Menu
What's new
By:
Filters Better Search

VPN client fails to connect on latest 380.66.4

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

G

gjf

Senior Member
Hi!

I have tested this OpenVPN file on two routers: RT-AC66U and RT-AC68U.

The file is imported well, but connection gives the following error:

May 31 17:55:13 openvpn[8473]: Unrecognized option or missing or extra parameter(s) in config.ovpn:27: block-outside-dns (2.4.2)
May 31 17:55:13 openvpn[8473]: OpenVPN 2.4.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 26 2017
May 31 17:55:13 openvpn[8473]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
May 31 17:55:13 openvpn[8475]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 31 17:55:13 openvpn[8475]: TCP/UDP: Preserving recently used remote address: [AF_INET]77.73.68.230:1194
May 31 17:55:13 openvpn[8475]: Socket Buffers: R=[87380->87380] S=[16384->16384]
May 31 17:55:13 openvpn[8475]: Attempting to establish TCP connection with [AF_INET]77.73.68.230:1194 [nonblock]
May 31 17:55:14 openvpn[8475]: TCP connection established with [AF_INET]77.73.68.230:1194
May 31 17:55:14 openvpn[8475]: TCP_CLIENT link local: (not bound)
May 31 17:55:14 openvpn[8475]: TCP_CLIENT link remote: [AF_INET]77.73.68.230:1194
May 31 17:55:14 openvpn[8475]: TLS: Initial packet from [AF_INET]77.73.68.230:1194, sid=df8e4b37 a14e16ce
May 31 17:55:14 openvpn[8475]: VERIFY OK: depth=1, CN=Zaborona.help
May 31 17:55:14 openvpn[8475]: VERIFY KU OK
May 31 17:55:14 openvpn[8475]: Validating certificate extended key usage
May 31 17:55:14 openvpn[8475]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 31 17:55:14 openvpn[8475]: VERIFY EKU OK
May 31 17:55:14 openvpn[8475]: VERIFY OK: depth=0, CN=zaborona.help
May 31 17:55:14 openvpn[8475]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
May 31 17:55:14 openvpn[8475]: [zaborona.help] Peer Connection Initiated with [AF_INET]77.73.68.230:1194
May 31 17:55:16 openvpn[8475]: SENT CONTROL [zaborona.help]: 'PUSH_REQUEST' (status=1)
May 31 17:55:16 openvpn[8475]: PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,route-gateway 192.168.224.1,topology subnet,ping 300,ping-restart 900,dhcp-option DNS 192.168.224.1,dhcp-option DNS 74.82.42.42,route 74.82.42.42,persist-tun,route 5.45.192.0 255.255.192.0,route 5.255.192.0 255.255.192.0,route 37.9.64.0 255.255.192.0,route 37.140.128.0 255.255.192.0,route 77.75.152.0 255.255.248.0,route 77.88.0.0 255.255.192.0,route 84.201.128.0 255.255.192.0,route 87.250.224.0 255.255.224.0,route 93.15
May 31 17:55:16 openvpn[8475]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
May 31 17:55:16 openvpn[8475]: PUSH: Received control message: 'PUSH_REPLY,route-ipv6 2a02:6b8::/32,route-ipv6 2a02:5180::/32,route 5.61.16.0 255.255.248.0,route 5.61.232.0 255.255.248.0,route 79.137.157.0 255.255.255.0,route 79.137.183.0 255.255.255.0,route 94.100.176.0 255.255.240.0,route 95.163.32.0 255.255.224.0,route 95.163.248.0 255.255.248.0,route 128.140.168.0 255.255.248.0,route 178.22.88.0 255.255.248.0,route 178.237.16.0 255.255.240.0,route 185.5.136.0 255.255.252.0,route 185.16.148.0 255.25
May 31 17:55:16 openvpn[8475]: PUSH: Received control message: 'PUSH_REPLY,route 95.213.0.0 255.255.192.0,route 185.29.130.0 255.255.255.0,route 185.32.248.0 255.255.252.0,route-ipv6 2a00:bdc0::/36,route-ipv6 2a00:bdc0:e003::/48,route-ipv6 2a00:bdc0:e004::/46,route-ipv6 2a00:bdc0:e008::/48,route-ipv6 2a00:bdc0:f000::/36,route 77.74.176.0 255.255.252.0,route 77.74.181.0 255.255.255.0,route 77.74.183.0 255.255.255.0,route 93.159.228.0 255.255.252.0,route 185.54.220.0 255.255.254.0,route 185.85.12.0 255.2
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: timers and/or timeouts modified
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: --persist options modified
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: --ifconfig/up options modified
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: route options modified
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: route-related options modified
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: peer-id set
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: adjusting link_mtu to 1626
May 31 17:55:16 openvpn[8475]: OPTIONS IMPORT: data channel crypto options modified
May 31 17:55:16 openvpn[8475]: Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:55:16 openvpn[8475]: Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:55:16 openvpn[8475]: GDG6: remote_host_ipv6=n/a
May 31 17:55:16 openvpn[8475]: TUN/TAP device tun11 opened
May 31 17:55:16 openvpn[8475]: TUN/TAP TX queue length set to 100
May 31 17:55:16 openvpn[8475]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
May 31 17:55:16 openvpn[8475]: /usr/sbin/ip link set dev tun11 up mtu 1500
May 31 17:55:16 openvpn[8475]: /usr/sbin/ip addr add dev tun11 192.168.224.9/22 broadcast 192.168.227.255
May 31 17:55:16 openvpn[8475]: /usr/sbin/ip -6 addr add 2a00:1838:32:200::1007/112 dev tun11
May 31 17:55:16 openvpn[8475]: Linux ip -6 addr add failed: external program exited with error status: 2
May 31 17:55:16 openvpn[8475]: Exiting due to fatal error
What is going on?
 
