ER605 OpenVPN Client won't connect or show tunnel
Hello, I need your help, please. I have spent many hours trying to configure OpenVPN Client on the TP-LINK ER605, but I haven’t been successful. When I add the configuration along with the .ovpn file, I don’t see the tunnel being established.
I currently have a VPS server where I configured an OpenVPN Server version 2.4.7. I’ve tried many different ways but haven’t been able to make it work. The .ovpn file I’m using on the ER605 does work on a PC using OpenVPN 2.4 as the client, so I don’t know what I might be doing wrong. I also don’t have access to logs on the ER605 side. On the VPS side, it looks like a normal connection attempt arrives, but nothing seems to happen on the ER605.
These are the files I'm currently using:
server .ovpn file
port 58080
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
keepalive 10 120
persist-key
persist-tun
comp-lzo
user nobody
group nogroup
cipher AES-256-CBC
auth SHA256
tls-auth /etc/openvpn/ta.key 0
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
topology subnet
client-to-client
remote-cert-tls client
tls-version-min 1.0
Er605 .ovpn file
client
dev tun
proto udp
remote MY PUBLIC IP 58080
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA256
remote-cert-tls server
tls-auth ta.key 1
comp-lzo
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
</tls-auth>
Please let me know if there are more details that can be helpful. I don't know what to do.
As you can see, I have disabled some things in server.conf
this is because I don't want all traffic to go through the VPN tunnel, I'm instead adding routes and other necessary things to the client config in the CCD folder
---Server-Conf-----
dev tun
proto udp
port 14194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/ubuntu-vpn_f8298fab-4f58-457a-92c7-bbacbb607265.crt
key /etc/openvpn/easy-rsa/pki/private/ubuntu-vpn_f8298fab-4f58-457a-92c7-bbacbb607265.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.93.5.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 10.142.1.18"
##push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
##push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a nless-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
-------Client ovpn------------
client
dev tun
proto udp
remote my,pivpn,server 14194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name ubuntu-vpn_f8298fab-4f58-457a-92c7-bbacbb607265 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
----Client config in CCD folder-------------
ifconfig-push 10.93.5.2 255.255.255.0
push "route 10.142.1.0 255.255.255.0"
As you can see, I have disabled some things in server.conf
this is because I don't want all traffic to go through the VPN tunnel, I'm instead adding routes and other necessary things to the client config in the CCD folder
---Server-Conf-----
dev tun
proto udp
port 14194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/ubuntu-vpn_f8298fab-4f58-457a-92c7-bbacbb607265.crt
key /etc/openvpn/easy-rsa/pki/private/ubuntu-vpn_f8298fab-4f58-457a-92c7-bbacbb607265.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.93.5.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 10.142.1.18"
##push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
##push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a nless-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
-------Client ovpn------------
client
dev tun
proto udp
remote my,pivpn,server 14194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name ubuntu-vpn_f8298fab-4f58-457a-92c7-bbacbb607265 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
----Client config in CCD folder-------------
ifconfig-push 10.93.5.2 255.255.255.0
push "route 10.142.1.0 255.255.255.0"
