new openVPN server unable to connect with GL.iNET router

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
shake1dde
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 24, 2022 2:24 pm

new openVPN server unable to connect with GL.iNET router

Post by shake1dde » Thu Mar 24, 2022 2:55 pm

Hey all,

What special considerations are needed when setting up an openVPN server that you want to connect to with a router as a client? Currently I have an openVPN server setup in windows which works fine when using the windows client software, but gets stuck when trying to load the same .ovpn client file to the router and connect from there.

I've tried using IP passthrough on my (server connection) router but that hasn't helped. I'm sure I'm missing a piece of the puzzle here that would allow this config to work fine when using the desktop client vs the router as a client.

Any help is super appreciated!


Server

server 10.8.0.0 255.255.255.0
port 1195
dev tun
dev-node ServerVPN
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
client-config-dir "C:\\Program Files\\OpenVPN\\config"
client-to-client
keepalive 10 120
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
cipher AES-256-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 3
route-delay 5
route-method exe


Client

client
dev tun
proto tcp
remote <redacted>
port 1195
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb
pull
cipher AES-256-CBC
auth SHA256
<ca>
-----BEGIN CERTIFICATE-----
MIIGoTCCBImgAwIBAgIJAIOpP9CfY/7mMA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD
-----END CERTIFICATE-----
</ca>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC+fl45ai6u0wuv
ppnUvu8WB17jNWJH7Lf7smSTRTk67g==
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIG6TCCBNGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMx
ov2P7Gq6NOSL6nLHHsrt+UDA5sJz2+UUjbCjjVIUL5DyDi2S57SV/lnofPjL
-----END CERTIFICATE-----
</cert>


[olog]
Thu Mar 24 09:19:13 2022 TCP connection established with [AF_INET6]::ffff:192.168.1.254:1195
Thu Mar 24 09:19:13 2022 192.168.1.254 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.254:1195, sid=b5f99e7f 18aa5a50
Thu Mar 24 09:19:13 2022 192.168.1.254 VERIFY OK: depth=1, C=US, ST=TX, L=Frisco, O=OpenVPN, OU=Key, CN=serverVPN, name=vpnKey, emailAddress=mail@host.domain
Thu Mar 24 09:19:13 2022 192.168.1.254 VERIFY OK: depth=0, C=US, ST=TX, L=Frisco, O=OpenVPN, OU=Key, CN=ClientVPN, name=vpnKey, emailAddress=mail@host.domain
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_VER=2.5.6
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_PLAT=win
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_PROTO=6
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_NCP=2
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_LZ4=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_LZ4v2=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_LZO=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_COMP_STUB=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_COMP_STUBv2=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_TCPNL=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_GUI_VER=OpenVPN_GUI_11
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_SSO=openurl,crtext
Thu Mar 24 09:19:13 2022 192.168.1.254 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1572'
Thu Mar 24 09:19:13 2022 192.168.1.254 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
Thu Mar 24 09:19:13 2022 192.168.1.254 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Mar 24 09:19:13 2022 192.168.1.254 [ClientVPN] Peer Connection Initiated with [AF_INET6]::ffff:192.168.1.254:1195
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 OPTIONS IMPORT: reading client specific options from: C:\Program Files\OpenVPN\config\ClientVPN
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: Learn: 10.10.10.5 -> ClientVPN/192.168.1.254
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: primary virtual IP for ClientVPN/192.168.1.254: 10.10.10.5
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: internal route 192.168.182.0/24 -> ClientVPN/192.168.1.254
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: Learn: 192.168.182.0/24 -> ClientVPN/192.168.1.254
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 PUSH: Received control message: 'PUSH_REQUEST'
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 SENT CONTROL [ClientVPN]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.5 10.10.10.6,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
[/olog]

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: new openVPN server unable to connect with GL.iNET router

Post by TinCanTech » Thu Mar 24, 2022 3:41 pm

Your client is connected ok.

Notes:
  • --topology net30 is deprecated use --topology subnet
    This is an invasive change, so read the manual about --topology first.
  • Never use 192.168.0.0 or 192.168.1.0 for your server LAN, it will cause routng conflicts.
    Change to a unique RFC1918 subnet..
  • gets stuck means nothing.
    Check your client log.

shake1dde
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 24, 2022 2:24 pm

Re: new openVPN server unable to connect with GL.iNET router

Post by shake1dde » Thu Mar 24, 2022 5:57 pm

TinCanTech wrote:
Thu Mar 24, 2022 3:41 pm
Your client is connected ok.

Notes:
  • --topology net30 is deprecated use --topology subnet
    This is an invasive change, so read the manual about --topology first.
  • Never use 192.168.0.0 or 192.168.1.0 for your server LAN, it will cause routng conflicts.
    Change to a unique RFC1918 subnet..
  • gets stuck means nothing.
    Check your client log.
It looks like that from the logs but it's not. There's no communication and the router doesn't flip to the page where it shows connected + shows stats.

fkmkjgr
OpenVpn Newbie
Posts: 2
Joined: Mon Aug 08, 2022 7:10 pm

Re: new openVPN server unable to connect with GL.iNET router

Post by fkmkjgr » Tue Sep 20, 2022 5:27 pm

I have the same issue. Were you able to find a fix?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: new openVPN server unable to connect with GL.iNET router

Post by TinCanTech » Tue Sep 20, 2022 6:54 pm

fkmkjgr wrote:
Tue Sep 20, 2022 5:27 pm
I have the same issue. Were you able to find a fix?
There is no problem here, so there is no fix.

Your problem is caused by your router:
viewtopic.php?p=107953#p107953

Post Reply