How to set up VPN right?

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello guys,

I would like to use a VPN with frtizbox 4020 run with openwrt and tried it to set it up with :

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client

vpnclient.conf

client
#dev tun
proto udp
remote nl2-ovpn-udp.pointtoserver.com 53
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
#auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
user nobody
group nogroup
#dev tun0
user nobody
group nogroup
dev tun0
auth-user-pass /etc/openvpn/vpnclient.auth
redirect-gateway def1 ipv6

but Nothing happen when i start the service, IP is still on same adress.
Used openVPN file
please for help

2

When using a VPN service they almost always have a suggested config file called something.ovpn and you should download that and use it mostly as it is. Place an option config in the /etc/config/openvpn file pointing to the .ovpn file.

There's a reason these files are named .ovpn instead of .conf. OpenVPN has the usually unwanted feature of automatically parsing any and every /etc/openvpn/*.conf file upon startup. You generally don't want that.

OpenVPN makes tons of entries for logread that usually explain why it did not work.

1 Like
3

Okay, thanks for your answer.

how to point on /etc/openvpn/NL-tcp.ovpn ?
which command i need in the file...

in the NL-tcp.ovpn still need to be a contact to vpnclient.auth

in .ovpn file
auth-user-pass /etc/openvpn/vpnclient.auth

4

Your config openvpn would have only this:

config openvpn 'nl-tcp'
    option enabled 1 
    option config '/etc/openvpn/NL-tcp.ovpn'

Also you need to create /etc/openvpn/vpnclient.auth with two lines of plain text. The first line is your username and the second line is the password.

5

Still not working, i was looking for some misstakes but could not found one

vpnclient.conf

config openvpn 'nl-tcp'
    option enabled 1 
    option config '/etc/openvpn/NL-tcp.ovpn'

vpnclient.auth
username
paswort

NL-tcp.ovpn
client
dev 
tun
proto tcp
remote nl2-ovpn-tcp.pointtoserver.com 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass '/etc/openvpn/vpnclient.auth'
auth-retry interact
ifconfig-nowarn
6

You have messed the things even more.
Revert to the state of your head post, it was correct.

Specify full path to the certificate and key files:

Or use inline format:
https://community.openvpn.net/openvpn/wiki/IOSinline

Remove redundant and Windows-specific options:

Remove duplicates:

Follow the troubleshooting section of the guide if the issue persists.

7

okay thanks,
I prepared it.... i sould it should be right ?

client
dev tun
proto tcp
remote nl2-ovpn-tcp.pointtoserver.com 80
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
auth-user-pass '/etc/openvpn/vpnclient.auth'
auth-retry interact
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT
D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T
ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB
FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw
OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI
SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE
AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd
BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1
Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26
nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O
pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS
Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM
aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV
HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr
YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD
ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw
CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T
ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C
CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H
MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn
NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG
dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO
xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg
p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS
4ZjTr9nMn6WdAHU2
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
e30af995f56d07426d9ba1f824730521
d4283db4b4d0cdda9c6e8759a3799dcb
7939b6a5989160c9660de0f6125cbb1f
585b41c074b2fe88ecfcf17eab9a33be
1352379cdf74952b588fb161a93e13df
9135b2b29038231e02d657a6225705e6
868ccb0c384ed11614690a1894bfbeb2
74cebf1fe9c2329bdd5c8a40fe882062
4d2ea7540cd79ab76892db51fc371a3a
c5fc9573afecb3fffe3281e61d72e915
79d9b03d8cbf7909b3aebf4d90850321
ee6b7d0a7846d15c27d8290e031e951e
19438a4654663cad975e138f5bc5af89
c737ad822f27e19057731f41e1e254cc
9c95b7175c622422cde9f1f2cfd3510a
dd94498b4d7133d3729dd214a16b27fb
-----END OpenVPN Static key V1-----
</tls-auth>
8

It looks better now.

This one is redundant, because it's enabled by default.
You can safely remove it.

I believe you should remove it as well.
You are fetching username/password credentials from the file.
So there's no need in interaction.

Restart the service and check the log.

1 Like
9

I need to open the file via terminal , yes ?

i get this error code first

root@OpenWrt:~# openvpn '/etc/openvpn/NL-tcp.ovpn'
Thu Mar 28 21:14:40 2019 OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Mar 28 21:14:40 2019 library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Thu Mar 28 21:14:40 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Mar 28 21:14:40 2019 OpenSSL: error:0906D064:lib(9):func(109):reason(100)
Thu Mar 28 21:14:41 2019 OpenSSL: error:140AD009:lib(20):func(173):reason(9)
Thu Mar 28 21:14:41 2019 Cannot load inline certificate file
Thu Mar 28 21:14:41 2019 Exiting due to fatal error
root@OpenWrt:~# root@OpenWrt:~# openvpn '/etc/openvpn/NL-tcp.ovpn'
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# Options error: Unrecognized option or missing or extra parameter(s) in /etc
/openvpn/NL-tcp.ovpn:2: dev (2.4.5)
-ash: syntax error: unexpected "("
root@OpenWrt:~# 


#second try with filling up the certificate file, but got only ca.crt.crt and wdc.key

root@OpenWrt:~# openvpn '/etc/openvpn/NL-tcp.ovpn'
Thu Mar 28 21:27:00 2019 OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Mar 28 21:27:00 2019 library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Thu Mar 28 21:27:00 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Mar 28 21:27:00 2019 Error: private key password verification failed
Thu Mar 28 21:27:00 2019 Exiting due to fatal error
root@OpenWrt:~#
10

i got it running with another VPN service
but it will be interesting how to boot with VPN and run it on my paid VPN provider (purevpn).

11

Those errors all seem certificate-related, i.e. the certificates you got from the VPN service were corrupted or incompatible. So no wonder they go away when you use a different service.

1 Like
13

The certificate used is for ivacy vpn, that's why mikii is getting those errors.

14

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.