XR700 not connecting to any VPN Hybrid servers ( I have a paid subscription )

[Hunts]

If anyone could help me that would be greatly appreciated, these are the steps I've done just to see if I could fix.

reset router
changed firmware from the newest to one update back, and then forward again
tried multiple servers both UDP and TCP
tried connecting via the different config files
Checked subscription to HMA everything checks out.

I have a virgin media hub 4 on the 1Gig broadband
the hub 4 is in modem mode, and the XR700 is acting as the main router

i've never had any issues with VPN Hybrid in the past.

Just keeps telling me failed once trying to connect to any server.
 

[Hunts]

Sat Jan 28 15:26:56 2023 OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 12 2022
Sat Jan 28 15:26:56 2023 library versions: OpenSSL 1.0.2l-CVE-2022-0778 25 May 2017, LZO 2.06
Sat Jan 28 15:26:56 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Jan 28 15:26:56 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 28 15:26:56 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]77.234.43.175:553
Sat Jan 28 15:26:56 2023 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Jan 28 15:26:56 2023 UDP link local: (not bound)
Sat Jan 28 15:26:56 2023 UDP link remote: [AF_INET]77.234.43.175:553
Sat Jan 28 15:26:56 2023 TLS: Initial packet from [AF_INET]77.234.43.175:553, sid=951e8dc6 c0f59612
Sat Jan 28 15:26:56 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 28 15:26:56 2023 VERIFY OK: depth=1, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, [email protected]
Sat Jan 28 15:26:56 2023 VERIFY OK: nsCertType=SERVER
Sat Jan 28 15:26:56 2023 VERIFY OK: depth=0, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, [email protected]
Sat Jan 28 15:26:56 2023 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 28 15:26:56 2023 [server] Peer Connection Initiated with [AF_INET]77.234.43.175:553
Sat Jan 28 15:26:58 2023 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 28 15:26:58 2023 AUTH: Received control message: AUTH_FAILED
Sat Jan 28 15:26:58 2023 SIGTERM[soft,auth-failure] received, process exiting

[Netduma Fraser]

Just to clarify, are you using the Advanced Setup to connect? You're getting an auth failed entry there which indicates the username/password entered may be incorrect, double check that and also see if they give you different credentials to use when connecting instead of your user/pass that you use to access their site.

[Hunts]

I've used the same details to login to both the basic and advanced for the last year, no issues.

I just changed my HMA password 
and retried... still nothing

[Netduma Fraser]

Use the Advanced Setup, the config files we have are outdated, once you've done the Advanced Setup can you provide the log again please?

[Hunts]

I've just said i've used both the basic and the advanced setup.

The Log is identical everytime.. I know i'm not being stupid here, im using the only available login, that i've always used. i've reset password and retried.

nothing is working, there has to be a fault somewhere

Sat Jan 28 17:05:55 2023 OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 12 2022
Sat Jan 28 17:05:55 2023 library versions: OpenSSL 1.0.2l-CVE-2022-0778 25 May 2017, LZO 2.06
Sat Jan 28 17:05:55 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Jan 28 17:05:55 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 28 17:05:55 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]77.234.43.185:553
Sat Jan 28 17:05:55 2023 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Jan 28 17:05:55 2023 UDP link local: (not bound)
Sat Jan 28 17:05:55 2023 UDP link remote: [AF_INET]77.234.43.185:553
Sat Jan 28 17:05:55 2023 TLS: Initial packet from [AF_INET]77.234.43.185:553, sid=c69e44c6 eb689c32
Sat Jan 28 17:05:55 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 28 17:05:55 2023 VERIFY OK: depth=1, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, [email protected]
Sat Jan 28 17:05:55 2023 VERIFY OK: nsCertType=SERVER
Sat Jan 28 17:05:55 2023 VERIFY OK: depth=0, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, [email protected]
Sat Jan 28 17:05:55 2023 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 28 17:05:55 2023 [server] Peer Connection Initiated with [AF_INET]77.234.43.185:553
Sat Jan 28 17:05:57 2023 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 28 17:05:57 2023 AUTH: Received control message: AUTH_FAILED
Sat Jan 28 17:05:57 2023 SIGTERM[soft,auth-failure] received, process exiting

[Netduma Fraser]

Can you provide the config file you're using please?

