What's new

OpenVPN client - PrivatVPN service help

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jbombs16

Occasional Visitor
I am trying to set up the OpenVPN client to work with the vpn service PrivatVPN. They provided me the ca.crt file that I placed on my router and called it with a script as shown in the attached screen shots of my settings.

My log is also attached. Is there anything here that looks incorrect that would be preventing the connection to the vpn?

Any help would be appreciated.

Thanks in advance.
 

Attachments

  • settings1.jpg
    settings1.jpg
    95.7 KB · Views: 554
  • settings2.jpg
    settings2.jpg
    72.1 KB · Views: 550
  • log.txt
    3.3 KB · Views: 626
Don't supply your certificate through the custom config. Paste its content on the OpenVPN Keys page instead.
 
I have removed the script in the custom config and placed the contents of the ca.crt into the Cert Authority section of Client1. Still does not work and I get this log:

Jan 5 12:58:19 notify_rc : start_vpnclient1
Jan 5 12:58:19 syslog: VPN_LOG_ERROR: 155: Adding tunnel interface to bridge failed...
Jan 5 12:58:19 kernel: br0: port 4(tap11) entering disabled state
Jan 5 12:58:19 kernel: br0: port 4(tap11) entering disabled state
Jan 5 12:59:01 crond[540]: admin: No such file or directory
 
I have removed the script in the custom config and placed the contents of the ca.crt into the Cert Authority section of Client1. Still does not work and I get this log:

Jan 5 12:58:19 notify_rc : start_vpnclient1
Jan 5 12:58:19 syslog: VPN_LOG_ERROR: 155: Adding tunnel interface to bridge failed...
Jan 5 12:58:19 kernel: br0: port 4(tap11) entering disabled state
Jan 5 12:58:19 kernel: br0: port 4(tap11) entering disabled state
Jan 5 12:59:01 crond[540]: admin: No such file or directory

Leave Firewall to "Automatic". Also try rebooting your router, this log bit you posted doesn't show much at all.
 
changed the firewall and the VPN seems to start up correctly. However, when the VPN is on, I cannot access the internet. Here is the log:

