RT-AC59U V2 - OpenVPN server - connection via cert key - Wago PFC

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
viallos
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 19, 2020 6:31 am

RT-AC59U V2 - OpenVPN server - connection via cert key - Wago PFC

Post by viallos » Mon Oct 19, 2020 6:44 am

Hi

I'm struggling with this setup ....

I'm using the latest firmware version : 3.0.0.4.386_21649-g7401a04 on RT-AC59U V2 and I tried to setup OpenVPN server to accept connections without passwords but thru client cert and key.

In advanced tab I specified:
Username / Password Auth. Only : No
Authorization Mode : TLS

I downloaded EasyRSA-3.0.8 and have done the following

Code: Select all

easyrsa init-pki
easyrsa build-ca
easyrsa build-server-full server nopass
easyrsa build-client-full client1 nopass
easyrsa gen-dh
I have pasted all required keys and certs to Asus OpenVPN server via Content modification of Keys & Certification option.
Applied changes.

When I download the client.ovpn file it contains:
auth-user-pass
option, and when I use it, it asks for username and password.

When I commented out
#auth-user-pass
in client.ovpn file, it no longer asks for password but I'm getting:

Code: Select all

Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 TLS Error: Auth Username/Password was not provided by peer
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 TLS Error: TLS handshake failed
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 SIGUSR1[soft,tls-error] received, client-instance restarting
Full log from Asus looks like below:

Code: Select all

Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 TLS: Initial packet from [AF_INET]192.168.50.150:49153 (via [AF_INET]xxxxxxxx), sid=9e1c211c cb158c3b
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC59U_V2, emailAddress=me@myhost.mydomain
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_VER=2.5_rc2
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_PLAT=win
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_PROTO=6
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_NCP=2
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-128-CBC
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_LZ4=1
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_LZ4v2=1
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_LZO=1
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_COMP_STUB=1
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_COMP_STUBv2=1
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 peer info: IV_TCPNL=1
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 TLS Error: Auth Username/Password was not provided by peer
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 TLS Error: TLS handshake failed
Oct 19 00:39:15 vpnserver1[8098]: 192.168.50.150:49153 SIGUSR1[soft,tls-error] received, client-instance restarting
Is it possible to connect without username/password to this router on stock firmware?

Is there anything else that I need to set in router config?
On Basic setup page it has only one user - router admin account.
Do I need to add another client there with password prior to running command: easyrsa build-client-full client1 nopass
I just wonder if I add another user with password than I should create exact the same key/cert via command: easyrsa build-client-full client1 .... and set the same password that I created on basic config screen?

I just add that if I'm using standard setup with username and password via OpenVPN client for windows it is working fine.

But I want to configure serwer to accept connections without password as I would like to conect to this serwer my WAGO PFC that can't use interactive logon.
Last edited by Pippin on Mon Oct 19, 2020 10:36 am, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: RT-AC59U V2 - OpenVPN server - connection via cert key - Wago PFC

Post by TinCanTech » Mon Oct 19, 2020 2:38 pm

viallos wrote:
Mon Oct 19, 2020 6:44 am
Is it possible to connect without username/password to this router on stock firmware?
That will be a setting in your router.
viallos wrote:
Mon Oct 19, 2020 6:44 am
I want to configure serwer to accept connections without password as I would like to conect to this serwer my WAGO PFC that can't use interactive logon
You can use:

Code: Select all

auth-user-pass user-pass.txt
where user-pass.txt contains:

Code: Select all

username
password
in the client config, if you cannot figure out how to turn it off on the router.

saosandr
OpenVpn Newbie
Posts: 2
Joined: Fri Jun 18, 2021 9:40 pm

Re: RT-AC59U V2 - OpenVPN server - connection via cert key - Wago PFC

Post by saosandr » Tue Sep 12, 2023 4:00 am

discover where wago pfc store client.ovpn and in the first line write a user like as float and in the second line write a password start with ; comment, inside the same file write auth-user-pass with path of client.ovpn file where! an example:

float
;CDf34@#xs#@2312AQ
remote xxx.xxx.xxx.xxx
proto udp4
...
auth-user-pass /xxx/xxx/xxx/client.ovpn

Post Reply