kingsmotorsport Posted September 17, 2019 Author Share Posted September 17, 2019 Seems like no matter what i do i can’t keep it connected. I’ve tried the ovpn profile generated by router A on multiple devices and even a little mini wrt based travel router and none of them have any issue retaining connectivity. I’m thinking it has something to do with the authentication as none of the other working devices require user name and password and accept an upload of the ovpn file. My theory seems to be supported by the vpn log below. Please advise... Tue Sep 17 17:41:54 2019 us=644890 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 18 2019 Tue Sep 17 17:41:54 2019 us=645001 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.06 Tue Sep 17 17:41:54 2019 us=645162 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Sep 17 17:41:54 2019 us=645196 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Sep 17 17:41:54 2019 us=646667 LZO compression initializing Tue Sep 17 17:41:54 2019 us=646964 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ] Tue Sep 17 17:41:54 2019 us=669686 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Tue Sep 17 17:41:54 2019 us=669811 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Tue Sep 17 17:41:54 2019 us=669846 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Tue Sep 17 17:41:54 2019 us=669900 TCP/UDP: Preserving recently used remote address: [AF_INET]108.41.158.64:12973 Tue Sep 17 17:41:54 2019 us=669972 Socket Buffers: R=[163840->163840] S=[163840->163840] Tue Sep 17 17:41:54 2019 us=670010 UDP link local: (not bound) Tue Sep 17 17:41:54 2019 us=670045 UDP link remote: [AF_INET]108.41.158.64:12973 WRTue Sep 17 17:41:54 2019 us=679285 TLS: Initial packet from [AF_INET]108.41.158.64:12973, sid=07548efe 94e4d74c WTue Sep 17 17:41:54 2019 us=679462 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this WRWRTue Sep 17 17:41:54 2019 us=697115 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, name=changeme, [email protected] Tue Sep 17 17:41:54 2019 us=697884 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, name=changeme, [email protected] WRWWRRWRWTue Sep 17 17:41:54 2019 us=737605 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA Tue Sep 17 17:41:54 2019 us=737679 [netgear] Peer Connection Initiated with [AF_INET]108.41.158.64:12973 Tue Sep 17 17:41:55 2019 us=876013 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1) WRRTue Sep 17 17:41:55 2019 us=885734 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,redirect-gateway def1,ifconfig 192.168.2.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' Tue Sep 17 17:41:55 2019 us=885915 OPTIONS IMPORT: timers and/or timeouts modified Tue Sep 17 17:41:55 2019 us=885951 OPTIONS IMPORT: --ifconfig/up options modified Tue Sep 17 17:41:55 2019 us=885979 OPTIONS IMPORT: route options modified Tue Sep 17 17:41:55 2019 us=886007 OPTIONS IMPORT: route-related options modified Tue Sep 17 17:41:55 2019 us=886033 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Sep 17 17:41:55 2019 