Unable to run OpenVPN on a TP-LINK Archer C7 v2 Router

bill888 · February 4, 2020, 3:38am

fwiw, the log seems to state it is not happy with the 'keysize' parameter.

Have you tried deleting it from the uploaded ovpn config ?

keysize 256

Quick google search indicates 'keysize' was deprecated starting from openvpn 2.4. (Is the .ovpn file provided by ExpressVPN 'up to date' ?)

Unless the following two scripts exist on your router, I would perhaps also remove the lines suggested to be added by the windscribe link:

up "/etc/openvpn/updns"
down "/etc/openvpn/downdns"

(DNS settings can be defined in the LAN interface)

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci

ulmwind · February 4, 2020, 7:32am

The answer is in your log. Comment it.

b.bo · February 5, 2020, 6:25pm

Thanks guys for your answers.

Commenting the line didn't do the trick.

It seems that there is a lot more configuration to do according to other links (creating a VPN interface, forwarding traffic, setting up the firewall etc...

I'll try to gather more info and get this done.

Thanks anyway

ulmwind · February 5, 2020, 6:56pm

Please, provide log of openvpn:
logread -e openvpn
Yes, it is first step, we'll do others.

b.bo · February 5, 2020, 8:14pm

It's very kind of you trying to help, much appreciated.

here is the result of the command logread -e openvpn :

