OpenVPN On OpenWRT

Altaiar · September 15, 2023, 1:07pm

Hi guyz i have a problem i have TPLINK C20 v4 a750 router
i want to connect my internet through WIFI on Client Mode to share my internet with the router (i already did it)
i want to setup a extra AP with my WIFI and let others connect to router with IT(i can do it and it works)
problem comes when i want to run OpenVPN on the router i install the needed packages (luci Open vpn interface and OpenSSL or wolfssl( i tested it with both)) i upload a Open VPN profile and get it working and connected if i go to a whatsmy IP website i can see the new IP but i cant connect to restricted websites its like i dont have vpn I live in IRAN and there is too many restriction on internet
if i use the same config file on openvpn app on PC it works i can go to youtube and etc but not when i run it on the router
it was only one time it actually worked i was testing and too many connect and dissconect happened it worked but i was lan not on wifi so then i setup wifi and it got the new ip but still its not working ( i couldnt even revert it back i got a backup config when i saw its working)i cant acess to restricted websites but if i check on my ip address i got the new ip address
i dont know what to do
im using latest Stable version of OpenWRT 22.0.3.5
thanks in advance for any help

vgaetera · September 15, 2023, 3:32pm

Configure public DNS on the router, assuming that you redirect gateway to the VPN:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

Altaiar · September 15, 2023, 4:50pm

i dont understand them fully but i will try because if i dont set my dns manually in my windows i cant even load any website i always set my dns manually in windows i didnt know i cant connect if i dont set DNS in windows
what should i do here

vgaetera · September 15, 2023, 5:01pm

Uncheck the option Use DNS servers advertised by peer and specify a public resolver.

Altaiar · September 15, 2023, 5:04pm

like 8.8.8.8 ?
i already did that

egc · September 15, 2023, 5:21pm

Are you using some form of Policy Based Routing?
if so depending on your setup your DNS query can be routed via the WAN instead of via the VPN which can result in blocking.

Altaiar · September 15, 2023, 5:25pm

i dont know that much i go to wireless click on scan add the WIFI i want to share its internet on my router then i change the group of my new SSID to lan and i already change static ip in interface LAN

vgaetera · September 15, 2023, 5:26pm

Follow the testing section to detect possible IP and DNS leaks:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client#testing

Altaiar · September 15, 2023, 5:36pm

but problem is i dont even get the new ip i have same ip like im not runing vpn
l̶e̶t̶ ̶m̶e̶ ̶c̶h̶a̶n̶g̶e̶ ̶O̶P̶e̶n̶ ̶s̶s̶l̶ ̶w̶i̶t̶h̶ ̶w̶o̶l̶f̶ ̶s̶s̶l̶
didnt worked any of 3 open vpn solutions mtdssl wolf and open ssl
before ur guides i could get the VPN ip on my networks but i cant do it now tomorrow i will do it again to narrow down the problem thanks for the help and Ipleak.net is filtered i cant access it XD

vgaetera · September 15, 2023, 6:04pm

Then follow the troubleshooting section to collect the diagnostics:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client#troubleshooting

ulmwind · September 15, 2023, 8:52pm

Run from router command line:
traceroute 8.8.8.8

Altaiar · September 16, 2023, 10:05am

hi i used diagnostics in router to get the results
traceroute to 8.8.8.8 (8.8.8.8), 20 hops max, 46 byte packets
1 192.168.1.1 0.739 ms
2 *
3 100.118.3.83 28.077 ms
4 10.232.0.46 41.166 ms
5 10.202.21.34 19.707 ms
6 172.22.3.45 40.102 ms
7 *
8 172.16.32.2 26.965 ms
9 *
10 172.16.18.61 27.875 ms
11 172.16.24.22 39.722 ms
12 172.17.2.217 41.116 ms
13 *
14 10.202.6.190 38.834 ms
15 10.21.212.10 41.961 ms
16 10.21.21.22 49.259 ms
17 *
18 *
19 *
20 8.8.8.8 64.645 ms
i also used
other commands in troubleshooting