Jan 6 13:15:27 notify_rc : start_vpnclient1
Jan 6 13:15:27 kernel: tun: Universal TUN/TAP device driver, 1.6
Jan 6 13:15:27 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Jan 6 13:15:27 kernel: device tap11 entered promiscuous mode
Jan 6 13:15:27 kernel: br0: port 4(tap11) entering listening state
Jan 6 13:15:27 openvpn[4817]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 31 2012
Jan 6 13:15:27 openvpn[4817]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 6 13:15:27 openvpn[4817]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 6 13:15:27 kernel: br0: port 4(tap11) entering learning state
Jan 6 13:15:27 kernel: br0: topology change detected, propagating
Jan 6 13:15:27 kernel: br0: port 4(tap11) entering forwarding state
Jan 6 13:15:27 openvpn[4817]: LZO compression initialized
Jan 6 13:15:27 openvpn[4817]: Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 6 13:15:27 openvpn[4817]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Jan 6 13:15:27 openvpn[4817]: RESOLVE: NOTE: se.privatevpn.com resolves to 4 addresses
Jan 6 13:15:27 openvpn[4817]: Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 6 13:15:27 openvpn[4822]: UDPv4 link local: [undef]
Jan 6 13:15:27 openvpn[4822]: UDPv4 link remote: 91.240.64.19:21000
Jan 6 13:15:28 openvpn[4822]: TLS: Initial packet from 91.240.64.19:21000, sid=9a28f897 e3c7fa22
Jan 6 13:15:28 openvpn[4822]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 6 13:15:29 openvpn[4822]: VERIFY OK: depth=1, /C=SE/ST=STH/L=Stockholm/O=PrivatVPN/CN=PrivatVPN_CA/emailAddress=support@privatvpn.se
Jan 6 13:15:29 openvpn[4822]: VERIFY OK: depth=0, /C=SE/ST=STH/L=Stockholm/O=PrivatVPN/CN=server/emailAddress=support@privatvpn.se
Jan 6 13:15:32 openvpn[4822]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 6 13:15:32 openvpn[4822]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 6 13:15:32 openvpn[4822]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 6 13:15:32 openvpn[4822]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 6 13:15:32 openvpn[4822]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jan 6 13:15:32 openvpn[4822]: [server] Peer Connection Initiated with 91.240.64.19:21000
Jan 6 13:15:35 openvpn[4822]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jan 6 13:15:35 openvpn[4822]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 91.240.66.1,redirect-gateway def1,dhcp-option DNS 8.8.8.8,ping 10,ping-restart 60,ifconfig 91.240.66.10 255.255.255.224'
Jan 6 13:15:35 openvpn[4822]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 6 13:15:35 openvpn[4822]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 6 13:15:35 openvpn[4822]: OPTIONS IMPORT: route options modified
Jan 6 13:15:35 openvpn[4822]: OPTIONS IMPORT: route-related options modified
Jan 6 13:15:35 openvpn[4822]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 6 13:15:35 openvpn[4822]: TUN/TAP device tap11 opened
Jan 6 13:15:35 openvpn[4822]: TUN/TAP TX queue length set to 100
Jan 6 13:15:35 openvpn[4822]: /sbin/ifconfig tap11 91.240.66.10 netmask 255.255.255.224 mtu 1500 broadcast 91.240.66.31
Jan 6 13:15:35 openvpn[4822]: /sbin/route add -net 91.240.64.19 netmask 255.255.255.255 gw 98.204.136.1
Jan 6 13:15:35 openvpn[4822]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 91.240.66.1
Jan 6 13:15:35 openvpn[4822]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 91.240.66.1
Jan 6 13:15:35 openvpn[4822]: Initialization Sequence Completed
Jan 6 13:20:12 notify_rc : stop_vpnclient1
Jan 6 13:20:12 openvpn[4822]: event_wait : Interrupted system call (code=4)
Jan 6 13:20:12 openvpn[4822]: TCP/UDP: Closing socket
Jan 6 13:20:12 openvpn[4822]: /sbin/route del -net 91.240.64.19 netmask 255.255.255.255
Jan 6 13:20:12 openvpn[4822]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Jan 6 13:20:12 openvpn[4822]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Jan 6 13:20:12 openvpn[4822]: Closing TUN/TAP interface
Jan 6 13:20:12 openvpn[4822]: /sbin/ifconfig tap11 0.0.0.0
Jan 6 13:20:12 openvpn[4822]: SIGTERM[hard,] received, process exiting
Jan 6 13:20:12 kernel: br0: port 4(tap11) entering disabled state
Jan 6 13:20:12 kernel: br0: port 4(tap11) entering disabled state
Jan 6 13:21:01 crond[557]: admin: No such file or directory
 
Set "Redirect Internet Traffic" to "Yes" if you want your Internet traffic to go through the tunnel.
 
set Redirect to Yes - what should the gateway be? I set it to my router's IP address and I cannot access the internet.
 
set Redirect to Yes - what should the gateway be? I set it to my router's IP address and I cannot access the internet.

I thought that option would force all traffic to go through the tunnel's gateway. Looks like that when in a TAP configuration you have to manually enter a gateway.

I have no idea then, sorry. I don't use TAP connections, as they make little sense in a plain tunnel scenario.
 
Hello guys,
I am also setting up my rt-n66u also for OpenVPN and I am subscribed to HMAvpn. I am having trouble with the tutorials because all are based with either TOMATO or DD-WRT. They have differences with the interface which makes it confusing.
Can you give instructions on how to setup Asuswrt-merlin using HMAvpn settings. I have seen their tutorials but still no success for me.

Thanks
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top