[Solved] RT-AC68U how to reset OpenVPN server

[actaris]

Hi,
there is a way to completely reset the OpenVpn server in RT-AC68U?
If I shut down the openVPN server the content of the folder

/tmp/etc/openvpn/

is deleted but when i switch on the openVPN server the folder

/tmp/etc/openvpn/vpnserver1

has new certificates/config fils but from GUI settings are the same before shutting down.

And I got this error in general section of OpenVPN:

Certification Authentication / Server certification / Server Key field error!
Please check the Keys and Certification contents on the Impostazioni avanzate page

and this is my client.ovpn visibly wrong (missing client key and certificate).
The CA (I shorted it for formatting issues) is regenerated every shutdown switch on of openVPN server:


client
dev tun
proto udp
remote xxxxxxxxns.org 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
MIID..................lUcp6zKKjBkMjE7yF5obPV+huUII
-----END CERTIFICATE-----
</ca>
<cert>
paste client certificate data here
</cert>
<key>
paste client key data here
</key>
resolv-retry infinite
nobind

thank you

 

[RMerlin]

/tmp/etc/openvpn/ is automaticaly generated at start time from the settings stored in nvram and JFFS (with firmwares starting with 378_6000). There's no global nuke button, you will have to either changed the settings through the webui, or erase the /jffs/openvpn/ folder content if running FW newer than 6xxx.

 

[actaris]

Thank you,

deleting the content of the /jffs/openvpn/ folder partially solved problem

the router rebuilded from the scratch certificates and now the OpenVPN server works but...

only with the admin user: adding other users results in, conneting:

AUTH: Received control message: AUTH_FAILED

also with pippo/pippo username and password.

Also, advanced settings (port and auth) remained the same before deleting /jffs/openvpn.

Now the OpenVPN server is again available and other problems are secondary.

It's about solved but it's not solved

Thank You again

 

[actaris]

this is the answer of Asus official support Translated from italian::

Dear customer,

About the problem described, unfortunately you have to restore the router's firmware.
Please reset the router's firmware.
Please unplug the power cable, press the reset button on the router and at the same time connect the power cable while continuing to press the reset button for 1-2 seconds.
(Router in rescue mode = "power LED" flashing)

After the restoration, we invite you to press the RESET button on the router for 5-10 seconds and reconfigure it

Please download from the following link below the utility "firmware restoration" and install it in your PC to restore your firmware.

Link firmware:
http://support.asus.com/Download.as...U_30043787177.zip#FW_RT_AC68U_30043787177.zip


Link "firmware restoration"
http://support.asus.com/Download.as...ue_RT_AC68U_2000.zip#Rescue_RT_AC68U_2000.zip



I think this solve the question

 

[ArronF]

Is there anyway to do this without having to re-flash the router?

 

[RMerlin]

Is there anyway to do this without having to re-flash the router?

Reflashing the firmware won't do anything - they gave you a generic answer that solves a whole bunch of different problems in one single procedure (flash latest + do a factory default reset). It's that last part that would have done the trick.

You will have to manually unset every single vpn setting over SSH to force the defaults to be re-applied. This is the list of commands:

nvram unset vpn_server1_nm
nvram unset vpn_server1_local
nvram unset vpn_server1_hmac
nvram unset vpn_server1_errno
nvram unset vpn_server1_rgw
nvram unset vpn_server1_poll
nvram unset vpn_server1_reneg
nvram unset vpn_server1_r1
nvram unset vpn_server1_r2
nvram unset vpn_server1_pdns
nvram unset vpn_server1_if
nvram unset vpn_server1_custom
nvram unset vpn_server1_remote
nvram unset vpn_server1_userpass_auth
nvram unset vpn_server1_comp
nvram unset vpn_server1_ccd_val
nvram unset vpn_server1_firewall
nvram unset vpn_server1_ccd
nvram unset vpn_server1_sn
nvram unset vpn_server1_c2c
nvram unset vpn_server1_state
nvram unset vpn_server1_plan
nvram unset vpn_server1_crypt
nvram unset vpn_server1_ccd_excl
nvram unset vpn_server1_sockbuf
nvram unset vpn_server1_proto
nvram unset vpn_server1_igncrt
nvram unset vpn_server1_dhcp
nvram unset vpn_server1_cipher
nvram unset vpn_server1_port
nvram commit
reboot

