Everything "Done by the Book" but OpenVPN wont connect !?

PhilippElhaus · June 24, 2020, 8:26am

I've a freshly flashed Netgear R6250 Router with the latest OpenWRT version installed. No additional settings etc. The Router connects directly to a Modem which provides internet access to all its clients.

I followed the tutorial listed here : https://support.nordvpn.com/Connectivity/Router/1047411192/OpenWRT-CI-setup-with-NordVPN.htm in full and complete detail, actually triple checked EVERYTHING. I was hoping i have a typo somehwere but i have apparently not.

When trying to verify my IP, im not getting a VPN connection. The OpenVPN logfile says everything's ok:

08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
08:18:23 2020 daemon.warn openvpn(nordvpn)[3214]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: NOTE: --fast-io is disabled since we are not using UDP
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.156.227:443
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: Socket Buffers: R=[87380->87380] S=[16384->16384]
08:18:23 2020 daemon.notice openvpn(nordvpn)[3214]: Attempting to establish TCP connection with [AF_INET]37.120.156.227:443 [nonblock]
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: TCP connection established with [AF_INET]37.120.156.227:443
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: TCP_CLIENT link local: (not bound)
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: TCP_CLIENT link remote: [AF_INET]37.120.156.227:443
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: TLS: Initial packet from [AF_INET]37.120.156.227:443, sid=ea60dec3 4d6ad386
08:18:24 2020 daemon.warn openvpn(nordvpn)[3214]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA4
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: VERIFY KU OK
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: Validating certificate extended key usage
Wed Jun 24 08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: VERIFY EKU OK
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: VERIFY OK: depth=0, CN=pl135.nordvpn.com
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
08:18:24 2020 daemon.notice openvpn(nordvpn)[3214]: [pl135.nordvpn.com] Peer Connection Initiated with [AF_INET]37.120.156.227:443
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: SENT CONTROL [pl135.nordvpn.com]: 'PUSH_REQUEST' (status=1)
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.0.5 255.255.255.0,peer-id 0,cipher AES-256-GCM'
08:18:25 2020 daemon.err openvpn(nordvpn)[3214]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
08:18:25 2020 daemon.err openvpn(nordvpn)[3214]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
08:18:25 2020 daemon.err openvpn(nordvpn)[3214]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: timers and/or timeouts modified
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: compression parms modified
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: Socket Buffers: R=[341760->327680] S=[44800->327680]
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: --ifconfig/up options modified
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: route-related options modified
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: peer-id set
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: adjusting link_mtu to 1659
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: OPTIONS IMPORT: data channel crypto options modified
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: Data Channel: using negotiated cipher 'AES-256-GCM'
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: TUN/TAP device tun0 opened
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: TUN/TAP TX queue length set to 100
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: /sbin/ifconfig tun0 10.7.0.5 netmask 255.255.255.0 mtu 1500 broadcast 10.7.0.255
08:18:25 2020 daemon.notice netifd: Interface 'nordvpntun' is enabled
08:18:25 2020 daemon.notice netifd: Network device 'tun0' link is up
08:18:25 2020 daemon.notice netifd: Interface 'nordvpntun' has link connectivity
08:18:25 2020 daemon.notice netifd: Interface 'nordvpntun' is setting up now
08:18:25 2020 daemon.notice netifd: Interface 'nordvpntun' is now up
08:18:25 2020 daemon.notice openvpn(nordvpn)[3214]: Initialization Sequence Completed
08:18:25 2020 user.notice firewall: Reloading firewall due to ifup of nordvpntun (tun0)

In the interface overview it shows me the VPN tunnel, but apparently it's "unmanaged" and no traffic going through it. It drives me crazy. Has someone an idea?

moeller0 · June 24, 2020, 8:37am

Hmm, the private IPv4 address on your WAN interface, makes me believe that your "modem" might be running in router mode. I would assume that you would need at least to configure a port redirection for the VPN port so that the modem actually does the right thing with VPN packets it receives.
BUT this is really just a wild guess...

PhilippElhaus · June 24, 2020, 8:38am

that actually fixed it. thanks a lot

system · July 4, 2020, 8:38am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.