Just the same logs from another router:


May 31 17:25:46 openvpn[17514]: Unrecognized option or missing or extra parameter(s) in config.ovpn:27: block-outside-dns (2.4.2)
May 31 17:25:46 openvpn[17514]: OpenVPN 2.4.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 26 2017
May 31 17:25:46 openvpn[17514]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
May 31 17:25:46 openvpn[17515]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 31 17:25:46 openvpn[17515]: RESOLVE: Cannot resolve host address: vpn.zaborona.help:1194 (Name or service not known)
May 31 17:25:46 openvpn[17515]: Socket Buffers: R=[87380->87380] S=[16384->16384]
May 31 17:25:46 openvpn[17515]: Attempting to establish TCP connection with [AF_INET]94.242.59.126:1194 [nonblock]
May 31 17:25:47 openvpn[17515]: TCP connection established with [AF_INET]94.242.59.126:1194
May 31 17:25:47 openvpn[17515]: TCP_CLIENT link local: (not bound)
May 31 17:25:47 openvpn[17515]: TCP_CLIENT link remote: [AF_INET]94.242.59.126:1194
May 31 17:25:47 openvpn[17515]: TLS: Initial packet from [AF_INET]94.242.59.126:1194, sid=7cbca0e0 a7bdeb36
May 31 17:25:48 openvpn[17515]: VERIFY OK: depth=1, CN=Zaborona.help
May 31 17:25:48 openvpn[17515]: VERIFY KU OK
May 31 17:25:48 openvpn[17515]: Validating certificate extended key usage
May 31 17:25:48 openvpn[17515]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 31 17:25:48 openvpn[17515]: VERIFY EKU OK
May 31 17:25:48 openvpn[17515]: VERIFY OK: depth=0, CN=zaborona.help
May 31 17:25:48 openvpn[17515]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
May 31 17:25:48 openvpn[17515]: [zaborona.help] Peer Connection Initiated with [AF_INET]94.242.59.126:1194
May 31 17:25:49 openvpn[17515]: SENT CONTROL [zaborona.help]: 'PUSH_REQUEST' (status=1)
May 31 17:25:49 openvpn[17515]: PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,route-gateway 192.168.224.1,topology subnet,ping 300,ping-restart 900,dhcp-option DNS 192.168.224.1,dhcp-option DNS 74.82.42.42,route 74.82.42.42,persist-tun,route 5.45.192.0 255.255.192.0,route 5.255.192.0 255.255.192.0,route 37.9.64.0 255.255.192.0,route 37.140.128.0 255.255.192.0,route 77.75.152.0 255.255.248.0,route 77.88.0.0 255.255.192.0,route 84.201.128.0 255.255.192.0,route 87.250.224.0 255.255.224.0,route 93.1
May 31 17:25:49 openvpn[17515]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
May 31 17:25:49 openvpn[17515]: PUSH: Received control message: 'PUSH_REPLY,route-ipv6 2a02:6b8::/32,route-ipv6 2a02:5180::/32,route 5.61.16.0 255.255.248.0,route 5.61.232.0 255.255.248.0,route 79.137.157.0 255.255.255.0,route 79.137.183.0 255.255.255.0,route 94.100.176.0 255.255.240.0,route 95.163.32.0 255.255.224.0,route 95.163.248.0 255.255.248.0,route 128.140.168.0 255.255.248.0,route 178.22.88.0 255.255.248.0,route 178.237.16.0 255.255.240.0,route 185.5.136.0 255.255.252.0,route 185.16.148.0 255.2
May 31 17:25:49 openvpn[17515]: PUSH: Received control message: 'PUSH_REPLY,route 95.213.0.0 255.255.192.0,route 185.29.130.0 255.255.255.0,route 185.32.248.0 255.255.252.0,route-ipv6 2a00:bdc0::/36,route-ipv6 2a00:bdc0:e003::/48,route-ipv6 2a00:bdc0:e004::/46,route-ipv6 2a00:bdc0:e008::/48,route-ipv6 2a00:bdc0:f000::/36,route 77.74.176.0 255.255.252.0,route 77.74.181.0 255.255.255.0,route 77.74.183.0 255.255.255.0,route 93.159.228.0 255.255.252.0,route 185.54.220.0 255.255.254.0,route 185.85.12.0 255.
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: timers and/or timeouts modified
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: --persist options modified
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: --ifconfig/up options modified
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: route options modified
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: route-related options modified
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: peer-id set
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: adjusting link_mtu to 1626
May 31 17:25:49 openvpn[17515]: OPTIONS IMPORT: data channel crypto options modified
May 31 17:25:49 openvpn[17515]: Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:25:49 openvpn[17515]: Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:25:49 openvpn[17515]: GDG6: remote_host_ipv6=n/a
May 31 17:25:49 openvpn[17515]: TUN/TAP device tun11 opened
May 31 17:25:49 openvpn[17515]: TUN/TAP TX queue length set to 100
May 31 17:25:49 openvpn[17515]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
May 31 17:25:49 openvpn[17515]: /usr/sbin/ip link set dev tun11 up mtu 1500
May 31 17:25:49 openvpn[17515]: /usr/sbin/ip addr add dev tun11 192.168.225.130/22 broadcast 192.168.227.255
May 31 17:25:49 openvpn[17515]: /usr/sbin/ip -6 addr add 2a00:1838:30:7000::1180/112 dev tun11
May 31 17:25:49 openvpn[17515]: Linux ip -6 addr add failed: external program exited with error status: 2
May 31 17:25:49 openvpn[17515]: Exiting due to fatal error
 