root@OpenWrt:~# logread -e openvpn; netstat -l -n -p | grep -e openvpn
Sat Sep 16 13:37:44 2023 daemon.err openvpn(Rusian)[6342]: event_wait : Interrupted system call (code=4)
Sat Sep 16 13:37:44 2023 daemon.notice openvpn(Rusian)[6342]: SIGTERM[hard,] received, process exiting
Sat Sep 16 13:37:45 2023 daemon.warn openvpn(Rusian)[6585]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: OpenVPN 2.5.7 mipsel-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: library versions: mbed TLS 2.28.4
Sat Sep 16 13:37:45 2023 daemon.warn openvpn(Rusian)[6585]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:37:45 2023 daemon.warn openvpn(Rusian)[6585]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: UDP link local: (not bound)
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:37:45 2023 daemon.notice openvpn(Rusian)[6585]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=8ed413d6 440bd0da
Sat Sep 16 13:38:45 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:38:45 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS handshake failed
Sat Sep 16 13:38:45 2023 daemon.notice openvpn(Rusian)[6585]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:38:45 2023 daemon.notice openvpn(Rusian)[6585]: Restart pause, 5 second(s)
Sat Sep 16 13:38:50 2023 daemon.warn openvpn(Rusian)[6585]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:38:50 2023 daemon.warn openvpn(Rusian)[6585]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:38:50 2023 daemon.notice openvpn(Rusian)[6585]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:38:50 2023 daemon.notice openvpn(Rusian)[6585]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:38:50 2023 daemon.notice openvpn(Rusian)[6585]: UDP link local: (not bound)
Sat Sep 16 13:38:50 2023 daemon.notice openvpn(Rusian)[6585]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:38:50 2023 daemon.notice openvpn(Rusian)[6585]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=9648e80a 441deb67
Sat Sep 16 13:39:51 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:39:51 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS handshake failed
Sat Sep 16 13:39:51 2023 daemon.notice openvpn(Rusian)[6585]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:39:51 2023 daemon.notice openvpn(Rusian)[6585]: Restart pause, 5 second(s)
Sat Sep 16 13:39:56 2023 daemon.warn openvpn(Rusian)[6585]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:39:56 2023 daemon.warn openvpn(Rusian)[6585]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:39:56 2023 daemon.notice openvpn(Rusian)[6585]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:39:56 2023 daemon.notice openvpn(Rusian)[6585]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:39:56 2023 daemon.notice openvpn(Rusian)[6585]: UDP link local: (not bound)
Sat Sep 16 13:39:56 2023 daemon.notice openvpn(Rusian)[6585]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:39:56 2023 daemon.notice openvpn(Rusian)[6585]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=6894bf3d 37cfef51
Sat Sep 16 13:40:56 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:40:56 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS handshake failed
Sat Sep 16 13:40:56 2023 daemon.notice openvpn(Rusian)[6585]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:40:56 2023 daemon.notice openvpn(Rusian)[6585]: Restart pause, 5 second(s)
Sat Sep 16 13:41:01 2023 daemon.warn openvpn(Rusian)[6585]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:41:01 2023 daemon.warn openvpn(Rusian)[6585]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:41:01 2023 daemon.notice openvpn(Rusian)[6585]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:41:01 2023 daemon.notice openvpn(Rusian)[6585]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:41:01 2023 daemon.notice openvpn(Rusian)[6585]: UDP link local: (not bound)
Sat Sep 16 13:41:01 2023 daemon.notice openvpn(Rusian)[6585]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:41:01 2023 daemon.notice openvpn(Rusian)[6585]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=7386d2df 956f9489
Sat Sep 16 13:42:01 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:42:01 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS handshake failed
Sat Sep 16 13:42:01 2023 daemon.notice openvpn(Rusian)[6585]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:42:01 2023 daemon.notice openvpn(Rusian)[6585]: Restart pause, 5 second(s)
Sat Sep 16 13:42:06 2023 daemon.warn openvpn(Rusian)[6585]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:42:06 2023 daemon.warn openvpn(Rusian)[6585]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:42:06 2023 daemon.notice openvpn(Rusian)[6585]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:42:06 2023 daemon.notice openvpn(Rusian)[6585]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:42:06 2023 daemon.notice openvpn(Rusian)[6585]: UDP link local: (not bound)
