RT-AC3200 VPN Problem

j1mb0 · Apr 13, 2019

Hello,

I tried to set up my openvpn client following these instructions, but it didn't work. Can anyone help me?

Instruction: https://www.perfect-privacy.com/en/manuals/router_asuswrtmerlin_openvpn

Log:
Apr 14 00:38:52 ovpn-client1[15477]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 3 2019
Apr 14 00:38:52 ovpn-client1[15477]: library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.08
Apr 14 00:38:52 ovpn-client1[15478]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 14 00:38:52 ovpn-client1[15478]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Apr 14 00:38:52 ovpn-client1[15478]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Apr 14 00:38:52 ovpn-client1[15478]: LZO compression initializing
Apr 14 00:38:53 ovpn-client1[15478]: Control Channel MTU parms [ L:1626 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Apr 14 00:38:53 ovpn-client1[15478]: Data Channel MTU parms [ L:1626 D:1300 EF:126 EB:407 ET:0 EL:3 ]
Apr 14 00:38:53 ovpn-client1[15478]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Apr 14 00:38:53 ovpn-client1[15478]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Apr 14 00:38:53 ovpn-client1[15478]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Apr 14 00:38:53 ovpn-client1[15478]: TCP/UDP: Preserving recently used remote address: [AF_INET]80.255.7.82:1151
Apr 14 00:38:53 ovpn-client1[15478]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Apr 14 00:38:53 ovpn-client1[15478]: UDP link local: (not bound)
Apr 14 00:38:53 ovpn-client1[15478]: UDP link remote: [AF_INET]80.255.7.82:1151
Apr 14 00:38:53 ovpn-client1[15478]: TLS: Initial packet from [AF_INET]80.255.7.82:1151, sid=22c9d5e5 f9c43a0a
Apr 14 00:38:53 ovpn-client1[15478]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 14 00:38:53 ovpn-client1[15478]: VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
Apr 14 00:38:53 ovpn-client1[15478]: VERIFY KU OK
Apr 14 00:38:53 ovpn-client1[15478]: Validating certificate extended key usage
Apr 14 00:38:53 ovpn-client1[15478]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Apr 14 00:38:53 ovpn-client1[15478]: VERIFY EKU OK
Apr 14 00:38:53 ovpn-client1[15478]: VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_zurich.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
Apr 14 00:39:01 ovpn-client1[15478]: Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Apr 14 00:39:01 ovpn-client1[15478]: [Server_zurich.perfect-privacy.com] Peer Connection Initiated with [AF_INET]80.255.7.82:1151
Apr 14 00:39:02 ovpn-client1[15478]: SENT CONTROL [Server_zurich.perfect-privacy.com]: 'PUSH_REQUEST' (status=1)
Apr 14 00:39:02 ovpn-client1[15478]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,comp-lzo adaptive,route-gateway 10.4.144.2,redirect-gateway ipv6,route-ipv6 2000::/3,ping 10,ping-restart 60,dhcp-option DNS 80.255.7.94,dhcp-option DNS 92.222.210.119,ifconfig-ipv6 fdbf:1d37:bbe0:0:73:8:0:f9/112 fdbf:1d37:bbe0:0:73:8:0:1,ifconfig 10.4.144.249 255.255.255.0,peer-id 9,cipher AES-256-GCM'
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: compression parms modified
Apr 14 00:39:02 ovpn-client1[15478]: LZO compression initializing
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Apr 14 00:39:02 ovpn-client1[15478]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: route options modified
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: route-related options modified
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: peer-id set
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: adjusting link_mtu to 1629
Apr 14 00:39:02 ovpn-client1[15478]: OPTIONS IMPORT: data channel crypto options modified
Apr 14 00:39:02 ovpn-client1[15478]: Data Channel: using negotiated cipher 'AES-256-GCM'
Apr 14 00:39:02 ovpn-client1[15478]: Data Channel MTU parms [ L:1557 D:1300 EF:57 EB:407 ET:0 EL:3 ]
Apr 14 00:39:02 ovpn-client1[15478]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Apr 14 00:39:02 ovpn-client1[15478]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Apr 14 00:39:02 ovpn-client1[15478]: GDG6: remote_host_ipv6=n/a
Apr 14 00:39:02 ovpn-client1[15478]: TUN/TAP device tun11 opened
Apr 14 00:39:02 ovpn-client1[15478]: TUN/TAP TX queue length set to 1000
Apr 14 00:39:02 ovpn-client1[15478]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Apr 14 00:39:02 ovpn-client1[15478]: /usr/sbin/ip link set dev tun11 up mtu 1500
Apr 14 00:39:02 ovpn-client1[15478]: /usr/sbin/ip addr add dev tun11 10.4.144.249/24 broadcast 10.4.144.255
Apr 14 00:39:02 ovpn-client1[15478]: /usr/sbin/ip -6 addr add fdbf:1d37:bbe0:0:73:8:0:f9/112 dev tun11
Apr 14 00:39:02 ovpn-client1[15478]: Linux ip -6 addr add failed: external program exited with error status: 2
Apr 14 00:39:02 ovpn-client1[15478]: Exiting due to fatal error

eibgrad · Apr 13, 2019

Looks to me like the OpenVPN client is trying to add an IPv6 route to your router's local routing table, but it can't, probably because it's not configured to support IPv6, only IPv4.

I noticed in those instructions from the VPN provider they tell you to set IPv6 to Native. But that assumes you have an IPv6 configuration. It not, if you're strictly IPv4, then that should actually kept to disabled.

IOW, by setting it to Native, you're telling the OpenVPN server you are IPv6 capable, and it's therefore telling the OpenVPN client to establish IPv6 routes, which it obviously can't if the client is only configured for IPv4.

Thread starter	Title	Forum	Replies	Date
I	RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!)	Asuswrt-Merlin	14	Dec 13, 2023
P	Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware	Asuswrt-Merlin	9	Yesterday at 6:48 PM
G	Using VPN Director to route only torrent traffic through VPN	Asuswrt-Merlin	8	Friday at 2:44 AM
B	Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14	Asuswrt-Merlin	1	Oct 27, 2024
T	Wireguard Client VPN not using DNS	Asuswrt-Merlin	14	Oct 20, 2024
S	Wireguard VPN doesn't work, buyer beware	Asuswrt-Merlin	6	Oct 16, 2024
G	VPN director configuration for qBittorrent	Asuswrt-Merlin	7	Oct 15, 2024
J	ASUS GT-AXE16000 CPU usage with VPN on lan machine	Asuswrt-Merlin	25	Oct 13, 2024
I	Wireguard VPN client does not autostart after reboot	Asuswrt-Merlin	2	Oct 10, 2024
Z	Sudden VPN client issues with RX-AX82U	Asuswrt-Merlin	5	Oct 8, 2024

Search

Search

RT-AC3200 VPN Problem

j1mb0

Occasional Visitor

eibgrad

Part of the Furniture

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online