Feb 19 01:49:24 openvpn[2839]: 184.151.179.221 TLS: Initial packet from [AF_INET6]::ffff:184.151.179.221:17114, sid=e4e5f4c5 30dbe4e0
Feb 19 01:49:24 openvpn[2839]: 184.151.179.221 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
Feb 19 01:49:24 openvpn[2839]: 184.151.179.221 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_VER=3.2
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_PLAT=ios
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_NCP=2
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_TCPNL=1
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_PROTO=2
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_LZO_STUB=1
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_COMP_STUB=1
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_COMP_STUBv2=1
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 peer info: IV_AUTO_SESS=1
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Feb 19 01:49:25 openvpn[2839]: 184.151.179.221 [client] Peer Connection Initiated with [AF_INET6]::ffff:184.151.179.221:17114
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 MULTI: Learn: 10.8.0.2 -> client/184.151.179.221
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 MULTI: primary virtual IP for client/184.151.179.221: 10.8.0.2
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 PUSH: Received control message: 'PUSH_REQUEST'
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.0.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 Data Channel: using negotiated cipher 'AES-128-GCM'
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Feb 19 01:49:25 openvpn[2839]: client/184.151.179.221 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
2019-02-19 00:49:24 1
2019-02-19 00:49:24 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2019-02-19 00:49:24 Frame=512/2048/512 mssfix-ctrl=1250
2019-02-19 00:49:24 UNUSED OPTIONS
5 [ncp-ciphers] [AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC]
13 [resolv-retry] [infinite]
14 [nobind]
2019-02-19 00:49:24 EVENT: RESOLVE
2019-02-19 00:49:24 Contacting [64.231.207.9]:1194/UDP via UDP
2019-02-19 00:49:24 EVENT: WAIT
2019-02-19 00:49:24 Connecting to [DOMAIN]:1194 (64.231.207.9) via UDPv4
2019-02-19 00:49:24 EVENT: CONNECTING
2019-02-19 00:49:24 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2019-02-19 00:49:24 Creds: UsernameEmpty/PasswordEmpty
2019-02-19 00:49:24 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-02-19 00:49:25 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
subject name : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
issued on : 2019-02-12 04:42:43
expires on : 2029-02-09 04:42:43
signed using : RSA with SHA-256
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-02-19 00:49:25 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-02-19 00:49:25 Session is ACTIVE
2019-02-19 00:49:25 EVENT: GET_CONFIG
2019-02-19 00:49:25 Sending PUSH_REQUEST to server...
2019-02-19 00:49:25 OPTIONS:
0 [route] [192.168.0.0] [255.255.255.0] [vpn_gateway] [500]
1 [dhcp-option] [DNS] [192.168.0.1]
2 [redirect-gateway] [def1]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [15]
6 [ping-restart] [60]
7 [ifconfig] [10.8.0.2] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-128-GCM]
2019-02-19 00:49:25 PROTOCOL OPTIONS:
cipher: AES-128-GCM
digest: SHA1
compress: COMP_STUB
peer ID: 0
2019-02-19 00:49:25 EVENT: ASSIGN_IP
2019-02-19 00:49:25 NIP: preparing TUN network settings
2019-02-19 00:49:25 NIP: init TUN network settings with endpoint: 64.231.207.9
2019-02-19 00:49:25 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2019-02-19 00:49:25 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-02-19 00:49:25 NIP: adding (included) IPv4 route 192.168.0.0/24
2019-02-19 00:49:25 NIP: redirecting all IPv4 traffic to TUN interface
2019-02-19 00:49:25 NIP: adding DNS 192.168.0.1
2019-02-19 00:49:25 Connected via NetworkExtensionTUN
2019-02-19 00:49:25 LZO-ASYM init swap=0 asym=1
2019-02-19 00:49:25 Comp-stub init swap=1
2019-02-19 00:49:25 EVENT: CONNECTED DOMAIN:1194 (64.231.207.9) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
One other thing, just to double check: when you try to access eg 192.168.0.200, I assume you are entering that and not the local hostname in the address bar on your browser.