Sat Sep 16 13:42:06 2023 daemon.notice openvpn(Rusian)[6585]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:42:06 2023 daemon.notice openvpn(Rusian)[6585]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=0f23a2c5 4e49c0ce
Sat Sep 16 13:43:06 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:43:06 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS handshake failed
Sat Sep 16 13:43:06 2023 daemon.notice openvpn(Rusian)[6585]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:43:06 2023 daemon.notice openvpn(Rusian)[6585]: Restart pause, 10 second(s)
Sat Sep 16 13:43:16 2023 daemon.warn openvpn(Rusian)[6585]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:43:16 2023 daemon.warn openvpn(Rusian)[6585]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:43:16 2023 daemon.notice openvpn(Rusian)[6585]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:43:16 2023 daemon.notice openvpn(Rusian)[6585]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:43:16 2023 daemon.notice openvpn(Rusian)[6585]: UDP link local: (not bound)
Sat Sep 16 13:43:16 2023 daemon.notice openvpn(Rusian)[6585]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:43:16 2023 daemon.notice openvpn(Rusian)[6585]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=97afb87f f8afa192
Sat Sep 16 13:43:25 2023 daemon.err openvpn(Rusian)[6585]: event_wait : Interrupted system call (code=4)
Sat Sep 16 13:43:25 2023 daemon.notice openvpn(Rusian)[6585]: SIGTERM[hard,] received, process exiting
Sat Sep 16 13:47:18 2023 daemon.warn openvpn(Rusian)[7265]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: OpenVPN 2.5.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: library versions: OpenSSL 1.1.1v  1 Aug 2023, LZO 2.10
Sat Sep 16 13:47:18 2023 daemon.warn openvpn(Rusian)[7265]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:47:18 2023 daemon.warn openvpn(Rusian)[7265]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: UDP link local: (not bound)
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:47:18 2023 daemon.notice openvpn(Rusian)[7265]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=e38bd381 5ffa7770
Sat Sep 16 13:47:38 2023 daemon.err openvpn(Rusian)[7265]: event_wait : Interrupted system call (code=4)
Sat Sep 16 13:47:38 2023 daemon.notice openvpn(Rusian)[7265]: SIGTERM[hard,] received, process exiting
Sat Sep 16 13:47:41 2023 daemon.warn openvpn(Rusian)[7451]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: OpenVPN 2.5.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: library versions: OpenSSL 1.1.1v  1 Aug 2023, LZO 2.10
Sat Sep 16 13:47:41 2023 daemon.warn openvpn(Rusian)[7451]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:47:41 2023 daemon.warn openvpn(Rusian)[7451]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: UDP link local: (not bound)
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:47:41 2023 daemon.notice openvpn(Rusian)[7451]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=261bcf6b 77024b50
Sat Sep 16 13:48:41 2023 daemon.err openvpn(Rusian)[7451]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:48:41 2023 daemon.err openvpn(Rusian)[7451]: TLS Error: TLS handshake failed
Sat Sep 16 13:48:41 2023 daemon.notice openvpn(Rusian)[7451]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:48:41 2023 daemon.notice openvpn(Rusian)[7451]: Restart pause, 5 second(s)
Sat Sep 16 13:48:46 2023 daemon.warn openvpn(Rusian)[7451]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 16 13:48:46 2023 daemon.warn openvpn(Rusian)[7451]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 13:48:46 2023 daemon.notice openvpn(Rusian)[7451]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:48:46 2023 daemon.notice openvpn(Rusian)[7451]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Sep 16 13:48:46 2023 daemon.notice openvpn(Rusian)[7451]: UDP link local: (not bound)
Sat Sep 16 13:48:46 2023 daemon.notice openvpn(Rusian)[7451]: UDP link remote: [AF_INET]46.138.146.74:1040
Sat Sep 16 13:48:46 2023 daemon.notice openvpn(Rusian)[7451]: TLS: Initial packet from [AF_INET]46.138.146.74:1040, sid=aef51aa0 74d81acc
Sat Sep 16 13:49:46 2023 daemon.err openvpn(Rusian)[7451]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:49:46 2023 daemon.err openvpn(Rusian)[7451]: TLS Error: TLS handshake failed
Sat Sep 16 13:49:46 2023 daemon.notice openvpn(Rusian)[7451]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 13:49:46 2023 daemon.notice openvpn(Rusian)[7451]: Restart pause, 5 second(s)

