OpenVPN runs, but no tunnel exists (Asus AC66U)

[Rukain]

Hi everbody,

I try to tunnel specific terminals via VPN in my network .
OpenVPN (Client) ist running and the connection seems to work, but the external IP remains the same, whether "All Traffic " or " Policy Rules " .

Systemlog:

Apr 3 18:37:29 openvpn[825]: [UNDEF] Inactivity timeout (--ping-exit), exiting
Apr 3 18:37:29 openvpn[825]: SIGTERM received, sending exit notification to peer
Apr 3 18:37:29 openvpn[825]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 3 18:37:29 openvpn[825]: TLS Error: TLS handshake failed
Apr 3 18:37:29 openvpn[825]: TCP/UDP: Closing socket
Apr 3 18:37:29 openvpn[825]: SIGUSR1[soft,tls-error] received, process restarting
Apr 3 18:37:29 openvpn[825]: Restart pause, 2 second(s)
Apr 3 18:37:31 openvpn[825]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 3 18:37:31 openvpn[825]: Re-using SSL/TLS context
Apr 3 18:37:31 openvpn[825]: LZO compression initialized
Apr 3 18:37:31 openvpn[825]: Control Channel MTU parms [ L:1558 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Apr 3 18:37:31 openvpn[825]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Apr 3 18:37:31 openvpn[825]: Data Channel MTU parms [ L:1558 D:1300 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Apr 3 18:37:31 openvpn[825]: Fragmentation MTU parms [ L:1558 D:1300 EF:57 EB:143 ET:1 EL:3 AF:3/1 ]
Apr 3 18:37:31 openvpn[825]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth MD5,keysize 256,key-method 2,tls-client'
Apr 3 18:37:31 openvpn[825]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth MD5,keysize 256,key-method 2,tls-server'
Apr 3 18:37:31 openvpn[825]: Local Options hash (VER=V4): '8f40a5db'
Apr 3 18:37:31 openvpn[825]: Expected Remote Options hash (VER=V4): '6ce7e20d'
Apr 3 18:37:31 openvpn[825]: UDPv4 link local: [undef]
Apr 3 18:37:31 openvpn[825]: UDPv4 link remote: [AF_INET]5.XXX.XX.72:9081

Has anyone any idea what may be the problem here ?
Sorry for my english , I'm from Germany .

Thank you,
Rukain

 

[john9527]

Two things to check....
- Your port number is a non-standard port. You don't say what provider you are trying to connect to, but most only accept standard ports. If that port isn't specified for you, try port 1194
- You have auth digest set to none....try SHA1 or SHA256

 

[Rukain]

Hi John, thank you!!

I try both, but it still not work.

My Provider is Cyberghost, maybe this Info helps.

Thanks

 

[Rukain]

One more question , if I activate "Block routed if tunnel goes down" and the Provider Config is incorrect , the internet-connection of the Client must broke down? I tried this yesterday, but the Internet connection for this Client (192.168.2.247) still work.

 

[john9527]

Hi John, thank you!!

I try both, but it still not work.

My Provider is Cyberghost, maybe this Info helps.

Thanks

I'm guessing you used this setup guide?
https://support.cyberghostvpn.com/i...-configure-openvpn-for-tomatousb-merlin-build

It looks like port 9081 is correct, but it also states you need a Premium or Premium Plus subscription to download the three needed key files. I'd check that the three key files are input correctly.

 

[yorgi]

Hi everbody,

I try to tunnel specific terminals via VPN in my network .
OpenVPN (Client) ist running and the connection seems to work, but the external IP remains the same, whether "All Traffic " or " Policy Rules " .

Systemlog:

Has anyone any idea what may be the problem here ?
Sorry for my english , I'm from Germany .

Thank you,
Rukain

Enable accept DNS configurations from Relaxed to exclusive
and enable block routed clients if tunnel goes down.
Also make sure that you put a certificate in authorisation-modus
click on content modification of keys and certificates
and paste the certificate in certificate authority

 

[Rukain]

@ John, yes i used this setup and i also download the keys and certificates, i guess the Sys-Log Shows that the VPN Client connect to the Provider?

