Tue Aug 9 08:51:24 2022 daemon.err openvpn(EXVPN_JP_TOKYO_1)[19196]: Options error: Parameter ca_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.
Tue Aug 9 08:51:24 2022 daemon.warn openvpn(EXVPN_JP_TOKYO_1)[19196]: Use --help for more information
I edited the ovpn config file and it it is like this now:
client
dev tun
dev-type tun
remote japan-tokyo-ca-version-2.expressnetw.com 1195 udp
remote-random
fast-io
persist-key
persist-tun
nobind
pull
comp-lzo no
remote-cert-tls server
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass /etc/openvpn/EXVPN_JP_TOKYO_1.auth
No more the previous CA error, but still a problem with the original error, TLS handshake failed. I noticed the same error happens when I try the same ovpn config file with OpenVPN client on Windows 10, so my guess is that the problem is not with OpenWRT, but perhaps the ISP blocking openvpn connections?
Can you ping the VPN server?
Are you sure 1195 is the correct port? 1194 is the standard OpenVPN port. Most VPN services offer other ports in case the customer's ISP tries to block VPN.
ping japan-tokyo-ca-version-2.expressnetw.com
Pinging 185.208.11.151 with 32 bytes of data:
Reply from 185.208.11.151: bytes=32 time=328ms TTL=50
Reply from 185.208.11.151: bytes=32 time=317ms TTL=50
Reply from 185.208.11.151: bytes=32 time=331ms TTL=50
Reply from 185.208.11.151: bytes=32 time=341ms TTL=50
Ping statistics for 185.208.11.151:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 317ms, Maximum = 341ms, Average = 329ms
Yes. It is as provided in the ovpn downloaded from ExpressVPN. I tried 1194 instead. Same Error.
Shall I ask customer support for other available UDP ports?