mikii
March 20, 2019, 9:32pm
1
Hello guys,
I would like to use a VPN with frtizbox 4020 run with openwrt and tried it to set it up with :
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client
vpnclient.conf
client
#dev tun
proto udp
remote nl2-ovpn-udp.pointtoserver.com 53
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
#auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
user nobody
group nogroup
#dev tun0
user nobody
group nogroup
dev tun0
auth-user-pass /etc/openvpn/vpnclient.auth
redirect-gateway def1 ipv6
but Nothing happen when i start the service, IP is still on same adress.
Used openVPN file
please for help
mk24
March 20, 2019, 9:45pm
2
When using a VPN service they almost always have a suggested config file called something.ovpn and you should download that and use it mostly as it is. Place an option config in the /etc/config/openvpn file pointing to the .ovpn file.
There's a reason these files are named .ovpn instead of .conf. OpenVPN has the usually unwanted feature of automatically parsing any and every /etc/openvpn/*.conf file upon startup. You generally don't want that.
OpenVPN makes tons of entries for logread
that usually explain why it did not work.
1 Like
mikii
March 20, 2019, 11:29pm
3
Okay, thanks for your answer.
how to point on /etc/openvpn/NL-tcp.ovpn ?
which command i need in the file...
in the NL-tcp.ovpn still need to be a contact to vpnclient.auth
in .ovpn file
auth-user-pass /etc/openvpn/vpnclient.auth
mk24
March 20, 2019, 11:57pm
4
Your config openvpn would have only this:
config openvpn 'nl-tcp'
option enabled 1
option config '/etc/openvpn/NL-tcp.ovpn'
Also you need to create /etc/openvpn/vpnclient.auth with two lines of plain text. The first line is your username and the second line is the password.
mikii
March 23, 2019, 11:37am
5
Still not working, i was looking for some misstakes but could not found one
vpnclient.conf
config openvpn 'nl-tcp'
option enabled 1
option config '/etc/openvpn/NL-tcp.ovpn'
vpnclient.auth
username
paswort
NL-tcp.ovpn
client
dev
tun
proto tcp
remote nl2-ovpn-tcp.pointtoserver.com 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass '/etc/openvpn/vpnclient.auth'
auth-retry interact
ifconfig-nowarn
mikii:
Still not working
You have messed the things even more.
Revert to the state of your head post, it was correct.
Specify full path to the certificate and key files:
Or use inline format:
https://community.openvpn.net/openvpn/wiki/IOSinline
Remove redundant and Windows-specific options:
Remove duplicates:
Follow the troubleshooting section of the guide if the issue persists.
mikii
March 28, 2019, 3:40pm
7
okay thanks,
I prepared it.... i sould it should be right ?
client
dev tun
proto tcp
remote nl2-ovpn-tcp.pointtoserver.com 80
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
auth-user-pass '/etc/openvpn/vpnclient.auth'
auth-retry interact
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT
D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T
ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB
FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw
OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI
SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE
AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd
BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1
Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26
nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O
pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS
Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM
aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV
HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr
YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD
ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw
CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T
ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C
CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H
MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn
NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG
dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO
xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg
p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS
4ZjTr9nMn6WdAHU2
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
e30af995f56d07426d9ba1f824730521
d4283db4b4d0cdda9c6e8759a3799dcb
7939b6a5989160c9660de0f6125cbb1f
585b41c074b2fe88ecfcf17eab9a33be
1352379cdf74952b588fb161a93e13df
9135b2b29038231e02d657a6225705e6
868ccb0c384ed11614690a1894bfbeb2
74cebf1fe9c2329bdd5c8a40fe882062
4d2ea7540cd79ab76892db51fc371a3a
c5fc9573afecb3fffe3281e61d72e915
79d9b03d8cbf7909b3aebf4d90850321
ee6b7d0a7846d15c27d8290e031e951e
19438a4654663cad975e138f5bc5af89
c737ad822f27e19057731f41e1e254cc
9c95b7175c622422cde9f1f2cfd3510a
dd94498b4d7133d3729dd214a16b27fb
-----END OpenVPN Static key V1-----
</tls-auth>
It looks better now.
mikii:
resolv-retry infinite
This one is redundant, because it's enabled by default.
You can safely remove it.
mikii:
auth-retry interact
I believe you should remove it as well.
You are fetching username/password credentials from the file.
So there's no need in interaction.
Restart the service and check the log.
1 Like
mikii
March 28, 2019, 9:32pm
9
I need to open the file via terminal , yes ?
i get this error code first
root@OpenWrt:~# openvpn '/etc/openvpn/NL-tcp.ovpn'
Thu Mar 28 21:14:40 2019 OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Mar 28 21:14:40 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Thu Mar 28 21:14:40 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Mar 28 21:14:40 2019 OpenSSL: error:0906D064:lib(9):func(109):reason(100)
Thu Mar 28 21:14:41 2019 OpenSSL: error:140AD009:lib(20):func(173):reason(9)
Thu Mar 28 21:14:41 2019 Cannot load inline certificate file
Thu Mar 28 21:14:41 2019 Exiting due to fatal error
root@OpenWrt:~# root@OpenWrt:~# openvpn '/etc/openvpn/NL-tcp.ovpn'
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# Options error: Unrecognized option or missing or extra parameter(s) in /etc
/openvpn/NL-tcp.ovpn:2: dev (2.4.5)
-ash: syntax error: unexpected "("
root@OpenWrt:~#
#second try with filling up the certificate file, but got only ca.crt.crt and wdc.key
root@OpenWrt:~# openvpn '/etc/openvpn/NL-tcp.ovpn'
Thu Mar 28 21:27:00 2019 OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Mar 28 21:27:00 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Thu Mar 28 21:27:00 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Mar 28 21:27:00 2019 Error: private key password verification failed
Thu Mar 28 21:27:00 2019 Exiting due to fatal error
root@OpenWrt:~#
mikii
March 28, 2019, 10:17pm
10
i got it running with another VPN service
but it will be interesting how to boot with VPN and run it on my paid VPN provider (purevpn).
mk24
March 29, 2019, 5:53pm
11
Those errors all seem certificate-related, i.e. the certificates you got from the VPN service were corrupted or incompatible. So no wonder they go away when you use a different service.
1 Like
The certificate used is for ivacy vpn, that's why mikii is getting those errors.
system
Closed
April 8, 2019, 11:31pm
14
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.