Using blackvpn with OpenVPN on custom firmware

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi all!

I am trying to use BlackVPN using my custom image of OpenWRT as suggested in this post:
Install OpenWrt on Archer c50.

It worked flawlessly. However, when following the BlackVPN guide at BlackVPN I am getting lots of errors.

First of all, I used my created image that is named as follows:
openwrt ramips mt76x8 tplink c50 v4 squashfs sysupgrade

Then I had to install the Chaos Calmer version 15.05.1 from ramips - t7628 - packages - luci

And finally, I am running the OpenVPN version using "force-depends" because the Kernel wasn't compatible...

I am getting errors and I got the following LOG...Hope someone can help me out, as BlackVPN support crew told me to look around here.

Fri Apr  5 16:30:34 2019 daemon.notice openvpn(blackvpn)[13506]: UDP link remote: [AF_INET]

Fri Apr  5 16:30:35 2019 daemon.notice openvpn(blackvpn)[13506]: TLS: Initial packet from [AF_INET][93.190.141.187:443, sid=dab041be ba60cf74

Fri Apr  5 16:30:35 2019 daemon.warn openvpn(blackvpn)[13506]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Fri Apr  5 16:30:35 2019 daemon.notice openvpn(blackvpn)[13506]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=blackVPN, CN=blackVPN CA, emailAddress=[staff@blackvpn.com]

Fri Apr  5 16:30:35 2019 daemon.notice openvpn(blackvpn)[13506]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=blackVPN, CN=nl, emailAddress=[staff@blackvpn.com]

Fri Apr  5 16:30:35 2019 daemon.notice openvpn(blackvpn)[13506]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

Fri Apr  5 16:30:35 2019 daemon.notice openvpn(blackvpn)[13506]: [nl] Peer Connection Initiated with [AF_INET](http://93.190.141.187:443/)

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: SENT CONTROL [nl]: 'PUSH_REQUEST' (status=1)

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.17.63.1,route 172.17.63.1,topology net30,ping 10,ping-restart 60,ifconfig 172.17.63.214 172.17.63.213,peer-id 3,cipher AES-256-GCM'

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: timers and/or timeouts modified

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: --ifconfig/up options modified

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: route options modified

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: peer-id set

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: adjusting link_mtu to 1625

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: OPTIONS IMPORT: data channel crypto options modified

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: Data Channel: using negotiated cipher 'AES-256-GCM'

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Apr  5 16:30:36 2019 daemon.err openvpn(blackvpn)[13506]: ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

Fri Apr  5 16:30:36 2019 daemon.notice openvpn(blackvpn)[13506]: Exiting due to fatal error

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10

Fri Apr  5 16:30:42 2019 daemon.warn openvpn(blackvpn)[13645]: WARNING: using --pull/--client and --ifconfig together is probably not what you want

Fri Apr  5 16:30:42 2019 daemon.warn openvpn(blackvpn)[13645]: WARNING: No server certificate verification method has been enabled.  See openvpn. net howto  #mitm for more info.

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: TCP/UDP: Preserving recently used remote address: [AF_INET][93.190.141.187:443]

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: Socket Buffers: R=[163840->163840] S=[163840->163840]

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: UDP link local: (not bound)

Fri Apr  5 16:30:42 2019 daemon.notice openvpn(blackvpn)[13645]: UDP link remote: [AF_INET][93.190.141.187:443]
2

Considering you are running an outdated version of OpenWrt, and considering you forced the installation of packages incompatible with your kernel, I am surprised you are only getting some informative messages and warnings... under those circumstances, I would have expected a total failure.

1 Like
3 
modprobe tun
4

Harsh enough! Will try to create another image using a newer format.
Any suggestions are welcome.

5

Where should I try that? After doing root? In a specific folder?

6

Anywhere, as root.

7

Hi Guys, coming back after a while.

