OpenVPN not working with dorm network

I have a TP-Link C6 v2 (EU) running LuCI openwrt-21.02 branch git-21.231.26241-422c175 connected with an ethernet cable from the WAN port to the wall for the student dorms network in my university. The university is blocking some pages when I try to access them through the wall port so I wanted to use OpenVPN with that but it never worked. I used the same OpenVPN configuration while connecting the TP-Link to my personal router and it worked flawlessly but not when it was connected to the dorm's network.

I did a factory reset for my router and then followed this tutorial for configuring OpenVPN https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=279
although I should say that I used VPN Gate instead what he used. VPN Gate ovpn configuration file worked with my network immediately after uploading and enabling it.

What do you think should I do to make the OpenVPN works with the dorms network?

Are you talking about establishing an outbound VPN connection (i.e. your C6 v2 connects to a VPN endpoint elsewhere to allow you to bypass the campus restrictions)? Do you have a remote VPN endpoint to utilize here (i.e. a commercial VPN service or a VPN endpoint in another location)?

yes, I downloaded an ovpn configuration from vpngate.com and uploaded it directly to my TP-Link router. Which worked when I was connecting the WAN port from the TP-Link to my own network but not when connected to the dorms network.

It is possible that the dorm's network is blocking the OpenVPN connection.

Try using your computer or phone to connect to the VPN (while they are connected directly to the dorm's network) -- if it works, the dorm isn't blocking the connection. If it doesn't work, you have your answer.

2 Likes

It does work. In fact, I found it in VPN Gate plugin for SoftEther client and used it for a while before I decide to download it and import it into my router.

What are the openvpn daemon messages reported in openwrt system log?

Perhaps also post the contents of the .ovpn file, without the username, password & certificates?

What exactly is 'my personal router' ?
eg. Is it a 4G LTE router?

There are softether packages for openwrt. You can use that instead of the openvpn client. I use it to bridge two locations, both behind cgnat so its very good at going through restricted networks. Theres a softether client package that will probably work for you.

1 Like

I don't think I have that much space to download softether packages. the router has only 8MB flash and when I factory restore it, it is says that it has only 1.9MB left and softethervpn-base itself is 2.6MB.
there is another option which is building the whole firmware but I'm not really familiar with that and I don't know if softether packages will fit with even the bare minimum requirements to run the router or not.

Oh that wont work then. I see you tested the ovpn config with softether client on your pc. I suggest you try it with openvpn client on pc or your phone. Softether client adapts its connection methods when it can’t connect directly. It may use alternate ports or even external relays to get connected. This is just to confirm if openvpn is being blocked.

What are the openvpn daemon messages reported in openwrt system log?

Thu Oct  7 15:30:31 2021 daemon.warn dnsmasq[2453]: possible DNS-rebind attack detected: stuproxy.{my_university_domain}
Thu Oct  7 15:31:00 2021 daemon.warn openvpn(vpngate_jpn1)[2786]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Thu Oct  7 15:31:00 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: OpenVPN 2.5.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Oct  7 15:31:00 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Thu Oct  7 15:31:00 2021 daemon.warn openvpn(vpngate_jpn1)[2786]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Oct  7 15:31:00 2021 daemon.warn openvpn(vpngate_jpn1)[2786]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Oct  7 15:31:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.144:443
Thu Oct  7 15:31:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Thu Oct  7 15:31:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: Attempting to establish TCP connection with [AF_INET]219.100.37.144:443 [nonblock]
Thu Oct  7 15:31:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: TCP connection established with [AF_INET]219.100.37.144:443
Thu Oct  7 15:31:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: TCP_CLIENT link local: (not bound)
Thu Oct  7 15:31:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: TCP_CLIENT link remote: [AF_INET]219.100.37.144:443
Thu Oct  7 15:31:20 2021 daemon.warn dnsmasq[2453]: possible DNS-rebind attack detected: stuproxy.{my_university_domain}
Thu Oct  7 15:32:01 2021 daemon.err openvpn(vpngate_jpn1)[2786]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Oct  7 15:32:01 2021 daemon.err openvpn(vpngate_jpn1)[2786]: TLS Error: TLS handshake failed
Thu Oct  7 15:32:01 2021 daemon.err openvpn(vpngate_jpn1)[2786]: Fatal TLS error (check_tls_errors_co), restarting
Thu Oct  7 15:32:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: SIGUSR1[soft,tls-error] received, process restarting
Thu Oct  7 15:32:01 2021 daemon.notice openvpn(vpngate_jpn1)[2786]: Restart pause, 5 second(s)

where vpngate_jpn1 is the OpenVPN instance name that I put when uploading the ovpn configuration and 219.100.37.144:443 is the IP address and port for the VPN.

And it keeps repeating these messages over and over.

Perhaps also post the contents of the .ovpn file, without the username, password & certificates?

dev tun
proto tcp
remote public-vpn-180.opengw.net 443
cipher AES-128-CBC
auth SHA1

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3

What exactly is 'my personal router' ?
eg. Is it a 4G LTE router?

Yes. I have a separate 4G mobile router with an SIM in it.

As suggested by @randyrodriguez, please try the OpenVPN client

https://openvpn.net/vpn-client/

ps. Have you tried connecting to other servers which use a different port number?