My Problem:
- I just setup OpenVPN on the latest OpenWrt. I followed the OpenWrt guide on setting up the OpenVPN server and creating server and client config files.
- I can use the client.ovpn to connect to the server using the OpenVPN GUI (Community) in Windows 10 but it does not connect from a Manjaro client.
My Setup:
OpenWrt 21.02.1, r16325-88151b8303
Raspberry Pi 4 B+
root@OPENWRT:/etc/openvpn# openvpn --version
OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
I followed these OpenWrt website instructions.
In Manjaro I installed:
sudo pacman -S networkmanager-openvpn
I went to System Settings > Network > Connections > and imported the same client key .ovpn file that works in Windows. (I disconnected from the Windows OpenVPN Client first)
Client side debugging (From Terminal in Manjaro):
# journalctl -u NetworkManager -b --no-hostname --no-pager
I get this...
TCP connection established with [AF_INET]192.168.1.254:1194
But then also this:
Connection reset, restarting [0]
VPN connection: connect timeout exceeded
Server side debugging (From Terminal when ssh'ing in to OpenWrt).
I type this command then initiate a connection from the Client:
# logread ; logread -f
I get the error:
TCP connection established with [AF_INET]192.168.1.180:52330
192.168.1.180:52330 TLS Error: could not determine wrapping from [AF_INET]192.168.1.180:52330
192.168.1.180:52330 Fatal TLS error (check_tls_errors_co), restarting
Client.ovpn
user nobody
group nogroup
dev tun
nobind
client
remote 192.168.1.254 1194 tcp
auth-nocache
remote-cert-tls server
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
server.conf
user nobody
group nogroup
dev tun
port 1194
proto tcp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
</dh>
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 server key-----
-----END OpenVPN tls-crypt-v2 server key-----
</tls-crypt-v2>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
- I am just testing here so the OpenWrt server (192.168.1.254) is in the same Local LAN as my Manjaro client (192.168.1.180) But I do the same thing with a Windows client and it does connect.
- I don't think the issue is maybe the OpenWrt firewall (that is stopping a Manjaro client but not a Windows client when they try to connect to OpenVPN server from within the same LAN??)
- Maybe it’s something in the Manjaro OpenVPN client that doesn’t support tls-crypt-v2??
This type of problem was reported here before but I can't understand what was done to solve it.
I appreciate any help.
Thank you,
Flex