[Solved]Install OpenVPN client on OpenWrt not successful

itakeblue · January 5, 2019, 4:29pm

Hello all,

About title, I follow https://openwrt.org/docs/guide-user/services/vpn/openvpn/client as instrction, on lede-17.01.6, all Packages & Dependencies were updated and installed, and step by step follow the guide, but finally, the VPN connection does not running as expect.

below is the content of .ovpn of mine, is this using unstandard format then cause the problem?

OpenVPN profile based on NiNJA architecture.

auth-user-pass
client
comp-lzo
dev tun
keepalive 10 60
key-direction 1
nobind
ns-cert-type server
proto tcp-client
persist-key
remote simple.vpn_server_provider.com
setenv CLIENT_CERT 0
verb 1

-----BEGIN CERTIFICATE-----
AIIEITCCA4qgAwIBAgIJAKzLTi2Yyu1vMA0GCSqGSIb3DQEBCwUAMIG8MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEjAQ
BgNVBAoTCUZsaXB3YWxsczEoMCYGA1UECxMfRmxpcHdhbGxzIENlcnRpZmljYXRl
...
Af8wDQYJKoZIhvcNAQELBQADgYEAEAJGxf2cA+s9Q5oiHY15dsczYW4DBCFCAmO1
ulO6nY63xPYPfDwqiHUI5T8CpQO333qplDovP1QWG/0rjC0Q6PCuUDJ80CJ3SdrB
v6XuI53QMxB8D2ikrL9vxSoMr3hGtsOcUXPjWOBl0sKk6g+9pqJ8tLSe/XGegaT/
SjPvVH0=
-----END CERTIFICATE-----

-----BEGIN OpenVPN Static key V1-----
b0561f66582ed53e76f22bbb99f92816
9e40419245d545399217d3792c8084ad
...
e556bb292cbee536bbe5418e8c7ddf31
53911a6106121107693cff5785783cd4
-----END OpenVPN Static key V1-----

any help is welcome, thank you.

mk24 · January 5, 2019, 4:51pm

Use logread to examine the log file and see what is failing.

user-pass authorization requires you to create a file with the username and password in it, then reference that file:

auth-user-pass /etc/openvpn/userpass.txt

and the userpass.txt file is simply the username on the first line and the password on the second line.

user123
mypassword

itakeblue · January 6, 2019, 3:41am

thank you for your reply, about the part of userpass.txt, i understood and on the guide https://openwrt.org/docs/guide-user/services/vpn/openvpn/client , there is already a step about this:

cat << "EOF" > /etc/openvpn/vpnclient.auth && chmod 600 /etc/openvpn/vpnclient.auth
YOUR_VPN_USER_NAME
YOUR_VPN_PASSWORD
EOF

if seems to create a file which named vpnclient.auth include username and password as your mean.

and below is logread -e openvpn:

Sun Jan  6 02:56:05 2019 daemon.err openvpn(vpnclient)[2333]: Options error: In [CMD-LINE]:1: Error opening configuration file: openvpn-vpnclient.conf
Sun Jan  6 02:56:05 2019 daemon.warn openvpn(vpnclient)[2333]: Use --help for more information.
Sun Jan  6 02:56:09 2019 daemon.notice openvpn(vpnclient)[2354]: OpenVPN 2.4.4 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Jan  6 02:56:09 2019 daemon.notice openvpn(vpnclient)[2354]: library versions: OpenSSL 1.0.2p  14 Aug 2018, LZO 2.10
Sun Jan  6 02:56:09 2019 daemon.warn openvpn(vpnclient)[2354]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Jan  6 02:56:09 2019 daemon.notice openvpn(vpnclient)[2354]: TCP/UDP: Preserving recently used remote address: [AF_INET]139.159.241.197:1194
Sun Jan  6 02:56:09 2019 daemon.notice openvpn(vpnclient)[2354]: Attempting to establish TCP connection with [AF_INET]139.159.241.197:1194 [nonblock]
Sun Jan  6 02:56:10 2019 daemon.notice openvpn(vpnclient)[2354]: TCP connection established with [AF_INET]139.159.241.197:1194
Sun Jan  6 02:56:10 2019 daemon.notice openvpn(vpnclient)[2354]: TCP_CLIENT link local: (not bound)
Sun Jan  6 02:56:10 2019 daemon.notice openvpn(vpnclient)[2354]: TCP_CLIENT link remote: [AF_INET]139.159.241.197:1194
Sun Jan  6 02:56:10 2019 daemon.notice openvpn(vpnclient)[2354]: [ca.flipwalls.com] Peer Connection Initiated with [AF_INET]139.159.241.197:1194
Sun Jan  6 02:56:11 2019 daemon.notice openvpn(vpnclient)[2354]: TUN/TAP device tun0 opened
Sun Jan  6 02:56:12 2019 daemon.notice openvpn(vpnclient)[2354]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Jan  6 02:56:12 2019 daemon.notice openvpn(vpnclient)[2354]: /sbin/ifconfig tun0 172.31.187.5 netmask 255.255.255.0 mtu 1500 broadcast 172.31.187.255
Sun Jan  6 02:56:12 2019 daemon.notice openvpn(vpnclient)[2354]: Initialization Sequence Completed

everything looks fine but first line Error opening configuration file: openvpn-vpnclient.conf, i don't know why system wanna load this file, there is no any time to referred this file on officical guide.

thank you.

itakeblue · January 6, 2019, 3:48am

i rebooted rounter and logread -e openvpn again, the error disappeared, now the vpn connection looks running, thank you again.

tmomas · January 6, 2019, 6:00pm

@itakeblue If your problem is solved, please consider marking this topic as [Solved]. (Click the pencil behind the topic...)

system · January 16, 2019, 6:00pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.