Now don't get asked for username/password - asuswrt-merlin

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
makem
OpenVpn Newbie
Posts: 17
Joined: Thu Jul 02, 2015 8:45 pm

Now don't get asked for username/password - asuswrt-merlin

Post by makem » Fri Aug 07, 2015 5:27 pm

I have just upoaded the latest Merlin firmware to a RT-AC68U router running OpenVPN.

Previously when using the latest stock firmware clients were asked for a username & password prior to connection. In that case all I did was to export a client.ovpn file which I placed in each clients openVPN config folder.

I am doing exactly the same with the new firmare but now clients connect without authenticating.

Do I need to do more than place the opvn file in the users config folder? How do I differentiate between clients that have been given username and paswords in the OpenVPN set up in the router? When connected the router calls them all client1.

Client log for Windows client:

Code: Select all

Fri Aug 07 18:07:01 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
Fri Aug 07 18:07:01 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Fri Aug 07 18:07:05 2015 UDPv4 link local: [undef]
Fri Aug 07 18:07:05 2015 UDPv4 link remote: [AF_INET]xx.xxx.xx.xxx:1194
Fri Aug 07 18:07:05 2015 [RT-AC68U] Peer Connection Initiated with [AF_INET]192.168.1.1:1194
Fri Aug 07 18:07:08 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Aug 07 18:07:08 2015 open_tun, tt->ipv6=0
Fri Aug 07 18:07:08 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B2C97252-5730-4943-90CB-DEF4D7FB9968}.tap
Fri Aug 07 18:07:08 2015 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Fri Aug 07 18:07:08 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {B2C97252-5730-4943-90CB-DEF4D7FB9968} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Fri Aug 07 18:07:08 2015 Successful ARP Flush on interface [29] {B2C97252-5730-4943-90CB-DEF4D7FB9968}
Fri Aug 07 18:07:13 2015 Initialization Sequence Completed
Fri Aug 07 18:07:53 2015 SIGTERM[hard,] received, process exiting
System log for Windows client:

Code: Select all

Aug  7 18:04:43 openvpn[3617]: client/192.168.1.33:64655 [client] Inactivity timeout (--ping-restart), restarting
Aug  7 18:04:43 openvpn[3617]: client/192.168.1.33:64655 SIGUSR1[soft,ping-restart] received, client-instance restarting
Aug  7 18:07:05 openvpn[3617]: 192.168.1.33:50677 TLS: Initial packet from [AF_INET]192.168.1.33:50677, sid=f7976763 0d18cf6d
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug  7 18:07:06 openvpn[3617]: 192.168.1.33:50677 [client] Peer Connection Initiated with [AF_INET]192.168.1.33:50677
Aug  7 18:07:06 openvpn[3617]: client/192.168.1.33:50677 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug  7 18:07:06 openvpn[3617]: client/192.168.1.33:50677 MULTI: Learn: 10.8.0.2 -> client/192.168.1.33:50677
Aug  7 18:07:06 openvpn[3617]: client/192.168.1.33:50677 MULTI: primary virtual IP for client/192.168.1.33:50677: 10.8.0.2
Aug  7 18:07:08 openvpn[3617]: client/192.168.1.33:50677 PUSH: Received control message: 'PUSH_REQUEST'
Aug  7 18:07:08 openvpn[3617]: client/192.168.1.33:50677 send_push_reply(): safe_cap=940
Aug  7 18:07:08 openvpn[3617]: client/192.168.1.33:50677 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Aug  7 18:07:09 miniupnpd[975]: upnp_event_recv: recv(): Connection reset by peer
Client log for Android client:

Code: Select all

STATE:1438967628,RESOLVE,,, 2015-08-07 18:13:48 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:3 ] 2015-08-07 18:13:48 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' 2015-08-07 18:13:48 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' 2015-08-07 18:13:48 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xxx:1194 2015-08-07 18:13:48 Socket Buffers: R=[163840->131072] S=[163840->131072] 2015-08-07 18:13:48 Protecting socket fd 4 2015-08-07 18:13:48 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2015-08-07 18:13:48 UDP link local: (not bound) 2015-08-07 18:13:48 UDP link remote: [AF_INET]xx.xxx.xx.xxx:1194 2015-08-07 18:13:48 MANAGEMENT: >STATE:1438967628,WAIT,,, 2015-08-07 18:13:48 MANAGEMENT: >STATE:1438967628,AUTH,,, 2015-08-07 18:13:48 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=272111db 30049c9f 2015-08-07 18:13:48 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain 2015-08-07 18:13:48 VERIFY OK: nsCertType=SERVER 2015-08-07 18:13:48 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain 2015-08-07 18:13:48 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2015-08-07 18:13:48 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2015-08-07 18:13:48 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2015-08-07 18:13:48 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2015-08-07 18:13:48 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 2015-08-07 18:13:48 [RT-AC68U] Peer Connection Initiated with [AF_INET]192.168.1.1:1194 2015-08-07 18:13:49 MANAGEMENT: >STATE:1438967629,GET_CONFIG,,, 2015-08-07 18:13:50 SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1) 2015-08-07 18:13:50 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0' 2015-08-07 18:13:51 OPTIONS IMPORT: timers and/or timeouts modified 2015-08-07 18:13:51 OPTIONS IMPORT: --ifconfig/up options modified 2015-08-07 18:13:51 OPTIONS IMPORT: route options modified 2015-08-07 18:13:51 OPTIONS IMPORT: route-related options modified 2015-08-07 18:13:51 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00 2015-08-07 18:13:51 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 2015-08-07 18:13:51 MANAGEMENT: >STATE:1438967630,ASSIGN_IP,,10.8.0.2, 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'IFCONFIG' ok' 2015-08-07 18:13:51 MANAGEMENT: >STATE:1438967631,ADD_ROUTES,,, 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'ROUTE' ok' 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE' 2015-08-07 18:13:51 Opening tun interface: 2015-08-07 18:13:51 Local IPv4: 10.8.0.2/24 IPv6: null MTU: 1500 2015-08-07 18:13:51 DNS Server: , Domain: null 2015-08-07 18:13:51 Routes: 192.168.1.0/24 2015-08-07 18:13:51 Routes excluded: 2015-08-07 18:13:51 VpnService routes installed: 192.168.1.0/24 2015-08-07 18:13:51 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set. 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'OPENTUN' ok' 2015-08-07 18:13:51 Initialization Sequence Completed 2015-08-07 18:13:51 MANAGEMENT: >STATE:1438967631,CONNECTED,SUCCESS,10.8.0.2,192.168.1.1 ">2015-08-07 18:13:44 Running on NX503A (MSM8974) nubia, Android API 17, version 0.6.30, official build 2015-08-07 18:13:44 Building configuration… 2015-08-07 18:13:46 started Socket Thread 2015-08-07 18:13:46 Current Parameter Settings: 2015-08-07 18:13:46 Network Status: CONNECTED to WIFI "makem_2.4GHz" 2015-08-07 18:13:46 config = '/data/data/de.blinkt.openvpn/cache/android.conf' 2015-08-07 18:13:46 mode = 0 2015-08-07 18:13:46 show_ciphers = DISABLED 2015-08-07 18:13:46 show_digests = DISABLED 