ER605 V2.0 - OpenVPN Client Issue
Hello,
I'm running:
- Software Controller (version 5.13.23)
- ER605 V2.0 router (firmware version 2.2.3 Build 20231201 Rel.32918)
Issue
I can't get my router to connect to a vpn server and I can't figure out whats wrong with my config.
Unfortunately, I'm not able to access any logs or receive any feedback regarding this issue. This is the second time in as many days, since setting up the system, that I've encountered challenges with tasks that I expected would be straightforward for a business solution like Omada. The intent was for Omada to simplify network management, but instead, it has been consuming a significant amount of my time, including my weekends. My apologies for the tone of frustration, but this situation has been quite challenging.
Config
Purpose: Client-to-Site VPN
VPN Type: VPN Client - OpenVPN
Mode: Certificate+Account
Local Network Type: Network
Local Networks: All
WAN: WAN
Configuration:
client dev tun proto udp remote ... 1194 remote-cert-tls server nobind mssfix reneg-sec 432000 resolv-retry infinite <tls-auth> -----BEGIN OpenVPN Static key V1----- ... -----END OpenVPN Static key V1----- </tls-auth> <ca> -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- </ca> tun-mtu 1440 fragment 1400 comp-lzo yes tls-version-min 1.0 cipher bf-cbc verb 1 auth-user-pass
The config is of course tested locally without any problems.
I do not have detailed knowledge about the OpenVPN server as I am using a service provider with PORT-VPN.
However, I could reach out to them for any specific information that might be required to resolve this issue.
Thank you for your assistance and looking forward to any advice from the community.
Steve
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello,
I wanted to provide an update and extend a partial apology. In hindsight, a debug log would have been immensely helpful in diagnosing the problem.
Although I had tested the configuration locally, I overlooked a crucial detail: the local setup used "tls-auth fipTA.key 1".
What I missed in my initial setup was the key-direction 1 parameter.
After including this, the connection is now visible in Insight.
I want to express my gratitude for the swift support offered.
It has been a learning experience, and I appreciate the assistance. Thank you!
Best regards,
Steve
- Copy Link
- Report Inappropriate Content
Hi @stevets42
Thanks for posting in our business forum.
1. Recommend you remove
stevets42 wrote
Hello,
I'm running:
- Software Controller (version 5.13.23)
- ER605 V2.0 router (firmware version 2.2.3 Build 20231201 Rel.32918)
IssueI can't get my router to connect to a vpn server and I can't figure out whats wrong with my config.
Unfortunately, I'm not able to access any logs or receive any feedback regarding this issue. This is the second time in as many days, since setting up the system, that I've encountered challenges with tasks that I expected would be straightforward for a business solution like Omada. The intent was for Omada to simplify network management, but instead, it has been consuming a significant amount of my time, including my weekends. My apologies for the tone of frustration, but this situation has been quite challenging.
ConfigPurpose: Client-to-Site VPN
VPN Type: VPN Client - OpenVPN
Mode: Certificate+Account
Local Network Type: Network
Local Networks: All
WAN: WAN
Configuration:client dev tun proto udp remote ... 1194 remote-cert-tls server nobind mssfix reneg-sec 432000 resolv-retry infinite <tls-auth> -----BEGIN OpenVPN Static key V1----- ... -----END OpenVPN Static key V1----- </tls-auth> <ca> -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- </ca> tun-mtu 1440 fragment 1400 comp-lzo yes tls-version-min 1.0 cipher bf-cbc verb 1 auth-user-pass
Set this string as comp-lzo and save and test. If this does not work, ask your VPN provider what kind of encryption they offer.
For example, encryption AES-CBC might not be supported. See the search result from the related threads on the forum.
- Copy Link
- Report Inappropriate Content
@Clive_A Thanks for the quick response.
Testing on my lokal computer.
Just comp-lzo works.
Tried cipher AES-128-CBC
Mon Jan 29 08:08:09 2024 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Tried no cipher at all and let them figure out the best cipher.
Works local, but not the er605 i guess.
I there a way to access the logs or run openvpn through ssh directly on the er605 in controller mode to at least see what the problem is i'm trying to fix here?
I read GCM is not supported.
BF-CBC seems not to work.
Do you know which ciphers are supported?
AES-128-CBC?
AES-256-CBC?
DES-EDE3-CBC?
CAMELLIA-128-CBC?
CAMELLIA-256-CBC?
- Copy Link
- Report Inappropriate Content
Hi @stevets42
Thanks for posting in our business forum.
stevets42 wrote
@Clive_A Thanks for the quick response.
Testing on my lokal computer.
Just comp-lzo works.
Tried cipher AES-128-CBC
Mon Jan 29 08:08:09 2024 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Tried no
cipherat all and let them figure out the best cipher.Works local, but not the er605 i guess.
I there a way to access the logs or run openvpn through ssh directly on the er605 in controller mode to at least see what the problem is i'm trying to fix here?
I read GCM is not supported.
BF-CBC seems not to work.
Do you know which ciphers are supported?
AES-128-CBC?
AES-256-CBC?
DES-EDE3-CBC?
CAMELLIA-128-CBC?CAMELLIA-256-CBC?
So, if your service provider supports the compatible mode, get a file from the compatible mode.
AFAIK, our built-in OVPN version is not the latest one. Some encryption might not be compatible.
I think AES-CBC and others if they are very new and the latest gen of encryption, they don't work on the old(version of) OVPN client.
- Copy Link
- Report Inappropriate Content
Hello,
I wanted to provide an update and extend a partial apology. In hindsight, a debug log would have been immensely helpful in diagnosing the problem.
Although I had tested the configuration locally, I overlooked a crucial detail: the local setup used "tls-auth fipTA.key 1".
What I missed in my initial setup was the key-direction 1 parameter.
After including this, the connection is now visible in Insight.
I want to express my gratitude for the swift support offered.
It has been a learning experience, and I appreciate the assistance. Thank you!
Best regards,
Steve
- Copy Link
- Report Inappropriate Content
Hi @stevets42
Thanks for posting in our business forum.
stevets42 wrote
Hello,
I wanted to provide an update and extend a partial apology. In hindsight, a debug log would have been immensely helpful in diagnosing the problem.
Although I had tested the configuration locally, I overlooked a crucial detail: the local setup used "tls-auth fipTA.key 1".
What I missed in my initial setup was the key-direction 1 parameter.
After including this, the connection is now visible in Insight.
I want to express my gratitude for the swift support offered.
It has been a learning experience, and I appreciate the assistance. Thank you!
Best regards,
Steve
Very happy to know that.
Can you share the full config again? That might be helpful for others who run into the same issue in future.
- Copy Link
- Report Inappropriate Content
Final config:
client dev tun proto udp remote ... 1194 remote-cert-tls server nobind mssfix reneg-sec 432000 resolv-retry infinite key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- ... -----END OpenVPN Static key V1----- </tls-auth> <ca> -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- </ca> tun-mtu 1440 fragment 1400 comp-lzo tls-version-min 1.0 cipher bf-cbc verb 1 auth-user-pass
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 376
Replies: 6
Voters 0
No one has voted for it yet.