"Solved" VPN not working

Hello,

I have alraedy made the configuration with your help :[SOLVED] VPN, Wifi and speed Questions

it's worked a couple of weeks but now it's doesn't work and i don't anderstand why do you have any idea ?

tracert openwrt.org

Détermination de l’itinéraire vers openwrt.org [139.59.209.225]
avec un maximum de 30 sauts :

  1     *        *        *     Délai d’attente de la demande dépassé.
  2     *        *        *     Délai d’attente de la demande dépassé.

ping www.openwrt.org

Envoi d’une requête 'ping' sur wiki-01.infra.openwrt.org [139.59.209.225] avec 32 octets de données :
Délai d’attente de la demande dépassé.

My config :

root@OpenWrt:~# cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb9:99da:a865::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '50:64:2b:b2:71:cc'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option peerdns '0'
        option dns '8.8.8.8 8.8.4.4'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
        option peerdns '0'
        option reqaddress 'try'
        option reqprefix 'auto'
        option clientid 'root'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 6t'

config interface 'zoogvpn_vpn'
        option proto 'none'
        option ifname 'tun0'
        option metric '10'

config interface 'vpnuser'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option type 'bridge'

config rule
        option in 'vpnuser'
        option lookup '100'

config route 'vpn'
        option interface 'zoogvpn_vpn'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option table '100'


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option forward 'ACCEPT'
        option network 'zoogvpn_vpn'

config forwarding
        option dest 'wan'
        option src 'lan'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'vpnuser'
        option forward 'ACCEPT'
        option network 'vpnuser'

config forwarding
        option dest 'vpn'
        option src 'vpnuser'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.1.254'
        option dest_port '80'
        option name 'Jeedom'


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'HT20'
        option country '00'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'Wifi'
        option encryption 'psk2'
        option key '0102030405'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
        option htmode 'VHT80'
        option country '00'
        option legacy_rates '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'WifiVPN'
        option network 'vpnuser'


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option serversfile '/tmp/adb_list.overall'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        list dhcp_option '6,208.67.222.222,208.67.220.220'
        list dhcp_option '6,8.8.8.8,8.8.4.4'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'vpnuser'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'vpnuser'

config host
        option name 'Jimdo'
        option dns '1'
        option mac 'B8:27:EB:0F:88:E9'
        option ip '192.168.1.254'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
       valid_lft forever preferred_lft forever
8: br-vpnuser: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-vpnuser
       valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
    inet 10.8.11.6 peer 10.8.11.5/32 scope global tun0
       valid_lft forever preferred_lft forever
default via 192.168.0.254 dev eth0.2  src 192.168.0.253
10.8.11.5 dev tun0 scope link  src 10.8.11.6
192.168.0.0/24 dev eth0.2 scope link  src 192.168.0.253
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link  src 192.168.2.1
0:      from all lookup local
1:      from all iif br-vpnuser lookup 100
32766:  from all lookup main
32767:  from all lookup default

