OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
OpenVPN
OpenVPN
2023-08-05 13:45:08 - last edited 2023-08-07 03:42:04
Tags: #VPN
Model: Archer AX53  
Hardware Version: V1
Firmware Version: 1.2.2 Build 20230627 rel.39033(4555)

I have been trying to setup OpenVPN on this router with no success only to see on the forum that this router does not yet support it yet it is there in the software. So does it or does it not support OpenVPN ?

  0      
  0      
#1
Options
15 Reply
Re:OpenVPN
2023-08-05 14:40:39

  @leeo 

 

Hi,

 

It depends on what you are trying to do.

 

Ever since it came to market the Archer AX53 has had a built-in VPN Server feature. This allows the user to host a VPN Server at their home so that they can establish a secure connection to their home network from basically anywhere in the world.

 

Fairly recently TP-Link has started to also add a VPN Client feature to some of their routers. In most cases people use this to have their Internet traffic routed through a commercial VPN provider instead of their own ISP's Internet servers.

  3  
  3  
#2
Options
Re:OpenVPN
2023-08-05 18:39:19

  @leeo 

Thanks, it didn't cross my mind about a client as I was trying to set up a server, I'll have another go now I know it works but why I get no response to the client is a bit of a problem. 

  0  
  0  
#3
Options
Re:OpenVPN
2023-08-05 20:14:05

  @leeo 

 

In recent years one big stumbling block for people trying to setup a VPN server at their home has been that ISP's often do not assign public IPv4 addresses to home broadband connections anymore.

 

Log into the web management GUI of your Archer AX53 and you should be right on a page that says "Internet Status" where it should also show your "Internet IP Address:   ".

 

Now open a web browser and Google for "what is my ip address". If you aren't already shown something like "Your public IP address is ..." right away, then click on one of the links to any of the what-is-my-IP websites.

 

Compare the Internet IP address shown by your AX53 with the IP addresses shown by the what-is-my-IP websites. If both are identical, then your VPN server should theoretically be able to work and there must be another problem that's hindering you.

 

  1  
  1  
#4
Options
Re:OpenVPN
2023-08-06 10:51:50
They are the same so it should be OK but it is the fact that OpenVPN makes no attempt to communicate and just times out makes me think I have missed some setting entirely but I cant figure out what.
  0  
  0  
#5
Options
Re:OpenVPN
2023-08-06 13:07:39

  @leeo 

 

Ok, open the *.ovpn file that you exported from the Archer AX53 in a text editor.

 

Within the upper part of that file you should find a line that either contains your Internet IP address (like "remote 95.159.02.56 1194") or your domain name (like "remote example.mydomain<dot>com 1194").

 

Check that the IP address or the domain name you find inside the file appear to be correct.

 

Log into your AX53 and make sure the option "Respond to pings from WAN" is switched on. (like shown on the screenshot below)

 

Then try to "ping" the IP address or domain name you've got from the *.ovpn file. Preferably that should be done via a separate Internet connection (like via a mobile phone or so), but if not available then just do it via your home network. 

 

In case the ping doesn't succeed, then either the IP address is not correct or the DNS record hasn't been updated with the correct IP address.

 

  0  
  0  
#6
Options
Re:OpenVPN
2023-08-06 15:21:27 - last edited 2023-08-06 15:22:46

  @leo  Merhaba,

 

Openvpn ayarları böyle mi?

 

you should not be on the same network when connecting to the router with vpn

 

  0  
  0  
#7
Options
Re:OpenVPN
2023-08-06 20:01:55
These are the same settings and I am trying to connect using my mobile.
  0  
  0  
#8
Options
Re:OpenVPN
2023-08-06 20:03:47
Pings OK and Canyouseeme reports open port and I can access the web server on the lan with my ddns OK.
  0  
  0  
#9
Options
Re:OpenVPN
2023-08-06 21:07:05 - last edited 2023-08-06 21:07:23

  @leeo 

 

Are you using the standard OpenVPN client app from openvpn.net on your phone?

 

If yes, can you compare the log of your OpenVPN client app with the log below (of a successful connection) and tell at which point things go wrong?