@ Yorgi, I change to the configuration to exclusive, but without success.
even if I activate "Enabl block routed Clients it tunnel goes down", there is still a connection to the internet . In my opinion, the appropriate client is not be able to go "out" , or ?
Therefore, I do not think the problem lies in the connection with the provider , but on the internal configuration .

 

[yorgi]

@ John, yes i used this setup and i also download the keys and certificates, i guess the Sys-Log Shows that the VPN Client connect to the Provider?

@ Yorgi, I change to the configuration to exclusive, but without success.
even if I activate "Enabl block routed Clients it tunnel goes down", there is still a connection to the internet . In my opinion, the appropriate client is not be able to go "out" , or ?
Therefore, I do not think the problem lies in the connection with the provider , but on the internal configuration .

Did you copy and paste the certificate in the location I specified?
Without the certificate nothing will work.
I think you are having a router conflict because when you put an IP in Policy rules it's not suppose to let you use the Local ISP internet.

check out this guide as a reference.

http://www.snbforums.com/threads/ho...y-step-how-to-guide-ver-380-58-updated.30851/

 

[yorgi]

@ John, yes i used this setup and i also download the keys and certificates, i guess the Sys-Log Shows that the VPN Client connect to the Provider?

@ Yorgi, I change to the configuration to exclusive, but without success.
even if I activate "Enabl block routed Clients it tunnel goes down", there is still a connection to the internet . In my opinion, the appropriate client is not be able to go "out" , or ?
Therefore, I do not think the problem lies in the connection with the provider , but on the internal configuration .

Change to PIA VPN these guys are jokers. they don't offer any support for routers. I went on their site and its not pro.
I never saw ports on 9081 that use VPN. this can;t even be used with OpenVPN software. I wouldn't buy their service.
get a refund the other company and go here
https://www.privateinternetaccess.com/
PIA is rock solid and the majority of people use this service without any issues.

 

[Rukain]

I do not know how and why, but when I came home today it works . Only this "Block routed clients if tunnel goes down" still does not work. If the service goes down , I'm with the client suddenly with the ISP IP online . If blocking the line immediately ?

 

[yorgi]

I do not know how and why, but when I came home today it works . Only this "Block routed clients if tunnel goes down" still does not work. If the service goes down , I'm with the client suddenly with the ISP IP online . If blocking the line immediately ?

If you turn off the VPN client, you still get internet from your Local ISP?
if that is so then you are having a router conflict. there is no way that should happen.
Turn the Service off and see if you get traffic.
when you enable Block routed clients if tunnel goes down all it means is if the tunnel goes down the traffic will stop until the tunnel is working again.
properly test it and see otherwise I would do a factory reset and go at it again.
its not right if you are getting traffic when the service is off.

 

[Rukain]

Yes, when i shut down the Service or delet for test the VPN password and the Connection is lost, the Client wich is in PolicyRules activate is still online with the Original ISP IP...
Maybe a make an reset an Flash Merlin again...

Is PIA VPN an US Hoster? It means they must Logs IP's and other files, right??

 

[yorgi]

Yes, when i shut down the Service or delet for test the VPN password and the Connection is lost, the Client wich is in PolicyRules activate is still online with the Original ISP IP...
Maybe a make an reset an Flash Merlin again...

Is PIA VPN an US Hoster? It means they must Logs IP's and other files, right??

Why would you delete the password?
when the service is ON and you are on VPN traffic
if you turn the button that says OFF will there still be traffic?
if there is I would defiantly re-flash but make sure you do factory default and then enter the data
PIA is US company but they say they don't log. I never had a problem with them

 

[Rukain]

@ yorgi, I delete the password in order to test if the Connection goes down and Policy Rules works fine.


Can i go back from Merlin without problems to factory settings reset ?

 

[yorgi]

@ yorgi, I delete the password in order to test if the Connection goes down and Policy Rules works fine.


Can i go back from Merlin without problems to factory settings reset ?

I can't see why you will have any problems if you do factory reset.