3rdEden

So I managed to fix it. I had a hunch on why it was failing every single time. When I paste the configuration from the Open VPN file in the textarea and pressed apply I kept seeing the old logs of the previous VPN information. After refreshing the page the old configuration was showing up again instead of the one that was added in the textarea. In addition these symptoms, the VPN page was loading really slow and continuously freezing in Google Chrome. So my impression was because the previous configuration had: resolv-retry infinite Which would cause an infinite loop if the VPN connection failed, as seen in my case. With no option to stop the VPN (even after restart) I decided to do a factory reset of the router. I loaded up the new configuration that was posted above and now it's correctly showing "Connected" as notice. The log now correctly shows: Tue Jan 24 18:59:00 2017 WARNING: file '/tmp/vpncred' is group or others accessible Tue Jan 24 18:59:00 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Jan 24 18:59:01 2017 Socket Buffers: R=[163840->131072] S=[163840->131072] Tue Jan 24 18:59:01 2017 UDPv4 link local: [undef] Tue Jan 24 18:59:01 2017 UDPv4 link remote: [AF_INET]212.38.167.194:553 Tue Jan 24 18:59:01 2017 TLS: Initial packet from [AF_INET]212.38.167.194:553, sid=b5a3b98e d7646aa2 Tue Jan 24 18:59:01 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Jan 24 18:59:01 2017 VERIFY OK: depth=1, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, [email protected] Tue Jan 24 18:59:01 2017 VERIFY OK: nsCertType=SERVER Tue Jan 24 18:59:01 2017 VERIFY OK: depth=0, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, [email protected] Tue Jan 24 18:59:03 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Jan 24 18:59:03 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 24 18:59:03 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Jan 24 18:59:03 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 24 18:59:03 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Tue Jan 24 18:59:03 2017 [server] Peer Connection Initiated with [AF_INET]212.38.167.194:553 Tue Jan 24 18:59:05 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Jan 24 18:59:05 2017 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.200.143.1,ping 9,ping-restart 30,route-gateway 10.200.143.1,topology subnet,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,ifconfig 10.200.143.145 255.255.255.0' Tue Jan 24 18:59:05 2017 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:9: explicit-exit-notify (2.3.4) Tue Jan 24 18:59:05 2017 OPTIONS IMPORT: timers and/or timeouts modified Tue Jan 24 18:59:05 2017 OPTIONS IMPORT: --ifconfig/up options modified Tue Jan 24 18:59:05 2017 OPTIONS IMPORT: route options modified Tue Jan 24 18:59:05 2017 OPTIONS IMPORT: route-related options modified Tue Jan 24 18:59:05 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Jan 24 18:59:05 2017 TUN/TAP device tun0 opened Tue Jan 24 18:59:05 2017 TUN/TAP TX queue length set to 100 Tue Jan 24 18:59:05 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1 Tue Jan 24 18:59:05 2017 /sbin/ifconfig tun0 10.200.143.145 netmask 255.255.255.0 mtu 1500 broadcast 10.200.143.255 Tue Jan 24 18:59:05 2017 /www/scripts/vpnup.sh 8633 tun0 1500 1557 10.200.143.145 255.255.255.0 init Tue Jan 24 18:59:05 2017 Initialization Sequence Completed

It's complaining about a self signed certifcate in chain. So it's failing again

Still not working unfortunately.

Is there any other way to get this fixed?

Cool glad to hear that there's at least a solution for it.