Rusian is name of my OpenVPN profile its also a free one and has Rus ip im using it for testing
seems its not connecting now it happens sometimes i will test it in next few hours

egc · September 16, 2023, 10:24am

Altaiar:

Sat Sep 16 13:40:56 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 13:40:56 2023 daemon.err openvpn(Rusian)[6585]: TLS Error: TLS handshake failed

That usually means you cannot reach the server or the server does not respond.

Altaiar · September 16, 2023, 12:21pm

i changed my profile im getting new error linux route fail
after a Reboot im getting new IP now but i cant access to restricted websites like youtube its like im not using VPN

Sat Sep 16 15:50:04 2023 daemon.warn openvpn(Puria)[1707]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Sep 16 15:50:05 2023 daemon.notice openvpn(Puria)[1707]: OpenVPN 2.5.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Sep 16 15:50:05 2023 daemon.notice openvpn(Puria)[1707]: library versions: OpenSSL 1.1.1v  1 Aug 2023, LZO 2.10
Sat Sep 16 15:50:05 2023 daemon.warn openvpn(Puria)[1707]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 15:50:08 2023 daemon.notice openvpn(Puria)[1707]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Preserving recently used remote address: [AF_INET]78.39.46.39:1194
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: Attempting to establish TCP connection with [AF_INET]78.39.46.39:1194 [nonblock]
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: TCP connection established with [AF_INET]78.39.46.39:1194
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: TCP_CLIENT link local: (not bound)
Sat Sep 16 15:50:11 2023 daemon.notice openvpn(Puria)[1707]: TCP_CLIENT link remote: [AF_INET]78.39.46.39:1194
Sat Sep 16 15:50:12 2023 daemon.notice openvpn(Puria)[1707]: TLS: Initial packet from [AF_INET]78.39.46.39:1194, sid=7510d183 fd886d91
Sat Sep 16 15:52:53 2023 daemon.err openvpn(Puria)[1707]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 16 15:52:53 2023 daemon.err openvpn(Puria)[1707]: TLS Error: TLS handshake failed
Sat Sep 16 15:52:53 2023 daemon.err openvpn(Puria)[1707]: Fatal TLS error (check_tls_errors_co), restarting
Sat Sep 16 15:52:53 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Closing socket
Sat Sep 16 15:52:53 2023 daemon.notice openvpn(Puria)[1707]: SIGUSR1[soft,tls-error] received, process restarting
Sat Sep 16 15:52:53 2023 daemon.notice openvpn(Puria)[1707]: Restart pause, 5 second(s)
Sat Sep 16 15:52:58 2023 daemon.warn openvpn(Puria)[1707]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Re-using SSL/TLS context
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Preserving recently used remote address: [AF_INET]87.236.213.55:1194
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 15:52:58 2023 daemon.notice openvpn(Puria)[1707]: Attempting to establish TCP connection with [AF_INET]87.236.213.55:1194 [nonblock]
Sat Sep 16 15:54:58 2023 daemon.err openvpn(Puria)[1707]: TCP: connect to [AF_INET]87.236.213.55:1194 failed: Operation timed out
Sat Sep 16 15:54:58 2023 daemon.notice openvpn(Puria)[1707]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sat Sep 16 15:54:58 2023 daemon.notice openvpn(Puria)[1707]: Restart pause, 5 second(s)
Sat Sep 16 15:55:03 2023 daemon.warn openvpn(Puria)[1707]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Re-using SSL/TLS context
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Preserving recently used remote address: [AF_INET]87.236.213.55:1194
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 15:55:03 2023 daemon.notice openvpn(Puria)[1707]: Attempting to establish TCP connection with [AF_INET]87.236.213.55:1194 [nonblock]

Another log for Ips (ip address show; ip route show table all)

 ip address show; ip route show table all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 50:c7:bf:3f:6f:7b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::52c7:bfff:fe3f:6f7b/64 scope link
       valid_lft forever preferred_lft forever
5: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 50:c7:bf:3f:6f:7a brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 50:c7:bf:3f:6f:7b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.200/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd47:8936:f0da::1/60 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::52c7:bfff:fe3f:6f7b/64 scope link
       valid_lft forever preferred_lft forever
7: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 50:c7:bf:3f:6f:7b brd ff:ff:ff:ff:ff:ff
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 50:c7:bf:3f:6f:7c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::52c7:bfff:fe3f:6f7c/64 scope link
       valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 50:c7:bf:3f:6f:79 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.50/24 brd 192.168.1.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::52c7:bfff:fe3f:6f79/64 scope link
       valid_lft forever preferred_lft forever
10: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 52:c7:bf:3f:6f:79 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::50c7:bfff:fe3f:6f79/64 scope link
       valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
    link/[65534]
    inet 192.168.200.120/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::cfe4:77bb:ccc8:fa90/64 scope link flags 800
       valid_lft forever preferred_lft forever
default via 192.168.1.1 dev wlan0  src 192.168.1.50
78.39.46.39 via 192.168.1.1 dev br-lan
192.168.1.0/24 dev br-lan scope link  src 192.168.1.200
192.168.1.0/24 dev wlan0 scope link  src 192.168.1.50
192.168.200.0/24 dev tun0 scope link  src 192.168.200.120
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.200
broadcast 192.168.1.0 dev wlan0 table local scope link  src 192.168.1.50
local 192.168.1.50 dev wlan0 table local scope host  src 192.168.1.50
local 192.168.1.200 dev br-lan table local scope host  src 192.168.1.200
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.200
broadcast 192.168.1.255 dev wlan0 table local scope link  src 192.168.1.50
broadcast 192.168.200.0 dev tun0 table local scope link  src 192.168.200.120
local 192.168.200.120 dev tun0 table local scope host  src 192.168.200.120
broadcast 192.168.200.255 dev tun0 table local scope link  src 192.168.200.120
fd47:8936:f0da::/64 dev br-lan  metric 1024
unreachable fd47:8936:f0da::/48 dev lo  metric 2147483647
fe80::/64 dev eth0  metric 256
fe80::/64 dev eth0.2  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan0  metric 256
fe80::/64 dev wlan0-1  metric 256
fe80::/64 dev tun0  metric 256
local ::1 dev lo table local  metric 0
anycast fd47:8936:f0da:: dev br-lan table local  metric 0
local fd47:8936:f0da::1 dev br-lan table local  metric 0
anycast fe80:: dev eth0.2 table local  metric 0
anycast fe80:: dev eth0 table local  metric 0
anycast fe80:: dev br-lan table local  metric 0
anycast fe80:: dev wlan0 table local  metric 0
anycast fe80:: dev wlan0-1 table local  metric 0
anycast fe80:: dev tun0 table local  metric 0
local fe80::50c7:bfff:fe3f:6f79 dev wlan0-1 table local  metric 0
local fe80::52c7:bfff:fe3f:6f79 dev wlan0 table local  metric 0
local fe80::52c7:bfff:fe3f:6f7b dev eth0 table local  metric 0
local fe80::52c7:bfff:fe3f:6f7b dev br-lan table local  metric 0
local fe80::52c7:bfff:fe3f:6f7c dev eth0.2 table local  metric 0
local fe80::cfe4:77bb:ccc8:fa90 dev tun0 table local  metric 0
multicast ff00::/8 dev eth0 table local  metric 256
multicast ff00::/8 dev br-lan table local  metric 256
multicast ff00::/8 dev eth0.2 table local  metric 256
multicast ff00::/8 dev wlan0 table local  metric 256
multicast ff00::/8 dev wlan0-1 table local  metric 256
multicast ff00::/8 dev tun0 table local  metric 256

