I've got 2 routers where one is a Linksys WRT1200AC running the latest LEDE Firmware and connects to internet via PPPoE and the other is a TP-Link TL-WR740N. I'm planning to use the TP-Link for VPN connection but tethered to the Linksys.
Can someone provide a sort of step-by-step guide to configure the wrt12001c lede in order to accept the tl-wr740n tethering?
Does the tl-wr740n requires running DHCP?
Thank you in advance.
I'm not sure exactly what you intend to do. Running a VPN client on the WR740, though possible, is not the best plan due to its small flash and RAM and low-end CPU. A device like the WR740 is best used as a wifi access point, simple bridging or basic routing.
You can run a VPN client on the WRT1200 and link it to users of the WR740 with a VLAN or GRE tunnel. Will the connection between the two routers be wired or wireless?
I'm really a newbie to OpenWRT/LEDE. I've tried to setup the OpenVPN Client on the WRT1200AC as per the guide provided on https://lede-project.org/docs/user-guide/openvpn.client and I never got it running. On the very same page there is a reference to another setup page https://github.com/StreisandEffect/streisand/wiki/Setting-an-OpenWrt-Based-Router-as-OpenVPN-Client with far more steps and it makes me wonder whether should I stick to the LEDE or try the OpenWRT documentation. I couldn't take off.
Then I thought maybe I could try to tether my under-powered WR740 to get the VPN going...
I get @mk24 shock on my intention but the bottom line is to get OpenVPN Client properly running on my WRT1200AC
You can use an OpenWrt guide (for recent versions) with LEDE. I don't think there is anything different about OpenVPN between them.
For VPN, mk24 is correct. use your most powerful device and it should be on your primary router for ease of configuration.
When you say "tether" I think you mean connecting your 740 via Ethernet Cable. You may want to see the OpenWrt "Dumb AP" wiki.
You also do not state in you want a server or a client, but most want a client and use a service.
There are basically 2 ways to configure OpenVpn. One puts the config in the \etc\config\openvpn file and the other puts and opvn file in the \etc\openvpn folder. If you get a file from a service provider then the later is generally easier to use with the preconfigured vendor file. You need to find the correct wiki and there are number of different ones on the OpenWrt site.
Also if you need to generate your own keys, you can do this on the router, but you can more easily do this on a PC with the RSA tools available from the OpenVPN site (it has links to the tools). FYI, you do not need to use your real email address in the RSA cert config tools. If you do it shows in the OpenVPN logs. Not sure it serves any other real purpose.
I've followed both @mk24 and @RangerZ suggestions. I did setup the VPN on the WRT1200AC router.
When going to Services > OpenVPN, I've checked Enabled and Started the service.
Apparently the VPN shows running but I don't get the VPN IP and the System Log indicate
"TLS Error: TLS handshake failed" .
What am I missing?
Below is the sample of the log:
Tue Nov 14 03:14:15 2017 daemon.warn openvpn(ExpressVPN)[3873]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Tue Nov 14 03:14:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.237.86.9:1195
Tue Nov 14 03:14:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Tue Nov 14 03:14:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: UDP link local: (not bound)
Tue Nov 14 03:14:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: UDP link remote: [AF_INET]104.237.86.9:1195
Tue Nov 14 03:14:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: TLS: Initial packet from [AF_INET]104.237.86.9:1195, sid=7d0d25b1 a78497cf
Tue Nov 14 03:14:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Tue Nov 14 03:14:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: VERIFY OK: nsCertType=SERVER
Tue Nov 14 03:14:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-384-2a, emailAddress=support@expressvpn.com
Tue Nov 14 03:15:15 2017 daemon.err openvpn(ExpressVPN)[3873]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 14 03:15:15 2017 daemon.err openvpn(ExpressVPN)[3873]: TLS Error: TLS handshake failed
Tue Nov 14 03:15:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: SIGUSR1[soft,tls-error] received, process restarting
Tue Nov 14 03:15:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: Restart pause, 300 second(s)
Tue Nov 14 03:20:15 2017 daemon.warn openvpn(ExpressVPN)[3873]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Tue Nov 14 03:20:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: TCP/UDP: Preserving recently used remote address: [AF_INET]181.214.154.244:1195
Tue Nov 14 03:20:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Tue Nov 14 03:20:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: UDP link local: (not bound)
Tue Nov 14 03:20:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: UDP link remote: [AF_INET]181.214.154.244:1195
Tue Nov 14 03:20:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: TLS: Initial packet from [AF_INET]181.214.154.244:1195, sid=8676ed55 9025d04c
Tue Nov 14 03:20:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Tue Nov 14 03:20:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: VERIFY OK: nsCertType=SERVER
Tue Nov 14 03:20:16 2017 daemon.notice openvpn(ExpressVPN)[3873]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2861-0a, emailAddress=support@expressvpn.com
Tue Nov 14 03:21:15 2017 daemon.err openvpn(ExpressVPN)[3873]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 14 03:21:15 2017 daemon.err openvpn(ExpressVPN)[3873]: TLS Error: TLS handshake failed
Tue Nov 14 03:21:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: SIGUSR1[soft,tls-error] received, process restarting
Tue Nov 14 03:21:15 2017 daemon.notice openvpn(ExpressVPN)[3873]: Restart pause, 300 second(s)I've reached out the ExpressVPN support and I was told to pay close attention to:
Port: 1195
Additional Config:
persist-key
persist-tun
fragment 1300
mssfix 1450
keysize 256
TLS Auth Key
CA Cert
Public Client Cert
Private Client Key
However, the youtube video provided is for DD-WRT configuration (not LEDE). How can I best add above settings on LEDE?
I've tried the uci set openvpn... with the uci commit openvpn but for some reason this information is not saved.
Thanks
I us WINSCP (Windows) to edit all my config files on the router (as well as back up the files locally) and believe there is similar tools for Linux. I see no point to UCI when there are good editors available..
I don't know that much about VPN, but it looks like a problem with the TLS auth or static key. A packet is received from their server but TLS is unable to process it.
Finally I did configure and run the VPN Client with no errors.
For same reason Only the router connects to the internet via VPN (no client connects). I suspect the firewall configuration is the culprit here. Being a newbie to LEDE I’m still trying to find my way out.
Any suggestion is welcome.
Thank you.