Even when following that post, and pasting the contents of the .ovpn file in to the text area, I still get handshake failure errors. I've confirmed that the vpn is working when I use their supplied software so the account and it's details are solid. client auth-user-pass ping 5 dev tun resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ns-cert-type server verb 3 ;mute 20 route-metric 1 proto tcp ping-exit 90 #show-net-up #dhcp-renew #dhcp-release #route-delay 0 120 #hand-window 180 cipher AES-256-CBC <ca> -----BEGIN CERTIFICATE----- MIIGVjCCBD6gAwIBAgIJAOmTY3hf1Bb6MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD VQQGEwJVSzEPMA0GA1UECAwGTG9uZG9uMQ8wDQYDVQQHDAZMb25kb24xEzARBgNV BAoMClByaXZheCBMdGQxFDASBgNVBAsMC0hNQSBQcm8gVlBOMRYwFAYDVQQDDA1o aWRlbXlhc3MuY29tMR4wHAYJKoZIhvcNAQkBFg9pbmZvQHByaXZheC5jb20wHhcN MTYwOTE0MDk0MTUyWhcNMjYwOTEyMDk0MTUyWjCBkjELMAkGA1UEBhMCVUsxDzAN BgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRMwEQYDVQQKDApQcml2YXgg THRkMRQwEgYDVQQLDAtITUEgUHJvIFZQTjEWMBQGA1UEAwwNaGlkZW15YXNzLmNv bTEeMBwGCSqGSIb3DQEJARYPaW5mb0Bwcml2YXguY29tMIICIjANBgkqhkiG9w0B AQEFAAOCAg8AMIICCgKCAgEAxWS4+bOnwzGsEZ2vyqfTg7OEJkdqlA+DmQB3UmeD xX8K+87FTe/htIudr4hQ19q2gaHU4PjN1QsJtkH+VxU6V5p5eeWVVCGpHOhkcI4X K0yodRGn6rhAPJYXI7pJHAronfmqfZz/XM+neTGHQ9VF9zW6Q1001mjT0YklFfpx +CPFiGYsQjqZ+ia9RvaXz5Eu1cQ0EWy4do1l7obmvmTrlqN26z4unmh3HfEKRuwt NeHsSyhdzFW20eT2GhvXniHItqWBDi93U55R84y2GNrQubm207UB6kqbJXPXYnlZ ifvQCxa1hz3sr+vUbRi4wIpj/Da2MK7BLHAuUbClKqFs9OSAffWo/PuhkhFyF5Jh OYXjOMI1PhiTjeSfBmNdC5dFOGT3rStvYxYlB8rwuuyp9DuvInQRuCC62/Lew9pI TULaPUPTU7TeKuk4Hqqn2LtnFTU7CSMRAVgZMxTWuC7PT+9sy+jM3nSqo+QaiVtM xbaWXmZD9UlLEMmM9IkMdHV08DXQonjIi4RnqHWLYRY6pDjJ2E4jleXlS2laIBKl mKIuyxZ/B5IyV2dLKrNAs7j9EC7J82giBBCHbZiHQjZ2CqIi+afHKjniFHhuJSVU e7DY+S/B/ePac7Xha8a5K2LmJ+jpPjvBjJd+2Tp2Eyt8wVn/6iSqKePDny5AZhbY +YkCAwEAAaOBrDCBqTAdBgNVHQ4EFgQU4MZR0iTa8SoTWOJeoOmtynuk8/cwHwYD VR0jBBgwFoAU4MZR0iTa8SoTWOJeoOmtynuk8/cwDwYDVR0TAQH/BAUwAwEB/zAL BgNVHQ8EBAMCAaYwEQYJYIZIAYb4QgEBBAQDAgEWMBoGA1UdEQQTMBGBD2luZm9A cHJpdmF4LmNvbTAaBgNVHRIEEzARgQ9pbmZvQHByaXZheC5jb20wDQYJKoZIhvcN AQELBQADggIBAG+QvRLNs41wHXeM7wq6tqSZl6UFStGc6gIzzVUkysVHwvAqqxj/ 8UncqEwFTxV3KiD/+wLMHZFkLwQgSAHwaTmBKGrK4I6DoUtK+52RwfyU3XA0s5dj 6rKbZKPNdD0jusOTYgbXOCUa6JI2gmpyjk7lq3D66dATs11uP7S2uwjuO3ER5Czt m12RcsrAxjndH2igTgZVu4QQwnNZ39Raq6v5IayKxF0tP1wPxz/JafhIjdNxq6Re P4jsI5y0rJBuXuw+gWC8ePTP4rxWp908kI7vwmmVq9/iisGZelN6G5uEB2d3EiJB B0A3t9LCFT9fKznlp/38To4x1lQhfNbln8zC4qav/8fBfKu5MkuVcdV4ZmHq0bT7 