[Solved] Softether OpenVpn Connection Not Working

ahmar16 · October 21, 2018, 7:49am

I am running latest 18.06.1 Openwrt and wanted to configure Vpn on my router so I went to Wiki and configured the configs as mentioned there along with the ovpn file from vpngate.net. But the connection is not working.
System log shows the following entries:

Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: library versions: OpenSSL 1.0.2p  14 Aug 2018, LZO 2.10
Sun Oct 21 12:38:14 2018 daemon.warn openvpn(vpnclient)[1163]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: calc_options_string_link_mtu: link-mtu 1621 -> 1557
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: calc_options_string_link_mtu: link-mtu 1621 -> 1557
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.242.4.94:1194
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP link local: (not bound)
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP link remote: [AF_INET]185.242.4.94:1194
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [14] to [AF_INET]185.242.4.94:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [26] from [AF_INET]185.242.4.94:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: TLS: Initial packet from [AF_INET]185.242.4.94:1194, sid=fded2814 51bd0c0e
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [22] to [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 0 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [178] to [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=164
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [1226] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=1200
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [22] to [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 1 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [1214] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=1200
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [22] to [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 2 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [1214] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=1200
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [22] to [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 3 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [1214] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=1200
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [22] to [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 4 ]
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [1168] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=1154
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Sun Oct 21 12:38:14 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [152] to [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ 5 ] pid=2 DATA len=126
Sun Oct 21 12:38:15 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [77] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ 2 ] pid=6 DATA len=51
Sun Oct 21 12:38:15 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [420] to [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ 6 ] pid=3 DATA len=394
Sun Oct 21 12:38:15 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [252] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ 3 ] pid=7 DATA len=226
Sun Oct 21 12:38:15 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [22] to [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 7 ]
Sun Oct 21 12:38:15 2018 daemon.notice openvpn(vpnclient)[1163]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 21 12:38:15 2018 daemon.notice openvpn(vpnclient)[1163]: [*.opengw.net] Peer Connection Initiated with [AF_INET]185.242.4.94:1194
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: UDP WRITE [56] to [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=42
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [22] from [AF_INET]185.242.4.94:1194: P_ACK_V1 kid=0 [ 4 ]
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: UDP READ [55] from [AF_INET]185.242.4.94:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=41
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: AUTH: Received control message: AUTH_FAILED
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: TCP/UDP: Closing socket
Sun Oct 21 12:38:16 2018 daemon.notice openvpn(vpnclient)[1163]: SIGTERM[soft,auth-failure] received, process exiting

The relevant configs are:
Network:

config interface 'vpnclient'
    option ifname 'tun0'
    option proto 'none'
    option delegate '0'

Firewall:

config zone
    option name 'vpnclient'
    list network 'vpnclient'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config forwarding
    option src 'lan'
    option dest 'vpnclient'

OpenVPN:

config openvpn 'vpnclient'
    option enabled '1'
    option config '/etc/openvpn/vpnclient.ovpn'
    option verb '7'

Furthermore, in LuCI->Interfaces the VPNCLIENT shows error that Network device is not present. Please help me fix my VPN connection. Thanks

vgaetera · October 21, 2018, 8:21am

Probably you are missing path to username/password-file:

cat << "EOF" >> /etc/openvpn/vpnclient.ovpn
auth-user-pass /etc/openvpn/vpnclient.auth
EOF
cat << "EOF" > /etc/openvpn/vpnclient.auth
YOUR_VPN_USER_NAME
YOUR_VPN_PASSWORD
EOF
chmod 600 /etc/openvpn/vpnclient.auth

ahmar16 · October 21, 2018, 8:58am

vpnclient.ovpn file:

dev tun
proto udp
remote 185.242.4.94
port 1194
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 7
auth-user-pass /etc/openvpn/vpnclient.auth
auth-nocache

I have also stumbled upon another info from the system log.
Sun Oct 21 13:26:04 2018 daemon.notice openvpn(vpnclient)[6056]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

Sun Oct 21 13:26:04 2018 daemon.notice openvpn(vpnclient)[6056]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'

vgaetera · October 21, 2018, 9:19am

It should also contain certificates and keys:

...

<ca>
...
</ca>

<cert>
...
</cert>

<key>
...
</key>

That message is OK.

ahmar16 · October 21, 2018, 9:22am

Yes it does contain those keys. I just did not include those. But I am able to connect now. As it turns out the server was not accepting the connection. I changed the server and I was able to connect. Thank you.

tmomas · October 21, 2018, 12:16pm

If your problem is solved, please consider marking this topic as [Solved]. (Click the pencil behind the topic...)

system · October 31, 2018, 11:03pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.