root@OpenWrt:~# logread -e openvpn
Wed Feb  5 20:08:55 2020 daemon.err openvpn(ExpressVPN)[2804]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:08:55 2020 daemon.notice openvpn(ExpressVPN)[2804]: Exiting due to fatal error
Wed Feb  5 20:09:00 2020 daemon.notice openvpn(ExpressVPN)[2805]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:00 2020 daemon.notice openvpn(ExpressVPN)[2805]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:00 2020 daemon.err openvpn(ExpressVPN)[2805]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:00 2020 daemon.notice openvpn(ExpressVPN)[2805]: Exiting due to fatal error
Wed Feb  5 20:09:05 2020 daemon.notice openvpn(ExpressVPN)[2806]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:05 2020 daemon.notice openvpn(ExpressVPN)[2806]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:05 2020 daemon.err openvpn(ExpressVPN)[2806]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:05 2020 daemon.notice openvpn(ExpressVPN)[2806]: Exiting due to fatal error
Wed Feb  5 20:09:10 2020 daemon.notice openvpn(ExpressVPN)[2807]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:10 2020 daemon.notice openvpn(ExpressVPN)[2807]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:10 2020 daemon.err openvpn(ExpressVPN)[2807]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:10 2020 daemon.notice openvpn(ExpressVPN)[2807]: Exiting due to fatal error
Wed Feb  5 20:09:15 2020 daemon.notice openvpn(ExpressVPN)[2808]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:15 2020 daemon.notice openvpn(ExpressVPN)[2808]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:15 2020 daemon.err openvpn(ExpressVPN)[2808]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:15 2020 daemon.notice openvpn(ExpressVPN)[2808]: Exiting due to fatal error
Wed Feb  5 20:09:21 2020 daemon.notice openvpn(ExpressVPN)[2809]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:21 2020 daemon.notice openvpn(ExpressVPN)[2809]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:21 2020 daemon.err openvpn(ExpressVPN)[2809]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:21 2020 daemon.notice openvpn(ExpressVPN)[2809]: Exiting due to fatal error
Wed Feb  5 20:09:26 2020 daemon.notice openvpn(ExpressVPN)[2810]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:26 2020 daemon.notice openvpn(ExpressVPN)[2810]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:26 2020 daemon.err openvpn(ExpressVPN)[2810]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:26 2020 daemon.notice openvpn(ExpressVPN)[2810]: Exiting due to fatal error
Wed Feb  5 20:09:31 2020 daemon.notice openvpn(ExpressVPN)[2811]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:31 2020 daemon.notice openvpn(ExpressVPN)[2811]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:31 2020 daemon.err openvpn(ExpressVPN)[2811]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:31 2020 daemon.notice openvpn(ExpressVPN)[2811]: Exiting due to fatal error
Wed Feb  5 20:09:36 2020 daemon.notice openvpn(ExpressVPN)[2812]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:36 2020 daemon.notice openvpn(ExpressVPN)[2812]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:36 2020 daemon.err openvpn(ExpressVPN)[2812]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:36 2020 daemon.notice openvpn(ExpressVPN)[2812]: Exiting due to fatal error
Wed Feb  5 20:09:41 2020 daemon.notice openvpn(ExpressVPN)[2813]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:41 2020 daemon.notice openvpn(ExpressVPN)[2813]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:41 2020 daemon.err openvpn(ExpressVPN)[2813]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:41 2020 daemon.notice openvpn(ExpressVPN)[2813]: Exiting due to fatal error
Wed Feb  5 20:09:46 2020 daemon.notice openvpn(ExpressVPN)[2814]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:46 2020 daemon.notice openvpn(ExpressVPN)[2814]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:46 2020 daemon.err openvpn(ExpressVPN)[2814]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:46 2020 daemon.notice openvpn(ExpressVPN)[2814]: Exiting due to fatal error
Wed Feb  5 20:09:51 2020 daemon.notice openvpn(ExpressVPN)[2815]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:51 2020 daemon.notice openvpn(ExpressVPN)[2815]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:51 2020 daemon.err openvpn(ExpressVPN)[2815]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:51 2020 daemon.notice openvpn(ExpressVPN)[2815]: Exiting due to fatal error
Wed Feb  5 20:09:56 2020 daemon.notice openvpn(ExpressVPN)[2816]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:09:56 2020 daemon.notice openvpn(ExpressVPN)[2816]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:09:56 2020 daemon.err openvpn(ExpressVPN)[2816]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:09:56 2020 daemon.notice openvpn(ExpressVPN)[2816]: Exiting due to fatal error
Wed Feb  5 20:10:01 2020 daemon.notice openvpn(ExpressVPN)[2817]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:01 2020 daemon.notice openvpn(ExpressVPN)[2817]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:01 2020 daemon.err openvpn(ExpressVPN)[2817]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:01 2020 daemon.notice openvpn(ExpressVPN)[2817]: Exiting due to fatal error
