Openvpn installation - multiple howtos

i have OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152) and that links comes with no solution :frowning: means noone is able to use openvpn on openwrt?

I've tested it on OpenWrt 18.06.1 and it works fine.
Show your OpenVPN client and server configs.

Weird, configs are generated by script provided on howto website. Will paste them shortly.
YES - mine configs are exactly same as you pasted... as it was generated by scripts on howto website. I do not understand then where is the issue?

the client one:
verb 3
nobind
dev tun
client
remote 10.0.0.4 1194 udp
auth-nocache
remote-cert-tls server

and the server:
client-to-client
persist-key
persist-tun
ca /etc/easy-rsa/pki/ca.crt
cert /etc/easy-rsa/pki/issued/vpnserver.crt
compress lzo
dev tun0
dh /etc/easy-rsa/pki/dh.pem
group nogroup
keepalive 10 120
key /etc/easy-rsa/pki/private/vpnserver.key
port 1194
proto udp
push "redirect-gateway def1"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "compress lzo"
push "persist-tun"
push "persist-key"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "dhcp-option DOMAIN lan"
push "dhcp-option DNS 10.0.1.1"
push "persist-tun"
push "persist-key"
push "redirect-gateway def1"
push "dhcp-option DOMAIN lan"
push "dhcp-option DNS 10.0.1.1"
push "persist-tun"
push "persist-key"
push "redirect-gateway def1"
push "dhcp-option DOMAIN lan"
push "dhcp-option DNS 10.0.1.1"
push "persist-tun"
push "persist-key"
server 192.168.8.0 255.255.255.0
tls-crypt /etc/easy-rsa/pki/tc.pem
topology subnet
user nobody
verb 3

It should be like this:

# cat /etc/easy-rsa/pki/tc.pem 
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----

# cat /etc/openvpn/vpnclient.ovpn
verb 3
nobind
dev tun
client
remote SERVER_ADDRESS 1194 udp
auth-nocache
remote-cert-tls server
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

my config looks exactly same!

Try to disable tls-crypt, at least temporary.

to disable tls-crpyt where? client/ server?

Both client and server.

Could you create OpenVPN Client article redirect too? Thanks.
https://oldwiki.archive.openwrt.org/doc/howto/vpn.client.openvpn.tun

Done, redirect created.

1 Like

not sure how to do that.

To ensure file integrity, try to extract your client profile from backup archive:
https://openwrt.org/docs/guide-user/installation/generic.backup#backup_openwrt_configuration

If that doesn't help, remove tls-crypt from both client and server configs and restart the services.

well i copied out client profile file via scp to windows so i dont think there is some issue with integrity.

Just was wondering how to disable that tls stuff

Yep, then it should be fine.

sed -i -e "/<tls-crypt>/,/<\/tls-crypt>/d;/^tls-crypt/d" /etc/openvpn/*.ovpn
uci delete openvpn.vpnserver.tls_crypt
uci commit openvpn
service openvpn restart vpnserver

it works now

That's good.
Are you using OpenWrt 18.06.1 on the client side too?

no, just windows 7

Make sure you are using recommended client and its version is up to date:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/extras#references

i do use openvpn connect lastest version

Sorry, I don't have Windows to check it, so it leaves a trace of uncertainty.
In addition, Windows 7 support ends in less than a year.
The more time passes, the more difficult it becomes to test all the use cases.