alexrose12345
New Around Here
Hi,
I have a RT-AX88U running the latest version of Merlin (3004.338.4). My laptop, mobile phone and wife's mobile phone can no longer connect to my vpn. The server is up (I can connect to it via DDNS fine). Used to work flawlessly. Started having a problem where we could only ever connect 2 devices simultaneously. Now I can't even get 1 on. UDP 1194 is port forwarded and firewall whitelisted
This happens over wifi at our apartment, at my in laws' apartment, on my wife's mobile network and my mobile network.
Here is my .OPVN config:
Here's the client log (website redacted):
As you can see it connects. Here's how it looks (bytes go out, none come in)
Router logs:
Router config:
it appears here and claims to be working but in reality no bytes in:
android is on version 3.3.4 (9290)
windows is on 3.3.7 (2979)
iOS is on 3.3.4 (5176)
Any ideas? At my wit's end
I have a RT-AX88U running the latest version of Merlin (3004.338.4). My laptop, mobile phone and wife's mobile phone can no longer connect to my vpn. The server is up (I can connect to it via DDNS fine). Used to work flawlessly. Started having a problem where we could only ever connect 2 devices simultaneously. Now I can't even get 1 on. UDP 1194 is port forwarded and firewall whitelisted
This happens over wifi at our apartment, at my in laws' apartment, on my wife's mobile network and my mobile network.
Here is my .OPVN config:
Code:
# Config generated by Asuswrt-Merlin 388.4, requires OpenVPN 2.4.0 or newer.
client
dev tun
proto udp
remote MYROUTER.com 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
((certificates and keys redacted))
Here's the client log (website redacted):
Code:
[Sep 8, 2023, 19:26:53] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Feb 7 2023 16:08:10
?[Sep 8, 2023, 19:26:53] Frame=512/2048/512 mssfix-ctrl=1250
?[Sep 8, 2023, 19:26:53] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
7 [ncp-ciphers] [AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC]
?[Sep 8, 2023, 19:26:53] EVENT: RESOLVE ?[Sep 8, 2023, 19:26:53] Contacting 80.2.0.28:1194 via UDP
?[Sep 8, 2023, 19:26:53] EVENT: WAIT ?[Sep 8, 2023, 19:26:53] WinCommandAgent: transmitting bypass route to 80.2.0.28
{
"host" : "80.2.0.28",
"ipv6" : false
}
?[Sep 8, 2023, 19:26:53] Connecting to [MYROUTER.com]:1194 (80.2.0.28) via UDPv4
?[Sep 8, 2023, 19:26:53] EVENT: CONNECTING ?[Sep 8, 2023, 19:26:53] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
?[Sep 8, 2023, 19:26:53] Creds: Username/Password
?[Sep 8, 2023, 19:26:53] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.7-2979
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
?[Sep 8, 2023, 19:26:53] SSL Handshake: peer certificate: CN=RT-AX88U, 1024 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
?[Sep 8, 2023, 19:26:53] Session is ACTIVE
?[Sep 8, 2023, 19:26:53] EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future?[Sep 8, 2023, 19:26:53] EVENT: GET_CONFIG ?[Sep 8, 2023, 19:26:53] Sending PUSH_REQUEST to server...
?[Sep 8, 2023, 19:26:53] OPTIONS:
0 [route] [192.168.50.0] [255.255.255.0] [vpn_gateway] [500]
1 [redirect-gateway] [def1]
2 [route-gateway] [10.8.0.1]
3 [topology] [subnet]
4 [ping] [15]
5 [ping-restart] [60]
6 [ifconfig] [10.8.0.2] [255.255.255.0]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
9 [key-derivation] [tls-ekm]
?[Sep 8, 2023, 19:26:53] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: TLS Keying Material Exporter [RFC5705]
compress: NONE
peer ID: 0
?[Sep 8, 2023, 19:26:53] EVENT: ASSIGN_IP ?[Sep 8, 2023, 19:26:53] CAPTURED OPTIONS:
Session Name: MYROUTER.com
Layer: OSI_LAYER_3
Remote Address: 80.2.0.28
Tunnel Addresses:
10.8.0.2/24 -> 10.8.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
192.168.50.0/24 [METRIC=500]
Exclude Routes:
DNS Servers:
Search Domains:
?[Sep 8, 2023, 19:26:54] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "2c18000000000000",
"destroy_event" : "a411000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "192.168.50.0",
"gateway" : "",
"ipv6" : false,
"metric" : 500,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "80.2.0.28",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 275,
"ipv4" : true,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "MYROUTER.com",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.8.0.2",
"gateway" : "10.8.0.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{931AEBDE-0773-4809-BAE3-034377726FAE}' index=18 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{931AEBDE-0773-4809-BAE3-034377726FAE}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=18
netsh interface ip set interface 18 metric=1
Ok.