Wed Feb  5 20:10:06 2020 daemon.notice openvpn(ExpressVPN)[2818]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:06 2020 daemon.notice openvpn(ExpressVPN)[2818]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:06 2020 daemon.err openvpn(ExpressVPN)[2818]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:06 2020 daemon.notice openvpn(ExpressVPN)[2818]: Exiting due to fatal error
Wed Feb  5 20:10:11 2020 daemon.notice openvpn(ExpressVPN)[2820]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:11 2020 daemon.notice openvpn(ExpressVPN)[2820]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:11 2020 daemon.err openvpn(ExpressVPN)[2820]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:11 2020 daemon.notice openvpn(ExpressVPN)[2820]: Exiting due to fatal error
Wed Feb  5 20:10:16 2020 daemon.notice openvpn(ExpressVPN)[2821]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:16 2020 daemon.notice openvpn(ExpressVPN)[2821]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:16 2020 daemon.err openvpn(ExpressVPN)[2821]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:16 2020 daemon.notice openvpn(ExpressVPN)[2821]: Exiting due to fatal error
Wed Feb  5 20:10:21 2020 daemon.notice openvpn(ExpressVPN)[2822]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:21 2020 daemon.notice openvpn(ExpressVPN)[2822]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:21 2020 daemon.err openvpn(ExpressVPN)[2822]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:21 2020 daemon.notice openvpn(ExpressVPN)[2822]: Exiting due to fatal error
Wed Feb  5 20:10:26 2020 daemon.notice openvpn(ExpressVPN)[2823]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:26 2020 daemon.notice openvpn(ExpressVPN)[2823]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:26 2020 daemon.err openvpn(ExpressVPN)[2823]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:26 2020 daemon.notice openvpn(ExpressVPN)[2823]: Exiting due to fatal error
Wed Feb  5 20:10:31 2020 daemon.notice openvpn(ExpressVPN)[2824]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:31 2020 daemon.notice openvpn(ExpressVPN)[2824]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:31 2020 daemon.err openvpn(ExpressVPN)[2824]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:31 2020 daemon.notice openvpn(ExpressVPN)[2824]: Exiting due to fatal error
Wed Feb  5 20:10:36 2020 daemon.notice openvpn(ExpressVPN)[2825]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:36 2020 daemon.notice openvpn(ExpressVPN)[2825]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:36 2020 daemon.err openvpn(ExpressVPN)[2825]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:36 2020 daemon.notice openvpn(ExpressVPN)[2825]: Exiting due to fatal error
Wed Feb  5 20:10:41 2020 daemon.notice openvpn(ExpressVPN)[2826]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:41 2020 daemon.notice openvpn(ExpressVPN)[2826]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:41 2020 daemon.err openvpn(ExpressVPN)[2826]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:41 2020 daemon.notice openvpn(ExpressVPN)[2826]: Exiting due to fatal error
Wed Feb  5 20:10:46 2020 daemon.notice openvpn(ExpressVPN)[2827]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:46 2020 daemon.notice openvpn(ExpressVPN)[2827]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:46 2020 daemon.err openvpn(ExpressVPN)[2827]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:46 2020 daemon.notice openvpn(ExpressVPN)[2827]: Exiting due to fatal error
Wed Feb  5 20:10:51 2020 daemon.notice openvpn(ExpressVPN)[2828]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:51 2020 daemon.notice openvpn(ExpressVPN)[2828]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:51 2020 daemon.err openvpn(ExpressVPN)[2828]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:51 2020 daemon.notice openvpn(ExpressVPN)[2828]: Exiting due to fatal error
Wed Feb  5 20:10:56 2020 daemon.notice openvpn(ExpressVPN)[2829]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:10:56 2020 daemon.notice openvpn(ExpressVPN)[2829]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:10:56 2020 daemon.err openvpn(ExpressVPN)[2829]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:10:56 2020 daemon.notice openvpn(ExpressVPN)[2829]: Exiting due to fatal error
Wed Feb  5 20:11:01 2020 daemon.notice openvpn(ExpressVPN)[2830]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:11:01 2020 daemon.notice openvpn(ExpressVPN)[2830]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:11:01 2020 daemon.err openvpn(ExpressVPN)[2830]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:11:01 2020 daemon.notice openvpn(ExpressVPN)[2830]: Exiting due to fatal error
Wed Feb  5 20:11:06 2020 daemon.notice openvpn(ExpressVPN)[2831]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:11:06 2020 daemon.notice openvpn(ExpressVPN)[2831]: library versions: mbed TLS 2.16.3, LZO 2.10
Wed Feb  5 20:11:06 2020 daemon.err openvpn(ExpressVPN)[2831]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Feb  5 20:11:06 2020 daemon.notice openvpn(ExpressVPN)[2831]: Exiting due to fatal error
root@OpenWrt:~#

