How to set up an OpenVPN client on an Asus router?

D

dhemming2016-08-31 23:34:53

openvpn

dhemming, 2016-08-31 23:34:53

Greetings!
I set up an OpenVPN server on VDS hosting (the server itself works, it turns out to connect from Android through the OpenVPN application).
Here is the OpenVPN server config:

local XX.XX.XX.XX
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key 
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth ta.key 0 
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

I try to connect to this OpenVPN server from an Asus RT-18U router (standard firmware) and nothing happens.
Here is the client.ovpn file:

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
keepalive 10 120
verb 4
resolv-retry 60
persist-key
persist-tun
resolv-retry infinite
comp-lzo yes
Тут идут сертификаты, ключи и т.д.
key-direction 0
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
remote-cert-tls server

Here is the client log:

openvpn[2006]:   config = 'config.ovpn'
 openvpn[2006]:   mode = 0
 openvpn[2006]:   persist_config = DISABLED
 openvpn[2006]:   persist_mode = 1
 openvpn[2006]:   show_ciphers = DISABLED
 openvpn[2006]:   show_digests = DISABLED
 openvpn[2006]:   show_engines = DISABLED
 openvpn[2006]:   genkey = DISABLED
 openvpn[2006]:   key_pass_file = '[UNDEF]'
 openvpn[2006]:   show_tls_ciphers = DISABLED
 openvpn[2006]: Connection profiles [default]:
 openvpn[2006]:   proto = udp
 openvpn[2006]:   local = '[UNDEF]'
 openvpn[2006]:   local_port = 0
 openvpn[2006]:   remote = 'XX.XX.XX.XX'
 openvpn[2006]:   remote_port = 1194
 openvpn[2006]:   remote_float = DISABLED
 openvpn[2006]:   bind_defined = DISABLED
 openvpn[2006]:   bind_local = DISABLED
 openvpn[2006]:   connect_retry_seconds = 5
 openvpn[2006]:   connect_timeout = 10
 openvpn[2006]:   connect_retry_max = 0
 openvpn[2006]:   tun_mtu = 1500
 openvpn[2006]:   tun_mtu_defined = ENABLED
 openvpn[2006]:   link_mtu = 1500
 openvpn[2006]:   link_mtu_defined = DISABLED
 openvpn[2006]:   tun_mtu_extra = 0
 openvpn[2006]:   tun_mtu_extra_defined = DISABLED
 openvpn[2006]:   mtu_discover_type = -1
 openvpn[2006]:   fragment = 0
 openvpn[2006]:   mssfix = 1450
 openvpn[2006]:   explicit_exit_notification = 0
 openvpn[2006]: Connection profiles END
 openvpn[2006]:   remote_random = DISABLED
 openvpn[2006]:   ipchange = '[UNDEF]'
 openvpn[2006]:   dev = 'tun15'
 openvpn[2006]:   dev_type = '[UNDEF]'
 openvpn[2006]:   dev_node = '[UNDEF]'
 openvpn[2006]:   lladdr = '[UNDEF]'
 openvpn[2006]:   topology = 1
 openvpn[2006]:   tun_ipv6 = DISABLED
 openvpn[2006]:   ifconfig_local = '[UNDEF]'
 openvpn[2006]:   ifconfig_remote_netmask = '[UNDEF]'
 openvpn[2006]:   ifconfig_noexec = DISABLED
 openvpn[2006]:   ifconfig_nowarn = DISABLED
 openvpn[2006]:   ifconfig_ipv6_local = '[UNDEF]'
 openvpn[2006]:   ifconfig_ipv6_netbits = 0
 openvpn[2006]:   ifconfig_ipv6_remote = '[UNDEF]'
 openvpn[2006]:   shaper = 0
 openvpn[2006]:   mtu_test = 0
 openvpn[2006]:   mlock = DISABLED
 openvpn[2006]:   keepalive_ping = 10
