using NordVPN:s client (and same server as on .ovpn on R7800) my Mac gives me:
Down 240 Mbps
Up 83 Mbps

I have a 250/100 line running WiFi with AC standard.

 

[eevanskiteboards]

hello. i am learning how to install/run openvpn on my router and I am stuck at how to disable "openVPN server".

i.e

/etc/init.d/openvpn-client start
Error: OpenVPN server is enabled. Disable it to start OpenVPN client.

can someone teach me how to disable it please? thanks

 

[Lord_Vader]

/etc/init.d/openvpn-client stop

is how you stop the client.

Or create a totally empty file named "disable" (without quotes), put on a USB stick in correct ovpn folder to disable client totally.

 

[eevanskiteboards]

/etc/init.d/openvpn-client stop

is how you stop the client.

Or create a totally empty file named "disable" (without quotes), put on a USB stick in correct ovpn folder to disable client totally.

thanks for the help, here is my results, are they normal?



/etc/init.d/openvpn-client stop
Fri Nov 30 07:05:38 GMT 2018 Voxel: Error: openvpn-client stop: process was not killed properly 2, try a new kill!
Generating Rules...
Done!
Starting Firewall...
Done!
Fri Nov 30 07:05:38 GMT 2018 Voxel: OpenVPNclient stop run: ip route del:
default via 76.109.180.1 dev brwan
76.109.180.0/23 dev brwan proto kernel scope link src 76.109.180.31
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
239.0.0.0/8 dev br0 scope link

 

[kamoj]

That is done in the WEB-GUI. (Advanced: Advanced Setup: VPN Service: Enable VPN Service (OpenVPN 2.4.x): Uncheck the box and Apply)
So login in to the router and disable the openvpn SERVER there!
The server can not run simultaneously with the client. Not in current release.

hello. i am learning how to install/run openvpn on my router and I am stuck at how to disable "openVPN server".

i.e

/etc/init.d/openvpn-client start
Error: OpenVPN server is enabled. Disable it to start OpenVPN client.

can someone teach me how to disable it please? thanks

 

[eevanskiteboards]

That is done in the WEB-GUI. So login in to the router and disable the openvpn SERVER there!
The server can not run simultaneously with the client. Not in current release.

omg, i am such a dork. I had to disable it on the gui!!! makes sense!!!!!

i did try to start it and got a fail though

/etc/init.d/openvpn-client start
PING www.google.com (172.217.10.100): 56 data bytes

--- www.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 45.0/47.4/48.7 ms
Please wait...
Error: OpenVPN client start failed.


i viewed the log and i saw errors for the opening auth file. iam going to figure out how to create that and add it to my usb drive. Does the "auth file" have to be saved in a particular format using notepad++?

update, i added the the auth file and i think everything working as it should.


/etc/init.d/openvpn-client start
PING www.google.com (172.217.10.68): 56 data bytes

--- www.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 46.0/47.6/48.6 ms
Please wait...
Generating Rules...
Done!
Starting Firewall...
Done!

 

[kamoj]

https://www.snbforums.com/threads/voxel-vpn-connection-problem.50078/#post-446155

Does the "auth file" have to be saved in a particular format using notepad++?

 

[eevanskiteboards]

https://www.snbforums.com/threads/voxel-vpn-connection-problem.50078/#post-446155

yeah i got it going. thanks again

 

[eevanskiteboards]

what im stuck on now is how to get Netflix and my xfinity app working after installing/using openvpn-client. Both of these services will not load and give error codes i.e " It indicates that our systems have detected that you are connecting via a VPN, proxy, or “unblocker” . Any suggestions ?