anomeome · February 5, 2020, 8:16pm

this

ulmwind · February 5, 2020, 8:33pm

You should create the file /etc/openvpn/ExpressVPN.auth with your credentials, login on first string, and password on the second, according to your config:

auth-user-pass /etc/openvpn/ExpressVPN.auth

Could you stop openvpn service (/etc/init.d/openvpn stop), and start it manually in console:

cd /etc/openvpn
openvpn ExpressVPN.ovpn

?

b.bo · February 5, 2020, 9:29pm

About the crendentials file, I did exactly as here :
https://ryanrudolfoba.com/blog/2019-07-26-windscribe-vpn-on-openwrt-wdr3600/

So I do have the login in password as required, see very first post above.

Here is the result a

root@OpenWrt:/etc/openvpn# openvpn ExpressVPN.ovpn
Wed Feb  5 20:52:47 2020 OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [                                           LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 20:52:47 2020 library versions: mbed TLS 2.16.3, LZO 2.10
Enter Auth Username:4icip5kztcc252s5jow8hssb
Enter Auth Password:
Wed Feb  5 21:02:10 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb  5 21:02:10 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Feb  5 21:02:10 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb  5 21:02:10 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb  5 21:02:10 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.104.185.242:1195
Wed Feb  5 21:02:10 2020 Socket Buffers: R=[163840->327680] S=[163840->327680]
Wed Feb  5 21:02:10 2020 UDP link local: (not bound)
Wed Feb  5 21:02:10 2020 UDP link remote: [AF_INET]185.104.185.242:1195
Wed Feb  5 21:02:10 2020 TLS: Initial packet from [AF_INET]185.104.185.242:1195, sid=d129f327 c39d0ccb
Wed Feb  5 21:02:10 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb  5 21:02:10 2020 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Wed Feb  5 21:02:10 2020 VERIFY OK: nsCertType=SERVER
Wed Feb  5 21:02:10 2020 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2778-1a, emailAddress=support@expressvpn.com
Wed Feb  5 21:02:10 2020 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2778-1a, emailAddress=support@expressvpn.com
Wed Feb  5 21:02:11 2020 Control Channel: TLSv1.2, cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 2048 bit key
Wed Feb  5 21:02:11 2020 [Server-2778-1a] Peer Connection Initiated with [AF_INET]185.104.185.242:1195
Wed Feb  5 21:02:12 2020 SENT CONTROL [Server-2778-1a]: 'PUSH_REQUEST' (status=1)
Wed Feb  5 21:02:12 2020 AUTH: Received control message: AUTH_FAILED
Wed Feb  5 21:02:12 2020 SIGTERM[soft,auth-failure] received, process exiting
root@OpenWrt:/etc/openvpn# openvpn ExpressVPN.ovpn
Wed Feb  5 21:02:26 2020 OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb  5 21:02:26 2020 library versions: mbed TLS 2.16.3, LZO 2.10
Enter Auth Username:4icipdfsdf5643dfdssb
Enter Auth Password:
Wed Feb  5 21:02:48 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Feb  5 21:02:48 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Feb  5 21:02:48 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb  5 21:02:48 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb  5 21:02:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.158.69:1195
Wed Feb  5 21:02:48 2020 Socket Buffers: R=[163840->327680] S=[163840->327680]
Wed Feb  5 21:02:48 2020 UDP link local: (not bound)
Wed Feb  5 21:02:48 2020 UDP link remote: [AF_INET]37.120.158.69:1195
Wed Feb  5 21:02:48 2020 TLS: Initial packet from [AF_INET]37.120.158.69:1195, sid=66427459 e112d478
Wed Feb  5 21:02:48 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb  5 21:02:48 2020 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Wed Feb  5 21:02:48 2020 VERIFY OK: nsCertType=SERVER
Wed Feb  5 21:02:48 2020 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-5148-0a, emailAddress=support@expressvpn.com
Wed Feb  5 21:02:48 2020 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-5148-0a, emailAddress=support@expressvpn.com
Wed Feb  5 21:02:49 2020 Control Channel: TLSv1.2, cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 2048 bit key
Wed Feb  5 21:02:49 2020 [Server-5148-0a] Peer Connection Initiated with [AF_INET]37.120.158.69:1195
Wed Feb  5 21:02:50 2020 SENT CONTROL [Server-5148-0a]: 'PUSH_REQUEST' (status=1)
Wed Feb  5 21:02:50 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.145.0.1,comp-lzo no,route 10.145.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.145.0.66 10.145.0.65,peer-id 0,cipher AES-256-GCM'
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: compression parms modified
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: route options modified
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: peer-id set
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: adjusting link_mtu to 1629
Wed Feb  5 21:02:50 2020 OPTIONS IMPORT: data channel crypto options modified
Wed Feb  5 21:02:50 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Feb  5 21:02:50 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb  5 21:02:50 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Feb  5 21:02:50 2020 TUN/TAP device tun0 opened
Wed Feb  5 21:02:50 2020 TUN/TAP TX queue length set to 100
Wed Feb  5 21:02:50 2020 /sbin/ifconfig tun0 10.145.0.66 pointopoint 10.145.0.65 mtu 1500
Wed Feb  5 21:02:50 2020 /etc/openvpn/updns tun0 1500 1557 10.145.0.66 10.145.0.65 init
Wed Feb  5 21:02:52 2020 /sbin/route add -net 37.120.158.69 netmask 255.255.255.255 gw 192.168.1.254
Wed Feb  5 21:02:52 2020 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.145.0.65
Wed Feb  5 21:02:52 2020 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.145.0.65
Wed Feb  5 21:02:52 2020 /sbin/route add -net 10.145.0.1 netmask 255.255.255.255 gw 10.145.0.65
Wed Feb  5 21:02:52 2020 Initialization Sequence Completed

I've lost connection after this : no web etc.

I was even not able to connect through Android AP !