2015-08-07 18:13:46 show_engines = DISABLED 2015-08-07 18:13:46 genkey = DISABLED 2015-08-07 18:13:46 key_pass_file = '[UNDEF]' 2015-08-07 18:13:46 show_tls_ciphers = DISABLED 2015-08-07 18:13:46 connect_retry_max = 5 2015-08-07 18:13:46 Connection profiles [0]: 2015-08-07 18:13:46 proto = udp 2015-08-07 18:13:46 local = '[UNDEF]' 2015-08-07 18:13:46 local_port = '[UNDEF]' 2015-08-07 18:13:46 remote = 'makem-goes.no-ip.biz' 2015-08-07 18:13:46 remote_port = '1194' 2015-08-07 18:13:46 remote_float = ENABLED 2015-08-07 18:13:46 bind_defined = DISABLED 2015-08-07 18:13:46 bind_local = DISABLED 2015-08-07 18:13:46 bind_ipv6_only = DISABLED 2015-08-07 18:13:46 connect_retry_seconds = 5 2015-08-07 18:13:46 connect_timeout = 10 2015-08-07 18:13:46 socks_proxy_server = '[UNDEF]' 2015-08-07 18:13:46 socks_proxy_port = '[UNDEF]' 2015-08-07 18:13:46 socks_proxy_retry = DISABLED 2015-08-07 18:13:46 tun_mtu = 1500 2015-08-07 18:13:46 tun_mtu_defined = ENABLED 2015-08-07 18:13:46 link_mtu = 1500 2015-08-07 18:13:46 link_mtu_defined = DISABLED 2015-08-07 18:13:46 tun_mtu_extra = 0 2015-08-07 18:13:46 tun_mtu_extra_defined = DISABLED 2015-08-07 18:13:46 mtu_discover_type = -1 2015-08-07 18:13:46 fragment = 0 2015-08-07 18:13:46 mssfix = 1450 2015-08-07 18:13:46 explicit_exit_notification = 0 2015-08-07 18:13:46 Connection profiles END 2015-08-07 18:13:46 remote_random = DISABLED 2015-08-07 18:13:46 ipchange = '[UNDEF]' 2015-08-07 18:13:46 dev = 'tun' 2015-08-07 18:13:46 dev_type = '[UNDEF]' 2015-08-07 18:13:46 dev_node = '[UNDEF]' 2015-08-07 18:13:47 lladdr = '[UNDEF]' 2015-08-07 18:13:47 topology = 1 2015-08-07 18:13:47 tun_ipv6 = DISABLED 2015-08-07 18:13:47 ifconfig_local = '[UNDEF]' 2015-08-07 18:13:47 ifconfig_remote_netmask = '[UNDEF]' 2015-08-07 18:13:47 ifconfig_noexec = DISABLED 2015-08-07 18:13:47 ifconfig_nowarn = ENABLED 2015-08-07 18:13:47 ifconfig_ipv6_local = '[UNDEF]' 2015-08-07 18:13:47 ifconfig_ipv6_netbits = 0 2015-08-07 18:13:47 ifconfig_ipv6_remote = '[UNDEF]' 2015-08-07 18:13:47 shaper = 0 2015-08-07 18:13:47 mtu_test = 0 2015-08-07 18:13:47 mlock = DISABLED 2015-08-07 18:13:47 keepalive_ping = 15 2015-08-07 18:13:47 keepalive_timeout = 60 2015-08-07 18:13:47 inactivity_timeout = 0 2015-08-07 18:13:47 ping_send_timeout = 15 2015-08-07 18:13:47 ping_rec_timeout = 60 2015-08-07 18:13:47 ping_rec_timeout_action = 2 2015-08-07 18:13:47 ping_timer_remote = DISABLED 2015-08-07 18:13:47 remap_sigusr1 = 0 2015-08-07 18:13:47 persist_tun = DISABLED 2015-08-07 18:13:47 persist_local_ip = DISABLED 2015-08-07 18:13:47 persist_remote_ip = DISABLED 2015-08-07 18:13:47 persist_key = DISABLED 2015-08-07 18:13:47 passtos = DISABLED 2015-08-07 18:13:47 resolve_retry_seconds = 1000000000 2015-08-07 18:13:47 resolve_in_advance = DISABLED 2015-08-07 18:13:47 username = '[UNDEF]' 2015-08-07 18:13:47 groupname = '[UNDEF]' 2015-08-07 18:13:47 chroot_dir = '[UNDEF]' 2015-08-07 18:13:47 cd_dir = '[UNDEF]' 2015-08-07 18:13:47 writepid = '[UNDEF]' 2015-08-07 18:13:47 up_script = '[UNDEF]' 2015-08-07 18:13:47 down_script = '[UNDEF]' 2015-08-07 18:13:47 down_pre = DISABLED 2015-08-07 18:13:47 up_restart = DISABLED 2015-08-07 18:13:47 up_delay = DISABLED 2015-08-07 18:13:47 daemon = DISABLED 2015-08-07 18:13:47 inetd = 0 2015-08-07 18:13:47 log = DISABLED 2015-08-07 18:13:47 suppress_timestamps = DISABLED 2015-08-07 18:13:47 machine_readable_output = ENABLED 2015-08-07 18:13:47 nice = 0 2015-08-07 18:13:47 verbosity = 4 2015-08-07 18:13:47 mute = 0 2015-08-07 18:13:47 gremlin = 0 2015-08-07 18:13:47 status_file = '[UNDEF]' 2015-08-07 