[Hunts]

UK.UDP.ovpn

[Hunts]

Is there a way to completing factory reset the router? 
Obviously I have already done the reset button on the back but not sure if thats the same thing 

[Netduma Fraser]

I have adjusted the config, can you try this and see if it works please?

client
auth-user-pass
proto udp
remote gb.hma.rocks 553
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ns-cert-type server
verb 3
;mute 20
route-metric 1

comp-lzo yes
comp-noadapt

cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
MIIGVjCCBD6gAwIBAgIJAOmTY3hf1Bb6MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD
VQQGEwJVSzEPMA0GA1UECAwGTG9uZG9uMQ8wDQYDVQQHDAZMb25kb24xEzARBgNV
BAoMClByaXZheCBMdGQxFDASBgNVBAsMC0hNQSBQcm8gVlBOMRYwFAYDVQQDDA1o
aWRlbXlhc3MuY29tMR4wHAYJKoZIhvcNAQkBFg9pbmZvQHByaXZheC5jb20wHhcN
MTYwOTE0MDk0MTUyWhcNMjYwOTEyMDk0MTUyWjCBkjELMAkGA1UEBhMCVUsxDzAN
BgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRMwEQYDVQQKDApQcml2YXgg
THRkMRQwEgYDVQQLDAtITUEgUHJvIFZQTjEWMBQGA1UEAwwNaGlkZW15YXNzLmNv
bTEeMBwGCSqGSIb3DQEJARYPaW5mb0Bwcml2YXguY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAxWS4+bOnwzGsEZ2vyqfTg7OEJkdqlA+DmQB3UmeD
xX8K+87FTe/htIudr4hQ19q2gaHU4PjN1QsJtkH+VxU6V5p5eeWVVCGpHOhkcI4X
K0yodRGn6rhAPJYXI7pJHAronfmqfZz/XM+neTGHQ9VF9zW6Q1001mjT0YklFfpx
+CPFiGYsQjqZ+ia9RvaXz5Eu1cQ0EWy4do1l7obmvmTrlqN26z4unmh3HfEKRuwt
NeHsSyhdzFW20eT2GhvXniHItqWBDi93U55R84y2GNrQubm207UB6kqbJXPXYnlZ
ifvQCxa1hz3sr+vUbRi4wIpj/Da2MK7BLHAuUbClKqFs9OSAffWo/PuhkhFyF5Jh
OYXjOMI1PhiTjeSfBmNdC5dFOGT3rStvYxYlB8rwuuyp9DuvInQRuCC62/Lew9pI
TULaPUPTU7TeKuk4Hqqn2LtnFTU7CSMRAVgZMxTWuC7PT+9sy+jM3nSqo+QaiVtM
xbaWXmZD9UlLEMmM9IkMdHV08DXQonjIi4RnqHWLYRY6pDjJ2E4jleXlS2laIBKl
mKIuyxZ/B5IyV2dLKrNAs7j9EC7J82giBBCHbZiHQjZ2CqIi+afHKjniFHhuJSVU
e7DY+S/B/ePac7Xha8a5K2LmJ+jpPjvBjJd+2Tp2Eyt8wVn/6iSqKePDny5AZhbY
+YkCAwEAAaOBrDCBqTAdBgNVHQ4EFgQU4MZR0iTa8SoTWOJeoOmtynuk8/cwHwYD
VR0jBBgwFoAU4MZR0iTa8SoTWOJeoOmtynuk8/cwDwYDVR0TAQH/BAUwAwEB/zAL
BgNVHQ8EBAMCAaYwEQYJYIZIAYb4QgEBBAQDAgEWMBoGA1UdEQQTMBGBD2luZm9A
cHJpdmF4LmNvbTAaBgNVHRIEEzARgQ9pbmZvQHByaXZheC5jb20wDQYJKoZIhvcN
AQELBQADggIBAG+QvRLNs41wHXeM7wq6tqSZl6UFStGc6gIzzVUkysVHwvAqqxj/
8UncqEwFTxV3KiD/+wLMHZFkLwQgSAHwaTmBKGrK4I6DoUtK+52RwfyU3XA0s5dj
6rKbZKPNdD0jusOTYgbXOCUa6JI2gmpyjk7lq3D66dATs11uP7S2uwjuO3ER5Czt
