Suddenly cannot connect to Asus Router OVPN servers

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
jwitkin1
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 03, 2018 6:57 am

Suddenly cannot connect to Asus Router OVPN servers

Post by jwitkin1 » Mon Dec 03, 2018 7:17 am

I have set up OVPN servers on Asus RT-AC68U routers belonging to myself, my two sons, my mom, and my sister-in-law (all in different locations), for the purpose of assisting them with computer issues. I connect to them using Tunnelblick (latest) on Mac OS 10.14.2 Beta, and using the OVPN app on iOS 12.1 on my iPad and iPhone.

As of a few weeks ago, I am unable to connect to any of the remote Asus OVPN servers using either of these methods. Their internet is working.
(I CAN connect to my own VPN network on the same LAN as my own router.)

I am not aware of having made any changes to my system, or to the .ovpn config files, though their may have been a firmware upgrade on MY router. All the VPN settings look correct.

Using my cell phone with wi-fi turned off, I still cannot connect outside.

Its been a while, but I believe I set the port to 443 when I set the connections up. Used to all work just fine!

Where should I be looking??

Thanks, JW

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by TinCanTech » Mon Dec 03, 2018 1:55 pm

As ever, check your log files ..

jwitkin1
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 03, 2018 6:57 am

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by jwitkin1 » Mon Dec 03, 2018 4:16 pm

Ok, but over my head. The last thing I see on the log screen is "WAITING"... forever. The popup shows "Waiting for server response". Can you tell me what this means?:



*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.8 (build 5180); prior version 3.7.7 (build 5150); Admin user
git commit 75a15f3fcb6de5a66bb6b7175b720645332ee778


Configuration Brian

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/Brian.tblk:

remote aaa.bbb.org 1194
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 15 60
comp-lzo adaptive
auth-user-pass
client
auth SHA1
cipher AES-128-CBC
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>


================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>
130 0 0xffffff7f82fb5000 0x8000 0x8000 com.acronis.fileprotector (1.6.1) AE08CE95-D56C-32B8-A116-58AF6AB339BB <26 8 6 5 3 1>
148 0 0xffffff7f8399a000 0x4000 0x4000 com.Greatdy.driver.SystemAudioCapture (1.0.0) 62ED8282-E289-340C-82E4-D0B4E78CA9ED <117 6 5 3>
166 3 0xffffff7f83ad2000 0x64000 0x64000 org.virtualbox.kext.VBoxDrv (5.2.20) 649EEF26-CE94-3CCB-9483-F45AF5D03861 <8 6 5 3 1>
175 0 0xffffff7f83b4e000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.2.20) 40399AFF-0F44-31E1-A59F-009878526CF6 <174 166 55 8 6 5 3 1>
177 0 0xffffff7f83b5b000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.2.20) 1A1F2A40-81AC-3E0B-B11E-A060E3D83B30 <166 8 6 5 3 1>
178 0 0xffffff7f83b60000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.2.20) 9B32F3D8-5F01-3440-81A3-172DC086DE59 <166 6 5 1>

================================================================================

Files in Brian.tblk:
Contents/Resources/config.ovpn

================================================================================

Configuration preferences:

-skipWarningThatMayNotConnectInFutureBecauseOfOpenVPNOptions = 1
-keychainHasUsernameAndPassword = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

skipWarningThatIPAddressDidNotChangeAfterConnection = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.8 (build 5180)",
"3.7.7 (build 5150)",
"3.7.6a (build 5080)",
"3.7.6 (build 5060)",
"3.7.5a (build 5011)",
"3.7.5 (build 5010)",
"3.7.4b (build 4921)",
"3.7.4a (build 4920)",
"3.7.4 (build 4900)",
"3.7.3 (build 4880)"
)
lastLaunchTime = 565546049.840835
doNotShowSplashScreen = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = JW
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 754 570 412 297 0 0 1920 1057
NSWindow Frame SUUpdateAlert = 650 498 620 392 0 0 1920 1057
detailsWindowFrameVersion = 5180
detailsWindowFrame = {{97, 341}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = Brian
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2018-12-03 16:07:32 +0000
SULastProfileSubmissionDate = 2018-12-02 03:14:57 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
userAgreementVersionAgreedTo = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
haveDealtWithSparkle1dot5b6 = 1
updateSendProfileInfo = 1

================================================================================

Tunnelblick Log:

*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.8 (build 5180); prior version 3.7.7 (build 5150)
2018-12-03 08:07:56 *Tunnelblick: Attempting connection with Brian; Set nameserver = 769; monitoring connection
2018-12-03 08:07:56 *Tunnelblick: openvpnstart start Brian.tblk 57035 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2q
2018-12-03 08:07:56 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2q/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SBrian.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.57035.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/Brian.tblk/Contents/Resources
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5180 3.7.8 (build 5180)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/Brian.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/Brian.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/Brian.tblk/Contents/Resources
--management 127.0.0.1 57035 /Library/Application Support/Tunnelblick/pjjoigaechgefmjmpcjjfgkneipnpbnflnbghgnh.mip
--management-query-passwords
--management-hold
--script-security 2
--up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2018-12-03 08:07:56 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 29 2018
2018-12-03 08:07:56 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
2018-12-03 08:07:56 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:57035
2018-12-03 08:07:56 Need hold release from management interface, waiting...
2018-12-03 08:07:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:57035
2018-12-03 08:07:56 *Tunnelblick: openvpnstart starting OpenVPN
2018-12-03 08:07:57 *Tunnelblick: Established communication with OpenVPN
2018-12-03 08:07:57 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2018-12-03 08:07:57 MANAGEMENT: CMD 'pid'
2018-12-03 08:07:57 MANAGEMENT: CMD 'auth-retry interact'
2018-12-03 08:07:57 MANAGEMENT: CMD 'state on'
2018-12-03 08:07:57 MANAGEMENT: CMD 'state'
2018-12-03 08:07:57 MANAGEMENT: CMD 'bytecount 1'
2018-12-03 08:07:57 MANAGEMENT: CMD 'hold release'
2018-12-03 08:07:57 *Tunnelblick: Obtained VPN username and password from the Keychain
2018-12-03 08:07:57 MANAGEMENT: CMD 'username "Auth" "Brian"'
2018-12-03 08:07:57 MANAGEMENT: CMD 'password [...]'
2018-12-03 08:07:57 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2018-12-03 08:07:57 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-12-03 08:07:57 MANAGEMENT: >STATE:1543853277,RESOLVE,,,,,,
2018-12-03 08:07:57 TCP/UDP: Preserving recently used remote address: [AF_INET]98.176.101.110:1194
2018-12-03 08:07:57 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-12-03 08:07:57 UDP link local: (not bound)
2018-12-03 08:07:57 UDP link remote: [AF_INET]98.176.101.110:1194
2018-12-03 08:07:57 MANAGEMENT: >STATE:1543853277,WAIT,,,,,,

================================================================================

"Sanitized" full configuration file

remote aaa.bbb.org 1194
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 15 60
comp-lzo adaptive
auth-user-pass
client
auth SHA1
cipher AES-128-CBC
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>

<cert>
[Security-related line(s) omitted]
</cert>

<key>
[Security-related line(s) omitted]
</key>




================================================================================

Network services:

An asterisk (*) denotes that a network service is disabled.
Ethernet
iPad USB
Wi-Fi
iPhone USB
Bluetooth PAN 2
Thunderbolt Bridge
Thunderbolt Bridge 2

Wi-Fi Power (en1): On

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
EHC29: flags=0<> mtu 0
EHC26: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether a8:20:66:4a:51:73
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 32:00:11:74:df:00
media: autoselect <full-duplex>
status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 32:00:11:74:df:01
media: autoselect <full-duplex>
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 8c:2d:aa:3a:9a:3f
inet6 fe80::18eb:2608:a435:be09%en1 prefixlen 64 secured scopeid 0xa
inet 192.168.1.93 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0e:2d:aa:3a:9a:3f
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 66:db:06:62:90:91
inet6 fe80::64db:6ff:fe62:9091%awdl0 prefixlen 64 scopeid 0xc
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 32:00:11:74:df:01
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::cbd9:20cb:ab5d:413c%utun0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::845c:703f:5c5:1619%utun1 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::663:cf28:cf6d:61dc%utun2 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>

================================================================================

Console Log:

2018-12-03 08:07:28 Tunnelblick[25205] Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.8 (build 5180)
2018-12-03 08:07:29 Tunnelblick[25205] DEPRECATED USE in libdispatch client: dispatch source activated with no event handler set; set a breakpoint on _dispatch_bug_deprecated to debug
2018-12-03 08:07:32 Tunnelblick[25205] Sparkle: ===== Tunnelblick =====
2018-12-03 08:07:32 Tunnelblick[25205] Sparkle: Verified appcast signature
2018-12-03 08:07:56 Tunnelblick[25205] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SShared-SBrian-Dtblk-SContents-SResources'

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by TinCanTech » Mon Dec 03, 2018 4:34 pm

You need your server log file.

jwitkin1
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 03, 2018 6:57 am

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by jwitkin1 » Mon Dec 03, 2018 5:01 pm

Hmmm would have to go to kids house to get it. I’ll work on it. Thanks.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by TinCanTech » Mon Dec 03, 2018 5:13 pm

So you understand why, the server does not send any information to the client as to why a connection fails because that would be a security flaw and possibly exploitable.

jwitkin1
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 03, 2018 6:57 am

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by jwitkin1 » Mon Dec 03, 2018 5:16 pm

Got it. So I need log from my son’s router, right? That’s is the server I was trying to reach.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Suddenly cannot connect to Asus Router OVPN servers

Post by TinCanTech » Mon Dec 03, 2018 5:45 pm

This is all the information we really need:
viewtopic.php?f=30&t=22603#p68963

But your server log is a very good start.

Post Reply