I the VPN service starts but my wireless clients aren't protected by it. If you look at the links and my screenshots below what do you think is missing? The RPi has the LAN bridged by default so it has no WAN interface like the instructions have and the firewall rules don't quite match up. Maybe I need to add the VPN_TUN to the bridge or route it through that tunnel somehow?
Fri Aug 31 23:28:49 2018 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication - Ticket opened with Windscribe on this
Would that cause VPN_TUN tun0 to not come up?
Your help is very much appreciated btw!
Fri Aug 31 23:27:29 2018 TLS Error: TLS handshake failed
Fri Aug 31 23:27:29 2018 SIGUSR1[soft,tls-error] received, process restarting
Fri Aug 31 23:27:29 2018 Restart pause, 80 second(s)
Fri Aug 31 23:28:49 2018 TCP/UDP: Preserving recently used remote address: [AF_I NET]146.88.193.131:53
Fri Aug 31 23:28:49 2018 Socket Buffers: R=[229376->229376] S=[229376->229376]
Fri Aug 31 23:28:49 2018 UDP link local: (not bound)
Fri Aug 31 23:28:49 2018 UDP link remote: [AF_INET]146.88.193.131:53
Fri Aug 31 23:28:49 2018 TLS: Initial packet from [AF_INET]146.88.193.131:53, si d=6624ec44 a87a7ff5
Fri Aug 31 23:28:49 2018 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscrib e Limited, OU=Operations, CN=Windscribe Node CA
Fri Aug 31 23:28:49 2018 VERIFY KU OK
Fri Aug 31 23:28:49 2018 Validating certificate extended key usage
Fri Aug 31 23:28:49 2018 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication
Fri Aug 31 23:28:49 2018 VERIFY EKU OK
Fri Aug 31 23:28:49 2018 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Fri Aug 31 23:29:49 2018 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity)
Fri Aug 31 23:29:49 2018 TLS Error: TLS handshake failed
Fri Aug 31 23:29:49 2018 SIGUSR1[soft,tls-error] received, process restarting
Fri Aug 31 23:29:49 2018 Restart pause, 80 second(s)
Fri Aug 31 23:31:09 2018 TCP/UDP: Preserving recently used remote address: [AF_I NET]207.189.26.3:53
Fri Aug 31 23:31:09 2018 Socket Buffers: R=[229376->229376] S=[229376->229376]
Fri Aug 31 23:31:09 2018 UDP link local: (not bound)
Fri Aug 31 23:31:09 2018 UDP link remote: [AF_INET]207.189.26.3:53
Fri Aug 31 23:31:10 2018 TLS: Initial packet from [AF_INET]207.189.26.3:53, sid= 54e013b4 67642315
Fri Aug 31 23:31:10 2018 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscrib e Limited, OU=Operations, CN=Windscribe Node CA
Fri Aug 31 23:31:10 2018 VERIFY KU OK
Fri Aug 31 23:31:10 2018 Validating certificate extended key usage
Fri Aug 31 23:31:10 2018 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication
root@OpenWrt:~# ip a; ip r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
link/ether 3a:85:49:41:09:c6 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
link/ether b8:27:eb:47:d9:ed brd ff:ff:ff:ff:ff:ff
inet6 fe80::ba27:ebff:fe47:d9ed/64 scope link
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 7a:17:c7:db:ac:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.38/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fdd5:c9ad:292f::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::7817:c7ff:fedb:ac09/64 scope link
valid_lft forever preferred_lft forever
default via 192.168.2.254 dev br-lan src 192.168.2.38
192.168.2.0/24 dev br-lan scope link src 192.168.2.38
Just a guess, but I think that the reason you aren't seeing tun0 come up is that the OpenVPN config is setting up tun, but not specifying it as tun0. If the network config is expecting tun0, it may not see tun0 and therefore not have anything to connect to.
Please post the contents of the following files:
/etc/config/network
/etc/config/firewall
Also, after you've made the connection, post the output of ifconfig from your router
I am getting closer and have the interface up. I changed openvpn.Windscribe_VPN.dev='tun' to tun0 which did not nothing but I changed the port from 53 to 443 and it came up. Any idea why 53 wouldn't work?