m12RcsrAxjndH2igTgZVu4QQwnNZ39Raq6v5IayKxF0tP1wPxz/JafhIjdNxq6Re
P4jsI5y0rJBuXuw+gWC8ePTP4rxWp908kI7vwmmVq9/iisGZelN6G5uEB2d3EiJB
B0A3t9LCFT9fKznlp/38To4x1lQhfNbln8zC4qav/8fBfKu5MkuVcdV4ZmHq0bT7
sfzsgHs00JaYOCadBslNu1xVtgooy+ARiGfnzVL9bArLhlVn476JfU22H57M0IaU
F5iUTJOWKMSYHNMBWL/m+rgD4In1nEb8DITBW7c1JtC8Iql0UPq1PlxhqMyvXfW9
4njqcF4wQi6PsnJI9X7oHDy+pevRrCR+3R5xWB8C9jr8J80TmsRJRv8chDUOHH4H
YjhF7ldJRDmvY+DK6e4jgBOIaqS5i2/PybVYWjBb7VuKDFkLQSqA5g/jELd6hpUL
yUgzpAgr7q3iJghthPkS4oxw9NtNvnbQweKIF37HIHiuJRsTRO4jhlX4
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIGMjCCBBqgAwIBAgICAQIwDQYJKoZIhvcNAQELBQAwgZIxCzAJBgNVBAYTAlVL
MQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjETMBEGA1UECgwKUHJp
dmF4IEx0ZDEUMBIGA1UECwwLSE1BIFBybyBWUE4xFjAUBgNVBAMMDWhpZGVteWFz
cy5jb20xHjAcBgkqhkiG9w0BCQEWD2luZm9AcHJpdmF4LmNvbTAeFw0xNjEwMTgx
NDE4MThaFw0yNjEwMTUxNDE4MThaMIGNMQswCQYDVQQGEwJVSzEPMA0GA1UECAwG
TG9uZG9uMQ8wDQYDVQQHDAZMb25kb24xEzARBgNVBAoMClByaXZheCBMdGQxFDAS
BgNVBAsMC0hNQSBQcm8gVlBOMREwDwYDVQQDDAhobWF1c2VyMjEeMBwGCSqGSIb3
DQEJARYPaW5mb0Bwcml2YXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA5XY3ERJYWs/YIeBoybivNlu+M32rJs+CAZsh7BnnetTxytI4ngsMRoqX
ETuis8udp2hsqEHsglLR9tlk9C8yCuKhxbkpdrXFWdISmUq5sa7/wqg/zJF1AZm5
Jy0oHNyTHfG6XW61I/h9IN5dmcR9YLir8DVDBNllbtt0z+DnvOhYJOqC30ENahWk
TmNKl1cT7EBrR5slddiBJleAb08z77pwsD310e6jWTBySsBcPy+xu/Jj2QgVil/3
mstZZDI+noFzs3SkTFBkha/lNTP7NODBQ6m39iaJxz6ZR1xE3v7XU0H5WnpZIcQ2
+kmu5Krk2y1GYMKL+9oaotXFPz9v+QIDAQABo4IBkzCCAY8wCQYDVR0TBAIwADAR
BglghkgBhvhCAQEEBAMCB4AwCwYDVR0PBAQDAgeAMCwGCWCGSAGG+EIBDQQfFh1P
cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU2LKFPHjFUzLf
sHIMWi0VukhBgTEwgccGA1UdIwSBvzCBvIAU4MZR0iTa8SoTWOJeoOmtynuk8/eh
gZikgZUwgZIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcM
BkxvbmRvbjETMBEGA1UECgwKUHJpdmF4IEx0ZDEUMBIGA1UECwwLSE1BIFBybyBW
UE4xFjAUBgNVBAMMDWhpZGVteWFzcy5jb20xHjAcBgkqhkiG9w0BCQEWD2luZm9A
cHJpdmF4LmNvbYIJAOmTY3hf1Bb6MBoGA1UdEQQTMBGBD2luZm9AcHJpdmF4LmNv
bTAaBgNVHRIEEzARgQ9pbmZvQHByaXZheC5jb20wEwYDVR0lBAwwCgYIKwYBBQUH
AwIwDQYJKoZIhvcNAQELBQADggIBAKeGVnbL3yu2fh1T0ATbgyHx9rnFGRW1o/xf
F5ssfRInlopsGDejrk9goyJErVxuzSzLp8AhxSOrVZJp6Tlpssj3B4FbGB0BIH+L
crID9pb+r2LqrTeYfMwYo6zRLNQ5NmMyxQCf6XrdxihUTiZBV31LKlWNkhOLMlHr
