AsusWRT as client, error

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
Nixellion
OpenVpn Newbie
Posts: 2
Joined: Wed Apr 25, 2018 7:00 pm

AsusWRT as client, error

Post by Nixellion » Wed Apr 25, 2018 7:05 pm

Hello, I'm trying to setup OpenVPN AS and I'd like to use my Asus AC66U as a client device.

I was able to succesfully connect with OpenVPN Connect Windows client, but I have following errors when trying to connecting using AsusWRT:

Server-side:

Code: Select all

2018-04-25 09:04:56-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:04:56 2018 xxx.xxx.xxx.xxx:49179 TLS_ERROR: BIO read tls_read_plaintext error'
2018-04-25 09:04:56-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:04:56 2018 xxx.xxx.xxx.xxx:49179 TLS Error: TLS object -> incoming plaintext read error'
2018-04-25 09:04:56-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:04:56 2018 xxx.xxx.xxx.xxx:49179 TLS Error: TLS handshake failed'
2018-04-25 09:04:56-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:04:56 2018 xxx.xxx.xxx.xxx:49179 SIGUSR1[soft,tls-error] received, client-instance restarting'
2018-04-25 09:05:57-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:05:57 2018 xxx.xxx.xxx.xxx:35450 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:35450, sid=9b816111 c1ea7231'
2018-04-25 09:05:57-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:05:57 2018 xxx.xxx.xxx.xxx:35450 OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'
2018-04-25 09:05:57-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:05:57 2018 xxx.xxx.xxx.xxx:35450 TLS_ERROR: BIO read tls_read_plaintext error'
2018-04-25 09:05:57-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:05:57 2018 xxx.xxx.xxx.xxx:35450 TLS Error: TLS object -> incoming plaintext read error'
2018-04-25 09:05:57-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:05:57 2018 xxx.xxx.xxx.xxx:35450 TLS Error: TLS handshake failed'
2018-04-25 09:05:57-0400 [-] OVPN 10 OUT: 'Wed Apr 25 13:05:57 2018 xxx.xxx.xxx.xxx:35450 SIGUSR1[soft,tls-error] received, client-instance restarting'
Client-side:

Code: Select all

Apr 23 20:22:11 openvpn[24114]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 23 20:22:11 openvpn[24114]: TLS Error: TLS handshake failed
Apr 23 20:22:11 openvpn[24114]: SIGUSR1[soft,tls-error] received, process restarting
Apr 23 20:22:11 openvpn[24114]: Restart pause, 2 second(s)
Apr 23 20:22:13 openvpn[24114]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Apr 23 20:22:13 openvpn[24114]: UDPv4 link local: [undef]
Apr 23 20:22:13 openvpn[24114]: UDPv4 link remote: [AF_INET]server_ip:6958
Apr 23 20:23:13 openvpn[24114]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 23 20:23:13 openvpn[24114]: TLS Error: TLS handshake failed
Apr 23 20:23:13 openvpn[24114]: SIGUSR1[soft,tls-error] received, process restarting
Apr 23 20:23:13 openvpn[24114]: Restart pause, 2 second(s)
Apr 23 20:23:15 openvpn[24114]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Apr 23 20:23:15 openvpn[24114]: UDPv4 link local: [undef]
Apr 23 20:23:15 openvpn[24114]: UDPv4 link remote: [AF_INET]server_ip:6958
Apr 23 20:24:15 openvpn[24114]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 23 20:24:15 openvpn[24114]: TLS Error: TLS handshake failed
Apr 23 20:24:15 openvpn[24114]: SIGUSR1[soft,tls-error] received, process restarting
Apr 23 20:24:15 openvpn[24114]: Restart pause, 2 second(s)
Apr 23 20:24:17 openvpn[24114]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Apr 23 20:24:17 openvpn[24114]: UDPv4 link local: [undef]
Apr 23 20:24:17 openvpn[24114]: UDPv4 link remote: [AF_INET]server_ip:6958

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: AsusWRT as client, error

Post by novaflash » Wed Apr 25, 2018 7:40 pm

If I am not mistaken, asusWRT is based on DDWRT. And as far I know they don't support TLS 1.1 or TLS 1.2 for the OpenVPN connection and they also do not support TLS authentication. So if you want this to work you'll have to lower security significantly. It is not advised to do this, and it also means you will have to reinstall all your currently installed clients.

If you want to do this anyways, go to the Admin UI of your Access Server, go to Advanced VPN and disable TLS authentication. Next go to TLS Settings and set the OpenVPN daemons to TLS 1.0. Then update running servers and try again.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Nixellion
OpenVpn Newbie
Posts: 2
Joined: Wed Apr 25, 2018 7:00 pm

Re: AsusWRT as client, error

Post by Nixellion » Wed Apr 25, 2018 7:56 pm

It worked! Thanks :)

Well, I really don't want to install clients on each and every device I have. As far as security goes, as long as it's not worse than NOT using any VPN, I'm fine with it.

But if there's any firmware available for this router that supports TLS 1.1\1.2 and TLS Auth, that would be great. Or is there any other router that has a more uptodate vpn client?

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: AsusWRT as client, error

Post by novaflash » Wed Apr 25, 2018 8:10 pm

pfSense comes to mind, they have decent stuff.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply