[ 388.2 alpha Build(s) ] Testing available build(s)

[Zastoff]

I had problems with the last release.
It turned out that all the certificates has been regenerated again.
Put the old ones in and it connected again.

Will check later if I can solve it like you did.
But it is weird that the router do not even display/register a connection attempt.

 

[octopus]

I did. Also tried to reconfigure OpenVPN from default. Didn't solve connection issue.

Seems your problem is on client side. Your server seems running.

 

[bar1]

Seems your problem is on client side. Your server seems running.

Server seems running. Now I've tried with 2 other clients, Apple MBA and Lenovo Windows11 laptop. No connection.

 

[RMerlin]

Server seems running. Now I've tried with 2 other clients, Apple MBA and Lenovo Windows11 laptop. No connection.

Look at your client's log, it will tell you what's failing.

 

[bar1]

Look at your client's log, it will tell you what's failing.

Clients on my wifi-network does connect but there is "no connection/data transfer". Clients on other networks doesn't connect at all.

Log from windows11 laptop.

[Feb 26, 2023, 18:21:30] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Feb  7 2023 16:08:10
[Feb 26, 2023, 18:21:30] Frame=512/2048/512 mssfix-ctrl=1250
[Feb 26, 2023, 18:21:30] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
7 [ncp-ciphers] [AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY130...]
[Feb 26, 2023, 18:21:30] EVENT: RESOLVE [Feb 26, 2023, 18:21:30] Contacting 193.zz.yy.xx:1194 via UDP
[Feb 26, 2023, 18:21:30] EVENT: WAIT [Feb 26, 2023, 18:21:30] WinCommandAgent: transmitting bypass route to 193.zz.yy.xx
{
    "host" : "193.zz.yy.xx",
    "ipv6" : false
}

[Feb 26, 2023, 18:21:30] Connecting to [server_name.asuscomm.com]:1194 (193.zz.yy.xx) via UDPv4
[Feb 26, 2023, 18:21:30] EVENT: CONNECTING [Feb 26, 2023, 18:21:30] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
[Feb 26, 2023, 18:21:30] Creds: Username/Password
[Feb 26, 2023, 18:21:30] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.7-2979
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

[Feb 26, 2023, 18:21:30] SSL Handshake: peer certificate: CN=RT-AX88U, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD

[Feb 26, 2023, 18:21:30] Session is ACTIVE
[Feb 26, 2023, 18:21:30] EVENT: GET_CONFIG [Feb 26, 2023, 18:21:30] Sending PUSH_REQUEST to server...
[Feb 26, 2023, 18:21:30] OPTIONS:
0 [redirect-gateway] [def1]
1 [route-gateway] [10.8.0.1]
2 [topology] [subnet]
3 [ping] [15]
4 [ping-restart] [60]
5 [ifconfig] [10.8.0.2] [255.255.255.0]
6 [peer-id] [0]
7 [cipher] [AES-256-GCM]
8 [key-derivation] [tls-ekm]

[Feb 26, 2023, 18:21:30] PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  key-derivation: TLS Keying Material Exporter [RFC5705]
  compress: NONE
  peer ID: 0
[Feb 26, 2023, 18:21:30] EVENT: ASSIGN_IP [Feb 26, 2023, 18:21:30] CAPTURED OPTIONS:
Session Name: server_name.asuscomm.com
Layer: OSI_LAYER_3
Remote Address: 193.zz.yy.xx
Tunnel Addresses:
  10.8.0.2/24 -> 10.8.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
Search Domains:

