OpenVPN server install misconfig?

slurpeehead · July 9, 2021, 9:30pm

Hey all. Hope you guys are doing well.

I'm following the tutorial for OpenVPN to set up my router as a server.
OpenVPN Server

I followed the instructions correctly, but when it's time to connect to the server, I get this error...

Fri Jul 09 16:53:44 2021 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Fri Jul 09 16:53:44 2021 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
Fri Jul 09 16:53:44 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Jul 09 16:53:44 2021 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Jul 09 16:53:44 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.235:1194
Fri Jul 09 16:53:44 2021 UDP link local: (not bound)
Fri Jul 09 16:53:44 2021 UDP link remote: [AF_INET]192.168.1.235:1194
Fri Jul 09 16:54:44 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul 09 16:54:44 2021 TLS Error: TLS handshake failed
Fri Jul 09 16:54:44 2021 SIGUSR1[soft,tls-error] received, process restarting

So I'm guessing there's some difficulty connecting to the router, which I understand perfectly because the OpenWrt router is not my main router. The provider's router is sitting between OpenWrt and the internet. Maybe I need to specify this difference on the config file?

Some helpful details on the router are:

Router is an MR8300
Image is 19.07.4
Provider's router is 192.168.1.254, same subnet as OpenWrt router.

Here is the logread -e openvpn; netstat -l -n -p | grep -e openvpn log:

Fri Jul  9 20:29:59 2021 daemon.err openvpn(server)[28032]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.conf
Fri Jul  9 20:29:59 2021 daemon.warn openvpn(server)[28032]: Use --help for more information.
Fri Jul  9 20:30:04 2021 daemon.err openvpn(server)[28033]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.conf
Fri Jul  9 20:30:04 2021 daemon.warn openvpn(server)[28033]: Use --help for more information.
Fri Jul  9 20:30:09 2021 daemon.err openvpn(server)[28034]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.conf
Fri Jul  9 20:30:09 2021 daemon.warn openvpn(server)[28034]: Use --help for more information.
Fri Jul  9 20:30:14 2021 daemon.err openvpn(server)[28035]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.conf
Fri Jul  9 20:30:14 2021 daemon.warn openvpn(server)[28035]: Use --help for more information.
Fri Jul  9 20:30:19 2021 daemon.err openvpn(server)[28036]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.conf
Fri Jul  9 20:30:19 2021 daemon.warn openvpn(server)[28036]: Use --help for more information.
Fri Jul  9 20:30:24 2021 daemon.err openvpn(server)[28037]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.conf
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: OpenVPN 2.4.11 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Jul  9 20:49:13 2021 daemon.warn openvpn(server)[29148]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: TUN/TAP device tun0 opened
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: /sbin/ifconfig tun0 192.168.8.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.8.255
Fri Jul  9 20:49:13 2021 daemon.warn openvpn(server)[29148]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: UDPv4 link remote: [AF_UNSPEC]
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: GID set to nogroup
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: UID set to nobody
Fri Jul  9 20:49:13 2021 daemon.notice openvpn(server)[29148]: Initialization Sequence Completed
Fri Jul  9 20:57:47 2021 daemon.err openvpn(server)[29148]: event_wait : Interrupted system call (code=4)
Fri Jul  9 20:57:47 2021 daemon.notice openvpn(server)[29148]: /sbin/ifconfig tun0 0.0.0.0
Fri Jul  9 20:57:47 2021 daemon.warn openvpn(server)[29148]: Linux ip addr del failed: external program exited with error status: 1
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29148]: SIGTERM[hard,] received, process exiting
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: OpenVPN 2.4.11 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Jul  9 20:57:48 2021 daemon.warn openvpn(server)[29654]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: TUN/TAP device tun0 opened
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: /sbin/ifconfig tun0 192.168.8.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.8.255
Fri Jul  9 20:57:48 2021 daemon.warn openvpn(server)[29654]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: UDPv4 link remote: [AF_UNSPEC]
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: GID set to nogroup
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: UID set to nobody
Fri Jul  9 20:57:48 2021 daemon.notice openvpn(server)[29654]: Initialization Sequence Completed
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           29654/openvpn

Any thoughts on what the issue might be? Thanks for the reply?

flygarn12 · July 9, 2021, 9:56pm

Have you done anything about this to begin with?

flygarn12 · July 9, 2021, 10:09pm

But to be honest I don’t think this will work because OpenVPN expects a internet connection IP or DDNS to the server and this is a international registered private LAN connection.
So how have you configured the first router to get through it to find the next router called 192.168.1.235 on a dual subnet?

And you can’t even call for a 192.168.1.x address on the internet because it is a illegal address to find on the internet.

You must call the first internet routers WAN IP address and in that router make a static route to the next router where you have the OpenVPN server.

vgaetera · July 9, 2021, 10:22pm

Set up port forwarding for OpenVPN on the ISP router.
Make sure the ISP router in not behind CGNAT.

slurpeehead · July 10, 2021, 5:51pm

Yeah so that's another issue I'd like to fix. Would you do this over GUI or CLI?

slurpeehead · July 10, 2021, 5:52pm

Thanks for the insight. I have DDNS set up for the router as well but it isn't doing anything yet. Can I use that for OpenVPN?

slurpeehead · July 10, 2021, 5:56pm

Okay, I'll attempt this. I have the ISP's router set up as a bridge, shouldn't that work?

vgaetera · July 10, 2021, 6:13pm

A public IP address is a prerequisite to reach a server on the internet:
https://en.wikipedia.org/wiki/IP_address#Public_address