VPN client setup - help for a newbie

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

jata

Regular Contributor
Hi all, hope someone can provide me with a few pointers on setting up and testing a OpenVPN client connection - i'm using my Smart DNS (also VPN) to test.

In summary I have downloaded the .ovpn config for the connection I want to use and have entered user credentials etc. I have been able to 'start' the VPN client session but I'm not sure it is working or connected successfully.

I'm using Merlin FW 386.2 on a AX58U.

below is what i see in the VPN client page - says 'connecting' but i'm thinking it should say 'connected' if all working ok?

1618973992205.png


Below is what I see in the VPN status page

1618974149516.png
 
Last edited:

MvW

Senior Member
It should say 'Connected' indeed, and show a local and remote IP, like this:

Screenshot_2021-04-21 ASUS Wireless Router RT-AC86U - OpenVPN Client Settings.png


Can you post your a screenshot of your VPN Client settings (hide your user credentials) and check syslog (left side menu, system messages > general log) for errors as to why it can't make a connection. The lines in syslog can be recognized as they show 'openvpn-client' after the date and time stamp.
 

jata

Regular Contributor
Thanks @MvW

1618982156724.png


will post log separately (as having issues pasting them in this thread)
 

jata

Regular Contributor
having trouble pasting log file so have attached. Note I changed the remote ip to x.x.x.x

apologies - looks like this is not working either. will download full log and post just a section of it - give me a minute...
 

MvW

Senior Member
having trouble pasting log file so have attached. Note I changed the remote ip to x.x.x.x

apologies - looks like this is not working either. will download full log and post just a section of it - give me a minute...
You can use a site like pastebin or something similar to post syslog. Just make sure to search and replace any sensitive information.
 

jata

Regular Contributor
can you open this attachment?
 

MvW

Senior Member
I see the tunnel being setup, and shortly after being shutdown. You apparently get no WAN IP assigned. I also see several warnings, but can't pinpoint what is exactly wrong with your config. Pinging @eibgrad for assistance.
 

jata

Regular Contributor
thanks - good to know that config looks okish.

Note that I turned VPN off (shutdown) as i thought the VPN was preventing me from posting the log!

additional info - I use nextDNS on the router. Could this be causing the issue?
 

MvW

Senior Member
I use nextDNS on the router. Could this be causing the issue?

I higly doubt that. I'm using the NextDNS CLI client myself and it works fine, both on WAN as well as VPN connections.
 

eibgrad

Very Senior Member
If you're connecting to a commercial OpenVPN service provider, it seems highly doubtful you would be asked to configure a P2P (point-to-point) tunnel, which it seems you're doing by specifying the local and remote endpoints (10.8.0.2 and 10.8.0.1) plus static key. 99% of the time it's PTMP (point to multipoint), where the OpenVPN server is being managed on behalf of *multiple* users (which means TLS, certs, etc.). P2P if a server configured for only *one* OpenVPN client!

But on the off chance this is a valid config, you've checked the static key field but apparently provided no actual key, as indicated by the following error message.

Code:
Apr 21 15:14:10 ovpn-client1[21656]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
...
Apr 21 15:14:10 ovpn-client1[21657]: ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
 
Last edited:

Martineau

Part of the Furniture
thanks - good to know that config looks okish.

Note that I turned VPN off (shutdown) as i thought the VPN was preventing me from posting the log!

additional info - I use nextDNS on the router. Could this be causing the issue?
All OpenVPN clients will issue
Code:
 ovpn-clientX[nnnnn]: Initialization Sequence Completed
if the configuration is deemed valid rather than 'OKish'

Whilst I don't currently have access to my RT-AX58U, I suggest you ensure that the import of the .ovpn file was successful, and try the following settings as shown on an RT-AC86U

1618997387417.png
 

jata

Regular Contributor
got it working. thanks all.

Issue were:

1. needed to add BF-CBC to list of data ciphers in crypto settings
2. VPN user name was different to normal smart DNS username

I only worked out 2 after fixing issue 1 as I got further through the initiation process.
 

Mathieu

Regular Contributor
All OpenVPN clients will issue
Code:
ovpn-clientX[nnnnn]: Initialization Sequence Completed
if the configuration is deemed valid rather than 'OKish'

Whilst I don't currently have access to my RT-AX58U, I suggest you ensure that the import of the .ovpn file was successful, and try the following settings as shown on an RT-AC86U

View attachment 33344

Hello
I too am a bit at a loss with OpenVPN at the moment and can't seem to have it working, as it used to.
When you indicate:

All OpenVPN clients will issue
Code:
ovpn-clientX[nnnnn]: Initialization Sequence Completed

Is that router/firwware specific?
Asking because I can't see any such messages...
A cursory 'openvpn' word search of syslog only yields:

1619722975250.png


Note: The router restarts at 4:00 AM, as intended.

I have also edited tons of annoying '[Datetime] kernel: [MAC address] not mesh client, can't update it's ip' message, as RMerlin indicated those were left-overs from an untidied Samsung core-code. Incidentally, the MAC address they indicate is the one of the opvpn client 1. Spooked.

Can you spot anything worthy of further digging?
Is that serious, doctor? :)

Thank you
M
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top