I had to stop openvpn so be able to connect to Android AP and post this.

ulmwind · February 5, 2020, 9:43pm

OK, but it asks you your credentials, it is strange. Have you put your file with credentials in correct directory?
Please, provide output of

cd /etc/openvpn
ls

No Internet from lan is normal behavior, because firewall is not configured.

b.bo · February 5, 2020, 10:34pm

I think it's in the right directory :

root@OpenWrt:/etc/openvpn# ls
ExpressVPN.auth  ExpressVPN.ovpn  downdns          updns
root@OpenWrt:/etc/openvpn#

ExpressVPN.ovpn file :

root@OpenWrt:~# cat /etc/openvpn/ExpressVPN.ovpn

dev tun
fast-io
persist-key
persist-tun
nobind
remote france-paris-1-ca-version-2.expressnetw.com 1195

auth-user-pass /etc/openvpn/ExpressVPN.auth

script-security 2
up "/etc/openvpn/updns"
down "/etc/openvpn/downdns"


remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
#keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

<cert>
-----BEGIN CERTIFICATE-----
MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
jhFOIU8Hgtf3M19lbL7B79th0SOiTGYD/IBkIov6fYrpKn2ibxnT3Ii+adUEQVEC
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
48d9999bd71095b10649c7cb471c1051
b1afdece597cea06909b99303a18c674
01597b12c04a787e98cdb619ee960d90
a0165529dc650f3a5c6fbe77c91c137d
7aed27125592a7148d25c87fdbe0a3f6
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
MIIF+DCCA+CgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBhDELMAkGA1UEBhMCVkcx
9w0BAQ0FAAOCAgEAbHfuMKtojm1NgX7qSU2Rm2B5L8G0FuFP0L40dj8O5WHt45j2
z8coMK90vrUnQEZNQmRzot7v3XjVzVlxBWYSsCEApTsSDNi/4BNFP8H/BUUtJuy2
GFTO4wDVJnqNkZOHBmyVD75s1Y+W8a+zB4jkMeDEhOHZdwQ0l1fJDDgXal5f1UT5
-----END CERTIFICATE-----
</ca>

I think I found out one of the problems : I added the auth-user-pass line in the begginig of the file and there is an other one at the end of it, I'm pretty sure I have to remove one of them, right?

Thank you very much for your help, I have to go for now. I'll be back tomorrow and resume the configuration with you.

Again, thanks for your patience.

edit : I think I'm having an other issue :

root@OpenWrt:/etc/init.d# ls
adblock       dropbear      network       sysfixtime    umount
boot          firewall      odhcpd        sysntpd       urandom_seed
cron          gpio_switch   openvpn       system        urngd
dnsmasq       led           rpcd          ucitrack
done          log           sysctl        uhttpd
root@OpenWrt:/etc/init.d# openvpn restart
Options error: In [CMD-LINE]:1: Error opening configuration file: restart
Use --help for more information.
root@OpenWrt:/etc/init.d# openvpen stop
-ash: openvpen: not found
root@OpenWrt:/etc/init.d# openvpn stop
Options error: In [CMD-LINE]:1: Error opening configuration file: stop
Use --help for more information.
root@OpenWrt:/etc/init.d# --help
-ash: --help: not found
root@OpenWrt:/etc/init.d# openvpn stop --help
Options error: I'm trying to parse "stop" as an --option parameter but I don't see a leading '--'
Use --help for more information.
root@OpenWrt:/etc/init.d# openvpn stop
Options error: In [CMD-LINE]:1: Error opening configuration file: stop
Use --help for more information.
root@OpenWrt:/etc/init.d#

mk24 · February 6, 2020, 1:15am

You need to use /etc/init.d/openvpn start (or if you have already cd to that directory, ./openvpn start. Not specifying the path causes the main OpenVPN binary (not the init script which is also named openvpn) to run by default since it is in the default path but /etc/init.d is not in any path.

ulmwind · February 6, 2020, 7:42am

Yes, you should leave only one line, with file specified. Quoted line should be removed.

As @mk24 have written, you should run init script, not openvpn itself:
/etc/init.d/openvpn stop
When you run 'pure' command without full path, shell searches it in PATH, but not in current directory!

b.bo · February 6, 2020, 6:40pm

Thank you very much guys for your help.

I think we are getting somewhere :

Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: library versions: mbed TLS 2.16.3, LZO 2.10
Thu Feb  6 18:31:21 2020 daemon.warn openvpn(ExpressVPN)[5151]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Feb  6 18:31:21 2020 daemon.warn openvpn(ExpressVPN)[5151]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: TCP/UDP: Preserving recently used remote address: [AF_INET]194.99.106.165:1195
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: UDP link local: (not bound)
Thu Feb  6 18:31:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: UDP link remote: [AF_INET]194.99.106.165:1195
Thu Feb  6 18:32:21 2020 daemon.err openvpn(ExpressVPN)[5151]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb  6 18:32:21 2020 daemon.err openvpn(ExpressVPN)[5151]: TLS Error: TLS handshake failed
Thu Feb  6 18:32:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb  6 18:32:21 2020 daemon.notice openvpn(ExpressVPN)[5151]: Restart pause, 5 second(s)
Thu Feb  6 18:32:26 2020 daemon.warn openvpn(ExpressVPN)[5151]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Feb  6 18:32:26 2020 daemon.warn openvpn(ExpressVPN)[5151]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb  6 18:32:26 2020 daemon.notice openvpn(ExpressVPN)[5151]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.158.69:1195
Thu Feb  6 18:32:26 2020 daemon.notice openvpn(ExpressVPN)[5151]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Thu Feb  6 18:32:26 2020 daemon.notice openvpn(ExpressVPN)[5151]: UDP link local: (not bound)
Thu Feb  6 18:32:26 2020 daemon.notice openvpn(ExpressVPN)[5151]: UDP link remote: [AF_INET]37.120.158.69:1195
Thu Feb  6 18:32:37 2020 daemon.notice netifd: wan (1599): udhcpc: sending renew to 192.168.1.254
Thu Feb  6 18:33:27 2020 daemon.err openvpn(ExpressVPN)[5151]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb  6 18:33:27 2020 daemon.err openvpn(ExpressVPN)[5151]: TLS Error: TLS handshake failed
Thu Feb  6 18:33:27 2020 daemon.notice openvpn(ExpressVPN)[5151]: SIGUSR1[soft,tls-error] received, process restarting
Thu Feb  6 18:33:27 2020 daemon.notice openvpn(ExpressVPN)[5151]: Restart pause, 5 second(s)
Thu Feb  6 18:33:32 2020 daemon.warn openvpn(ExpressVPN)[5151]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Feb  6 18:33:32 2020 daemon.warn openvpn(ExpressVPN)[5151]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb  6 18:33:32 2020 daemon.notice openvpn(ExpressVPN)[5151]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.158.81:1195
Thu Feb  6 18:33:32 2020 daemon.notice openvpn(ExpressVPN)[5151]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Thu Feb  6 18:33:32 2020 daemon.notice openvpn(ExpressVPN)[5151]: UDP link local: (not bound)
Thu Feb  6 18:33:32 2020 daemon.notice openvpn(ExpressVPN)[5151]: UDP link remote: [AF_INET]37.120.158.81:1195
Thu Feb  6 18:34:15 2020 daemon.err uhttpd[1304]: luci: accepted login on / for root from 192.168.1.209

No Internet but OpenVPN and ExpressVPN are started...

ulmwind · February 6, 2020, 7:13pm

It can't connect to VPN-server, please, check ping of that IP.

b.bo · February 6, 2020, 7:18pm

This one :

194.99.106.165:1195

?

ulmwind · February 6, 2020, 7:35pm

I don't know, why it tries to use two different IP's, although only one server is specified. Make restart of network, and openvpn:

/etc/init.d/network restart
/etc/init.d/openvpn restart

b.bo · February 6, 2020, 7:57pm

I can't even ping the Gateway on which the router is connected (Which explains why I don't have access to web anymore)

root@OpenWrt:~# ping 37.120.158.69
PING 37.120.158.69 (37.120.158.69): 56 data bytes
^C
--- 37.120.158.69 ping statistics ---
14 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
^C
--- 192.168.1.254 ping statistics ---
60 packets transmitted, 0 packets received, 100% packet loss

ulmwind · February 6, 2020, 8:02pm

OK, fix it.

b.bo · February 7, 2020, 6:23pm

I messed up everything trying to fix it. Don't have access to router anymore.

I'll come back when I'll get to the last step we were trying to fix

Thnaks

ulmwind · February 7, 2020, 7:24pm

Reset to factory defaults, and start again.