Altaiar · September 16, 2023, 12:37pm

i think something is wrong in this part

Sat Sep 16 15:59:16 2023 daemon.notice openvpn(Puria)[3035]: /usr/libexec/openvpn-hotplug down Puria tun0 1500 1623 192.168.200.120 255.255.255.0 init
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_route_v4_best_gw query: dst 0.0.0.0
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_route_v4_best_gw result: via 192.168.1.1 dev wlan0
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: TUN/TAP device tun0 opened
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: do_ifconfig, ipv4=1, ipv6=0
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_iface_mtu_set: mtu 1500 for tun0
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_iface_up: set tun0 up
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_addr_v4_add: 192.168.200.122/24 dev tun0
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: /usr/libexec/openvpn-hotplug up Puria tun0 1500 1623 192.168.200.122 255.255.255.0 init
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_route_v4_add: 87.236.213.55/32 via 192.168.1.1 dev [NULL] table 0 metric -1
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_route_v4_add: 0.0.0.0/1 via 172.16.135.173 dev [NULL] table 0 metric -1
Sat Sep 16 15:59:17 2023 daemon.warn openvpn(Puria)[3035]: sitnl_send: rtnl: generic error (-128): Network unreachable
Sat Sep 16 15:59:17 2023 daemon.warn openvpn(Puria)[3035]: ERROR: Linux route add command failed
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: net_route_v4_add: 128.0.0.0/1 via 172.16.135.173 dev [NULL] table 0 metric -1
Sat Sep 16 15:59:17 2023 daemon.warn openvpn(Puria)[3035]: sitnl_send: rtnl: generic error (-128): Network unreachable
Sat Sep 16 15:59:17 2023 daemon.warn openvpn(Puria)[3035]: ERROR: Linux route add command failed
Sat Sep 16 15:59:17 2023 daemon.notice openvpn(Puria)[3035]: Initialization Sequence Completed

egc · September 16, 2023, 12:39pm

It looks like your client mode router has the same subnet as the upstream router?
See : https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi

Altaiar · September 16, 2023, 12:41pm

i remember even when i set it to 192.168.2.1 i had same problem but here u go i will change it

