OpenVpn To Synology Nas OpenVpn Server

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I try to make my vpn working, following the https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci and the PDF from Alternative guide for OpenVPN client with LuCI

I can see openvpn gui connect to my server, but the Tun0 device don't show up, there's no link between openvpn and the internal part of the router.

if you have any idea, i will thank you :slight_smile:

2

Which device is running OpenWrt?
Which version of OpenWrt is it running?
What is the configuration of OpenVPN? uci export openvpn <- remove any sensitive data like keys or public addresses.

3

Thanks for your reply

Hostname OpenWrt
Model TP-Link TL-WR902AC v3
Architecture MediaTek MT7628AN ver:1 eco:2
Firmware Version OpenWrt 19.07.1 r10911-c155900f66 / LuCI openwrt-19.07 branch git-20.029.45734-adbbd5c 
dev tun
tls-client

remote  MyDDNS.myds.me 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2


comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass /etc/openvpn/VPNFLO.auth
<ca>
-----BEGIN CERTIFICATE-----


certificate


-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----


Certificate

-----END CERTIFICATE-----

</ca>
4

There are some deviations from the example in the documentation, but let's see the logs first.

# Restart the services, then try to reconnect
/etc/init.d/log restart; /etc/init.d/openvpn restart; sleep 10
 
# Log and status
logread -e openvpn; netstat -l -n -p | grep -e openvpn
5 
Thu Feb 27 15:05:50 2020 daemon.err openvpn(VPNFLO)[1861]: event_wait : Interrupted system call (code=4)
Thu Feb 27 15:05:50 2020 daemon.notice openvpn(VPNFLO)[1861]: SIGTERM[hard,] received, process exiting
Thu Feb 27 15:05:50 2020 daemon.notice openvpn(VPNFLO)[6020]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb 27 15:05:50 2020 daemon.notice openvpn(VPNFLO)[6020]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Feb 27 15:05:50 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:05:50 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:05:50 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:05:50 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:05:50 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:05:52 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:05:56 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:06:04 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:06:20 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:06:50 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:06:50 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS handshake failed
Thu Feb 27 15:06:50 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:06:55 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:06:55 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:06:55 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:06:55 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:06:55 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:06:57 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:07:01 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:07:09 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:07:25 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:07:55 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:07:55 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS handshake failed
Thu Feb 27 15:07:55 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:08:00 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:08:00 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:08:00 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:08:00 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:08:00 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:08:02 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:08:06 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:08:14 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:08:30 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:00 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:09:00 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS handshake failed
Thu Feb 27 15:09:00 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:09:05 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:09:05 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:05 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:09:05 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:05 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:07 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:11 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:19 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:09:36 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:05 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:10:05 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS handshake failed
Thu Feb 27 15:10:05 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:10:10 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:10:10 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:10 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:10:10 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:10 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:12 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:16 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:24 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:10:40 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:10 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:11:10 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS handshake failed
Thu Feb 27 15:11:10 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:11:20 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:11:20 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:20 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:11:20 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:20 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:23 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:28 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:36 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:11:52 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:20 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:12:20 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: TLS handshake failed
Thu Feb 27 15:12:20 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:12:40 2020 daemon.warn openvpn(VPNFLO)[6020]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:12:40 2020 daemon.notice openvpn(VPNFLO)[6020]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:40 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:12:40 2020 daemon.notice openvpn(VPNFLO)[6020]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:40 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:42 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:47 2020 daemon.err openvpn(VPNFLO)[6020]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:51 2020 daemon.err openvpn(VPNFLO)[6020]: event_wait : Interrupted system call (code=4)
Thu Feb 27 15:12:51 2020 daemon.notice openvpn(VPNFLO)[6020]: SIGTERM[hard,] received, process exiting
