Menu
What's new
By:
Filters Better Search

Can't connect to OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

nfshp253

Regular Contributor
I have an OpenVPN configuration that I've failed to get working on my AC68U. The VPN status does show TCP/UDP read bytes, Auth read bytes and TCP/UDP write bytes but all other information is at 0. The OpenVPN configuration page shows service state as On but when using my computer, it's obvious the VPN isn't connected. Can someone help me with this?

Here's the log:
https://dl.dropboxusercontent.com/u/22096700/openvpn.txt
 
Well I've tried those settings and for some reason it doesn't connect. I've read somewhere that TUN/TAP numbers at 0 means failure to tunnel the devices I've chosen through the VPN?

Edit: I've just tried "Redirect internet traffic" to "All traffic" and it works, which means I'm doing the policy rules wrongly. It's just selecting the devices I want (Source IP) to go through the VPN and leaving Destination IP blank, no?
 
I have only one device going through the VPN, set as follows:

WmVn0Bq.png
 
I tried that but that didn't do anything. I set that to 192.168.1.85, which is my desktop's IP address, but it does not pass through the VPN. Is it possible that there's some complications caused by the fact that my desktop is behind another wireless router but with DHCP disabled (AC68U assigns its IP address)?
 
i have problem with configuering open vpn too....i do not know what i am doing wrong....here is log if someone can got solution for solve my problem....
Code: 
Feb  8 14:51:54 openvpn[1202]: 89.142.232.152:54330 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:51:54 openvpn[1202]: 89.142.232.152:54330 TLS Error: TLS handshake failed
Feb  8 14:51:54 openvpn[1202]: 89.142.232.152:54330 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:51:54 openvpn[1202]: 192.168.200.153:62444 TLS: Initial packet from [AF_INET]192.168.200.153:62444, sid=46df5664 da321206
Feb  8 14:51:54 openvpn[1373]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb  8 14:51:54 openvpn[1373]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Feb  8 14:51:54 openvpn[1373]: UDPv4 link local: [undef]
Feb  8 14:51:54 openvpn[1373]: UDPv4 link remote: [AF_INET]89.142.232.152:1194
Feb  8 14:51:54 openvpn[1202]: 89.142.232.152:50702 TLS: Initial packet from [AF_INET]89.142.232.152:50702, sid=bbfaaa16 6622e704
Feb  8 14:51:54 openvpn[1373]: TLS: Initial packet from [AF_INET]89.142.232.152:1194, sid=5aed2c51 c50ef6d7
Feb  8 14:51:55 openvpn[1202]: 192.168.200.153:59113 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:51:55 openvpn[1202]: 192.168.200.153:59113 TLS Error: TLS handshake failed
Feb  8 14:51:55 openvpn[1373]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Feb  8 14:51:55 openvpn[1202]: 192.168.200.153:59113 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:51:55 openvpn[1373]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Feb  8 14:51:55 openvpn[1373]: TLS Error: TLS object -> incoming plaintext read error
Feb  8 14:51:55 openvpn[1373]: TLS Error: TLS handshake failed
Feb  8 14:51:55 openvpn[1373]: SIGUSR1[soft,tls-error] received, process restarting
Feb  8 14:51:55 openvpn[1373]: Restart pause, 2 second(s)
Feb  8 14:51:56 openvpn[1202]: 192.168.200.153:57094 TLS: Initial packet from [AF_INET]192.168.200.153:57094, sid=826f05b3 21c84a98
Feb  8 14:51:57 openvpn[1202]: 89.142.232.152:51255 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:51:57 openvpn[1202]: 89.142.232.152:51255 TLS Error: TLS handshake failed
Feb  8 14:51:57 openvpn[1202]: 89.142.232.152:51255 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:51:57 openvpn[1202]: 192.168.200.153:59114 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:51:57 openvpn[1202]: 192.168.200.153:59114 TLS Error: TLS handshake failed
Feb  8 14:51:57 openvpn[1202]: 192.168.200.153:59114 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:51:57 openvpn[1373]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb  8 14:51:57 openvpn[1373]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Feb  8 14:51:57 openvpn[1373]: UDPv4 link local: [undef]