Altaiar · September 16, 2023, 12:49pm

i cant get the new ip now

root@OpenWrt:~# logread -e openvpn; netstat -l -n -p | grep -e openvpn
Sat Sep 16 16:13:15 2023 daemon.warn openvpn(Puria)[1707]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Sep 16 16:13:15 2023 daemon.notice openvpn(Puria)[1707]: OpenVPN 2.5.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Sep 16 16:13:15 2023 daemon.notice openvpn(Puria)[1707]: library versions: OpenSSL 1.1.1v  1 Aug 2023, LZO 2.10
Sat Sep 16 16:13:16 2023 daemon.warn openvpn(Puria)[1707]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 16:13:18 2023 daemon.notice openvpn(Puria)[1707]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 16:13:23 2023 daemon.err openvpn(Puria)[1707]: RESOLVE: Cannot resolve host address: infrasyssvman.info:1194 (Try again)
Sat Sep 16 16:13:23 2023 daemon.notice openvpn(Puria)[1707]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 16:13:23 2023 daemon.notice openvpn(Puria)[1707]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 16:13:23 2023 daemon.notice openvpn(Puria)[1707]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 16:16:12 2023 daemon.notice openvpn(Puria)[1707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 16:16:12 2023 daemon.notice openvpn(Puria)[1707]: Attempting to establish TCP connection with [AF_INET]87.236.213.55:1194 [nonblock]
Sat Sep 16 16:16:12 2023 daemon.err openvpn(Puria)[1707]: TCP: connect to [AF_INET]87.236.213.55:1194 failed: Operation timed out
Sat Sep 16 16:16:12 2023 daemon.notice openvpn(Puria)[1707]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sat Sep 16 16:16:12 2023 daemon.notice openvpn(Puria)[1707]: Restart pause, 5 second(s)
Sat Sep 16 16:16:17 2023 daemon.warn openvpn(Puria)[1707]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Re-using SSL/TLS context
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Preserving recently used remote address: [AF_INET]78.39.46.39:1194
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: Attempting to establish TCP connection with [AF_INET]78.39.46.39:1194 [nonblock]
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: TCP connection established with [AF_INET]78.39.46.39:1194
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: TCP_CLIENT link local: (not bound)
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: TCP_CLIENT link remote: [AF_INET]78.39.46.39:1194
Sat Sep 16 16:16:17 2023 daemon.notice openvpn(Puria)[1707]: TLS: Initial packet from [AF_INET]78.39.46.39:1194, sid=be154b04 f967dc93
Sat Sep 16 16:16:47 2023 daemon.err openvpn(Puria)[1707]: Connection reset, restarting [0]
Sat Sep 16 16:16:47 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Closing socket
Sat Sep 16 16:16:47 2023 daemon.notice openvpn(Puria)[1707]: SIGUSR1[soft,connection-reset] received, process restarting
Sat Sep 16 16:16:47 2023 daemon.notice openvpn(Puria)[1707]: Restart pause, 5 second(s)
Sat Sep 16 16:16:52 2023 daemon.warn openvpn(Puria)[1707]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 16:16:52 2023 daemon.notice openvpn(Puria)[1707]: Re-using SSL/TLS context
Sat Sep 16 16:16:52 2023 daemon.notice openvpn(Puria)[1707]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Preserving recently used remote address: [AF_INET]87.236.213.55:1194
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: Attempting to establish TCP connection with [AF_INET]87.236.213.55:1194 [nonblock]
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: TCP connection established with [AF_INET]87.236.213.55:1194
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: TCP_CLIENT link local: (not bound)
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: TCP_CLIENT link remote: [AF_INET]87.236.213.55:1194
Sat Sep 16 16:16:53 2023 daemon.notice openvpn(Puria)[1707]: TLS: Initial packet from [AF_INET]87.236.213.55:1194, sid=bf0fae7d 28601ac9
Sat Sep 16 16:16:55 2023 daemon.notice openvpn(Puria)[1707]: VERIFY OK: depth=1, CN=Soheil
Sat Sep 16 16:16:55 2023 daemon.notice openvpn(Puria)[1707]: VERIFY KU OK
Sat Sep 16 16:16:55 2023 daemon.notice openvpn(Puria)[1707]: Validating certificate extended key usage
Sat Sep 16 16:16:55 2023 daemon.notice openvpn(Puria)[1707]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Sep 16 16:16:55 2023 daemon.notice openvpn(Puria)[1707]: VERIFY EKU OK
Sat Sep 16 16:16:55 2023 daemon.notice openvpn(Puria)[1707]: VERIFY OK: depth=0, CN=*.Soheil
Sat Sep 16 16:16:56 2023 daemon.notice openvpn(Puria)[1707]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
Sat Sep 16 16:16:56 2023 daemon.notice openvpn(Puria)[1707]: [*.Soheil] Peer Connection Initiated with [AF_INET]87.236.213.55:1194
Sat Sep 16 16:16:57 2023 daemon.notice openvpn(Puria)[1707]: Key [AF_INET]87.236.213.55:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:16:57 2023 daemon.notice openvpn(Puria)[1707]: SENT CONTROL [*.Soheil]: 'PUSH_REQUEST' (status=1)
