Not signed in (Sign In)

Welcome, Guest

Want to take part in these discussions? Sign in if you have an account, or apply for one below

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

  1.  
    Has anyone gotten the AlwaysVPN to work in the OpenVPN on a router? I am looking to configure AlwaysVPN on my ASUS RT-AC68U router and I am running the Merlin AsusWRT 378.54_2.
    • CommentAuthoradmin
    • CommentTimeJul 8th 2015
     
    I don't have a Merlin AsusWRT compatible router available but from what I've found on the web it looks like there is a openvpn client web interface. Are there particular openvpn configuration fields/options that you have questions about?
  2.  
    I have screenshot the settings:

    http://postimg.org/image/fhmst6rdt/

    http://postimg.org/image/mchy6qzvn/

    These are the areas where I can configure the OpenVPN Client on the router and at the bottom place custom configurations.
    • CommentAuthoradmin
    • CommentTimeJul 13th 2015
     
    Some things that I noticed.
    Change the interface type to TAP
    Change the Verify Server certificate to No

    Remove the
    persist-remote-ip
    auth sha256
    keysize 256
    lines from the custom configuration box.
  3.  
    Jul 14 11:14:45 rc_service: httpd 9173:notify_rc start_vpnclient2
    Jul 14 11:14:45 kernel: tun: Universal TUN/TAP device driver, 1.6
    Jul 14 11:14:45 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Jul 14 11:14:47 kernel: device tap12 entered promiscuous mode
    Jul 14 11:14:47 kernel: ADDRCONF(NETDEV_UP): tap12: link is not ready
    Jul 14 11:14:47 openvpn[18340]: OpenVPN 2.3.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 10 2015
    Jul 14 11:14:47 openvpn[18340]: library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
    Jul 14 11:14:47 openvpn[18340]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jul 14 11:14:47 openvpn[18340]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 14 11:14:47 openvpn[18340]: Socket Buffers: R=[122880->131072] S=[122880->131072]
    Jul 14 11:14:48 openvpn[18341]: UDPv4 link local: [undef]
    Jul 14 11:14:48 openvpn[18341]: UDPv4 link remote: [AF_INET](AlwaysVPN IP):443
    Jul 14 11:15:48 openvpn[18341]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jul 14 11:15:48 openvpn[18341]: TLS Error: TLS handshake failed
    Jul 14 11:15:48 openvpn[18341]: SIGUSR1[soft,tls-error] received, process restarting
    Jul 14 11:15:48 openvpn[18341]: Restart pause, 2 second(s)
    Jul 14 11:15:50 openvpn[18341]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jul 14 11:15:50 openvpn[18341]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 14 11:15:50 openvpn[18341]: Socket Buffers: R=[122880->131072] S=[122880->131072]
    Jul 14 11:15:50 openvpn[18341]: UDPv4 link local: [undef]
    Jul 14 11:15:50 openvpn[18341]: UDPv4 link remote: [AF_INET](AlwaysVPN IP):443
    • CommentAuthoradmin
    • CommentTimeJul 13th 2015
     
    Try changing the server port to 1194.
    Does the AlwaysVPN-Faster connection option work when you install the openvpn software on your desktop/laptop computer?
  4.  
    I tried changing it to 1194 after posting this and got the same error.

    The software works fine for my computer.
    • CommentAuthoradmin
    • CommentTimeJul 13th 2015
     
    Is it possible that you have a firewall rule that is blocking traffic on the openvpn tap network adapter?
  5.  
    I have another vpn client that works on here. The main differences between it and your vpn is it uses TUN instead of TAP and uses a different encryption algorithm.
    • CommentAuthoradmin
    • CommentTimeJul 16th 2015
     
    I don't think the issue is with the TUN/TAP adapter setting because this would only be apparent after a successful TLS connection was established.
    I think the problem is that there is a encryption settings mismatch.

    Here are more things I would try.

    Extra HMAC authorization needs to be on. This settings uses the static key that you pasted.
    If the dropdown has a setting for direction it should be set to 1. If the drop down has no option for 1 then you might need to add
    key-direction 1
    to the custom configuration box.

    The Username/Password Auth. only might need to be set to Yes. I'm not exactly sure which openvpn option this configures.

    Could you try some of these combinations and then post another set of screenshots if it still does not work?

    Sorry for not getting back to you sooner.