 openvpn[2006]:   keepalive_timeout = 120
 openvpn[2006]:   inactivity_timeout = 0
 openvpn[2006]:   ping_send_timeout = 10
 openvpn[2006]:   ping_rec_timeout = 120
 openvpn[2006]:   ping_rec_timeout_action = 2
 openvpn[2006]:   ping_timer_remote = DISABLED
 openvpn[2006]:   remap_sigusr1 = 0
 openvpn[2006]:   persist_tun = ENABLED
 openvpn[2006]:   persist_local_ip = DISABLED
 openvpn[2006]:   persist_remote_ip = DISABLED
 openvpn[2006]:   persist_key = ENABLED
 openvpn[2006]:   passtos = DISABLED
 openvpn[2006]:   resolve_retry_seconds = 1000000000
 openvpn[2006]:   username = '[UNDEF]'
 openvpn[2006]:   groupname = '[UNDEF]'
 openvpn[2006]:   chroot_dir = '[UNDEF]'
 openvpn[2006]:   cd_dir = '/etc/openvpn/client5'
 openvpn[2006]:   writepid = '[UNDEF]'
 openvpn[2006]:   up_script = '[UNDEF]'
 openvpn[2006]:   down_script = '[UNDEF]'
 openvpn[2006]:   down_pre = DISABLED
 openvpn[2006]:   up_restart = DISABLED
 openvpn[2006]:   up_delay = DISABLED
 openvpn[2006]:   daemon = ENABLED
 openvpn[2006]:   inetd = 0
 openvpn[2006]:   log = DISABLED
 openvpn[2006]:   suppress_timestamps = DISABLED
 openvpn[2006]:   nice = 0
 openvpn[2006]:   verbosity = 4
 openvpn[2006]:   mute = 0
 openvpn[2006]:   status_file = 'status'
 openvpn[2006]:   status_file_version = 2
 openvpn[2006]:   status_file_update_freq = 60
 openvpn[2006]:   occ = ENABLED
 openvpn[2006]:   rcvbuf = 65536
 openvpn[2006]:   sndbuf = 65536
 openvpn[2006]:   mark = 0
 openvpn[2006]:   sockflags = 0
 openvpn[2006]:   fast_io = DISABLED
 openvpn[2006]:   lzo = 3
 openvpn[2006]:   route_script = '[UNDEF]'
 openvpn[2006]:   route_default_gateway = '[UNDEF]'
 openvpn[2006]:   route_default_metric = 0
 openvpn[2006]:   route_noexec = DISABLED
 openvpn[2006]:   route_delay = 0
 openvpn[2006]:   route_delay_window = 30
 openvpn[2006]:   route_delay_defined = DISABLED
 openvpn[2006]:   route_nopull = DISABLED
 openvpn[2006]:   route_gateway_via_dhcp = DISABLED
 openvpn[2006]:   max_routes = 100
 openvpn[2006]:   allow_pull_fqdn = DISABLED
 openvpn[2006]:   route 0.0.0.0/0.0.0.0/vpn_gateway/nil
 openvpn[2006]:   management_addr = '[UNDEF]'
 openvpn[2006]:   management_port = 0
 openvpn[2006]:   management_user_pass = '[UNDEF]'
 openvpn[2006]:   management_log_history_cache = 250
 openvpn[2006]:   management_echo_buffer_size = 100
 openvpn[2006]:   management_write_peer_info_file = '[UNDEF]'
 openvpn[2006]:   management_client_user = '[UNDEF]'
 openvpn[2006]:   management_client_group = '[UNDEF]'
 openvpn[2006]:   management_flags = 0
 openvpn[2006]:   shared_secret_file = '[UNDEF]'
 openvpn[2006]:   key_direction = 1
 openvpn[2006]:   ciphername_defined = ENABLED
 openvpn[2006]:   ciphername = 'BF-CBC'
 openvpn[2006]:   authname_defined = ENABLED
 openvpn[2006]:   authname = 'SHA1'
 openvpn[2006]:   prng_hash = 'SHA1'
 openvpn[2006]:   prng_nonce_secret_len = 16
 openvpn[2006]:   keysize = 0
 openvpn[2006]:   engine = DISABLED
 openvpn[2006]:   replay = ENABLED
 openvpn[2006]:   mute_replay_warnings = DISABLED
 openvpn[2006]:   replay_window = 64