2eXwAEXjqYMXjYwN+WE8I7SlUm5WCwj7PTiF7BpdDP5Ut4y5Dj8A2m1zXt36rr5h
xvbgo2JAeFwVEG4ch67PI+uM0G2GilxnjuK2wKgjBKFMAUfLs7tigzSgx8PEfYCc
+bgWpPyfG5hYM9n94zd2VTDN4sam12Bxvhw8zn20L6eT+Skfa8BN7eesrV5opABt
/IImZ4Q1HShKKc5EiBN8CKGDydojkNrXuFfsyv7S9VHch0e5cS+Annhr4ARaH0O5
fPOD5PBVajdbV6/Rf7NzB5b/raJcUK5BD6KWWRCsmaNYzaabJjUpCmigrOMmkdAx
eKCY/oEFpU3+7VeKfNyxBTIiGFt5RjNqTQXmMVjiRN97VN7fqAaFTQB2OF7E3hrt
qU9jXkeN8Tvu/FF0LNyt87orewecC0Ujz7Hto9fchPH0roP+DVzoAEP8axD9RV5p
M/kgubu3hMD6lLsbx4GOD11GQplvuygURxAYsyjbgFydbk1ZIpeE2OeGXXrfuQWF
bNtjLJTu
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5XY3ERJYWs/YIeBoybivNlu+M32rJs+CAZsh7BnnetTxytI4
ngsMRoqXETuis8udp2hsqEHsglLR9tlk9C8yCuKhxbkpdrXFWdISmUq5sa7/wqg/
zJF1AZm5Jy0oHNyTHfG6XW61I/h9IN5dmcR9YLir8DVDBNllbtt0z+DnvOhYJOqC
30ENahWkTmNKl1cT7EBrR5slddiBJleAb08z77pwsD310e6jWTBySsBcPy+xu/Jj
2QgVil/3mstZZDI+noFzs3SkTFBkha/lNTP7NODBQ6m39iaJxz6ZR1xE3v7XU0H5
WnpZIcQ2+kmu5Krk2y1GYMKL+9oaotXFPz9v+QIDAQABAoIBAQCcMcssOMOiFWc3
MC3EWo4SP4MKQ9n0Uj5Z34LI151FdJyehlj54+VYQ1Cv71tCbjED2sZUBoP69mts
T/EzcsjqtfiOwgrifrs2+BOm+0HKHKiGlcbP9peiHkT10PxEITWXpYtJvGlbcfOj
Ixqt6B28cBjCK09ShrVQL9ylAKBearRRUacszppntMNTMtN/uG48ZR9Wm+xAczIm
dG6CrG5sLI/++JwM5PDChLvn5JgMGyOfQZdjNe1oSOVLmqFeG5uu/FS4oMon9+Ht
fjHJr4ZgA1yQ2wQh3GvEjlP8zwHxEpRJYbxpj6ZbjHZJ2HLX/Gcd9/cXiN8+fQ2z
PIYQyG9dAoGBAPUUmt2nJNvl7gj0GbZZ3XR9o+hvj7bJ74W2NhMrw6kjrrzHTAUQ
d1sBQS8szAQCLqf2ou1aw9AMMBdsLAHydXxvbH7IBAla7rKr23iethtSfjhTNSgQ
LJHVZlNHfp3hzNtCQZ7j0qVjrteNotrdVF7kKPHDXAK00ICy6SPNjvrXAoGBAO+v
dnO15jLeZbbi3lQNS4r8oCadyqyX7ouKE6MtKNhiPsNPGqHKiGcKs/+QylVgYvSm
m7TgpsCAiEYeLSPT+Yq3y7HtwVpULlpfAhEJXmvn/6hGpOizx1WNGWhw7nHPWPDz
f+jqCGzHdhK0aEZR3MZZQ+U+uKfGiJ8vrvgB7eGvAoGAWxxp5nU48rcsIw/8bxpB
hgkfYk33M5EnBqKSv9XJS5wEXhIJZOiWNrLktNEGl4boKXE7aNoRacreJhcE1UR6
AOS7hPZ+6atwiePyF4mJUeb9HZtxa493wk9/Vv6BR9il++1Jz/QKX4oLef8hyBP4
Rb60qgxirG7kBLR+j9zfhskCgYEAzA5y5xIeuIIU0H4XUDG9dcebxSSjbwsuYIge
Ldb9pjMGQhsvjjyyoh8/nT20tLkJpkXN3FFCRjNnUWLRhWYrVkkh1wqWiYOPrwqh
5MU4KN/sDWSPcznTY+drkTpMFoKzsvdrl2zf3VR3FneXKv742bkXj601Ykko+XWM
HcLutisCgYBSq8IrsjzfaTQiTGI9a7WWsvzK92bq7Abnfq7swAXWcJd/bnjTQKLr
rvt2bmwNvlWKAb3c69BFMn0X4t4PuN0iJQ39D6aQAEaM7HwWAmjf5TbodbmgbGxd
sUB4xcCIQQ1mvTkigXWrCg0YAD2GZSoaslXAAVv6nR5qWEIa0Hx9GA==
-----END RSA PRIVATE KEY-----
</key>