[Feb 26, 2023, 18:21:31] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
    "allow_local_dns_resolvers" : false,
    "confirm_event" : "1414000000000000",
    "destroy_event" : "6010000000000000",
    "tun" :
    {
        "adapter_domain_suffix" : "",
        "block_ipv6" : false,
        "layer" : 3,
        "mtu" : 0,
        "remote_address" :
        {
            "address" : "193.zz.yy.xx",
            "ipv6" : false
        },
        "reroute_gw" :
        {
            "flags" : 275,
            "ipv4" : true,
            "ipv6" : false
        },
        "route_metric_default" : -1,
        "session_name" : "server_name.asuscomm.com",
        "tunnel_address_index_ipv4" : 0,
        "tunnel_address_index_ipv6" : -1,
        "tunnel_addresses" :
        [
            {
                "address" : "10.8.0.2",
                "gateway" : "10.8.0.1",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            }
        ]
    },
    "wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{4854EF9B-61E1-44D6-A978-ED10E2062AF4}' index=51 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{4854EF9B-61E1-44D6-A978-ED10E2062AF4}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=51
netsh interface ip set interface 51 metric=1
Ok.
netsh interface ip set address 51 static 10.8.0.2 255.255.255.0 gateway=10.8.0.1 store=active
netsh interface ip add route 193.zz.yy.xx/32 9 192.168.50.1 store=active
The object already exists.
netsh interface ip add route 0.0.0.0/1 51 10.8.0.1 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 51 10.8.0.1 store=active
Ok.
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 6c09000000000000
[Feb 26, 2023, 18:21:31] Connected via TUN_WIN
[Feb 26, 2023, 18:21:31] EVENT: CONNECTED client_10@server_name.asuscomm.com:1194 (193.zz.yy.xx) via /UDPv4 on TUN_WIN/10.8.0.2/ gw=[10.8.0.1/][Feb 26, 2023, 18:23:43] SetupClient: signaling tun destroy event
[Feb 26, 2023, 18:23:43] EVENT: DISCONNECTED

 

[octopus]

Clients on my wifi-network does connect but there is "no connection/data transfer". Clients on other networks doesn't connect at all.

Log from windows11 laptop.

[Feb 26, 2023, 18:21:30] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Feb  7 2023 16:08:10
[Feb 26, 2023, 18:21:30] Frame=512/2048/512 mssfix-ctrl=1250
[Feb 26, 2023, 18:21:30] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
7 [ncp-ciphers] [AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY130...]
[Feb 26, 2023, 18:21:30] EVENT: RESOLVE [Feb 26, 2023, 18:21:30] Contacting 193.zz.yy.xx:1194 via UDP
[Feb 26, 2023, 18:21:30] EVENT: WAIT [Feb 26, 2023, 18:21:30] WinCommandAgent: transmitting bypass route to 193.zz.yy.xx
{
    "host" : "193.zz.yy.xx",
    "ipv6" : false
}

[Feb 26, 2023, 18:21:30] Connecting to [server_name.asuscomm.com]:1194 (193.zz.yy.xx) via UDPv4
[Feb 26, 2023, 18:21:30] EVENT: CONNECTING [Feb 26, 2023, 18:21:30] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
[Feb 26, 2023, 18:21:30] Creds: Username/Password
[Feb 26, 2023, 18:21:30] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.7-2979
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

[Feb 26, 2023, 18:21:30] SSL Handshake: peer certificate: CN=RT-AX88U, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD

[Feb 26, 2023, 18:21:30] Session is ACTIVE
[Feb 26, 2023, 18:21:30] EVENT: GET_CONFIG [Feb 26, 2023, 18:21:30] Sending PUSH_REQUEST to server...
[Feb 26, 2023, 18:21:30] OPTIONS:
0 [redirect-gateway] [def1]
1 [route-gateway] [10.8.0.1]
2 [topology] [subnet]
3 [ping] [15]
4 [ping-restart] [60]
5 [ifconfig] [10.8.0.2] [255.255.255.0]
6 [peer-id] [0]
7 [cipher] [AES-256-GCM]
8 [key-derivation] [tls-ekm]

[Feb 26, 2023, 18:21:30] PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  key-derivation: TLS Keying Material Exporter [RFC5705]
  compress: NONE
  peer ID: 0
[Feb 26, 2023, 18:21:30] EVENT: ASSIGN_IP [Feb 26, 2023, 18:21:30] CAPTURED OPTIONS:
Session Name: server_name.asuscomm.com
Layer: OSI_LAYER_3
Remote Address: 193.zz.yy.xx
Tunnel Addresses:
  10.8.0.2/24 -> 10.8.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
Search Domains:

[Feb 26, 2023, 18:21:31] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
    "allow_local_dns_resolvers" : false,
    "confirm_event" : "1414000000000000",
    "destroy_event" : "6010000000000000",
    "tun" :
    {
        "adapter_domain_suffix" : "",
        "block_ipv6" : false,
        "layer" : 3,
        "mtu" : 0,
        "remote_address" :
        {
            "address" : "193.zz.yy.xx",
            "ipv6" : false
        },
        "reroute_gw" :
        {
            "flags" : 275,
            "ipv4" : true,
            "ipv6" : false
        },
        "route_metric_default" : -1,
        "session_name" : "server_name.asuscomm.com",
        "tunnel_address_index_ipv4" : 0,
        "tunnel_address_index_ipv6" : -1,
        "tunnel_addresses" :
        [
            {
                "address" : "10.8.0.2",
                "gateway" : "10.8.0.1",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            }
        ]
    },
    "wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{4854EF9B-61E1-44D6-A978-ED10E2062AF4}' index=51 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{4854EF9B-61E1-44D6-A978-ED10E2062AF4}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=51
netsh interface ip set interface 51 metric=1
Ok.
netsh interface ip set address 51 static 10.8.0.2 255.255.255.0 gateway=10.8.0.1 store=active
netsh interface ip add route 193.zz.yy.xx/32 9 192.168.50.1 store=active
The object already exists.
netsh interface ip add route 0.0.0.0/1 51 10.8.0.1 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 51 10.8.0.1 store=active
Ok.
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 6c09000000000000
[Feb 26, 2023, 18:21:31] Connected via TUN_WIN
[Feb 26, 2023, 18:21:31] EVENT: CONNECTED client_10@server_name.asuscomm.com:1194 (193.zz.yy.xx) via /UDPv4 on TUN_WIN/10.8.0.2/ gw=[10.8.0.1/][Feb 26, 2023, 18:23:43] SetupClient: signaling tun destroy event
[Feb 26, 2023, 18:23:43] EVENT: DISCONNECTED

If I remember right is cipher BF-CBC deprecated
EVENT: CONNECTING [Feb 26, 2023, 18:21:30] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

 

[bar1]

If I remember right is cipher BF-CBC deprecated
EVENT: CONNECTING [Feb 26, 2023, 18:21:30] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

I'm using the default Data ciphers in OpenVPN server setup:
AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
No BF-CBC ...

 

[octopus]

I'm using the default Data ciphers in OpenVPN server setup:
AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
No BF-CBC ...

OK I can see it now you use cipher AES-256-GCM
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,key-derivation tls-ekm' (status=1)

 

[Zastoff]

I had problems with the last release.
It turned out that all the certificates has been regenerated again.
Put the old ones in and it connected again.

Checked the server cert and key and it had indeed changed after update to alpha2
I restored the old cert and key and restarted the vpn server, But still no go here..
As written before i do not even see a connection attempt in the router

Any ideas?

edit:
Tested another Android openvpn client now also (OpenVPN Connect)
Same thing and i get no clues for errors in that log either and nothing in router syslog or vpn status page.

 

[dmtg]

OK I can see it now you use cipher AES-256-GCM
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,key-derivation tls-ekm' (status=1)

@RMerlin
this is a problem with the permission in firewall table. if disabled firewall open vpn work

 

[Zastoff]

@RMerlin
this is a problem with the permission in firewall table. if disabled firewall open vpn work

Tested to disable firewall and now i see connection attempts in syslog but get:

Feb 26 20:55:12 RT-AX88U ovpn-server1[264035]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=9,code=111)

 

[dmtg]

Tested to disable firewall and now i see connection attempts in syslog but get:

Feb 26 20:55:12 RT-AX88U ovpn-server1[264035]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=9,code=111)

disabled the Advertise DNS to clients

 

[paul0363]

Tested to disable firewall and now i see connection attempts in syslog but get:

Feb 26 20:55:12 RT-AX88U ovpn-server1[264035]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=9,code=111)

Disabled the firewall and clients now connect as normal. Re-eanbled firewall and clients don't connect. Definitely looks like a firewall issue.
I did redownload the config files before I tried this and re-setup the clients.

 

[dmtg]

if enabled Advertise DNS to clients in open server options, cannot open website

 

[Damit1]

AX88U *2 and AX56U, smoorh upgrade from 388.1 to 388.2 alpha 2.
Ran it for 5 minutes and rebooted the whole system.

Seems new WiFi drivers have imoroved a bit the signal for 5Ghz.

So far, so good.
Did not see the release was on Saturday, was out protesting
Glad I entered today here
Thank you

 

[robinjoo1]

any ETA on the alpha 2 version for rt-ax86u?

 

[octopus]

any ETA on the alpha 2 version for rt-ax86u?

No

 

[bar1]

@RMerlin
this is a problem with the permission in firewall table. if disabled firewall open vpn work

With firewall disabled, clients on other networks connects, but still no datatransfer.
"Advertise DNS to clients" enabled/disabled didn't make a difference.

 

[Zastoff]

Reverted to 388.1 for now.
Open VPN servers working again.

 

[RMerlin]

Firewall configuration is currently broken when setting up an OVPN server (proto is truncated when checking for udp or tcp).