sfzsgHs00JaYOCadBslNu1xVtgooy+ARiGfnzVL9bArLhlVn476JfU22H57M0IaU F5iUTJOWKMSYHNMBWL/m+rgD4In1nEb8DITBW7c1JtC8Iql0UPq1PlxhqMyvXfW9 4njqcF4wQi6PsnJI9X7oHDy+pevRrCR+3R5xWB8C9jr8J80TmsRJRv8chDUOHH4H YjhF7ldJRDmvY+DK6e4jgBOIaqS5i2/PybVYWjBb7VuKDFkLQSqA5g/jELd6hpUL yUgzpAgr7q3iJghthPkS4oxw9NtNvnbQweKIF37HIHiuJRsTRO4jhlX4 -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIIGMTCCBBmgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwgZIxCzAJBgNVBAYTAlVL MQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjETMBEGA1UECgwKUHJp dmF4IEx0ZDEUMBIGA1UECwwLSE1BIFBybyBWUE4xFjAUBgNVBAMMDWhpZGVteWFz cy5jb20xHjAcBgkqhkiG9w0BCQEWD2luZm9AcHJpdmF4LmNvbTAeFw0xNjA5MTQx MDQ2MTRaFw0yNjA5MTExMDQ2MTRaMIGMMQswCQYDVQQGEwJVSzEPMA0GA1UECAwG TG9uZG9uMQ8wDQYDVQQHDAZMb25kb24xEzARBgNVBAoMClByaXZheCBMdGQxFDAS BgNVBAsMC0hNQSBQcm8gVlBOMRAwDgYDVQQDDAdobWF1c2VyMR4wHAYJKoZIhvcN AQkBFg9pbmZvQHByaXZheC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDt+iUzODRqDxE0NNf05adqkOo0ZISQIgGnhYX6yfQcVcQ3d3lcr59/svL/ yPlk4tjUOfgZ8yFQ1FhaJvbg1g6GihVuHCuU5zMT7O7kc9S5p6PqIIJCfN1t36OB LsX0XpS7FrJa7jTSE4wjEe24MdAt6v+UtB9cyD92zdvVQ8EqS4G48xDNAChPFQfH 69/U0dr+vIV6Zyz5sFB/w3LXeMtvj/0iVu8Hj93hFyB6ZJBwEKvG1UTQ1PJNLRQh wsllxxDUELGT6VkbUQZsfkt6N3hqaK7LyaSjcTvR4hr5eLkQNDEn3dXDPvVhdzvr 9clQWlmi/g5HAqqIxsZMYw4t244VAgMBAAGjggGTMIIBjzAJBgNVHRMEAjAAMBEG CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCB4AwLAYJYIZIAYb4QgENBB8WHU9w ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRvO1Mpxud2OAB8 3eubWdvsmNZkCjCBxwYDVR0jBIG/MIG8gBTgxlHSJNrxKhNY4l6g6a3Ke6Tz96GB mKSBlTCBkjELMAkGA1UEBhMCVUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwG TG9uZG9uMRMwEQYDVQQKDApQcml2YXggTHRkMRQwEgYDVQQLDAtITUEgUHJvIFZQ TjEWMBQGA1UEAwwNaGlkZW15YXNzLmNvbTEeMBwGCSqGSIb3DQEJARYPaW5mb0Bw cml2YXguY29tggkA6ZNjeF/UFvowGgYDVR0RBBMwEYEPaW5mb0Bwcml2YXguY29t MBoGA1UdEgQTMBGBD2luZm9AcHJpdmF4LmNvbTATBgNVHSUEDDAKBggrBgEFBQcD AjANBgkqhkiG9w0BAQsFAAOCAgEAZvP84ngB9A0VGmYc53Niowj6FzMZQR3ePDB0 Bs5Wbdco+ZCQLkI0XbdaIKdXnL/cSEGS2ZFb4aUorLFwOHmTs1OYmWYCtEQlyOSQ BQfrxEKk2o9azYmOekUkjzmEDrFlHOqHyTSeCzkHCSfH2e2jucswoFT3hq/OvcoG wzc8WSNbyI4oAugJtl4FGPTkpdtkV0aghirFiA6kZOdvPL43ItDT9/oi7ew2hj2b YGqfeuXISKhZrsauQhTEOgZuZYtcjKqnwFWSXYWAEmBZpDeM/agCymfVtipH0Pc8 xd97d8GW8WwOHqmRaENgK/0vdSUeirYQL/Lu1LBecJUXlJfXZ06lYcRS8/6G46Ki ukkGw9IiLcKgLh3DAxVLxy1c+FIjnYVd/vkE+wCKBgIdsPDE93K7UgjTCMrr5adi llNyAYCXAxtrNon8L20DZx06uRA2koUgX7ZZ7YFZJ1piGDD5pNxNuyEcjHIspcSV rk02nBLraveA9KZD3/v6G9UMsSuQTQC9Igksw24czYbKHF6kSPhrDu2PbTCThl7r 