daemon.warn openvpn(ExpressVPN)[28599]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Tue Nov 15 19:49:56 2022 daemon.err openvpn(ExpressVPN)[28599]: Cannot pre-load keyfile (/etc/openvpn/tlsauth.key)
I cant for the life of me find the option --data-ciphers, i can only find the option Ciphers.
Im using the lastest OpenWRT
Also because of this, is that why it cannot load the tlsauth.key ?
Then extracted the correct settings from the ovpn file from ExpressVPN to match the correct variables which are different than the Tutorial, then the connection was successfull, creating separate ca.crt, key file, and cert files from the ovpn.
So ive got the connection, just need to divert all traffic through the VPN Interface.
Ive also got other connections to my OpenWRT Router which routes to other OpenWRT Repeaters, that part is sound. Just need all br-lan to go through tun0
Make sure that OpenVPN has modified the routing table (System-->Routes, in the middle of the page). It should have installed two routes to 0.0.0.0 and 128.0.0.0 which effectively direct any request for the Internet (except one) through the VPN tunnel.
The one exception is that a connection to the VPN server itself must go through the regular WAN. OpenVPN should have installed a /32 route for it. This is how encrypted packets for every other site start their journey.
Remember the firewall rules control what traffic will be allowed, but it is based on what the routing table dictates how the kernel attempt to send them.