382.2 Beta3 VPN Client working?

[eastavin]

Hi. Is the VPN Client supposed to be working in 382.2 beta3? Was trying to set up a new client with Protonvpn but cant get it going. (I have not previously used this feature in any release so I don't have any idea on its status. I did try the TOR feature and it was working)

I have tried it with both UDP and TCP and they both fail from the RT-AC68U while the same servers accept connections from OPENVPN for Android.. so I know the servers are up. I have consulted with the providers helpdesk and they have offered adjustments but the results are the same. Here is a sample log. Always says the same thing for UDP. check your network connectivity?

Jan 23 11:14:49 rc_service: httpd 264:notify_rc start_vpnclient2
Jan 23 11:14:51 ovpn-client2[23748]: OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 17 2018
Jan 23 11:14:51 ovpn-client2[23748]: library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.08
Jan 23 11:14:51 ovpn-client2[23749]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 23 11:14:51 ovpn-client2[23749]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 23 11:14:51 ovpn-client2[23749]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 23 11:14:51 ovpn-client2[23749]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.92.59:1194
Jan 23 11:14:51 ovpn-client2[23749]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Jan 23 11:14:51 ovpn-client2[23749]: UDP link local: (not bound)
Jan 23 11:14:51 ovpn-client2[23749]: UDP link remote: [AF_INET]???.???.??.??:1194 (my ??? edit)
Jan 23 11:15:51 ovpn-client2[23749]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 11:15:51 ovpn-client2[23749]: TLS Error: TLS handshake failed
Jan 23 11:15:51 ovpn-client2[23749]: SIGUSR1[soft,tls-error] received, process restarting

I have some screen shots of my settings if that helps. Thank you to all and anyone that can point me in a better direction.

 

[skeal]

Hi. Is the VPN Client supposed to be working in 382.2 beta3? Was trying to set up a new client with Protonvpn but cant get it going. (I have not previously used this feature in any release so I don't have any idea on its status. I did try the TOR feature and it was working)

I have tried it with both UDP and TCP and they both fail from the RT-AC68U while the same servers accept connections from OPENVPN for Android.. so I know the servers are up. I have consulted with the providers helpdesk and they have offered adjustments but the results are the same. Here is a sample log. Always says the same thing for UDP. check your network connectivity?

Jan 23 11:14:49 rc_service: httpd 264:notify_rc start_vpnclient2
Jan 23 11:14:51 ovpn-client2[23748]: OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 17 2018
Jan 23 11:14:51 ovpn-client2[23748]: library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.08
Jan 23 11:14:51 ovpn-client2[23749]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 23 11:14:51 ovpn-client2[23749]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 23 11:14:51 ovpn-client2[23749]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 23 11:14:51 ovpn-client2[23749]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.92.59:1194
Jan 23 11:14:51 ovpn-client2[23749]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Jan 23 11:14:51 ovpn-client2[23749]: UDP link local: (not bound)
Jan 23 11:14:51 ovpn-client2[23749]: UDP link remote: [AF_INET]???.???.??.??:1194 (my ??? edit)
Jan 23 11:15:51 ovpn-client2[23749]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 11:15:51 ovpn-client2[23749]: TLS Error: TLS handshake failed
Jan 23 11:15:51 ovpn-client2[23749]: SIGUSR1[soft,tls-error] received, process restarting

I have some screen shots of my settings if that helps. Thank you to all and anyone that can point me in a better direction.

I run open vpn and some of the settings you have are a little tight. You are connecting to a vpn service right? They should give you a config file to import. Try using the default config imported and then work setting by setting until it breaks again.

 

[eastavin]

Thank you. Yes it is connecting to a VPN service (ProtonVPN). They have .ovpn files to import and I have done so. However the router Client wont turn on with the default ovpn settings, they only work with PC and smartphone Openvpn clients for some reason. So I have consulted with the help desk there that has sent mods to the settings that now enable the Client to turn on. What do you feel is a little tight?

 

[skeal]

Thank you. Yes it is connecting to a VPN service (ProtonVPN). They have .ovpn files to import and I have done so. However the router Client wont turn on with the default ovpn settings, they only work with PC and smartphone Openvpn clients for some reason. So I have consulted with the help desk there that has sent mods to the settings that now enable the Client to turn on. What do you feel is a little tight?

