Menu
What's new
By:
Filters Better Search

Merlin OpenVPN to Tomato OpenVpn lan to lan

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

miodzicho

Occasional Visitor
Hello

I'm trying to establish two tunnels using Tomato on client side.
I have 192.168.20.x on server side, tunnel as 10.10.10.0, and bot clients as 192.168.10.x and 192.168.11.x.
So far I can ping network 20.x from client side no problem, but cannot ping anything on 10.x or 11.x.
T have routing asigned I used : enabled Allow only specified clients, I have correct CN and subnet given.
But getting error message :
AUTH: Received AUTH_FAILED control message
And tunnel is not connected. I have generated all certificates and using TLS.
Adding routing manually doesn't work either.
 
miodzicho said:
Hello

I'm trying to establish two tunnels using Tomato on client side.
I have 192.168.20.x on server side, tunnel as 10.10.10.0, and bot clients as 192.168.10.x and 192.168.11.x.
So far I can ping network 20.x from client side no problem, but cannot ping anything on 10.x or 11.x.
T have routing asigned I used : enabled Allow only specified clients, I have correct CN and subnet given.
But getting error message :
AUTH: Received AUTH_FAILED control message
And tunnel is not connected. I have generated all certificates and using TLS.
Adding routing manually doesn't work either.
Click to expand...

If you get an AUTH_FAILED then there is something wrong with either your OpenVPN settings, your certificates, or the clock of your routers (they must all be properly synchronized, otherwise SSL will fail).
 
Below log from client :
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: Re-using SSL/TLS context
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: LZO compression initialized
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: UDPv4 link local: [undef]
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: UDPv4 link remote: my ip:1194
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: TLS: Initial packet from my ip:1194, sid=3982eb55 d49f6652
Dec 27 22:06:35 mars daemon.notice openvpn[2157]: VERIFY OK: depth=1, xxxxxxxxxxxxxxxxxxxx
Dec 27 22:06:36 mars daemon.notice openvpn[2157]: VERIFY OK: depth=0, xxxxxxxxxxxxxxxxxxx
Dec 27 22:06:37 mars daemon.notice openvpn[2157]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 27 22:06:37 mars daemon.notice openvpn[2157]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 27 22:06:37 mars daemon.notice openvpn[2157]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 27 22:06:37 mars daemon.notice openvpn[2157]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 27 22:06:37 mars daemon.notice openvpn[2157]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Dec 27 22:06:37 mars daemon.notice openvpn[2157]: [AGNet-VPN-Server] Peer Connection Initiated with my ip:1194
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: SENT CONTROL [AGNet-VPN-Server]: 'PUSH_REQUEST' (status=1)
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: AUTH: Received AUTH_FAILED control message
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: TCP/UDP: Closing socket
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: /sbin/route del -net 10.8.0.0 netmask 255.255.255.0
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: /sbin/route del -net 192.168.20.0 netmask 255.255.255.0
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: Closing TUN/TAP interface
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: /sbin/ifconfig tun11 0.0.0.0
Dec 27 22:06:39 mars daemon.notice openvpn[2157]: updown.sh tun11 1500 1558 10.8.0.6 10.8.0.5 init
Dec 27 22:06:39 mars daemon.info dnsmasq[2186]: exiting on receipt of SIGTERM
Dec 27 22:06:39 mars user.debug init[1]: 182: pptp peerdns disabled
Dec 27 22:06:39 mars daemon.info dnsmasq[2863]: started, version 2.61 cachesize 1500
Dec 27 22:06:39 mars daemon.info dnsmasq[2863]: compile time options: no-IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack
Dec 27 22:06:39 mars daemon.warn dnsmasq[2863]: warning: interface ppp9 does not currently exist
Dec 27 22:06:39 mars daemon.warn dnsmasq[2863]: warning: interface ppp8 does not currently exist
Dec 27 22:06:39 mars daemon.warn dnsmasq[2863]: warning: interface ppp7 does not currently exist
Dec 27 22:06:39 mars daemon.warn dnsmasq[2863]: warning: interface ppp6 does not currently exist
Dec 27 22:06:39 mars daemon.warn dnsmasq[2863]: warning: interface ppp5 does not currently exist
Dec 27 22:06:39 mars daemon.warn dnsmasq[2863]: warning: interface ppp4 does not currently exist
Dec 27 22:06:40 mars daemon.notice openvpn[2157]: SIGTERM[soft,auth-failure] received, process exiting
Click to expand...