Sat Sep 16 16:16:57 2023 daemon.notice openvpn(Puria)[1707]: Key [AF_INET]87.236.213.55:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:16:58 2023 daemon.notice openvpn(Puria)[1707]: Key [AF_INET]87.236.213.55:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:16:58 2023 daemon.notice openvpn(Puria)[1707]: Key [AF_INET]87.236.213.55:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:02 2023 daemon.notice openvpn(Puria)[1707]: SENT CONTROL [*.Soheil]: 'PUSH_REQUEST' (status=1)
Sat Sep 16 16:17:07 2023 daemon.notice openvpn(Puria)[1707]: SENT CONTROL [*.Soheil]: 'PUSH_REQUEST' (status=1)
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,inactive 3600,topology subnet,route-gateway 172.16.135.173,ifconfig 192.168.200.123 255.255.255.0'
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: OPTIONS IMPORT: route-related options modified
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: Using peer cipher 'AES-256-CBC'
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_best_gw query: dst 0.0.0.0
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_best_gw result: via 192.168.1.1 dev wlan0
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: TUN/TAP device tun0 opened
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: do_ifconfig, ipv4=1, ipv6=0
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_iface_mtu_set: mtu 1500 for tun0
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_iface_up: set tun0 up
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_addr_v4_add: 192.168.200.123/24 dev tun0
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: /usr/libexec/openvpn-hotplug up Puria tun0 1500 1623 192.168.200.123 255.255.255.0 init
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_add: 87.236.213.55/32 via 192.168.1.1 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_add: 0.0.0.0/1 via 172.16.135.173 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:09 2023 daemon.warn openvpn(Puria)[1707]: sitnl_send: rtnl: generic error (-128): Network unreachable
Sat Sep 16 16:17:09 2023 daemon.warn openvpn(Puria)[1707]: ERROR: Linux route add command failed
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_add: 128.0.0.0/1 via 172.16.135.173 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:09 2023 daemon.warn openvpn(Puria)[1707]: sitnl_send: rtnl: generic error (-128): Network unreachable
Sat Sep 16 16:17:09 2023 daemon.warn openvpn(Puria)[1707]: ERROR: Linux route add command failed
Sat Sep 16 16:17:09 2023 daemon.notice openvpn(Puria)[1707]: Initialization Sequence Completed
Sat Sep 16 16:17:18 2023 daemon.err openvpn(Puria)[1707]: event_wait : Interrupted system call (code=4)
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: TCP/UDP: Closing socket
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_del: 87.236.213.55/32 via 192.168.1.1 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_del: 0.0.0.0/1 via 172.16.135.173 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:18 2023 daemon.warn openvpn(Puria)[1707]: sitnl_send: rtnl: generic error (-3): No such process
Sat Sep 16 16:17:18 2023 daemon.warn openvpn(Puria)[1707]: ERROR: Linux route delete command failed
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: net_route_v4_del: 128.0.0.0/1 via 172.16.135.173 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:18 2023 daemon.warn openvpn(Puria)[1707]: sitnl_send: rtnl: generic error (-3): No such process
Sat Sep 16 16:17:18 2023 daemon.warn openvpn(Puria)[1707]: ERROR: Linux route delete command failed
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: Closing TUN/TAP interface
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: net_addr_v4_del: 192.168.200.123 dev tun0
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: /usr/libexec/openvpn-hotplug down Puria tun0 1500 1623 192.168.200.123 255.255.255.0 init
Sat Sep 16 16:17:18 2023 daemon.notice openvpn(Puria)[1707]: SIGTERM[hard,] received, process exiting
Sat Sep 16 16:17:21 2023 daemon.warn openvpn(Puria)[2912]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: OpenVPN 2.5.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: library versions: OpenSSL 1.1.1v  1 Aug 2023, LZO 2.10
Sat Sep 16 16:17:21 2023 daemon.warn openvpn(Puria)[2912]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: TCP/UDP: Preserving recently used remote address: [AF_INET]78.39.46.39:1194
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Sat Sep 16 16:17:21 2023 daemon.notice openvpn(Puria)[2912]: Attempting to establish TCP connection with [AF_INET]78.39.46.39:1194 [nonblock]
Sat Sep 16 16:17:22 2023 daemon.notice openvpn(Puria)[2912]: TCP connection established with [AF_INET]78.39.46.39:1194
Sat Sep 16 16:17:22 2023 daemon.notice openvpn(Puria)[2912]: TCP_CLIENT link local: (not bound)