netsh interface ip set address 18 static 10.8.0.2 255.255.255.0 gateway=10.8.0.1 store=active
IPHelper: add route 192.168.50.0/24 18 10.8.0.1 metric=500
netsh interface ip add route 80.2.0.28/32 27 192.168.1.1 store=active
The object already exists.
netsh interface ip add route 0.0.0.0/1 18 10.8.0.1 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 18 10.8.0.1 store=active
Ok.
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: e417000000000000
?[Sep 8, 2023, 19:26:54] Connected via TUN_WIN
?[Sep 8, 2023, 19:26:54] EVENT: CONNECTED zephyr@MYROUTER.com:1194 (80.2.0.28) via /UDPv4 on TUN_WIN/10.8.0.2/ gw=[10.8.0.1/]?
As you can see it connects. Here's how it looks (bytes go out, none come in)
Router logs:
Code:
Sep 9 00:26:16 ovpn-server1[2168]: client/[my laptop's ip]:62290 [client] Inactivity timeout (--ping-restart), restarting
Sep 9 00:26:16 ovpn-server1[2168]: client/[my laptop's ip]:62290 SIGUSR1[soft,ping-restart] received, client-instance restarting
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=RT-AX88U, emailAddress=me@asusrouter.lan
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_VER=3.git::d3f8b18b
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_PLAT=win
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_NCP=2
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_TCPNL=1
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_PROTO=30
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_GUI_VER=OCWindows_3.3.7-2979
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_SSO=webauth,openurl,crtext
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 peer info: IV_BS64DL=1
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 TLS: Username/Password authentication succeeded for username 'zephyr'
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 TLS: tls_multi_process: initial untrusted session promoted to trusted
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 1024 bit RSA, signature: RSA-SHA1
Sep 9 00:26:55 ovpn-server1[2168]: [my laptop's ip]:52083 [client] Peer Connection Initiated with [AF_INET][my laptop's ip]:52083 (via [AF_INET]80.2.0.28%eth0)
Sep 9 00:26:55 ovpn-server1[2168]: client/[my laptop's ip]:52083 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Sep 9 00:26:55 ovpn-server1[2168]: client/[my laptop's ip]:52083 MULTI: Learn: 10.8.0.2 -> client/[my laptop's ip]:52083
Sep 9 00:26:55 ovpn-server1[2168]: client/[my laptop's ip]:52083 MULTI: primary virtual IP for client/[my laptop's ip]:52083: 10.8.0.2
Sep 9 00:26:55 ovpn-server1[2168]: client/[my laptop's ip]:52083 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.50.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,key-derivation tls-ekm' (status=1)
Sep 9 00:26:55 ovpn-server1[2168]: client/[my laptop's ip]:52083 PUSH: Received control message: 'PUSH_REQUEST'
Sep 9 00:26:56 ovpn-server1[2168]: client/[my laptop's ip]:52083 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Sep 9 00:26:56 ovpn-server1[2168]: client/[my laptop's ip]:52083 Timers: ping 15, ping-restart 120
Sep 9 00:26:56 ovpn-server1[2168]: client/[my laptop's ip]:52083 Protocol options: protocol-flags tls-ekm
Router config:
it appears here and claims to be working but in reality no bytes in:
android is on version 3.3.4 (9290)
windows is on 3.3.7 (2979)
iOS is on 3.3.4 (5176)
Any ideas? At my wit's end