I got have this working, but not want to do it on luci
config openvpn 'vpn0'
option enabled 1
option config '/etc/openvpn/xxx.ovpn'
I wonder how I can get below to work (it never starts, no entry in system log):
Previous post have something wrong with the cert file path, after adjusting the settings, the openvpn have the log for me to look at. It is still not connecting properly.
interestingly, the original ovpn file does work without problem:
Here are the error
Tue Jan 24 13:26:06 2017 us=155419 OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Jan 24 13:26:06 2017 us=155670 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
Tue Jan 24 13:26:06 2017 us=171208 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 24 13:26:06 2017 us=171544 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 24 13:26:06 2017 us=171810 LZO compression initializing
Tue Jan 24 13:26:06 2017 us=177385 Control Channel MTU parms [ L:36124 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Tue Jan 24 13:26:06 2017 us=186772 Data Channel MTU parms [ L:36124 D:36124 EF:124 EB:6156 ET:0 EL:3 ]
Tue Jan 24 13:26:06 2017 us=187312 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 36060,tun-mtu 36000,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jan 24 13:26:06 2017 us=187561 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 36060,tun-mtu 36000,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jan 24 13:26:06 2017 us=188307 TCP/UDP: Preserving recently used remote address: [AF_INET]119.247.82.85:443
Tue Jan 24 13:26:06 2017 us=188657 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Jan 24 13:26:06 2017 us=188953 Attempting to establish TCP connection with [AF_INET]a.b.c.d:443 [nonblock]
Tue Jan 24 13:26:07 2017 us=189660 TCP connection established with [AF_INET]a.b.c.d:443
Tue Jan 24 13:26:07 2017 us=189974 TCP_CLIENT link local: (not bound)
Tue Jan 24 13:26:07 2017 us=190242 TCP_CLIENT link remote: [AF_INET]a.b.c.d:443
Tue Jan 24 13:26:07 2017 us=401714 Connection reset, restarting [0]
Tue Jan 24 13:26:07 2017 us=402422 TCP/UDP: Closing socket
Tue Jan 24 13:26:07 2017 us=403177 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jan 24 13:26:07 2017 us=403523 Restart pause, 5 second(s)
Here are the config
config openvpn 'HOME_Client'
option dev 'tun'
list remote 'ddns-name-replaced'
option port '443'
option auth_nocache '1'
option cipher 'AES-256-CBC'
option comp_lzo 'yes'
option float '1'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option client '1'
option verb '4'
option mssfix '0'
option tun_mtu '36000'
option key_direction '1'
option remote_cert_tls 'server'
option ca '/etc/openvpn/HOMEca.crt'
option cert '/etc/openvpn/HOME.crt'
option key '/etc/openvpn/HOME.key'
option tls_auth '/etc/openvpn/HOMEta.key'
option log '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option tls_client '1'
option proto 'tcp'
option enabled '1'Problem Solved, by adding 1 to tls_auth
the working config with the line like this
option tls_auth '/etc/openvpn/HOMEta.key 1'