Sat Sep 16 16:17:22 2023 daemon.notice openvpn(Puria)[2912]: TCP_CLIENT link remote: [AF_INET]78.39.46.39:1194
Sat Sep 16 16:17:22 2023 daemon.notice openvpn(Puria)[2912]: TLS: Initial packet from [AF_INET]78.39.46.39:1194, sid=3b4223e1 55e675b5
Sat Sep 16 16:17:23 2023 daemon.notice openvpn(Puria)[2912]: VERIFY OK: depth=1, CN=Soheil
Sat Sep 16 16:17:23 2023 daemon.notice openvpn(Puria)[2912]: VERIFY KU OK
Sat Sep 16 16:17:23 2023 daemon.notice openvpn(Puria)[2912]: Validating certificate extended key usage
Sat Sep 16 16:17:23 2023 daemon.notice openvpn(Puria)[2912]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Sep 16 16:17:23 2023 daemon.notice openvpn(Puria)[2912]: VERIFY EKU OK
Sat Sep 16 16:17:23 2023 daemon.notice openvpn(Puria)[2912]: VERIFY OK: depth=0, CN=*.Soheil
Sat Sep 16 16:17:25 2023 daemon.warn openvpn(Puria)[2912]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1499'
Sat Sep 16 16:17:25 2023 daemon.warn openvpn(Puria)[2912]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1440'
Sat Sep 16 16:17:25 2023 daemon.notice openvpn(Puria)[2912]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
Sat Sep 16 16:17:25 2023 daemon.notice openvpn(Puria)[2912]: [*.Soheil] Peer Connection Initiated with [AF_INET]78.39.46.39:1194
Sat Sep 16 16:17:25 2023 daemon.notice openvpn(Puria)[2912]: Key [AF_INET]78.39.46.39:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:26 2023 daemon.notice openvpn(Puria)[2912]: Key [AF_INET]78.39.46.39:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:26 2023 daemon.notice openvpn(Puria)[2912]: SENT CONTROL [*.Soheil]: 'PUSH_REQUEST' (status=1)
Sat Sep 16 16:17:26 2023 daemon.notice openvpn(Puria)[2912]: Key [AF_INET]78.39.46.39:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:26 2023 daemon.notice openvpn(Puria)[2912]: Key [AF_INET]78.39.46.39:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:26 2023 daemon.notice openvpn(Puria)[2912]: Key [AF_INET]78.39.46.39:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:26 2023 daemon.notice openvpn(Puria)[2912]: Key [AF_INET]78.39.46.39:1194 [0] not initialized (yet), dropping packet.
Sat Sep 16 16:17:32 2023 daemon.notice openvpn(Puria)[2912]: SENT CONTROL [*.Soheil]: 'PUSH_REQUEST' (status=1)
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: SENT CONTROL [*.Soheil]: 'PUSH_REQUEST' (status=1)
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,ping 20,ping-restart 60,topology subnet,route-gateway 172.20.128.144,ifconfig 192.168.200.124 255.255.255.0'
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: OPTIONS IMPORT: route-related options modified
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: Using peer cipher 'AES-256-CBC'
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_route_v4_best_gw query: dst 0.0.0.0
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_route_v4_best_gw result: via 192.168.1.1 dev wlan0
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: TUN/TAP device tun0 opened
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: do_ifconfig, ipv4=1, ipv6=0
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_iface_mtu_set: mtu 1500 for tun0
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_iface_up: set tun0 up
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_addr_v4_add: 192.168.200.124/24 dev tun0
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: /usr/libexec/openvpn-hotplug up Puria tun0 1500 1623 192.168.200.124 255.255.255.0 init
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_route_v4_add: 78.39.46.39/32 via 192.168.1.1 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_route_v4_add: 0.0.0.0/1 via 172.20.128.144 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:37 2023 daemon.warn openvpn(Puria)[2912]: sitnl_send: rtnl: generic error (-128): Network unreachable
Sat Sep 16 16:17:37 2023 daemon.warn openvpn(Puria)[2912]: ERROR: Linux route add command failed
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: net_route_v4_add: 128.0.0.0/1 via 172.20.128.144 dev [NULL] table 0 metric -1
Sat Sep 16 16:17:37 2023 daemon.warn openvpn(Puria)[2912]: sitnl_send: rtnl: generic error (-128): Network unreachable
Sat Sep 16 16:17:37 2023 daemon.warn openvpn(Puria)[2912]: ERROR: Linux route add command failed
Sat Sep 16 16:17:37 2023 daemon.notice openvpn(Puria)[2912]: Initialization Sequence Completed

W̶h̶y̶ ̶i̶t̶s̶ ̶s̶t̶i̶l̶l̶ ̶t̶r̶y̶ ̶t̶o̶ ̶u̶s̶e̶ ̶o̶l̶d̶ ̶I̶P̶ ̶i̶n̶ ̶l̶a̶n̶ ̶ ̶n̶e̶t̶_̶a̶d̶d̶r̶_̶v̶4̶_̶a̶d̶d̶:̶ ̶1̶9̶2̶.̶1̶6̶8̶.̶2̶0̶0̶.̶1̶2̶4̶/̶2̶4̶ ̶d̶e̶v̶ ̶t̶u̶n̶0̶ ̶i̶ ̶c̶h̶a̶n̶g̶e̶d̶ ̶i̶t̶ ̶t̶o̶ ̶1̶9̶2̶.̶1̶6̶8̶.̶2̶.̶1̶
after reinstalling the openssl it got fixed
but i still see that ip in logs

Altaiar · September 16, 2023, 1:05pm

ok lets ask a simple question do i need anything else for doing this
I only installed openvpn SSL and luci openvpn packages

lleachii · September 16, 2023, 3:12pm

Have you fixed your IP network conflict?