What's new

asus rt-ac68u openvpn client fails to connect over UDP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

uniquethis

New Around Here
Hello,

I have asus rt-ac68u with asuswrt-merlin 380.57. OpenVpn server is enabled and works fine with TCP protocol and custom port number. DDNS is enabled (via jffs and 'custom' ddns server name option in GUI), client machine is located inside routers LAN (connected via WiFi). But, as soon as I change protocol to UDP (on server and in client config) vpn client fails to establish connection:
server logs
Code:
Jan  4 22:30:27 openvpn[1514]: 192.168.1.250:39950 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  4 22:30:27 openvpn[1514]: 192.168.1.250:39950 TLS Error: TLS handshake failed
Jan  4 22:30:27 openvpn[1514]: 192.168.1.250:39950 SIGUSR1[soft,tls-error] received, client-instance restarting

client logs:
Code:
Mon Jan  4 22:29:27 2016 UDPv4 link local: [undef]
Mon Jan  4 22:29:27 2016 UDPv4 link remote: [AF_INET]xxx.x.xx.xx:3145
Mon Jan  4 22:29:27 2016 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:3145[2], expected peer address: [AF_INET]xxx.x.xx.xx:3145 (allow this incoming source address/port by removing --remote or adding --float)
Mon Jan  4 22:29:29 2016 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:3145[2], expected peer address: [AF_INET]xxx.x.xx.xx:3145 (allow this incoming source address/port by removing --remote or adding --float)
Mon Jan  4 22:29:29 2016 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:3145[2], expected peer address: [AF_INET]xxx.x.xx.xx:3145 (allow this incoming source address/port by removing --remote or adding --float)

It looks like that outgoing connection reaches external IP (xxx.x.xx.xx:3145), but response comes from inside LAN... For TCP protocol (leaving all other parameters the same) everything works fine:

Code:
Mon Jan  4 22:52:44 2016 TCP connection established with [AF_INET]xxx.x.xx.xx:3145
Mon Jan  4 22:52:44 2016 TCPv4_CLIENT link local: [undef]
Mon Jan  4 22:52:44 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.xx.xx:3145
Mon Jan  4 22:52:44 2016 TLS: Initial packet from [AF_INET]xxx.x.xx.xx:3145, sid=...
Mon Jan  4 22:52:44 2016 VERIFY OK: ...


Adding float option to client config solves connection problem. Connecting from outside routers LAN (another network) via UDP also works ok.
But I'd like to know why it works out of the box for TCP but not UDP inside routers LAN?

P.S. I am new to networking and probably missing some simple detail or fact here (probably it works as expected in this scenario).
 
Last edited:
Same issue. I couldn't figure out why I couldn't test my setup until finding this.
 
Hi,

No problem with my VPN provider: I downloaded the UDP config files for routers (same as for Android phones) and it works on both like a charm! ;)

Can you go back to your VPN provider and ask for a specific router/Android UDP OpenVPN config file? :rolleyes:
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top