18:13:47 status_file_version = 1 2015-08-07 18:13:47 status_file_update_freq = 60 2015-08-07 18:13:47 occ = ENABLED 2015-08-07 18:13:47 rcvbuf = 65536 2015-08-07 18:13:47 sndbuf = 65536 2015-08-07 18:13:47 sockflags = 0 2015-08-07 18:13:47 fast_io = DISABLED 2015-08-07 18:13:47 comp.alg = 2 2015-08-07 18:13:47 comp.flags = 1 2015-08-07 18:13:47 route_script = '[UNDEF]' 2015-08-07 18:13:47 route_default_gateway = '[UNDEF]' 2015-08-07 18:13:47 route_default_metric = 0 2015-08-07 18:13:47 route_noexec = DISABLED 2015-08-07 18:13:47 route_delay = 0 2015-08-07 18:13:47 route_delay_window = 30 2015-08-07 18:13:47 route_delay_defined = DISABLED 2015-08-07 18:13:47 route_nopull = DISABLED 2015-08-07 18:13:47 route_gateway_via_dhcp = DISABLED 2015-08-07 18:13:47 allow_pull_fqdn = DISABLED 2015-08-07 18:13:47 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket' 2015-08-07 18:13:47 management_port = 'unix' 2015-08-07 18:13:47 management_user_pass = '[UNDEF]' 2015-08-07 18:13:47 management_log_history_cache = 250 2015-08-07 18:13:47 management_echo_buffer_size = 100 2015-08-07 18:13:47 management_write_peer_info_file = '[UNDEF]' 2015-08-07 18:13:47 management_client_user = '[UNDEF]' 2015-08-07 18:13:47 management_client_group = '[UNDEF]' 2015-08-07 18:13:47 management_flags = 4390 2015-08-07 18:13:47 shared_secret_file = '[UNDEF]' 2015-08-07 18:13:47 key_direction = 0 2015-08-07 18:13:47 ciphername_defined = ENABLED 2015-08-07 18:13:47 ciphername = 'AES-256-CBC' 2015-08-07 18:13:47 authname_defined = ENABLED 2015-08-07 18:13:47 authname = 'SHA1' 2015-08-07 18:13:47 prng_hash = 'SHA1' 2015-08-07 18:13:47 prng_nonce_secret_len = 16 2015-08-07 18:13:47 keysize = 0 2015-08-07 18:13:47 engine = DISABLED 2015-08-07 18:13:47 replay = ENABLED 2015-08-07 18:13:47 mute_replay_warnings = DISABLED 2015-08-07 18:13:47 replay_window = 64 2015-08-07 18:13:47 replay_time = 15 2015-08-07 18:13:47 packet_id_file = '[UNDEF]' 2015-08-07 18:13:47 use_iv = ENABLED 2015-08-07 18:13:47 test_crypto = DISABLED 2015-08-07 18:13:47 tls_server = DISABLED 2015-08-07 18:13:47 tls_client = ENABLED 2015-08-07 18:13:47 key_method = 2 2015-08-07 18:13:47 ca_file = '[[INLINE]]' 2015-08-07 18:13:47 ca_path = '[UNDEF]' 2015-08-07 18:13:47 dh_file = '[UNDEF]' 2015-08-07 18:13:47 cert_file = '[[INLINE]]' 2015-08-07 18:13:47 priv_key_file = '[[INLINE]]' 2015-08-07 18:13:47 pkcs12_file = '[UNDEF]' 2015-08-07 18:13:47 cipher_list = '[UNDEF]' 2015-08-07 18:13:47 tls_verify = '[UNDEF]' 2015-08-07 18:13:47 tls_export_cert = '[UNDEF]' 2015-08-07 18:13:47 verify_x509_type = 0 2015-08-07 18:13:47 verify_x509_name = '[UNDEF]' 2015-08-07 18:13:47 crl_file = '[UNDEF]' 2015-08-07 18:13:47 ns_cert_type = 1 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_ku[i] = 0 2015-08-07 18:13:47 remote_cert_eku = '[UNDEF]' 2015-08-07 18:13:47 ssl_flags = 0 2015-08-07 18:13:47 tls_timeout = 2 2015-08-07 18:13:47 renegotiate_bytes = 0 2015-08-07 18:13:47 renegotiate_packets = 0 2015-08-07 18:13:47 renegotiate_seconds = 3600 2015-08-07 18:13:47 handshake_window = 60 2015-08-07 18:13:47 transition_window = 3600 2015-08-07 18:13:47 single_session = DISABLED 2015-08-07 18:13:47 push_peer_info = DISABLED 2015-08-07 18:13:47 tls_exit = DISABLED 2015-08-07 18:13:47 tls_auth_file = '[UNDEF]' 2015-08-07 18:13:47 client = ENABLED 2015-08-07 18:13:47 pull = ENABLED 2015-08-07 18:13:47 auth_user_pass_file = '[UNDEF]' 2015-08-07 18:13:47 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_630-c9b2b7dc10e7781d] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jun 7 2015 2015-08-07 