738s6c97W6KtBfKb2sMwHnQwWRUXeNLm5NVC/ZB8adKJXGOOW24Gy/rmjo/UCMYl P4qwfnvSjDLZrbxkFn3fikzf60rJT1K3/7MYfiotpMDGjADKDZFZ1yKSX8Oda5Gz Y4J75tA= -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- MIIEpgIBAAKCAQEA7folMzg0ag8RNDTX9OWnapDqNGSEkCIBp4WF+sn0HFXEN3d5 XK+ff7Ly/8j5ZOLY1Dn4GfMhUNRYWib24NYOhooVbhwrlOczE+zu5HPUuaej6iCC Qnzdbd+jgS7F9F6UuxayWu400hOMIxHtuDHQLer/lLQfXMg/ds3b1UPBKkuBuPMQ zQAoTxUHx+vf1NHa/ryFemcs+bBQf8Ny13jLb4/9IlbvB4/d4RcgemSQcBCrxtVE 0NTyTS0UIcLJZccQ1BCxk+lZG1EGbH5Lejd4amiuy8mko3E70eIa+Xi5EDQxJ93V wz71YXc76/XJUFpZov4ORwKqiMbGTGMOLduOFQIDAQABAoIBAQDSBjU0igMAI0IM sCJzuQbS7wgzqw6vYcPSA+5lkjyFkU/1n9SU70411knNYqJv3iB81JhY1pFtk6pS DhdOALybElyta+EurgkPKckACBYSr5fjNkOfyDFoGbpkdVIxRBPBNdu8koQ9bxD7 loQVTqkrDT35ECqpqPURtcaw5fYhiwQWtLXSTqF6WMXgTlNI9vDGNHVOzDZPpUEY q6MZjK2kayE9wYGAKj+zDHVSdvXeofJX5RCqUi74NrQi3X6FArQCz9Epxb7GzBAn xD4BTC5+TltVwu5VhCLGIZDS4EXsw9xQAr3Z4V8CTTtiv3W8+c0bMb5U31H64EzW yTeHGDbhAoGBAP5+WgAnl9vFT6EPp1jKFBM4F6pm+77YRswnca9EMjCok0vqeHPE 9Xt8BsfLZV1rch7pb9LW9nkjEL5vWxsGceMEQRrbhISCx+MZdIkL706nOHTXXJ+c UNR4gdnSlq9bFW8y3hmRLRLcUOjHZiPL5RQSCgPkAjXF7WwZOc/67ke5AoGBAO9i w/XS8gIvP3DHqSN2dlX0SgIamLDYbrbeeHm4jZ/m+tNyE9q8kJXq3jKCTRMd3dNZ 0OPm0MBMdoKY0cksq7w6OTQ3HOid9VaPuOsNC2X+q878GpsJ+ZKKw9433Gio9nCt VOcBnLa3dtz0DCwRe97j2rrcUnjVDoLE10C89a89AoGBANR5MTMH22WFKqJRq2oZ 7QDOyBNgv7XqY9F27RdjXHP7il7Ld51QR5O9TPvp+MsyNalRRCdHiahBem1EE1BQ 5SygFKsTs2PevHwCeKUi7b1BJ4WFeLNZkrKRmff+NghZh1+7nGrEJlmkz3hJYiFo ze0f0nTFHINAqKSjuvzFh8MhAoGBAORMxyKcaV2X/eLrJ+3APp8++Y4EG3cdEomo pjE/xyGmwbQCadkEWMgBVKPLDQKcS0ATulp/eLrMsYFfiUNZLPe4d3HK1fErJB3H t83DhQli1ivy1tThsHkHikFV+Qh/i3hudjhRm0nOsreKsEke64nouGPZV3YRi2M/ oyIElDLpAoGBALPVdMwjF3zLQdfxAtzl0SjXYAK+fgtcdtyXx8bT6oP9MOLdEzjx EINZrEe84Bs0zor1XqW65Ahm0H1OAgiTsmOakZMLygfW2O9QrZOCkx9wb3b1VvUT uniNUD9nBmXEG1GtnSxxo9Vf7sFc8paPSx+EBo1dsXYmIA+8jX9hv+6T -----END RSA PRIVATE KEY----- </key> remote 104.222.137.130 443 Thats the ovpn file that I used.

Hi, I bought a hide my ass subscription so I could use the VPN feature of the router. I entered my credentials, selected a location from the dropdown list and nothing works. The VPN log is complaining about TLS handshake errors. Is there anything I need to update in the router in order to get this to work?

Thanks Fraser, the upgrade was successful!

I'm on 1.03.3 , remote support ticked and would love to receive the update. But I do wonder one thing. Why aren't our routers just auto upgrading or stating that 1.03.3 is the latest version when you look at the upgrade screen.