us=886059 OPTIONS IMPORT: peer-id set Tue Sep 17 17:41:55 2019 us=886087 OPTIONS IMPORT: adjusting link_mtu to 1625 Tue Sep 17 17:41:55 2019 us=886114 OPTIONS IMPORT: data channel crypto options modified Tue Sep 17 17:41:55 2019 us=886143 Data Channel: using negotiated cipher 'AES-256-GCM' Tue Sep 17 17:41:55 2019 us=886188 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ] Tue Sep 17 17:41:55 2019 us=886478 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Sep 17 17:41:55 2019 us=886521 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Sep 17 17:41:55 2019 us=887130 TUN/TAP device tun0 opened Tue Sep 17 17:41:55 2019 us=887180 TUN/TAP TX queue length set to 100 Tue Sep 17 17:41:55 2019 us=887223 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Tue Sep 17 17:41:55 2019 us=887279 /sbin/ifconfig tun0 192.168.2.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.2.255 Tue Sep 17 17:41:55 2019 us=895629 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpnup 5 tun0 1500 1553 192.168.2.2 255.255.255.0 init Tue Sep 17 17:41:55 2019 us=942734 Initialization Sequence Completed WrWrWRwrWrWRwRwRwRwRwRwRwrWrWrWrWrWrWrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrW Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted September 17, 2019 Administrators Share Posted September 17, 2019 Could you provide the config file you're using please so we can take a look? Link to comment Share on other sites More sharing options...
kingsmotorsport Posted September 18, 2019 Author Share Posted September 18, 2019 attached bolla-BK (VPN).ovpn Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted September 18, 2019 Administrators Share Posted September 18, 2019 Just re-read the topic, what purpose are you trying to achieve by linking the two routers together? I'm not sure if it will be possible if I'm honest. I've adapted your config file but removed the Netgear specific details so it may not work and if it doesn't I don't think there would be a way to do it. Also consider that router A would need to have an Open NAT in order to communicate effectively with router B. client dev tun proto udp remote bolla-bk.mynetgear.com 12973 resolv-retry infinite nobind persist-key persist-tun cipher AES-128-CBC comp-lzo verb 5 <ca> -----BEGIN CERTIFICATE----- MIIDqDCCAxGgAwIBAgIJAOz1OLU6kDwlMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYD VQQGEwJUVzELMAkGA1UECBMCVFcxDzANBgNVBAcTBlRhaXBlaTEQMA4GA1UEChMH bmV0Z2VhcjEQMA4GA1UECxMHbmV0Z2VhcjEQMA4GA1UEAxMHbmV0Z2VhcjERMA8G A1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAbmV0Z2Vhci5jb20w HhcNMTgwOTE5MTEyMzI2WhcNMzgwOTE0MTEyMzI2WjCBlTELMAkGA1UEBhMCVFcx CzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxEDAOBgNVBAoTB25ldGdlYXIx EDAOBgNVBAsTB25ldGdlYXIxEDAOBgNVBAMTB25ldGdlYXIxETAPBgNVBCkTCGNo YW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQG5ldGdlYXIuY29tMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDeD8n0LYdjhJqdzuNcnAAgLtHe6c5JmZrVGYMn oXBt9gzdJ+5okP72k4v+qS8B+DbCPYBn1yK7c12DcoRVq7P7meAafJ+RBOBD6mu/ STq04pJ2dwmaamUlIJmc6q0treqdUTveTt/g18AvWwbaiJqKgeIZQiFre6/ahew/ kSWrwwIDAQABo4H9MIH6MB0GA1UdDgQWBBTrUtUePK+rleknPSplZqbHUl68bTCB ygYDVR0jBIHCMIG/gBTrUtUePK+rleknPSplZqbHUl68baGBm6SBmDCBlTELMAkG A1UEBhMCVFcxCzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxEDAOBgNVBAoT B25ldGdlYXIxEDAOBgNVBAsTB25ldGdlYXIxEDAOBgNVBAMTB25ldGdlYXIxETAP BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQG5ldGdlYXIuY29t ggkA7PU4tTqQPCUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDR+CHO 0Tt4ORmyq9lnZGliRu2zW8IuxXHQs9hzpbbK3tzgrAO1YNvf97JDlxLu3LWAWijm Re72TgrEkFiB082UiwbKwqbk9czM5c+UIULiVtakfWETKZ9kb1nPmxXtFTXPQeHX DjtOUbbm2A8nZPsFovUSOSXaTaXxgbA1dMohzg== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIID8DCCA1mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCVFcx CzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxEDAOBgNVBAoTB25ldGdlYXIx EDAOBgNVBAsTB25ldGdlYXIxEDAOBgNVBAMTB25ldGdlYXIxETAPBgNVBCkTCGNo YW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQG5ldGdlYXIuY29tMB4XDTE4MDkx OTExMjMyN1oXDTM4MDkxNDExMjMyN1owgZUxCzAJBgNVBAYTAlRXMQswCQYDVQQI EwJUVzEPMA0GA1UEBxMGVGFpcGVpMRAwDgYDVQQKEwduZXRnZWFyMRAwDgYDVQQL EwduZXRnZWFyMRAwDgYDVQQDEwduZXRnZWFyMREwDwYDVQQpEwhjaGFuZ2VtZTEf MB0GCSqGSIb3DQEJARYQbWFpbEBuZXRnZWFyLmNvbTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAt9OGoroEVyHyguu/zdqa9o9LTmPFXJKJKDJ/fzxDyqYp/Cvf x3KEGCqpRweUgXjTOenWmzL/+0trWdzMTnOYGdbJqEtf1imwkRVdFCqLoMr9cNSB nm3VArmQLzY7JFQNJ66HTB2EpESu81A/8e3czxhKf5tDX+CZ2x5l6M+B6v8CAwEA AaOCAUwwggFIMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU4zUhVpPjfYgbv4WI+1bcPHdq n6YwgcoGA1UdIwSBwjCBv4AU61LVHjyvq5XpJz0qZWamx1JevG2hgZukgZgwgZUx CzAJBgNVBAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMRAwDgYD VQQKEwduZXRnZWFyMRAwDgYDVQQLEwduZXRnZWFyMRAwDgYDVQQDEwduZXRnZWFy MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBuZXRnZWFy LmNvbYIJAOz1OLU6kDwlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH gDANBgkqhkiG9w0BAQsFAAOBgQBA3LQNj5Havc0TId/1fkZ6zQk37EclLBW04sKd GPS6T05/8ETQ6h+0XUnMmN+PMSPxMc+78xnfwo16y6iSI986b5WOO+tZ1X2/v5f2 xl/lvBN8sZAi8WMOFJjNeRG58KCWYxpDQj0sS3JjsEpWEGzTTHnGjpOPjCTlLWDW vw0J5g== -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALfThqK6BFch8oLr v83amvaPS05jxVySiSgyf388Q8qmKfwr38dyhBgqqUcHlIF40znp1psy//tLa1nc zE5zmBnWyahLX9YpsJEVXRQqi6DK/XDUgZ5t1QK5kC82OyRUDSeuh0wdhKRErvNQ P/Ht3M8YSn+bQ1/gmdseZejPger/AgMBAAECgYEAsBtsc37j45m5HCXARfU02hrj WUEJ9arIzYK7VGimxYC03komA4w48nIEY/DmG7dmHKhiGaMdS2CwgpGeBVaGkjEk Etsj0Q9Atej2u2FgUi8epFrnUpwna1MC7/4zqqlZNqG9AAQZwqUJaYIl7sC5CZiM ZkTO/SzrdPAL2XvlQDECQQDtznFvg4IGaLCpR5Ak/98X3+6D03GdISB2tUwOLIQE W94Oa7QXSYPO6NwmTLCXut1yZk3VoZIjG1zHowdF0c3HAkEAxePa1ss08gOveF3d IxRt1XGURAiX8nnIbMk4S9Z3+TP9LJrAu5Y3lGxlxRkLhz/5BYsVXBqHER+MLwkz rqzZCQJBAI2EsprzPvjDaoaC0PRD1SbnG5EVzuH8ac5bG9S/hxz08tPQIo9NL4R9 rS2Zq+nPyaMf4KgGi+oaiX9AtL5HGdcCQD0XQo/c29N638jA8WvK+r1R+vuly4LH peAvnnmLFC6Spi4G+Ejw7uebLy/Rs4VlcnMLpORyLBBVNOmwZYwfQEECQHI/8AgA UBnsBHw1kDCO0/oh7KqlqC8wZ2x2J8GgUMe3gTLQA1tEtHzPkQrM2BOfBZfMh2Zm 95jtEWdKuq185eM= -----END PRIVATE KEY----- </key> Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now