 

[actaris]

thank you, I'll try as soon as possible after holidays

 

[actaris]

thank you very much, Rmerlin, worked perfectly, I'll save your tip in my records

 

[Draco]

Reflashing the firmware won't do anything - they gave you a generic answer that solves a whole bunch of different problems in one single procedure (flash latest + do a factory default reset). It's that last part that would have done the trick.

You will have to manually unset every single vpn setting over SSH to force the defaults to be re-applied. This is the list of commands:

nvram unset vpn_server1_nm
nvram unset vpn_server1_local
nvram unset vpn_server1_hmac
nvram unset vpn_server1_errno
nvram unset vpn_server1_rgw
nvram unset vpn_server1_poll
nvram unset vpn_server1_reneg
nvram unset vpn_server1_r1
nvram unset vpn_server1_r2
nvram unset vpn_server1_pdns
nvram unset vpn_server1_if
nvram unset vpn_server1_custom
nvram unset vpn_server1_remote
nvram unset vpn_server1_userpass_auth
nvram unset vpn_server1_comp
nvram unset vpn_server1_ccd_val
nvram unset vpn_server1_firewall
nvram unset vpn_server1_ccd
nvram unset vpn_server1_sn
nvram unset vpn_server1_c2c
nvram unset vpn_server1_state
nvram unset vpn_server1_plan
nvram unset vpn_server1_crypt
nvram unset vpn_server1_ccd_excl
nvram unset vpn_server1_sockbuf
nvram unset vpn_server1_proto
nvram unset vpn_server1_igncrt
nvram unset vpn_server1_dhcp
nvram unset vpn_server1_cipher
nvram unset vpn_server1_port
nvram commit
reboot

Thanks for the tip! I was having a similar issue, but it was due to a bad certificate that would not clear out. On top of the above + clearing files:

nvram unset vpn_crt_server1_client_key
nvram unset vpn_crt_server1_ca_key
nvram unset vpn_crt_server1_key
nvram unset vpn_crt_server1_dh
nvram unset vpn_crt_server1_static
nvram unset vpn_crt_server1_ca
nvram commit
reboot

Once the bad ca was cleared, everything worked again. (RT-AC5300 - Both Merlin, Stock had the same issue). I guess a word of warning to anyone that does the above - it will clear your certificates out. If you use the auto-generated certs, you will need to set the clients up again.

 

[fusionstream]

I had to remove the /jffs/openvpn/* files after both servers were off and then run the following in order for it to totally clear out the certificates (but some settings on the ui page still remained but they didn't affect me)

