VPN Client connection issues using ASUS RT-AC86U

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

AliBr0

New Around Here
Dear SNB community,

I am trying to setup a second Wifi network at home, the primary network for normal internet access, the secondary one as a VPN network, connected to my VPN server in the UK.

My UK VPN server uses PiVPN setup on a Raspberry Pi and works fine with my PC and laptop using Open VPN clients via my primary network.

I have now setup my newly purchased ASUS RT-AC86U and configured it to connect to the PiVPN using the config file and username/password. However a connection cannot be established and the icon simply rotates, showing that it is trying to connect but nothing happens. I have done some research and it seems that my primary router (provided by ISP Telekom - model Speedport Smart 3) does not have a menu function to enable VPN passthrough. However, does the functioning of my client on my PC indicate this is no issue? If not, could that be the problem? Can I bypass using port forwarding and if so how do I know which ports to forward etc.?

My secondary router is connected to the primary router via LAN cable from the LAN 4 (primary router) to the WAN connection (secondary router).

It has long been a dream to have a UK VPN network at home in Germany and I would appreciate any help at all to get it running.

Thanks,

Ali
 

eibgrad

Very Senior Member
VPN passthrough is NOT relevant to OpenVPN. And as long as the OpenVPN server is otherwise accessible from clients on your local network, there's no obvious reason the router shouldn't be just as capable. Port forwarding is irrelevant too (to the extent it was even necessary, it would only be relevant to the OpenVPN server side).

Something else is amiss.

When the VPN is NOT active, does that second router otherwise have normal access to the internet through the primary router?
 

AliBr0

New Around Here
Hi Eibgrad, thanks for the quick reply!

Yes the second router has access and devices connecting via it also work fine.

Is there anything I could trouble shoot?

thanks for your help!
 

eibgrad

Very Senior Member
The OpenVPN logs (client and server) often reveal the problem(s).
 
Last edited:

AliBr0

New Around Here
Thanks Eibgrad. Here a copy of the log. I am afraid it does not mean a whole lot to me. What do I need to do?

Dec 8 08:33:45 rc_service: httpd 1271:notify_rc restart_vpncall
Dec 8 08:33:49 vpnclient5[2984]: OpenVPN 2.4.7 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 12 2020
Dec 8 08:33:49 vpnclient5[2984]: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.03
Dec 8 08:33:49 vpnclient5[2985]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 8 08:33:49 vpnclient5[2985]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Dec 8 08:33:49 vpnclient5[2985]: Exiting due to fatal error
 

eibgrad

Very Senior Member
Based on that error message, I'm guessing you specified the auth-user-pass directive (w/o the optional file argument) in the custom config field.

The auth-user-pass directive when specified w/o a file argument tells the OpenVPN client to prompt thr user for the username/password. But since the OpenVPN client is running on the router, it's not an interactive process, so it fails. When run on the router, auth-user-pass needs to specify a file argument that contains the username/password, which is exactly what the username/password fields in the OpenVPN client GUI do. But I suspect you added auth-user-pass to custom config as well, which is incorrect because it ends up overriding the GUI.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top