I'm trying to set up express vpn on 19.07.4, there's no official guide, but the few unofficial ones I've found looked to be the same as the openvpn client guide in the OpenWrt docs. So I followed the OpenWrt guide using the option to upload the ovpn file through Luci, the only change I made was to bring the tun0 interface and express vpn instance up on boot. It tries to connect -
Mon Oct 12 11:03:15 2020 daemon.notice openvpn(expressvpn)[13264]: [Server-5352-1a] Peer Connection Initiated with [AF_INET] *ip removed*
But always exits with an auth failure -
Mon Oct 12 11:03:16 2020 daemon.notice openvpn(expressvpn)[13264]: SENT CONTROL [Server-5352-1a]: 'PUSH_REQUEST' (status=1)
Mon Oct 12 11:03:16 2020 daemon.notice openvpn(expressvpn)[13264]: AUTH: Received control message: AUTH_FAILED
Mon Oct 12 11:03:16 2020 daemon.notice openvpn(expressvpn)[13264]: SIGTERM[soft,auth-failure] received, process exiting
Here's the ovpn file provided by express vpn
dev tun
fast-io
persist-key
persist-tun
nobind
remote (server/port removed)
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass /etc/openvpn/expressvpn.auth
I've tried a few servers all with the same result and double checked username and password, just wondering if anyone had any ideas.
Thanks, the accounts fine and working fine on the mobile app, express vpn has their own firmware that's based on OpenWrt, so I'm going to install that and see if I can get any clues on what needs to be done to get it working on official OpenWrt.
Right, I'm using the unique name and password provided by express vpn, meaning not my account name/password. My only guess right now is I'm not putting the keys in the right place, currently have them in /etc/openvpn because I don't know where else they would go.
Thanks, that didn’t occur to me, sounds like a good idea.
Express vpn has a guide for dd-wrt, so I just went ahead and tested the keys/username/password that way and it worked fine, thanks for the tip @bill888. I’ll install the openwrt based express vpn firmware and see if there’s anything there that might give some clues.
fwiw, did you try the alternative guide linked at bottom of the wiki page? https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci
Having suggested it, most users have issues with firewall (rather than authentication) which the tutorial helps them to resolve.
I have a linksy's wrt1200 v1, i did see that guide and I'm planning on giving it a go after I look around the express vpn firmware. Yeah, I would have thought that any problems would be firewall related too, I've seen that others have gotten express vpn working on official openwrt, but I haven't found anyone else having problems with credentials.
You can test manually on your openwrt device (or anywhere with openvpn installed) using:
openvpn --config expressvpn.conf
For reference, the ovpn files I last downloaded from ExpressVPN (around last year - my account is expired so I can check anymore) had the keys/certs within the ovpn files and therefore there was no need to put them anywhere else on the device (not like setting up a client). So, maybe have a look at downloading a new ovpn from your account and just change the auth-user-pass line to point to your file with credentials.
If you really want to have the ca, certs,... in separate file, you should be able to use the "cert", "ca", "key" type lines in your ovpn file.
Thanks, @VincentR, the keys and certs are in my ovpn file too, I just tried putting them in a separate file after that didn't work, the separate file just resulted in an unknown option error. I'l reinstall and check the config.