ER605 OpenVPN Client doesn't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 OpenVPN Client doesn't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 OpenVPN Client doesn't work
ER605 OpenVPN Client doesn't work
2023-08-03 07:09:50
Tags: #ER605
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version:

Hello,

Due to the high cost of a public IP from my ISP, I opted to purchase a VPS and configure an OpenVPN server to connect my ER605 using the OpenVPN Client.

However, I'm facing an issue as the OpenVPN Client on the ER605 doesn't seem to work.

Unfortunately, there are no logs available in the ER605 GUI, making it challenging to pinpoint the problem.

Additionally, when I try to access the VPN logs through SSH, I am unable to do so.

I have checked the VPS logs, but there are no signs of router login.

 

The .ovpn file I imported to the ER605 works perfectly fine on two other computers and a QNAP server, indicating that the configuration is correct.

 

ER605 has the latest firmware installed.

 

If anyone has any ideas on how I can troubleshoot and identify the problem, I would greatly appreciate it.

 

Thank you in advance.

  0      
  0      
#1
Options
3 Reply
Re:ER605 OpenVPN Client doesn't work
2023-08-04 01:01:10

Hi @Stachulec 

Thanks for posting in our business forum.

What's your OVPN encryption? As a matter of fact, ER605 built-in OVPN is adapted to OVPN version 2.4 or older. Can you please verify the version of your OVPN on your VPS?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER605 OpenVPN Client doesn't work
2023-08-04 07:28:59

Hi @Clive_A.

Thank you for your message. 

 

Server conf.:

 

port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
---.crt
cert server_lmNW6cABj7a.crt
key server_lmNW6cABj7a.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

 

 

Client conf.:

 

client
proto udp
explicit-exit-notify
remote --- 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lmNW6cABj7a name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
< c a >
-----BEGIN CERTIFICATE-----
---
-----END CERTIFICATE-----
< / c a >
<cert>
-----BEGIN CERTIFICATE-----
---
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
---
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
---
-----END OpenVPN Static key V1-----
</tls-crypt>

 

OpenVPN server version: 2.6.1.

 

I am unable to locate the information regarding the supported version in the manual.

  0  
  0  
#3
Options
Re:ER605 OpenVPN Client doesn't work
2023-08-04 07:51:36

Hi @Stachulec 

If you have removed the sensitive lines, then it would be okay to post it here. If not, please remove your public IP, etc..

I briefly went through it. I found several things that we don't support currently.

 

Stachulec wrote

Hi @Clive_A.

Thank you for your message. 

cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 

 

OpenVPN server version: 2.6.1.

 

We don't support GCM and OVPN versions above 2.5. Please consider changing them to an adaptive one. 2.4 or older version and non-GCM cipher.

Meanwhile, I record what you reported for the dev team.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options