OpenVPN server on router - how check version (and config)?
OpenVPN server on router - how check version (and config)?
Is it possible to check the OpenVPN server version on this router? Can I change it configuration?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks for @Dooooo 's help, indeed the web GUI and Tether App will not show the OpenVPN Server version, and we are unable to change the configuration of the OpenVPN Server. Only the .ovpn config file for OpenVPN client can be changed.
May I know if there is any issue with the OpenVPN Server function on your Archer AX1500 router? If so, please provide us with more details.
- Copy Link
- Report Inappropriate Content
@Sunshine
May I know if there is any issue with the OpenVPN Server function on your Archer AX1500 router? If so, please provide us with more details.
When I try to connect to the server, I get a warning: "Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set". In generated ny router config is line "comp-lzo adaptive"
However, if I turn off compression writing instead of it command "allow-compression no" or set according to the OpenVPN guidelines command "allow-compression asym", that after connect I can't ping to remote computers and connect with them (by RDP). But connection to the local network still works (ping to my router, stations and server).
When I restore compression in config, I can connect again to the devices in remote network.
Second thing is a command "cipher AES-128-CBC" in original config that OpenVPN suggests should be replaced by a "data-ciphers AES-128-CBC". When i change that, it works, but I think why only 128 and not 256?
- Copy Link
- Report Inappropriate Content
Hi, thank you very much for the feedback.
1. "comp-lzo adaptive" is the default settings in the exported .ovpn file, VPN client will negotiate automatically to decide whether use compression or not.
I suppose your OpenVPN Client is version 2.5 or later, which disabled compression by default, it is recommended to change "comp-lzo adaptive" to "allow-compression yes" and then add "compress lzo", or just delete it if you don't want to use compression.
2. The router supports multiple ciphers, considering better compatibility, the default cipher in the exported ovpn file is AES-128-CBC, but you could also change it manually in the ovpn file to "data-ciphers AES-256-GCM"
- Copy Link
- Report Inappropriate Content
@Sunshine thanks for your advice.
1. As I wrote previously, if I disable compression then - after create VPN tunnel - I can't ping to remote computers and connect with them (by RDP), but connection to the local network still works (ping to my router, stations and server). And when I enable compression in config, then I may connect only to remote computers (what I expect). That's my problem - I do not understand how compression relates to the operation of routing (gateway?).
2. I make sure: AES-256 "GCM", not "CBC, yes?
- Copy Link
- Report Inappropriate Content
May I know what software you are using to connect to the server on the router?
- Copy Link
- Report Inappropriate Content
@Dooooo OpenVPN GUI (2.6.6, 64-bit)
- Copy Link
- Report Inappropriate Content
Hi,
According to the GPL code posted by TP-Link the original firmware of the AX1500 used OpenVPN 2.3.8 and there is a good likelihood that it's still on that version.
https://www.tp-link.com/en/support/download/archer-ax1500/v1/#GPL-Code
As others have noticed previously OpenVPN 2.6.x appears to have lesser backwards compatibility with older versions of OpenVPN and it may be better to use an OpenVPN version not higher than 2.5.x to connect to the OpenVPN server of the AX1500 and similar router models of that generation.
- Copy Link
- Report Inappropriate Content
@woozle Thank you for all the information, it is very helpful.
Please teach me, how you identify the OpenVPN server version? I unpacked the archive with GPL code and found two main folders: bcm675x and Iplatform. In the first directory is a file named "bcm963xx_router\userspace\gpl\apps\openvpn\openvpn-2.4.6.tar.gz", in the second one -" packages\opensource\openvpn\Makefile" with line: PKG_VERSION:=2.3.8
So it is from this second directory that server are run on router, yes?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2836
Replies: 12
Voters 0
No one has voted for it yet.