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Aug 06, 2023, 22:54:44] ----- OpenVPN Start -----
[Aug 06, 2023, 22:54:44] EVENT: CORE_THREAD_ACTIVE
[Aug 06, 2023, 22:54:44] OpenVPN core 3.git::081bfebe:RelWithDebInfo android arm64 64-bit PT_PROXY
[Aug 06, 2023, 22:54:44] Frame=512/2048/512 mssfix-ctrl=1250
[Aug 06, 2023, 22:54:44] UNUSED OPTIONS
4 [nobind]
7 [resolv-retry] [infinite]
9 [persist-key]
10 [persist-tun]
[Aug 06, 2023, 22:54:44] EVENT: RESOLVE
[Aug 06, 2023, 22:54:44] Contacting --.--.--.--:1194 via UDP
[Aug 06, 2023, 22:54:44] EVENT: WAIT
[Aug 06, 2023, 22:54:44] Connecting to [--.--.--.--]:1194 (--.--.--.--) via UDPv4
[Aug 06, 2023, 22:54:44] EVENT: CONNECTING
[Aug 06, 2023, 22:54:44] Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
[Aug 06, 2023, 22:54:44] Creds: UsernameEmpty/PasswordEmpty
[Aug 06, 2023, 22:54:44] Peer Info:
IV_VER=3.git::081bfebe:RelWithDebInfo
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_GUI_VER=net_openvpn_connect_android_3.3.4-9290
IV_SSO=webauth,openurl,crtext
[Aug 06, 2023, 22:54:45] VERIFY OK: depth=1, /C=CN/ST=GD/L=ShenZhen/O=TP-Link/OU=SOHO-I18N/CN=TP-Link CA/name=EasyRSA/emailAddress=xxxx@xxxx, signature: RSA-SHA256
[Aug 06, 2023, 22:54:45] VERIFY OK: depth=0, /C=CN/ST=GD/L=ShenZhen/O=TP-Link/OU=SOHO-I18N/CN=server/name=EasyRSA/emailAddress=xxxx@xxxx, signature: RSA-SHA256
[Aug 06, 2023, 22:54:45] SSL Handshake: peer certificate: CN=server, 1024 bit RSA, cipher: DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
[Aug 06, 2023, 22:54:45] Session is ACTIVE
[Aug 06, 2023, 22:54:45] Sending PUSH_REQUEST to server...
[Aug 06, 2023, 22:54:45] EVENT: GET_CONFIG
[Aug 06, 2023, 22:54:45] OPTIONS:
0 [route] [0.0.0.0] [0.0.0.0]
1 [redirect-gateway] [def1]
2 [route] [192.168.0.0] [255.255.255.0]
3 [route] [10.8.0.0] [255.255.255.0]
4 [dhcp-option] [DNS] [10.8.0.1]
5 [dhcp-option] [DNS] [8.8.8.8]
6 [route] [10.8.0.0] [255.255.255.0]
7 [topology] [net30]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [10.8.0.14] [10.8.0.13]
[Aug 06, 2023, 22:54:45] PROTOCOL OPTIONS:
  cipher: AES-128-CBC
  digest: SHA1
  key-derivation: OpenVPN PRF
  compress: LZO_STUB
  peer ID: -1
[Aug 06, 2023, 22:54:45] EVENT: ASSIGN_IP
[Aug 06, 2023, 22:54:45] Connected via tun
[Aug 06, 2023, 22:54:45] LZO-ASYM init swap=0 asym=1
[Aug 06, 2023, 22:54:45] Comp-stub init swap=0
[Aug 06, 2023, 22:54:45] EVENT: CONNECTED info='--.--.--.--:1194 (--.--.--.--) via /UDPv4 on tun/10.8.0.14/ gw=[10.8.0.13/]'
----------------------------------------------------------------------------------------------------------------------------------------------------------------------

  0  
  0  
#10
Options
Re:OpenVPN
2023-08-07 16:45:18
This is as far as it gets. EVENT: CONNECTING Mine says. [Aug 07, 2023, 15:14:44] Server poll timeout, trying next remote entry...
  0  
  0  
#11
Options

Information

Helpful: 0

Views: 2502

Replies: 15

Tags

Related Articles