Thu Feb 27 15:12:55 2020 daemon.notice openvpn(VPNFLO)[6997]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb 27 15:12:55 2020 daemon.notice openvpn(VPNFLO)[6997]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Feb 27 15:12:55 2020 daemon.warn openvpn(VPNFLO)[6997]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:12:55 2020 daemon.notice openvpn(VPNFLO)[6997]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:55 2020 daemon.notice openvpn(VPNFLO)[6997]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:12:55 2020 daemon.notice openvpn(VPNFLO)[6997]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:55 2020 daemon.err openvpn(VPNFLO)[6997]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:12:57 2020 daemon.err openvpn(VPNFLO)[6997]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:13:01 2020 daemon.err openvpn(VPNFLO)[6997]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:13:06 2020 daemon.err openvpn(VPNFLO)[6997]: event_wait : Interrupted system call (code=4)
Thu Feb 27 15:13:06 2020 daemon.notice openvpn(VPNFLO)[6997]: SIGTERM[hard,] received, process exiting
Thu Feb 27 15:14:13 2020 daemon.notice openvpn(VPNFLO)[7259]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb 27 15:14:13 2020 daemon.notice openvpn(VPNFLO)[7259]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Feb 27 15:14:13 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:14:13 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:14:13 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:14:13 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:14:13 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:14:15 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:14:19 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:14:27 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:14:43 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:13 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:15:13 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:15:13 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:15:18 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:15:18 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:18 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:15:18 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:18 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:20 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:24 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:32 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:15:48 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:18 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:16:18 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:16:18 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:16:23 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:16:23 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:23 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:16:23 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:23 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:25 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:30 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:38 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:16:55 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:23 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:17:23 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:17:23 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:17:28 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:17:28 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:28 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:17:28 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:28 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:30 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:34 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:42 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:17:58 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:18:28 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:18:28 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:18:28 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:18:33 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:18:33 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:18:33 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:18:33 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:18:33 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:18:35 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:18:39 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:18:47 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:03 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:33 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:19:33 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:19:33 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:19:43 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:19:43 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:43 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:19:43 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:43 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:45 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:49 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:19:57 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:20:14 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:20:43 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:20:43 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:20:43 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:21:03 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:21:03 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:21:03 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:21:03 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:21:03 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:21:05 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:21:09 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:21:18 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:21:34 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:22:03 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:22:03 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:22:03 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 15:22:43 2020 daemon.warn openvpn(VPNFLO)[7259]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 15:22:43 2020 daemon.notice openvpn(VPNFLO)[7259]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:22:43 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link local (bound): [AF_INET][undef]:1194
Thu Feb 27 15:22:43 2020 daemon.notice openvpn(VPNFLO)[7259]: UDP link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 15:22:43 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:22:45 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:22:49 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:22:57 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:23:13 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: client->client or server->server connection attempted from [AF_INET]94.107.3.248:1194
Thu Feb 27 15:23:44 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 15:23:44 2020 daemon.err openvpn(VPNFLO)[7259]: TLS Error: TLS handshake failed
Thu Feb 27 15:23:44 2020 daemon.notice openvpn(VPNFLO)[7259]: SIGUSR1[soft,tls-error] received, process restarting
6

