Jump to content

PLEASE HELP! XR700 TO XR700 VPN CONFIG


Recommended Posts

Seems like no matter what i do i can’t keep it connected. I’ve tried the ovpn profile generated by router A on multiple devices and even a little mini wrt based travel router and none of them have any issue retaining connectivity.  I’m thinking it has something to do with the authentication as none of the other working devices require user name and password and accept an upload of the ovpn file. My theory seems to be supported by the vpn log below. Please advise...

 

Tue Sep 17 17:41:54 2019 us=644890 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 18 2019 Tue Sep 17 17:41:54 2019 us=645001 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.06 Tue Sep 17 17:41:54 2019 us=645162 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Sep 17 17:41:54 2019 us=645196 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Sep 17 17:41:54 2019 us=646667 LZO compression initializing Tue Sep 17 17:41:54 2019 us=646964 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ] Tue Sep 17 17:41:54 2019 us=669686 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Tue Sep 17 17:41:54 2019 us=669811 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Tue Sep 17 17:41:54 2019 us=669846 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Tue Sep 17 17:41:54 2019 us=669900 TCP/UDP: Preserving recently used remote address: [AF_INET]108.41.158.64:12973 Tue Sep 17 17:41:54 2019 us=669972 Socket Buffers: R=[163840->163840] S=[163840->163840] Tue Sep 17 17:41:54 2019 us=670010 UDP link local: (not bound) Tue Sep 17 17:41:54 2019 us=670045 UDP link remote: [AF_INET]108.41.158.64:12973 WRTue Sep 17 17:41:54 2019 us=679285 TLS: Initial packet from [AF_INET]108.41.158.64:12973, sid=07548efe 94e4d74c WTue Sep 17 17:41:54 2019 us=679462 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this WRWRTue Sep 17 17:41:54 2019 us=697115 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, name=changeme, [email protected] Tue Sep 17 17:41:54 2019 us=697884 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, name=changeme, [email protected] WRWWRRWRWTue Sep 17 17:41:54 2019 us=737605 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA Tue Sep 17 17:41:54 2019 us=737679 [netgear] Peer Connection Initiated with [AF_INET]108.41.158.64:12973 Tue Sep 17 17:41:55 2019 us=876013 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1) WRRTue Sep 17 17:41:55 2019 us=885734 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,redirect-gateway def1,ifconfig 192.168.2.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' Tue Sep 17 17:41:55 2019 us=885915 OPTIONS IMPORT: timers and/or timeouts modified Tue Sep 17 17:41:55 2019 us=885951 OPTIONS IMPORT: --ifconfig/up options modified Tue Sep 17 17:41:55 2019 us=885979 OPTIONS IMPORT: route options modified Tue Sep 17 17:41:55 2019 us=886007 OPTIONS IMPORT: route-related options modified Tue Sep 17 17:41:55 2019 us=886033 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Sep 17 17:41:55 2019 us=886059 OPTIONS IMPORT: peer-id set Tue Sep 17 17:41:55 2019 us=886087 OPTIONS IMPORT: adjusting link_mtu to 1625 Tue Sep 17 17:41:55 2019 us=886114 OPTIONS IMPORT: data channel crypto options modified Tue Sep 17 17:41:55 2019 us=886143 Data Channel: using negotiated cipher 'AES-256-GCM' Tue Sep 17 17:41:55 2019 us=886188 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ] Tue Sep 17 17:41:55 2019 us=886478 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Sep 17 17:41:55 2019 us=886521 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Sep 17 17:41:55 2019 us=887130 TUN/TAP device tun0 opened Tue Sep 17 17:41:55 2019 us=887180 TUN/TAP TX queue length set to 100 Tue Sep 17 17:41:55 2019 us=887223 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Tue Sep 17 17:41:55 2019 us=887279 /sbin/ifconfig tun0 192.168.2.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.2.255 Tue Sep 17 17:41:55 2019 us=895629 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpnup 5 tun0 1500 1553 192.168.2.2 255.255.255.0 init Tue Sep 17 17:41:55 2019 us=942734 Initialization Sequence Completed WrWrWRwrWrWRwRwRwRwRwRwRwrWrWrWrWrWrWrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrW

Link to comment
Share on other sites

  • Administrators

Just re-read the topic, what purpose are you trying to achieve by linking the two routers together? I'm not sure if it will be possible if I'm honest. I've adapted your config file but removed the Netgear specific details so it may not work and if it doesn't I don't think there would be a way to do it. Also consider that router A would need to have an Open NAT in order to communicate effectively with router B.

client
dev tun
proto udp
remote bolla-bk.mynetgear.com  12973
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
comp-lzo
verb 5