Feb  8 14:51:57 openvpn[1373]: UDPv4 link remote: [AF_INET]89.142.232.152:1194
Feb  8 14:51:57 openvpn[1202]: 89.142.232.152:50833 TLS: Initial packet from [AF_INET]89.142.232.152:50833, sid=a0709db2 247f220b
Feb  8 14:51:57 openvpn[1373]: TLS: Initial packet from [AF_INET]89.142.232.152:1194, sid=72209274 1790b4ee
Feb  8 14:51:57 openvpn[1373]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Feb  8 14:51:57 openvpn[1373]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Feb  8 14:51:57 openvpn[1373]: TLS Error: TLS object -> incoming plaintext read error
Feb  8 14:51:57 openvpn[1373]: TLS Error: TLS handshake failed
Feb  8 14:51:57 openvpn[1373]: SIGUSR1[soft,tls-error] received, process restarting
Feb  8 14:51:57 openvpn[1373]: Restart pause, 2 second(s)
Feb  8 14:51:59 openvpn[1202]: 89.142.232.152:46959 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:51:59 openvpn[1202]: 89.142.232.152:46959 TLS Error: TLS handshake failed
Feb  8 14:51:59 openvpn[1202]: 89.142.232.152:46959 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:51:59 openvpn[1202]: 192.168.200.153:57095 TLS: Initial packet from [AF_INET]192.168.200.153:57095, sid=919d25fd 894447ef
Feb  8 14:51:59 openvpn[1373]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb  8 14:51:59 openvpn[1373]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Feb  8 14:51:59 openvpn[1373]: UDPv4 link local: [undef]
Feb  8 14:51:59 openvpn[1373]: UDPv4 link remote: [AF_INET]89.142.232.152:1194
Feb  8 14:51:59 openvpn[1202]: 89.142.232.152:46392 TLS: Initial packet from [AF_INET]89.142.232.152:46392, sid=79e64147 47420dd7
Feb  8 14:51:59 openvpn[1373]: TLS: Initial packet from [AF_INET]89.142.232.152:1194, sid=14d315c6 b21fcf0e
Feb  8 14:51:59 openvpn[1373]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Feb  8 14:51:59 openvpn[1373]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Feb  8 14:51:59 openvpn[1373]: TLS Error: TLS object -> incoming plaintext read error
Feb  8 14:51:59 openvpn[1373]: TLS Error: TLS handshake failed
Feb  8 14:51:59 openvpn[1373]: SIGUSR1[soft,tls-error] received, process restarting
Feb  8 14:51:59 openvpn[1373]: Restart pause, 2 second(s)
Feb  8 14:52:00 openvpn[1202]: 192.168.200.153:60687 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:52:00 openvpn[1202]: 192.168.200.153:60687 TLS Error: TLS handshake failed
Feb  8 14:52:00 openvpn[1202]: 192.168.200.153:60687 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:52:00 openvpn[1202]: 89.142.232.152:40198 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb  8 14:52:00 openvpn[1202]: 89.142.232.152:40198 TLS Error: TLS handshake failed
Feb  8 14:52:00 openvpn[1202]: 89.142.232.152:40198 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb  8 14:52:01 openvpn[1373]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb  8 14:52:01 openvpn[1373]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Feb  8 14:52:01 openvpn[1373]: UDPv4 link local: [undef]
Feb  8 14:52:01 openvpn[1373]: UDPv4 link remote: [AF_INET]89.142.232.152:1194
Feb  8 14:52:01 openvpn[1202]: 89.142.232.152:36138 TLS: Initial packet from [AF_INET]89.142.232.152:36138, sid=c9e8dbab e106d501
Feb  8 14:52:01 openvpn[1373]: TLS: Initial packet from [AF_INET]89.142.232.152:1194, sid=e37f44af d6c64dd6
Feb  8 14:52:01 openvpn[1202]: 192.168.200.153:60834 TLS: Initial packet from [AF_INET]192.168.200.153:60834, sid=a655342f f942ad9a
Feb  8 14:52:01 openvpn[1373]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Feb  8 14:52:01 openvpn[1373]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
 
Last edited:
nfshp253 said:
I tried that but that didn't do anything. I set that to 192.168.1.85, which is my desktop's IP address, but it does not pass through the VPN. Is it possible that there's some complications caused by the fact that my desktop is behind another wireless router but with DHCP disabled (AC68U assigns its IP address)?
Click to expand...

Try assigning the router's (wifi extender) IP to your VPN policy.
 