Quite a lot of errors, your config is not correct.
What is the other side of the tunnel? Some VPN provider?

7

I use Vpn Server App from Synology Nas with UPNP port through my Unifi Security Gateway 3P

The tunnel work well on my iPhone using the OVPN Files from the syno app in the iOs Open VPN app

8

already added

remote-cert-tls server
9

I suppose the you connect from the internet in both cases of OpenWrt and Iphone.
Since I am not familiar with the vpn server app of synology, does it produce some .ovpn for you to import?
How did you import it? Using the wizard in Luci or some other way?
The only thing I could find regarding this error was that a reboot was needed. Have you already tried rebooting OpenWrt?

10

It produce the ovpn file indeed, and this is exactly what we can see in the uci export you've asked first

I already reboot OpenWrt without success

11

i changed few settings from open vpn and reimport the files

i put Tcp instead of udp
reduce the strengh of cypher and authenticate

now tun appear, Openvpn server see the link

For now i could reach internet but i couldn't reach the remote lan network, what's next step?

Thu Feb 27 17:03:25 2020 daemon.notice openvpn(VPNFLO)[1867]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb 27 17:03:25 2020 daemon.notice openvpn(VPNFLO)[1867]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Feb 27 17:03:25 2020 daemon.warn openvpn(VPNFLO)[1867]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 27 17:03:25 2020 daemon.notice openvpn(VPNFLO)[1867]: TCP/UDP: Preserving recently used remote address: [AF_INET]94.107.3.248:1194
Thu Feb 27 17:03:25 2020 daemon.notice openvpn(VPNFLO)[1867]: Attempting to establish TCP connection with [AF_INET]94.107.3.248:1194 [nonblock]
Thu Feb 27 17:03:26 2020 daemon.notice openvpn(VPNFLO)[1867]: TCP connection established with [AF_INET]94.107.3.248:1194
Thu Feb 27 17:03:26 2020 daemon.notice openvpn(VPNFLO)[1867]: TCP_CLIENT link local: (not bound)
Thu Feb 27 17:03:26 2020 daemon.notice openvpn(VPNFLO)[1867]: TCP_CLIENT link remote: [AF_INET]94.107.3.248:1194
Thu Feb 27 17:03:26 2020 daemon.warn openvpn(VPNFLO)[1867]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Feb 27 17:03:31 2020 daemon.notice openvpn(VPNFLO)[1867]: [declercqflorian.myds.me] Peer Connection Initiated with [AF_INET]94.107.3.248:1194
Thu Feb 27 17:03:32 2020 daemon.notice netifd: Interface 'VPNFLO' is enabled
Thu Feb 27 17:03:32 2020 daemon.notice netifd: Network device 'tun0' link is up
Thu Feb 27 17:03:32 2020 daemon.notice netifd: Interface 'VPNFLO' has link connectivity
Thu Feb 27 17:03:32 2020 daemon.notice netifd: Interface 'VPNFLO' is setting up now
Thu Feb 27 17:03:32 2020 daemon.notice openvpn(VPNFLO)[1867]: TUN/TAP device tun0 opened
Thu Feb 27 17:03:32 2020 daemon.notice netifd: Interface 'VPNFLO' is now up
Thu Feb 27 17:03:32 2020 daemon.notice openvpn(VPNFLO)[1867]: /sbin/ifconfig tun0 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Thu Feb 27 17:03:32 2020 daemon.notice openvpn(VPNFLO)[1867]: Initialization Sequence Completed
Thu Feb 27 17:03:32 2020 user.notice firewall: Reloading firewall due to ifup of VPNFLO (tun0)
12

Now the OpenVPN is established.

Since you have redirect-gateway def1 defined to the client all traffic will be routed through the server. So it is up to the server side configuration (not necessarily the OpenVPN server) to allow/route the packets coming from the VPN towards the LAN as well.

13

I can acces to the local through the iPhone, i can reach the Nas using his local IP
this is just something with routing in openwrt maybe, should I look at the interface, firewall ?

14

You can paste here the output of ip -4 addr; ip -4 ru; ip -4 ro ls ta all to check if there is something wrong with routing in OpenWrt.

15 
BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.1, r10911-c155900f66
 -----------------------------------------------------
root@MiniFlo:~# ip -4 addr; ip -4 ru; ip -4 ro ls ta all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.176/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
10: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    inet 192.168.3.6 peer 192.168.3.5/32 scope global tun0
       valid_lft forever preferred_lft forever
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
0.0.0.0/1 via 192.168.3.5 dev tun0
default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.176
94.107.3.248 via 192.168.1.1 dev eth0.2
128.0.0.0/1 via 192.168.3.5 dev tun0
192.168.1.0/24 via 192.168.3.5 dev tun0
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.176
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
192.168.3.0/24 via 192.168.3.5 dev tun0
192.168.3.1 via 192.168.3.5 dev tun0
192.168.3.5 dev tun0 proto kernel scope link src 192.168.3.6
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth0.2 table local proto kernel scope link src 192.168.1.176
local 192.168.1.176 dev eth0.2 table local proto kernel scope host src 192.168.1.176
broadcast 192.168.1.255 dev eth0.2 table local proto kernel scope link src 192.168.1.176
broadcast 192.168.2.0 dev br-lan table local proto kernel scope link src 192.168.2.1
local 192.168.2.1 dev br-lan table local proto kernel scope host src 192.168.2.1
broadcast 192.168.2.255 dev br-lan table local proto kernel scope link src 192.168.2.1
local 192.168.3.6 dev tun0 table local proto kernel scope host src 192.168.3.6
root@MiniFlo:~# ^C
root@MiniFlo:~#
16

I think your problem is that both the wan of OpenWrt and the lan of Synology use 192.168.1.0/24
Am I right? If yes, you'll have to change one of them.

17

no, I separated my 3rd dot for each level of my network

0 for ISP Router to my Lan Gateway Fix IP DMZ
1 For my Home Lan DHCP
2 For the Travel Router Lan DHCP
3 For the VPN DHCP

18

Then you should not connect from the home LAN because there is conflict:

192.168.1.0/24 via 192.168.3.5 dev tun0
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.176

Try to connect from the internet.

19

I got some info from syno part, that the VPN center is not made for smb sharing. However I connected my travel through my 4g and reached my network, I reached the n’as using the Nas Ip from Vpn instead of local lan, so 192.168.3.1 worked instead of 192.168.1.99 I also connected to the isp moden using it’s own Ip as good. I just couldn’t reach the nas in windows discovery mode.
I have to dig into tap mode instead of tun, something about bridge mode. Maybe L2TP would do the trick directly from my ubiquiti gateway but I heard it’s not secure enough

20

If you add IPSEC it's not insecure.
I guess that your problem is more or less solved right?