Yes I was putting in the ip in the browser.
But regardless right now I cannot access SSH, HTTP or any services in the LAN
I cannot browse the internet
I can ping all local IPs
Hope I'm posting in the correct area.
I am currently overseas (Asia - Philippines) and was looking to use an Apple TV. Geo-blocking caused me to look for a router and VPN solution. I decided on the ASUS since it was highly recommended by NORD VPN. However I went with their latest Blue Cave. Features all seem pretty good and comparible to the 87 and 88Us however the signal strength isn't quite as strong. But it did have Amazon Echo and IFTTT support built in which was the final determining factor.
My issue is the OpenVPN - Since I'm trying to use a VPN from the US (8000 miles away) I see a huge loss in speed. My Modem is Uploading and Downloading at 25Mbps, while the ASUS Blue Cave via VPN is only yielding 3-5Mbps. Thats a pretty substantial loss considering my goal was to stream video.
Any ideas on where I could improve?
Also - I have the Blue Cave direct (via LAN) to the Apple TV. Can I use OpenVPN to the LAN connection ONLY leaving the router to broadcast (Non VPN) at higher speeds for use in the home??
-- Dave
Hi DaveThanks Martin - I couldn't figure out how to create a post - thought maybe it was a limited feature on a new account.
Using an ASUS Blue Cave - not running Merlin although I have looked it up a bit. Not familiar, and nt opposed to trying it, but once I leave here my wife will be stuck if it goes down. I can't really walk her through too many settings over the phone
-- Dave
Actually we've made progress! By turning on "direct clients", regular internet traffic broke as well! So nothing works now!
Don't. Duplicate post are against forum rules. Your question is off-topic for this thread. Please keep your discussion to you own thread so as to not hijack this one. Thanks for your understanding.[/QUOTE
Apologies - Deleted
You said “You have to mess with iptables and directives and all kind of crap. ”. Can you disable/undo, temporarily if you like, anything you’ve done in that respect? The fact that you can ping the LAN devices but not reach them by other services is significant - DNS or firewall issue?
OpenVPN is now almost always a works-first-time setup with no specialist knowledge required. In fact, there ought to be a warning in big red letters on the OpenVPN page: Specialist knowledge can be harmful.
So changing “Direct clients to redirect internet traffic” to yes had the very opposite effect: you could access the Internet with it set to No but not when set to Yes! And I presume you set it back to No and, despite that, you still can’t access the Internet?
LAN network is: 192.168.1.1/24
OpenVPN network is: 10.0.0.1/24
push "route 192.168.1.0 255.255.255.0"
Tell the firewall to allow traffic between the VPN tunnel and the LAN:
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
@Xentrk The firmware already does those things. There's no need to do them manually.
How are you connecting with your iPhone; from a remote wifi or via 3G/4G?
I’m no expert at gaining every last ounce of info from the logfiles but clearly yiu are connected. And one thing I noticed prompted me to point out a “gotcha”. If your home network address is, say, 192.168..0.0, and your remote device coincidentally is on a network with the identical 192.168.0.0 network address, you have a potential conflict when you enter the IP address into your browser. So it’s best to have your home network address as something you’re unlikely to encounter remotely eg 192.168.91.0.
I don’t suppose that’s the problem?
You might be on to something there. The same problem appears to have been reported here. Again, the client is an iPhone which always seems to be the devices that have problems.But does it? Maybe Im thinking it doesnt for my older version of the firmware. Thats why others are reporting that it works 'out of the box' but not mine?
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
L | Is someone trying to access my router? | Asuswrt-Merlin | 3 | |
A | RT-AX88U clean installation guide | Asuswrt-Merlin | 4 | |
S | Guide Wireguard-portforwarding | Asuswrt-Merlin | 15 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!