Log from server :
Dec 27 22:05:41 openvpn[732]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 15 2012
Dec 27 22:05:41 openvpn[732]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Dec 27 22:05:41 openvpn[732]: Diffie-Hellman initialized with 1024 bit key
Dec 27 22:05:41 openvpn[732]: TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 27 22:05:41 openvpn[732]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Dec 27 22:05:41 openvpn[732]: TUN/TAP device tun21 opened
Dec 27 22:05:41 openvpn[732]: TUN/TAP TX queue length set to 100
Dec 27 22:05:41 openvpn[732]: /sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Dec 27 22:05:41 openvpn[732]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Dec 27 22:05:41 openvpn[732]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 27 22:05:41 openvpn[742]: UDPv4 link local (bound): [undef]:1194
Dec 27 22:05:41 openvpn[742]: UDPv4 link remote: [undef]
Dec 27 22:05:41 openvpn[742]: MULTI: multi_init called, r=256 v=256
Dec 27 22:05:41 openvpn[742]: IFCONFIG POOL: base=10.8.0.4 size=62
Dec 27 22:05:41 openvpn[742]: Initialization Sequence Completed
Dec 27 22:06:12 openvpn[742]: event_wait : Interrupted system call (code=4)
Dec 27 22:06:12 openvpn[742]: TITLE,OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 15 2012
Dec 27 22:06:12 openvpn[742]: TIME,Thu Dec 27 22:06:12 2012,1356642372
Dec 27 22:06:12 openvpn[742]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t)
Dec 27 22:06:12 openvpn[742]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Dec 27 22:06:12 openvpn[742]: GLOBAL_STATS,Max bcast/mcast queue length,0
Dec 27 22:06:12 openvpn[742]: END
Dec 27 22:06:36 openvpn[742]: MULTI: multi_create_instance called
Dec 27 22:06:36 openvpn[742]: client ip:2053 Re-using SSL/TLS context
Dec 27 22:06:36 openvpn[742]: client ip:2053 LZO compression initialized
Dec 27 22:06:36 openvpn[742]: client ip:2053 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 27 22:06:36 openvpn[742]: client ip:2053 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 27 22:06:36 openvpn[742]: client ip:2053 TLS: Initial packet from client ip:2053, sid=dd4d8285 bfa0bb53
Dec 27 22:06:37 openvpn[742]: client ip:2053 VERIFY OK: depth=1, xxxxxxxxxxxxxxxxxx
Dec 27 22:06:37 openvpn[742]: client ip:2053 VERIFY OK: depth=0, xxxxxxxxxxxxxxxxxx
Dec 27 22:06:37 openvpn[742]: client ip:2053 TLS Auth Error: --client-config-dir authentication failed for common name 'Piasty' file='ccd/Piasty'
Dec 27 22:06:38 openvpn[742]: client ip:2053 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Dec 27 22:06:38 openvpn[742]: client ip:2053 [Piasty] Peer Connection Initiated with client ip:2053
Dec 27 22:06:40 openvpn[742]: client ip:2053 PUSH: Received control message: 'PUSH_REQUEST'
Dec 27 22:06:40 openvpn[742]: client ip:2053 Delayed exit in 5 seconds
Dec 27 22:06:40 openvpn[742]: client ip:2053 SENT CONTROL [Piasty]: 'AUTH_FAILED' (status=1)
Dec 27 22:06:42 openvpn[742]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Dec 27 22:06:45 openvpn[742]: client ip:2053 SIGTERM[soft,delayed-exit] received, client-instance exiting
Dec 27 22:06:52 openvpn[742]: event_wait : Interrupted system call (code=4)
Dec 27 22:06:52 openvpn[742]: TITLE,OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 15 2012
Dec 27 22:06:52 openvpn[742]: TIME,Thu Dec 27 22:06:52 2012,1356642412
Dec 27 22:06:52 openvpn[742]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t)
Dec 27 22:06:52 openvpn[742]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Dec 27 22:06:52 openvpn[742]: GLOBAL_STATS,Max bcast/mcast queue length,0
Dec 27 22:06:52 openvpn[742]: END
Click to expand...

Time seems ok, certificates also with OK...without "Allow only specified clients" works with ping one direction, so tunnel is established successfully, so I think certificates etc are correct.
 
Last edited:
I found reason :
OpenVPN is not creating anything under ccd directory.
Should create file :
CN name
with content : iroute (remote net) netmask
Also is not creating routing , so need to add :
route add -net (remote net) netmask (netmask) gw (here is IP of the tunnel end)

I hope it will help to find why doesn't work properly using GUI.
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
910
elorimer
E
J
VPN director Multiple OpenVPN clients
Replies
7
Views
328
eibgrad
eibgrad
N
Access Network on the VPN Client Side? CGNAT troubles!
Replies
6
Views
705
Anthonywkho
A
G
Access webserver on lan synology from guest network on AX88u router
Replies
1
Views
408
grottoguy
G
eibgrad
OpenVPN Client: mishandled route directives
Replies
7
Views
628
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
Zigster IPV6 and OpenVPN on Asus Merlin on Asus GT-AXE11000 Asuswrt-Merlin 0
M For AX68U and AX86S Merlin users: openvpn server - max user qty? Asuswrt-Merlin 1
B Asus Merlin OpenVPN CloudConnexa Support Asuswrt-Merlin 1
J Reverse internet access through Asus-Merlin OpenVPN client. Asuswrt-Merlin 0
J Asus RT-AC68R /w latest Merlin 386.12 firmware - Openvpn client issue Asuswrt-Merlin 2
S OpenVPN cloudconnexa connector egress configuration in Merlin GT-AXE16000 Asuswrt-Merlin 5
S Setting dnsmasq on Asuswrt-Merlin Asuswrt-Merlin 8
N AiMesh, router stock asus, wired AP merlin. Cant connect to AP 5ghz Asuswrt-Merlin 4
J Installing Merlin on router Asuswrt-Merlin 3
swejuggalo AX88U (backend with Merlin and scripts) and BE88U (for WiFi-7, MLO and such) - tips? Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,064 (members: 14, guests: 1,050)
Top