Just as an example your fallback cipher is quite high at 256 I would use 128. I would set the log verbosity for the short term a little higher so you can see what is failing. DNS set to strict is a bit of a problem as well. I would use disable unless you know what you are doing.

 

[skeal]

The commands at the bottom of page can be a problem as well.

 

[skeal]

By the way I use Torguard. They are excellent!

 

[skeal]

Just looking at your screen shots and that is not a basic configuration. IMHO

 

[skeal]

Just a heads up. If you are not paying for your VPN then you don't have any privacy.

 

[LostFreq]

Hi. Is the VPN Client supposed to be working in 382.2 beta3? Was trying to set up a new client with Protonvpn but cant get it going. (I have not previously used this feature in any release so I don't have any idea on its status.

Yes, I use the OpenVPN Client in 382.2_beta3 on my RT-AC86U to connect with ProtonVPN.

I have the following settings different in my configuration:

Username/Password Authentication = Yes
Auth digest = SHA512
Accept DNS Configuration = Exclusive
Negotiable ciphers = AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
TLS Renegotiation Time = 0
Custom Configuration =
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io

I also have Start with WAN = Yes and Redirect Internet traffic = Policy Rules but I think those should not matter.

To download the correct .ovpn file from their website, select DD-WRT router as platform.

Please note that you should enter your OpenVPN Username and Password, not the ProtonVPN Login details that you use for their web login.

 

[eastavin]

Just a heads up. If you are not paying for your VPN then you don't have any privacy.

Thank you for all your input. Your comment here... no privacy because of something in the settings you saw? or was it good advice because with a free service one needs to beware that you are the product?

In this case I do pay for the service as I found it to be in the case of PCs and smartphones of above average speed and reliability for my applications. I am glad to hear you find Torguard a reliable service. The same can be said for my experience with ProtonVPN.

Many thanks.

Edward

 

[eastavin]

Yes, I use the OpenVPN Client in 382.2_beta3 on my RT-AC86U to connect with ProtonVPN.

I have the following settings different in my configuration:.

Thank you for this. I will give it a go.

Edward

 

[skeal]

Thank you for all your input. Your comment here... no privacy because of something in the settings you saw? or was it good advice because with a free service one needs to beware that you are the product?

In this case I do pay for the service as I found it to be in the case of PCs and smartphones of above average speed and reliability for my applications. I am glad to hear you find Torguard a reliable service. The same can be said for my experience with ProtonVPN.

Many thanks.

Edward

As far as privacy your settings are fine. A free vpn service is for, however, collecting usage information and selling to third parties.

 

[KevTech]

Just a FYI the 382 release has been canceled so you may be better off to go back to 380 or try the 384 alpha.

Due to various issues with GPL 382_18991, the 382.2 release is being dropped, and work is moving on to the next version.

382.2 Beta 3 is the last release, made available for people still wanting to use it. Work has begun on 384.3.

 

[eastavin]

Yes, I use the OpenVPN Client in 382.2_beta3 on my RT-AC86U to connect with ProtonVPN.

I have the following settings different in my configuration:

Username/Password Authentication = Yes
Auth digest = SHA512
Accept DNS Configuration = Exclusive
Negotiable ciphers = AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
TLS Renegotiation Time = 0
Custom Configuration =
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io

I also have Start with WAN = Yes and Redirect Internet traffic = Policy Rules but I think those should not matter.

To download the correct .ovpn file from their website, select DD-WRT router as platform.

Please note that you should enter your OpenVPN Username and Password, not the ProtonVPN Login details that you use for their web login.

Thank you LostFreq this is the answer that works right away. Using the DD-WRT config file made the difference with your additional settings. It ran instantly.

Though I can break it two ways and I am not sure I understand why. Changing Redirect Internet traffic to ALL immediately gets a
Jan 23 16:26:34 ovpn-client4[32519]: AUTH: Received control message: AUTH_FAILED

So is this a BUG or is there some other setting needed to send ALL your internet traffic over the VPN? It works fine with policy or policy strict. Just that I have to pick each source IP one at a time. I can only get Redirect ALL to work with Accept DNS RELAXED setting.

AND also changing Accept DNS Configuration to STRICT (instead of Exclusive) immediately gets a
Jan 23 16:34:15 ovpn-client4[990]: AUTH: Received control message: AUTH_FAILED

Thanks for your help.

Edward