What's new

I can't add openvpn users

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

perseus

New Around Here
Hello!
I have Asus RT AX 88 with merlin wrt (386_2_4 version).
I have a problem. I can't add users in my openvpn server. I write username, password, push add, apply, and the user don't apear in the list.
Somebody have some ideas?
 
That issue was fixed with 386.2_0 back in March. Double check which firmware version you are actually using.
 
This is my firmware version.
I turn off the router, i swhitched on/off openvpn server and still i can't add users.
 

Attachments

  • ASUS-Wireless-Router-RT-AX88U-Network-Map.png
    ASUS-Wireless-Router-RT-AX88U-Network-Map.png
    142.2 KB · Views: 204
I just tested it, and it's working for me. Try a different browser.
 
I tried 4 separate browsers. Today I will try to do a factory reset and see if it works.
 
Have the same issue. Am on 386.2_6 on an AC88U. Have tried FF, Chrome, Edge Chromium, IE. Am not able to delete/create VPN users. No entries in system log when I try to delete/create users.
 
Open your browser console and look for any Javascript error message.
 
The console shows me the following when I navigate to VPN Server, delete a VPN users and choose apply. Note sure if these messages are really causing the issue I'm facing.

1623349958507.png
 
Those screenshots are impossible to read.
 
Have waited on the 386.3 firmware to see if that might solve my issue in some way. Unfortunately it didn't. I still can add/remove VPN users. The console shows me this when trying to remove a VPN user.

1627419754590.png
 
Hello, I have the same issue reported by @perseus. I am running 382.2_6 on an RT-AC86U. No user that I have added in the past 8-9 months is able to authenticate when connecting to the OpenVPN server. I am unable to add any new users. When I add the new user and click on Apply, after the browser is finished doing it's "Applying Settings" thing, the new user is not actually there in the user list. Similarly, if I delete an existing user in the UI and click on "Apply", the user fails to delete.

I am running macOS and have the same issue with Chrome, Firefox and Safari. My macOS and the browsers are all up to date. Similarly, I have tried on Ubuntu Linux 16.04 with Firefox and see the exact same behavior.

For me at the moment, the only user account that works with the VPN is the router's "admin" account.

@RMerlin, I know you say this was previously fixed but I don't think so. Or it broke again (maybe an inadvertent reversion to the broken code?)
 
Oh, I forgot to cross reference the ticket I created yesterday:

 
Here is the console output from Linux Firefox:

17:41:44.598 WebExtensions: reset-default-search: starting. api.js:183
17:41:44.598 WebExtensions: reset-default-search: has already ran once and saw panel, exit. api.js:210
17:41:47.493 [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIAppStartup.secondsSinceLastOSRestart]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: resource:///modules/BrowserGlue.jsm :: _collectStartupConditionsTelemetry :: line 1623" data: no] BrowserGlue.jsm:1623:9
17:41:48.131 Unknown category for SetEventRecordingEnabled: fxmonitor
17:41:48.935 this._searchProviderInfo is null 2 SearchSERPTelemetry.jsm:438
17:41:53.306 Error: Can't find profile directory. 6 XULStore.jsm:66:15
17:41:53.583 Key event not available on some keyboard layouts: key=\u201cr\u201d modifiers=\u201caccel,alt\u201d id=\u201ckey_toggleReaderMode\u201d browser.xhtml
17:41:53.583 Key event not available on some keyboard layouts: key=\u201ci\u201d modifiers=\u201caccel,alt,shift\u201d id=\u201ckey_browserToolbox\u201d browser.xhtml
17:41:53.876 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443
17:41:54.137 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443 3
17:41:54.801 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443 2
17:41:56.316 Alternate Service Mapping found: https://www.google.com:-1 to https://www.google.com:443
17:42:57.336 TypeError: composedTarget is null ClickHandlerChild.jsm:40:7
17:43:39.280 update.locale file doesn't exist in either the application or GRE directories UpdateUtils.jsm:149
17:44:19.348 NS_ERROR_FAILURE: Couldn't decrypt string 3 crypto-SDR.js:200


Here are the console messages from mac Chrome:

Code:
jquery.js:5 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
send @ jquery.js:5
ajax @ jquery.js:5
nvramGet @ httpApi.js:60
faqURL @ httpApi.js:580
initial @ Advanced_VPN_OpenVPN.asp:170
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004472?callback=jQuery110207435840333061305_1627595559634&_=1627595559635 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.js:5
ajax @ jquery.js:5
faqURL @ httpApi.js:610
initial @ Advanced_VPN_OpenVPN.asp:171
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004466?callback=jQuery110207435840333061305_1627595559638&_=1627595559639 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.js:5
ajax @ jquery.js:5
faqURL @ httpApi.js:610
initial @ Advanced_VPN_OpenVPN.asp:173
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004469?callback=jQuery110207435840333061305_1627595559632&_=1627595559633 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.js:5
ajax @ jquery.js:5
faqURL @ httpApi.js:610
initial @ Advanced_VPN_OpenVPN.asp:170
onload @ Advanced_VPN_OpenVPN.asp:1053
jquery.js:5 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.asus.com/support/FAQ/1004471?callback=jQuery110207435840333061305_1627595559636&_=1627595559637 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
 
@RMerlin, I know you say this was previously fixed but I don't think so. Or it broke again (maybe an inadvertent reversion to the broken code?)
There was a specific issue at the time which I was able to reproduce and fix. The issue was strictly preventing from adding new users, it didn't affect the existing ones in any way. If people are experiencing authentication issues now, then it's completely different, and so far in all my tests I have been unable to reproduce it.

My first guess would be some users have a browser addons that messes with the DOM and corrupts the password. Or, they are using an addon that manipulates usernames/passwords and also corrupts them as they aren't properly dealing with the fact they are now encrypted.
 
Did you guys find a solution? I am suddenly for no reason at all experiencing this same issue with merlin 386.3_2 on ax86u.

I cannot add or remove users on my OpenVPN-server. I can connect just fine to the vpn with the usernames who are already there, but adding or removing usernames does nothing. Rebooting router doesn't help, tried several browsers with and without add-ons.

Do I have to reset my router to fix this?
 
Last edited:
I have no idea what the problem is either, but I threw together the following little script that allows you to define and install your username/passwords directly into nvram. After specifying your own username/passwords, simply open an ssh session and copy/paste it into the window.

Code:
clist='
user1 password1
user2 password2
user3 password3
'
x=''
OIFS="$IFS"; IFS=$'\n'
for i in $clist; do
    x="$x<$(echo $i | awk '{print $1}')>$(echo $i | awk '{print $2}')"
done
IFS="$OIFS"
nvram set vpn_serverx_clientlist="$x"
nvram commit

Just be careful since the script does NOT prevent invalid characters (<>&) or allow embedded blanks in username or password.

It obviously doesn't address the underlying problem, but at least you can get your username/passwords operational. It would be interesting to know if once these were installed correctly using the script, then you hit Apply (or even rebooted), whether they became corrupted again.
 
Last edited:
Thanks, I'm gonna reset it anyways, I think. I want to get rid of skynet and have a clean merlin firmware.
 
I noticed by accident, that the hashed passwords in shadow and shadow.openvpn in /etc changed for some users after a reboot. Those users were then not able to logon because of authentication failures. After the reboot those files had a timestamp of May 5th 2018 (whereas before the reboot they had a much later timestamp). Have no idea what might be causing this.
 
Any way to reset the shadow.openvpn?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top