Do you have IPv6 disabled? if so, try enabling IPv6 on the router... it appears the VPN server is PUSHing IPv6 routes which the router is failing to add.
 
  • Like
Reactions: gjf
gjf said:
Hi!
May 31 17:55:16 openvpn[8475]: Linux ip -6 addr add failed: external program exited with error status: 2
May 31 17:55:16 openvpn[8475]: Exiting due to fatal error
Click to expand...

Try the following in the Custom configuration:
Code: 
pull-filter ignore "ifconfig-ipv6"
 
  • Like
Reactions: gjf
Alfsu said:
Do you have IPv6 disabled? if so, try enabling IPv6 on the router... it appears the VPN server is PUSHing IPv6 routes which the router is failing to add.
Click to expand...
Yeah, correct, but after enabling IPv6 I cannot connect to the router any more via OpenVPN (yeah, it acts both as server and client):
Wed May 31 18:20:54 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:20:54 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:20:54 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:20:54 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:20:54 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:20:55 2017 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed (code=1228)
Wed May 31 18:20:55 2017 SIGHUP[hard,] received, process restarting
Wed May 31 18:20:55 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Wed May 31 18:20:55 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed May 31 18:20:55 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
Wed May 31 18:21:01 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Wed May 31 18:21:01 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 31 18:21:01 2017 UDP link local: (not bound)
Wed May 31 18:21:01 2017 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 31 18:21:01 2017 [Server] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 31 18:21:02 2017 open_tun
Wed May 31 18:21:02 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{86A26EF3-9748-44FB-8C61-XXXXXXXX}.tap
Wed May 31 18:21:02 2017 Successful ARP Flush on interface [9] {86A26EF3-9748-44FB-8C61-XXXXXXXXX}
Wed May 31 18:21:02 2017 Block_DNS: WFP engine opened
Wed May 31 18:21:02 2017 Block_DNS: Using existing sublayer
Wed May 31 18:21:02 2017 Block_DNS: Added permit filters for exe_path
Wed May 31 18:21:02 2017 Block_DNS: Added block filters for all interfaces
Wed May 31 18:21:02 2017 Block_DNS: Added permit filters for TAP interface
Wed May 31 18:21:37 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:21:37 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:21:37 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:21:37 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:21:37 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed May 31 18:21:37 2017 SYSTEM ROUTING TABLE
(omitted)
Wed May 31 18:21:37 2017 SYSTEM ADAPTER LIST
(omitted)
Wed May 31 18:21:37 2017 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
 
Ideally, add both these:

Code: 
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
 
  • Like
Reactions: gjf
You must log in or register to reply here.

Similar threads

A
Restart WireGuard client when fails
Replies
5
Views
363
ZebMcKayhan
Z
johndoe85
VPN site to site with additional VPN client to hide IP
Replies
14
Views
689
johndoe85
johndoe85
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
131
MNBob
M
P
Get notified when VPN client connection fails
Replies
10
Views
813
Viktor Jaep
Viktor Jaep
R
OpenVPN keeps on turning itself off
2 3
Replies
40
Views
1K
CaptainSTX
C
Similar threads
Thread starter Title Forum Replies Date
P Get notified when VPN client connection fails Asuswrt-Merlin 10
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4
johndoe85 VPN site to site with additional VPN client to hide IP Asuswrt-Merlin 14
C VPN Client KillSwitch/Automatic Start at Boot Failures Asuswrt-Merlin 3
D How to restrict VPN network access to certain IP Range or Hosts for specific VPN client Asuswrt-Merlin 8
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
Quan Wireguard performance on ASUS XT8 running VPN client Asuswrt-Merlin 1
H WireGuard VPN PreUp Option to Run Command Before Client Connects? Asuswrt-Merlin 3
B VPN Client Problem Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 936 (members: 25, guests: 911)
Top