Okay, I've tried assigning 192.168.1.100 which is the router's IP address but that doesn't work either. I keep seeing this in the logs: event_wait : Interrupted system call (code=4)
 
Who is your VPN provider?

One thing to note. Mine refused to work also, until I had set all settings and forced a reboot of router, for some unknown reason? You could try that.
 
I did the reboot many times but that didn't help. I'm using StrongVPN.

Edit: I've read that the interrupted system call is inconsequential as it happens whenever I click on the VPN settings tab. However, it seems like the problem is with a failure to policy route properly.
 
Last edited:
Anyone? It's strange that there are no error messages whatsoever but nothing I put in the routing rules work. OpenVPN definitely works as it connects and is able to direct all traffic through it if I selected that. But I really wish to use the 'Policy Rules'.
 
nfshp253 said:
Anyone? It's strange that there are no error messages whatsoever but nothing I put in the routing rules work. OpenVPN definitely works as it connects and is able to direct all traffic through it if I selected that. But I really wish to use the 'Policy Rules'.
Click to expand...

How are you testing to determine if traffic is routed through the tunnel or not?
 
I mean when I select Redirect Internet Traffic --> All Traffic, the VPN works just fine. When set to Policy rules, it connects but doesn't pass any device's data through it. In this situation, TUN/TAP read bytes, TUN/TAP write bytes are at 0 while TCP/UDP read bytes, TCP/UDP write bytes and Auth read bytes do increase over time. I'm guessing this means that the VPN connects but those 'Rules for routing client traffic through the tunnel' isn't working.
 
nfshp253 said:
I mean when I select Redirect Internet Traffic --> All Traffic, the VPN works just fine. When set to Policy rules, it connects but doesn't pass any device's data through it. In this situation, TUN/TAP read bytes, TUN/TAP write bytes are at 0 while TCP/UDP read bytes, TCP/UDP write bytes and Auth read bytes do increase over time. I'm guessing this means that the VPN connects but those 'Rules for routing client traffic through the tunnel' isn't working.
Click to expand...

Use a site such as WhatismyIP to determine how your traffic is being routed.
 
With policy rules, it's my ISP's WAN IP. On All Traffic, it's the IP for my VPN server (in Hong Kong).
 
nfshp253 said:
With policy rules, it's my ISP's WAN IP. On All Traffic, it's the IP for my VPN server (in Hong Kong).
Click to expand...

What did you put in the policy rules?
 
I selected my desktop's IP from the list (192.168.1.85) and left the destination blank, Iface as VPN. After adding the entry, the Destination IP goes to 0.0.0.0, which I believe is correct. That's it. It should work, right?
 
nfshp253 said:
I selected my desktop's IP from the list (192.168.1.85) and left the destination blank, Iface as VPN. After adding the entry, the Destination IP goes to 0.0.0.0, which I believe is correct. That's it. It should work, right?
Click to expand...

That's correct yes, assuming you have the right source IP.
 
You must log in or register to reply here.

Similar threads

B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
250
eibgrad
eibgrad
T
[Help] Problems setting up OpenVPN
Replies
7
Views
354
Thookie
T
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
815
nino_070
N
T
RBS50 won't connect. Seems to boot. Strange consol log
Replies
2
Views
211
Thomasx
T
R
OpenVPN not saving the custom configuration for client-connect on ASUS GT-AX6000
Replies
5
Views
641
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
orudie VPN does not auto connect after primary WAN disconnects and Secondary WAN becomes active. When primary WAN reconnects again then VPN auto reconnects Asuswrt-Merlin 6
L Devices Connect to Wi-Fi but No Internet Asuswrt-Merlin 10
S [AC88U] How to connect 2 separated networks into 1 VLAN Asuswrt-Merlin 2
6 VPN Director ok, device no connect. Asuswrt-Merlin 20
N AiMesh, router stock asus, wired AP merlin. Cant connect to AP 5ghz Asuswrt-Merlin 4
fenguix Wireguard server: can't connect SMB volumes Asuswrt-Merlin 6
C RT-AX86U 3004.388.8_2 . pet feeder app cannot connect to wifi why? Asuswrt-Merlin 6
C Can't connect to DYNDNS when Unbound is enabled ! Asuswrt-Merlin 10
B Solved What VPN Director rule should i use to be able to connect outside my home to my VPN provider? Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 976 (members: 26, guests: 950)
Top