<ca>
-----BEGIN CERTIFICATE-----
MIIDqDCCAxGgAwIBAgIJAOz1OLU6kDwlMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYD
VQQGEwJUVzELMAkGA1UECBMCVFcxDzANBgNVBAcTBlRhaXBlaTEQMA4GA1UEChMH
bmV0Z2VhcjEQMA4GA1UECxMHbmV0Z2VhcjEQMA4GA1UEAxMHbmV0Z2VhcjERMA8G
A1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAbmV0Z2Vhci5jb20w
HhcNMTgwOTE5MTEyMzI2WhcNMzgwOTE0MTEyMzI2WjCBlTELMAkGA1UEBhMCVFcx
CzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxEDAOBgNVBAoTB25ldGdlYXIx
EDAOBgNVBAsTB25ldGdlYXIxEDAOBgNVBAMTB25ldGdlYXIxETAPBgNVBCkTCGNo
YW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQG5ldGdlYXIuY29tMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDeD8n0LYdjhJqdzuNcnAAgLtHe6c5JmZrVGYMn
oXBt9gzdJ+5okP72k4v+qS8B+DbCPYBn1yK7c12DcoRVq7P7meAafJ+RBOBD6mu/
STq04pJ2dwmaamUlIJmc6q0treqdUTveTt/g18AvWwbaiJqKgeIZQiFre6/ahew/
kSWrwwIDAQABo4H9MIH6MB0GA1UdDgQWBBTrUtUePK+rleknPSplZqbHUl68bTCB
ygYDVR0jBIHCMIG/gBTrUtUePK+rleknPSplZqbHUl68baGBm6SBmDCBlTELMAkG
A1UEBhMCVFcxCzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxEDAOBgNVBAoT
B25ldGdlYXIxEDAOBgNVBAsTB25ldGdlYXIxEDAOBgNVBAMTB25ldGdlYXIxETAP
BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQG5ldGdlYXIuY29t
ggkA7PU4tTqQPCUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDR+CHO
0Tt4ORmyq9lnZGliRu2zW8IuxXHQs9hzpbbK3tzgrAO1YNvf97JDlxLu3LWAWijm
Re72TgrEkFiB082UiwbKwqbk9czM5c+UIULiVtakfWETKZ9kb1nPmxXtFTXPQeHX
DjtOUbbm2A8nZPsFovUSOSXaTaXxgbA1dMohzg==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID8DCCA1mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCVFcx
CzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxEDAOBgNVBAoTB25ldGdlYXIx
EDAOBgNVBAsTB25ldGdlYXIxEDAOBgNVBAMTB25ldGdlYXIxETAPBgNVBCkTCGNo
YW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQG5ldGdlYXIuY29tMB4XDTE4MDkx
OTExMjMyN1oXDTM4MDkxNDExMjMyN1owgZUxCzAJBgNVBAYTAlRXMQswCQYDVQQI
EwJUVzEPMA0GA1UEBxMGVGFpcGVpMRAwDgYDVQQKEwduZXRnZWFyMRAwDgYDVQQL
EwduZXRnZWFyMRAwDgYDVQQDEwduZXRnZWFyMREwDwYDVQQpEwhjaGFuZ2VtZTEf
MB0GCSqGSIb3DQEJARYQbWFpbEBuZXRnZWFyLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAt9OGoroEVyHyguu/zdqa9o9LTmPFXJKJKDJ/fzxDyqYp/Cvf
x3KEGCqpRweUgXjTOenWmzL/+0trWdzMTnOYGdbJqEtf1imwkRVdFCqLoMr9cNSB
nm3VArmQLzY7JFQNJ66HTB2EpESu81A/8e3czxhKf5tDX+CZ2x5l6M+B6v8CAwEA
AaOCAUwwggFIMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU4zUhVpPjfYgbv4WI+1bcPHdq
n6YwgcoGA1UdIwSBwjCBv4AU61LVHjyvq5XpJz0qZWamx1JevG2hgZukgZgwgZUx
CzAJBgNVBAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMRAwDgYD
VQQKEwduZXRnZWFyMRAwDgYDVQQLEwduZXRnZWFyMRAwDgYDVQQDEwduZXRnZWFy
MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBuZXRnZWFy
LmNvbYIJAOz1OLU6kDwlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
gDANBgkqhkiG9w0BAQsFAAOBgQBA3LQNj5Havc0TId/1fkZ6zQk37EclLBW04sKd
GPS6T05/8ETQ6h+0XUnMmN+PMSPxMc+78xnfwo16y6iSI986b5WOO+tZ1X2/v5f2
xl/lvBN8sZAi8WMOFJjNeRG58KCWYxpDQj0sS3JjsEpWEGzTTHnGjpOPjCTlLWDW
vw0J5g==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALfThqK6BFch8oLr
v83amvaPS05jxVySiSgyf388Q8qmKfwr38dyhBgqqUcHlIF40znp1psy//tLa1nc
zE5zmBnWyahLX9YpsJEVXRQqi6DK/XDUgZ5t1QK5kC82OyRUDSeuh0wdhKRErvNQ
P/Ht3M8YSn+bQ1/gmdseZejPger/AgMBAAECgYEAsBtsc37j45m5HCXARfU02hrj
WUEJ9arIzYK7VGimxYC03komA4w48nIEY/DmG7dmHKhiGaMdS2CwgpGeBVaGkjEk
Etsj0Q9Atej2u2FgUi8epFrnUpwna1MC7/4zqqlZNqG9AAQZwqUJaYIl7sC5CZiM
ZkTO/SzrdPAL2XvlQDECQQDtznFvg4IGaLCpR5Ak/98X3+6D03GdISB2tUwOLIQE
W94Oa7QXSYPO6NwmTLCXut1yZk3VoZIjG1zHowdF0c3HAkEAxePa1ss08gOveF3d
IxRt1XGURAiX8nnIbMk4S9Z3+TP9LJrAu5Y3lGxlxRkLhz/5BYsVXBqHER+MLwkz
rqzZCQJBAI2EsprzPvjDaoaC0PRD1SbnG5EVzuH8ac5bG9S/hxz08tPQIo9NL4R9
rS2Zq+nPyaMf4KgGi+oaiX9AtL5HGdcCQD0XQo/c29N638jA8WvK+r1R+vuly4LH
peAvnnmLFC6Spi4G+Ejw7uebLy/Rs4VlcnMLpORyLBBVNOmwZYwfQEECQHI/8AgA
UBnsBHw1kDCO0/oh7KqlqC8wZ2x2J8GgUMe3gTLQA1tEtHzPkQrM2BOfBZfMh2Zm
95jtEWdKuq185eM=
-----END PRIVATE KEY-----
</key>

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...