My Openvpn.log

Mon Jul 22 11:44:16 2019 OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Jul 22 11:44:16 2019 library versions: OpenSSL 1.0.2s  28 May 2019, LZO 2.10
Mon Jul 22 11:44:16 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 22 11:44:16 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jul 22 11:44:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:44:19 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Jul 22 11:44:19 2019 UDP link local: (not bound)
Mon Jul 22 11:44:19 2019 UDP link remote: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:44:19 2019 TLS: Initial packet from [AF_INET]23.229.0.242:1194, sid=790e0e2f fd8779c8
Mon Jul 22 11:44:19 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 22 11:44:19 2019 VERIFY OK: depth=1, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=ZoogTV CA, emailAddress=support@zoogtv.com
Mon Jul 22 11:44:19 2019 VERIFY OK: depth=0, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=server, emailAddress=support@zoogtv.com
Mon Jul 22 11:45:57 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jul 22 11:45:57 2019 TLS Error: TLS handshake failed
Mon Jul 22 11:45:57 2019 SIGUSR1[soft,tls-error] received, process restarting
Mon Jul 22 11:45:57 2019 Restart pause, 5 second(s)
Mon Jul 22 11:46:02 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 22 11:46:02 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jul 22 11:46:02 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:02 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:02 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Jul 22 11:46:02 2019 UDP link local: (not bound)
Mon Jul 22 11:46:02 2019 UDP link remote: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:02 2019 TLS: Initial packet from [AF_INET]23.229.0.242:1194, sid=1332e985 fcf3ac7e
Mon Jul 22 11:46:02 2019 VERIFY OK: depth=1, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=ZoogTV CA, emailAddress=support@zoogtv.com
Mon Jul 22 11:46:02 2019 VERIFY OK: depth=0, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=server, emailAddress=support@zoogtv.com
Mon Jul 22 11:46:03 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Mon Jul 22 11:46:03 2019 [server] Peer Connection Initiated with [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:04 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 22 11:46:09 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 22 11:46:12 2019 AUTH: Received control message: AUTH_FAILED
Mon Jul 22 11:46:12 2019 SIGTERM[soft,auth-failure] received, process exiting
Mon Jul 22 11:46:17 2019 OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Jul 22 11:46:17 2019 library versions: OpenSSL 1.0.2s  28 May 2019, LZO 2.10
Mon Jul 22 11:46:17 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 22 11:46:17 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jul 22 11:46:17 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:17 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Jul 22 11:46:17 2019 UDP link local: (not bound)
Mon Jul 22 11:46:17 2019 UDP link remote: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:17 2019 TLS: Initial packet from [AF_INET]23.229.0.242:1194, sid=4f9dcbec 37c4e5d1
Mon Jul 22 11:46:17 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 22 11:46:18 2019 VERIFY OK: depth=1, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=ZoogTV CA, emailAddress=support@zoogtv.com
Mon Jul 22 11:46:18 2019 VERIFY OK: depth=0, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=server, emailAddress=support@zoogtv.com
Mon Jul 22 11:46:18 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Mon Jul 22 11:46:18 2019 [server] Peer Connection Initiated with [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:19 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 22 11:46:24 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 22 11:46:27 2019 AUTH: Received control message: AUTH_FAILED
Mon Jul 22 11:46:27 2019 SIGTERM[soft,auth-failure] received, process exiting
Mon Jul 22 11:46:32 2019 OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Jul 22 11:46:32 2019 library versions: OpenSSL 1.0.2s  28 May 2019, LZO 2.10
Mon Jul 22 11:46:32 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 22 11:46:32 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jul 22 11:46:32 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:32 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Jul 22 11:46:32 2019 UDP link local: (not bound)
Mon Jul 22 11:46:32 2019 UDP link remote: [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:33 2019 TLS: Initial packet from [AF_INET]23.229.0.242:1194, sid=d972274b 0b5bcf1b
Mon Jul 22 11:46:33 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 22 11:46:33 2019 VERIFY OK: depth=1, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=ZoogTV CA, emailAddress=support@zoogtv.com
Mon Jul 22 11:46:33 2019 VERIFY OK: depth=0, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=server, emailAddress=support@zoogtv.com
Mon Jul 22 11:46:38 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Mon Jul 22 11:46:38 2019 [server] Peer Connection Initiated with [AF_INET]23.229.0.242:1194
Mon Jul 22 11:46:39 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 22 11:46:39 2019 PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 ipv6,tun-ipv6,route 10.8.11.1,topology net30,ping 10,ping-restart 120,ifconfig-ipv6 fd78:486:1c09:568f::1000/64 fd78:486:1c09:568f::1,ifconfig 10.8.11.6 10.8.11.5,peer-id 3,cipher AES-256-GCM'
Mon Jul 22 11:46:39 2019 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mon Jul 22 11:46:39 2019 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mon Jul 22 11:46:39 2019 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Mon Jul 22 11:46:39 2019 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Mon Jul 22 11:46:39 2019 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 22 11:46:39 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Jul 22 11:46:39 2019 Socket Buffers: R=[163840->327680] S=[163840->327680]
Mon Jul 22 11:46:39 2019 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 22 11:46:39 2019 OPTIONS IMPORT: peer-id set
Mon Jul 22 11:46:39 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Jul 22 11:46:39 2019 OPTIONS IMPORT: data channel crypto options modified
Mon Jul 22 11:46:39 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jul 22 11:46:39 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 22 11:46:39 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 22 11:46:39 2019 TUN/TAP device tun0 opened
Mon Jul 22 11:46:39 2019 TUN/TAP TX queue length set to 100
Mon Jul 22 11:46:39 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Mon Jul 22 11:46:39 2019 /sbin/ifconfig tun0 10.8.11.6 pointopoint 10.8.11.5 mtu 1500
Mon Jul 22 11:46:39 2019 /sbin/ifconfig tun0 add fd78:486:1c09:568f::1000/64
Mon Jul 22 11:46:39 2019 /etc/openvpn/updns tun0 1500 1552 10.8.11.6 10.8.11.5 init
Mon Jul 22 11:46:39 2019 Initialization Sequence Completed

The provider Vpn can be the Pb ?

Regards

see if your provider updated their configs... always the first port of call when it works then stops ( assuming no configuration was changed )

Hello,

You are right i change the server VPN adresse for another and it's works again many thanks !

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.