18:13:47 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.07 2015-08-07 18:13:47 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket 2015-08-07 18:13:47 MANAGEMENT: CMD 'hold release' 2015-08-07 18:13:47 MANAGEMENT: CMD 'bytecount 2' 2015-08-07 18:13:47 MANAGEMENT: CMD 'state on' 2015-08-07 18:13:47 MANAGEMENT: CMD 'proxy NONE' 2015-08-07 18:13:48 LZO compression initializing 2015-08-07 18:13:48 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:3 ] 2015-08-07 18:13:48 MANAGEMENT: >STATE:1438967628,RESOLVE,,, 2015-08-07 18:13:48 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:3 ] 2015-08-07 18:13:48 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' 2015-08-07 18:13:48 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' 2015-08-07 18:13:48 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xxx:1194 2015-08-07 18:13:48 Socket Buffers: R=[163840->131072] S=[163840->131072] 2015-08-07 18:13:48 Protecting socket fd 4 2015-08-07 18:13:48 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2015-08-07 18:13:48 UDP link local: (not bound) 2015-08-07 18:13:48 UDP link remote: [AF_INET]xx.xxx.xx.xxx:1194 2015-08-07 18:13:48 MANAGEMENT: >STATE:1438967628,WAIT,,, 2015-08-07 18:13:48 MANAGEMENT: >STATE:1438967628,AUTH,,, 2015-08-07 18:13:48 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=272111db 30049c9f 2015-08-07 18:13:48 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain 2015-08-07 18:13:48 VERIFY OK: nsCertType=SERVER 2015-08-07 18:13:48 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain 2015-08-07 18:13:48 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2015-08-07 18:13:48 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2015-08-07 18:13:48 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2015-08-07 18:13:48 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2015-08-07 18:13:48 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 2015-08-07 18:13:48 [RT-AC68U] Peer Connection Initiated with [AF_INET]192.168.1.1:1194 2015-08-07 18:13:49 MANAGEMENT: >STATE:1438967629,GET_CONFIG,,, 2015-08-07 18:13:50 SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1) 2015-08-07 18:13:50 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0' 2015-08-07 18:13:51 OPTIONS IMPORT: timers and/or timeouts modified 2015-08-07 18:13:51 OPTIONS IMPORT: --ifconfig/up options modified 2015-08-07 18:13:51 OPTIONS IMPORT: route options modified 2015-08-07 18:13:51 OPTIONS IMPORT: route-related options modified 2015-08-07 18:13:51 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00 2015-08-07 18:13:51 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 2015-08-07 18:13:51 MANAGEMENT: >STATE:1438967630,ASSIGN_IP,,10.8.0.2, 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'IFCONFIG' ok' 2015-08-07 18:13:51 MANAGEMENT: >STATE:1438967631,ADD_ROUTES,,, 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'ROUTE' ok' 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE' 2015-08-07 18:13:51 Opening tun interface: 2015-08-07 18:13:51 Local IPv4: 10.8.0.2/24 IPv6: null MTU: 1500 2015-08-07 18:13:51 DNS Server: , Domain: null 2015-08-07 18:13:51 Routes: 192.168.1.0/24 2015-08-07 18:13:51 Routes excluded: 2015-08-07 18:13:51 VpnService routes installed: 192.168.1.0/24 2015-08-07 18:13:51 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set. 2015-08-07 18:13:51 MANAGEMENT: CMD 'needok 'OPENTUN' ok' 2015-08-07 18:13:51 Initialization Sequence Completed 2015-08-07 18:13:51 MANAGEMENT: >STATE:1438967631,CONNECTED,SUCCESS,10.8.0.2,192.168.1.1 
System log for Anroid client:

Code: Select all

Aug  7 18:09:13 openvpn[3617]: client/192.168.1.33:50677 [client] Inactivity timeout (--ping-restart), restarting
Aug  7 18:09:13 openvpn[3617]: client/192.168.1.33:50677 SIGUSR1[soft,ping-restart] received, client-instance restarting
Aug  7 18:13:37 dnsmasq-dhcp[1276]: DHCPREQUEST(br0) 192.168.1.22 98:6c:f5:0f:23:89 
Aug  7 18:13:37 dnsmasq-dhcp[1276]: DHCPACK(br0) 192.168.1.22 98:6c:f5:0f:23:89 android-5f47349a4727f236
Aug  7 18:13:48 openvpn[3617]: 192.168.1.22:53567 TLS: Initial packet from [AF_INET]192.168.1.22:53567, sid=640f22bb 10c7eedd
Aug  7 18:13:48 openvpn[3617]: 192.168.1.22:53567 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug  7 18:13:48 openvpn[3617]: 192.168.1.22:53567 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug  7 18:13:49 openvpn[3617]: 192.168.1.22:53567 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug  7 18:13:49 openvpn[3617]: 192.168.1.22:53567 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  7 18:13:49 openvpn[3617]: 192.168.1.22:53567 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug  7 18:13:49 openvpn[3617]: 192.168.1.22:53567 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  7 18:13:49 openvpn[3617]: 192.168.1.22:53567 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug  7 18:13:49 openvpn[3617]: 192.168.1.22:53567 [client] Peer Connection Initiated with [AF_INET]192.168.1.22:53567
Aug  7 18:13:49 openvpn[3617]: client/192.168.1.22:53567 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug  7 18:13:49 openvpn[3617]: client/192.168.1.22:53567 MULTI: Learn: 10.8.0.2 -> client/192.168.1.22:53567
Aug  7 18:13:49 openvpn[3617]: client/192.168.1.22:53567 MULTI: primary virtual IP for client/192.168.1.22:53567: 10.8.0.2
Aug  7 18:13:51 openvpn[3617]: client/192.168.1.22:53567 PUSH: Received control message: 'PUSH_REQUEST'
Aug  7 18:13:51 openvpn[3617]: client/192.168.1.22:53567 send_push_reply(): safe_cap=940
Aug  7 18:13:51 openvpn[3617]: client/192.168.1.22:53567 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Both connections were successfully made whilst in the LAN without authentification.

A remote connection was also made by the Android phone without authentification.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Now don't get asked for username/password - asuswrt-merl

Post by Traffic » Fri Aug 07, 2015 8:33 pm

Just in case:
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

makem
OpenVpn Newbie
Posts: 17
Joined: Thu Jul 02, 2015 8:45 pm

Re: Now don't get asked for username/password - asuswrt-merl

Post by makem » Fri Aug 07, 2015 8:34 pm

makem wrote:I have just upoaded the latest Merlin firmware to a RT-AC68U router running OpenVPN.

Previously when using the latest stock firmware clients were asked for a username & password prior to connection. In that case all I did was to export a client.ovpn file which I placed in each clients openVPN config folder.

I am doing exactly the same with the new firmare but now clients connect without authenticating.

Do I need to do more than place the opvn file in the users config folder? How do I differentiate between clients that have been given username and paswords in the OpenVPN set up in the router? When connected the router calls them all client1.

Contrary to that in the stock firmware - SELECT "Username/Password Authentication" - Yes.

Then you get the usual "No" in the stock firmware which you can now select.

Took me a while to spot that.

Can be maked as [solved]

makem
OpenVpn Newbie
Posts: 17
Joined: Thu Jul 02, 2015 8:45 pm

Re: Now don't get asked for username/password - asuswrt-merl

Post by makem » Fri Aug 07, 2015 11:24 pm

Traffic wrote:Just in case:
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sorted thanks.

Post Reply