 openvpn[2006]:   replay_time = 15
 openvpn[2006]:   packet_id_file = '[UNDEF]'
 openvpn[2006]:   use_iv = ENABLED
 openvpn[2006]:   test_crypto = DISABLED
 openvpn[2006]:   tls_server = DISABLED
 openvpn[2006]:   tls_client = ENABLED
 openvpn[2006]:   key_method = 2
 openvpn[2006]:   ca_file = 'ca.crt'
 openvpn[2006]:   ca_path = '[UNDEF]'
 openvpn[2006]:   dh_file = '[UNDEF]'
 openvpn[2006]:   cert_file = 'client.crt'
 openvpn[2006]:   priv_key_file = 'client.key'
 openvpn[2006]:   pkcs12_file = '[UNDEF]'
 openvpn[2006]:   cipher_list = '[UNDEF]'
 openvpn[2006]:   tls_verify = '[UNDEF]'
 openvpn[2006]:   tls_export_cert = '[UNDEF]'
 openvpn[2006]:   verify_x509_type = 0
 openvpn[2006]:   verify_x509_name = '[UNDEF]'
 openvpn[2006]:   crl_file = '[UNDEF]'
 openvpn[2006]:   ns_cert_type = 0
 openvpn[2006]:   remote_cert_ku[i] = 160
 openvpn[2006]:   remote_cert_ku[i] = 136
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_ku[i] = 0
 openvpn[2006]:   remote_cert_eku = 'TLS Web Server Authentication'
 openvpn[2006]:   ssl_flags = 0
 openvpn[2006]:   tls_timeout = 2
 openvpn[2006]:   renegotiate_bytes = 0
 openvpn[2006]:   renegotiate_packets = 0
 openvpn[2006]:   renegotiate_seconds = 3600
 openvpn[2006]:   handshake_window = 60
 openvpn[2006]:   transition_window = 3600
 openvpn[2006]:   single_session = DISABLED
 openvpn[2006]:   push_peer_info = DISABLED
 openvpn[2006]:   tls_exit = DISABLED
 openvpn[2006]:   tls_auth_file = 'static.key'
 openvpn[2006]:   server_network = 0.0.0.0
 openvpn[2006]:   server_netmask = 0.0.0.0
 openvpn[2006]:   server_network_ipv6 = ::
 openvpn[2006]:   server_netbits_ipv6 = 0
 openvpn[2006]:   server_bridge_ip = 0.0.0.0
 openvpn[2006]:   server_bridge_netmask = 0.0.0.0
 openvpn[2006]:   server_bridge_pool_start = 0.0.0.0
 openvpn[2006]:   server_bridge_pool_end = 0.0.0.0
 openvpn[2006]:   ifconfig_pool_defined = DISABLED
 openvpn[2006]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
 openvpn[2006]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
 openvpn[2006]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
 openvpn[2006]: LZO compression initialized
 openvpn[2006]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
 openvpn[2006]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
 openvpn[2006]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
 openvpn[2006]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
 openvpn[2006]: Local Options hash (VER=V4): 'Hash'
 openvpn[2006]: Expected Remote Options hash (VER=V4): 'Hash'
 openvpn[2011]: UDPv4 link local: [undef]
 openvpn[2011]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

DerzhiVolnu, 2016-08-31
@DerzhiVolnu

Install DD-WRT

S

smartlight, 2016-09-01
@smartlight

I would try commenting this out first:

key-direction 0
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
remote-cert-tls server

then from a router a ping looked also the table of routes.
then the client log on the router because verbose 4 is a sufficient level to understand what is wrong