Holding the reset in the back of the router for 30 seconds will reset it, otherwise you can use the factory reset option by clicking the 3 dots top right of the interface.

[Hunts]

None of this worked. 

[Netduma Fraser]

1 hour ago, Hunts said:

None of this worked. 

Does it provide the same log entries or has that changed?

[Hunts]

1 minute ago, Netduma Fraser said:

Does it provide the same log entries or has that changed?

Sat Jan 28 20:17:07 2023 OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 12 2022
Sat Jan 28 20:17:07 2023 library versions: OpenSSL 1.0.2l-CVE-2022-0778 25 May 2017, LZO 2.06
Sat Jan 28 20:17:07 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Jan 28 20:17:07 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 28 20:17:07 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]5.62.43.218:553
Sat Jan 28 20:17:07 2023 Socket Buffers: R=[163840->163840] S=[163840->163840] Sat Jan 28 20:17:07 2023 UDP link local: (not bound)
Sat Jan 28 20:17:07 2023 UDP link remote: [AF_INET]5.62.43.218:553
Sat Jan 28 20:17:07 2023 TLS: Initial packet from [AF_INET]5.62.43.218:553, sid=3cd4f7c6 803efbd2
Sat Jan 28 20:17:07 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 28 20:17:07 2023 VERIFY OK: depth=1, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, [email protected]
Sat Jan 28 20:17:07 2023 VERIFY OK: nsCertType=SERVER
Sat Jan 28 20:17:07 2023 VERIFY OK: depth=0, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, [email protected]
Sat Jan 28 20:17:08 2023 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 28 20:17:08 2023 [server] Peer Connection Initiated with [AF_INET]5.62.43.218:553
Sat Jan 28 20:17:09 2023 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 28 20:17:09 2023 AUTH: Received control message: AUTH_FAILED
Sat Jan 28 20:17:09 2023 SIGTERM[soft,auth-failure] received, process exiting

[Netduma Fraser]

There are limited reasons you could be getting this error:

1. Username / password is incorrect, either typed incorrectly or incorrect credentials used
2. HMA are limiting the amount of active connections, in which case trying again at a later time or trying another server may work
3. The whole config or the certificate in the config is out of date, in which case contacting HMA for the config files should give you the latest files and then work (they have removed direct links to their config files so if you're using files you got from there before that could be it)
4. An issue with the server you're trying to connect to, in which case trying another server should work

[Hunts]

Still not resolved

[Netduma Fraser]

It was non of the reasons above then? If not, we do have a new firmware coming out soon so it would be worth seeing if it works on that when available.

[robert27841]

On 4/18/2023 at 12:56 PM, Netduma Fraser said:

It was non of the reasons above then? If not, we do have a new firmware coming out soon so it would be worth seeing if it works on that when available.