Finally got it working, starting the VPN at least...
However, I am getting the following errors:

Tue Apr  7 10:42:51 2020 daemon.warn openvpn(blackVPN)[7201]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Tue Apr  7 10:42:51 2020 daemon.notice openvpn(blackVPN)[7201]: TCP/UDP: Preserving recently used remote address: [AF_INET]162.245.206.228:443
Tue Apr  7 10:42:51 2020 daemon.notice openvpn(blackVPN)[7201]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Tue Apr  7 10:42:51 2020 daemon.notice openvpn(blackVPN)[7201]: UDP link local (bound): [AF_INET][undef]:443
Tue Apr  7 10:42:51 2020 daemon.notice openvpn(blackVPN)[7201]: UDP link remote: [AF_INET]162.245.206.228:443
Tue Apr  7 10:43:51 2020 daemon.err openvpn(blackVPN)[7201]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Apr  7 10:43:51 2020 daemon.err openvpn(blackVPN)[7201]: TLS Error: TLS handshake failed
Tue Apr  7 10:43:51 2020 daemon.notice openvpn(blackVPN)[7201]: SIGUSR1[soft,tls-error] received, process restarting
Tue Apr  7 10:43:51 2020 daemon.notice openvpn(blackVPN)[7201]: Restart pause, 300 second(s)

Clearly, there is something wrong with my TLS or something related to how WAN, LAN, FIREWALL and VPN interact.

Can someone guide me ? (I can also share the config files if needed).

8

fwiw, I had no issues setting up openvpn client on C50 v4 with 19.07-snapshot back in June/July 2019 with my vpn provider. I don't own the router any more so can't check with latest 19.07.2.

Blackvpn shouldn't be any different.

Suggest you install 19.07.2 stable release, clear all settings and start from beginning.

Refer the alternative openvpn client setup/tutorial guide at bottom of owrt wiki page for dropbox link to my PDF guides. (v1.2 is for openwrt 19.07)
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci

If you don't have .ovpn config files, try using Blackvpn's android .ovpn files with openwrt.

ps. you won't see more than 12 mbps with openvpn via ethernet with C50 v4.

1 Like
9

Thanks a lot for the suggestion, the ".ovpn" configuration is super friendly. However, I am still getting these errors:

Wed Apr  8 23:05:50 2020 daemon.err openvpn(blackVPNTVUSAWEST)[1098]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr  8 23:05:50 2020 daemon.err openvpn(blackVPNTVUSAWEST)[1098]: TLS Error: TLS handshake failed
Wed Apr  8 23:05:50 2020 daemon.notice openvpn(blackVPNTVUSAWEST)[1098]: SIGUSR1[soft,tls-error] received, process restarting
Wed Apr  8 23:05:50 2020 daemon.notice openvpn(blackVPNTVUSAWEST)[1098]: Restart pause, 5 second(s)
Wed Apr  8 23:05:55 2020 daemon.warn openvpn(blackVPNTVUSAWEST)[1098]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Apr  8 23:05:55 2020 daemon.notice openvpn(blackVPNTVUSAWEST)[1098]: TCP/UDP: Preserving recently used remote address: [AF_INET]162.245.206.228:443
Wed Apr  8 23:05:55 2020 daemon.notice openvpn(blackVPNTVUSAWEST)[1098]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Apr  8 23:05:55 2020 daemon.notice openvpn(blackVPNTVUSAWEST)[1098]: UDP link local: (not bound)
Wed Apr  8 23:05:55 2020 daemon.notice openvpn(blackVPNTVUSAWEST)[1098]: UDP link remote: [AF_INET]162.245.206.228:443

The strange thing is that I have Internet connection (before I didn't) but the TLS problem persists.

Any ideas? I feel like I am almost there but not yet.

10

After reading your guide again and resetting the router I managed to get it working. Thanks a lot for taking the time to compile that guide.

11

You're welcome. I'll add Blackvpn to the list of tested providers in the document.

Please can you mark this thread as 'Solved' too.

12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.