Cannot connect to OpenVPN running on OpenWrt from Manjaro

Installing and Using OpenWrt Network and Wireless Configuration
1

My Problem:

  • I just setup OpenVPN on the latest OpenWrt. I followed the OpenWrt guide on setting up the OpenVPN server and creating server and client config files.
  • I can use the client.ovpn to connect to the server using the OpenVPN GUI (Community) in Windows 10 but it does not connect from a Manjaro client.

My Setup:
OpenWrt 21.02.1, r16325-88151b8303
Raspberry Pi 4 B+

root@OPENWRT:/etc/openvpn# openvpn --version
OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>

I followed these OpenWrt website instructions.

In Manjaro I installed:
sudo pacman -S networkmanager-openvpn

I went to System Settings > Network > Connections > and imported the same client key .ovpn file that works in Windows. (I disconnected from the Windows OpenVPN Client first)

Client side debugging (From Terminal in Manjaro):
# journalctl -u NetworkManager -b --no-hostname --no-pager
I get this...
TCP connection established with [AF_INET]192.168.1.254:1194
But then also this:

Connection reset, restarting [0]
VPN connection: connect timeout exceeded

Server side debugging (From Terminal when ssh'ing in to OpenWrt).
I type this command then initiate a connection from the Client:
# logread ; logread -f
I get the error:

TCP connection established with [AF_INET]192.168.1.180:52330
192.168.1.180:52330 TLS Error: could not determine wrapping from [AF_INET]192.168.1.180:52330
192.168.1.180:52330 Fatal TLS error (check_tls_errors_co), restarting

Client.ovpn

user nobody
group nogroup
dev tun
nobind
client
remote 192.168.1.254 1194 tcp
auth-nocache
remote-cert-tls server
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----

-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

server.conf

user nobody
group nogroup
dev tun
port 1194
proto tcp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----
</dh>
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 server key-----

-----END OpenVPN tls-crypt-v2 server key-----
</tls-crypt-v2>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
  • I am just testing here so the OpenWrt server (192.168.1.254) is in the same Local LAN as my Manjaro client (192.168.1.180) But I do the same thing with a Windows client and it does connect.
  • I don't think the issue is maybe the OpenWrt firewall (that is stopping a Manjaro client but not a Windows client when they try to connect to OpenVPN server from within the same LAN??)
  • Maybe it’s something in the Manjaro OpenVPN client that doesn’t support tls-crypt-v2??

This type of problem was reported here before but I can't understand what was done to solve it.

I appreciate any help.

Thank you,

Flex

2

I think the issue IS that NetworkManager in Manjaro does not support tls-crypt-v2. Supporting evidence here and here.

Does anyone know what changes to make to the OpenWrt OpenVPN install instructions to support tls-crypt instead of tls-crypt-v2?

Cheers,

Flex

3

Problem setting up OpenVPN server - #5 by vgaetera

4

Thanks @vgaetera

In my case my set up is:

OpenWrt 21.02.1, r16325-88151b8303
Raspberry Pi 4 B+

root@OPENWRT:/etc/openvpn# openvpn --version
OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10

So following this link to... "This is an old revision of the document" about setting up OpenVPN server on OpenWrt.

Can I just paste those commands in 2. Key management and 4. VPN service directly into a Terminal to my OpenWrt router as I did before? Will it break anything or will those commands clear out my existing tls-crypt-vs client and server configs and then create new ones in the standard? Or do I need to manually delete what I have first?

Cheers,

Flex

5

Just wanted to report back that I got the ManjaroNetwork manager to connect to my OpenVPN.

It looks like in Manjaro KDE if you go to System Settings > Network > Connections and use the GUI of NetworkManager it does not properly import a client .ovpn file.
When I used the NetworkManager Command Line Interface it worked. I used these commands from this web page.
I had saved the client config file in /home/flex/OpenWrt/client1.ovpn

CODE: SELECT ALL

# cd /home/flex/OpenWrt
# nmcli connection delete client1
# sudo nmcli connection import type openvpn file client1.ovpn
# nmcli connection up client1
# nmcli connection show

I can now connect to the OpenVPN server and the connection is always available from my "Networks" in the systray.

I made a group for “nogroup” in Manjaro and that solved the error of no guid found. I will reduce the verb level now.

Thank you,

Flex

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.