nvram unset vpn_crt_server1_ca
nvram unset vpn_crt_server1_ca
nvram unset vpn_crt_server1_ca_key
nvram unset vpn_crt_server1_client_crt
nvram unset vpn_crt_server1_client_key
nvram unset vpn_crt_server1_crl
nvram unset vpn_crt_server1_crt
nvram unset vpn_crt_server1_dh
nvram unset vpn_crt_server1_key
nvram unset vpn_crt_server1_static
nvram unset vpn_crt_server2_ca
nvram unset vpn_crt_server2_ca_key
nvram unset vpn_crt_server2_client_crt
nvram unset vpn_crt_server2_client_key
nvram unset vpn_crt_server2_crl
nvram unset vpn_crt_server2_crt
nvram unset vpn_crt_server2_dh
nvram unset vpn_crt_server2_key
nvram unset vpn_crt_server2_static
nvram unset vpn_server_c2c
nvram unset vpn_server_ccd
nvram unset vpn_server_ccd_excl
nvram unset vpn_server_ccd_val
nvram unset vpn_server_cipher
nvram unset vpn_server_comp
nvram unset vpn_server_crypt
nvram unset vpn_server_custom
nvram unset vpn_server_dhcp
nvram unset vpn_server_digest
nvram unset vpn_server_firewall
nvram unset vpn_server_hmac
nvram unset vpn_server_if
nvram unset vpn_server_igncrt
nvram unset vpn_server_local
nvram unset vpn_server_ncp_ciphers
nvram unset vpn_server_ncp_enable
nvram unset vpn_server_nm
nvram unset vpn_server_pdns
nvram unset vpn_server_plan
nvram unset vpn_server_poll
nvram unset vpn_server_port
nvram unset vpn_server_proto
nvram unset vpn_server_r1
nvram unset vpn_server_r2
nvram unset vpn_server_remote
nvram unset vpn_server_reneg
nvram unset vpn_server_rgw
nvram unset vpn_server_sn
nvram unset vpn_server_sockbuf
nvram unset vpn_server_unit
nvram unset vpn_server_userpass_auth
nvram unset vpn_server_verb
nvram unset vpn_server1_c2c
nvram unset vpn_server1_ccd
nvram unset vpn_server1_ccd_excl
nvram unset vpn_server1_ccd_val
nvram unset vpn_server1_cipher
nvram unset vpn_server1_comp
nvram unset vpn_server1_crypt
nvram unset vpn_server1_custom
nvram unset vpn_server1_dhcp
nvram unset vpn_server1_digest
nvram unset vpn_server1_errno
nvram unset vpn_server1_firewall
nvram unset vpn_server1_hmac
nvram unset vpn_server1_if
nvram unset vpn_server1_igncrt
nvram unset vpn_server1_local
nvram unset vpn_server1_ncp_ciphers
nvram unset vpn_server1_ncp_enable
nvram unset vpn_server1_nm
nvram unset vpn_server1_pdns
nvram unset vpn_server1_plan
nvram unset vpn_server1_poll
nvram unset vpn_server1_port
nvram unset vpn_server1_proto
nvram unset vpn_server1_r1
nvram unset vpn_server1_r2
nvram unset vpn_server1_remote
nvram unset vpn_server1_reneg
nvram unset vpn_server1_rgw
nvram unset vpn_server1_sn
nvram unset vpn_server1_state
nvram unset vpn_server1_userpass_auth
nvram unset vpn_server1_verb
nvram unset vpn_server2_c2c
nvram unset vpn_server2_ccd
nvram unset vpn_server2_ccd_excl
nvram unset vpn_server2_ccd_val
nvram unset vpn_server2_cipher
nvram unset vpn_server2_comp
nvram unset vpn_server2_crypt
nvram unset vpn_server2_custom
nvram unset vpn_server2_dhcp
nvram unset vpn_server2_digest
nvram unset vpn_server2_errno
nvram unset vpn_server2_firewall
nvram unset vpn_server2_hmac
nvram unset vpn_server2_if
nvram unset vpn_server2_igncrt
nvram unset vpn_server2_local
nvram unset vpn_server2_ncp_ciphers
nvram unset vpn_server2_ncp_enable
nvram unset vpn_server2_nm
nvram unset vpn_server2_pdns
nvram unset vpn_server2_plan
nvram unset vpn_server2_poll
nvram unset vpn_server2_port
nvram unset vpn_server2_proto
nvram unset vpn_server2_r1
nvram unset vpn_server2_r2
nvram unset vpn_server2_remote
nvram unset vpn_server2_reneg
nvram unset vpn_server2_rgw
nvram unset vpn_server2_sn
nvram unset vpn_server2_state
nvram unset vpn_server2_userpass_auth
nvram unset vpn_server2_verb