AR750 with v3.010 firmware OpenVPN Client Issue


#1

So, because my AR750 router auto detected the new firmware from 2.272 to 3.010 I decided to update. Now, my OpenVPN won’t work. I host my own VPN server and under 2.272 it worked fine, no issue. Now under 3.010 I get error message about the opvn file not finding the certificate “inline” (which it clearly is). My opvn file works fine on other systems, but I can’t get it to work under 3.010. I tried downgrade firmware but the firmware was no good (missing text and stuff). Any ideas? I think the router is forcing separate certificate files for some odd reason.


#2

Can you just clear the old configs and generate new ones?


#3

Just update the AR750 with the latest testing/beta firmware erasing everything like a new router. Have had 0 issues with OpenVPN using AirVPN and my AR750 VPN has been on for 2+ weeks with no interruptions.


#4

Yes, I used the revert firmware option, I also deleted and re uploaded the ovpn file. No such luck. I also generated a new ovpn file. No such luck. I tried downgrading the firmware to 2.272. No such luck. I also upgraded to 3.010 without keep settings. No such luck. The only thing I haven’t tried is different OpenVPN settings (separate certificate files). Again, the ovpn file I’m using worked in 2.272 and on all other devices. Doesn’t work on 3.010. What are the instructions to downgrade to 2.272?


#5

Let me clarify. When I downgrade to 2.272 (installed at firmware from site) I don’t see any text. I’m not sure why. I barely figured out how to get back to 3.010. (Which looks great but doesn’t work with my ovpn file). Also, it seems I can’t write to the SD card either. I can read data but not write. I guess it was still a bad idea to upgrade.


#6

Can you post the exact log?


#7

OpenSSL: error:0D068066:lib(13):func(104):reason(102)

OpenSSL: error:0D07803A:lib(13):func(120):reason(58)

OpenSSL: error:0907400D:lib(9):func(116):reason(13)

Cannot load CA certificate file [[INLINE]] (no entries were read)

Exiting due to fatal error

VPN client failed to connect. This may be because of wrong configuration, unsupported parameters or terminated by the server. Please choose another VPN profile or abort the connection.


#8

I had a similar issue went I went from v2.xx to 3.x testing.

I don’t recall the exact fix, but it was related to the line break, as the error is hinting.

I either had to manually edit the .ovpn file and remove line break or add it. Or it was an errant > closing mark that didn’t make it in.

Not sure if I did it on my phone and uploaded or just SSHd into the AR300M to do it.

Sorry I couldn’t be more specific.


#9

i have the same router, depending what is your vpn provider, for me expressvpn, i need to download config file zip with certification and after i need to put ovpn file with the zip file, now all work fine.


#10

Thanks. I figured that it is something simple like a line break. It’s frustrating though as the file worked in 2.272 and on other devices. I’ve also created a whole new file and it doesn’t work either on 3.010 (but on other devices). So, it’s not syntax but some random read issue with 3.010. I guess it’s some random trial and error to fix by making a non standard file or try separate certificate files. Interesting that the help docs suggest getting the certificate files.


#11

Dear @bockmill @axebro @Andromeda

which vpn service are you using? Are you able to send a testing firmware?

You can modify the credentials (don’t remove the ca etc.)


#12

I used ipvanish, then I changed with expressvpn to test, both works fine, ipvanish is easier to configure, because config file contains cert file and all ovpn file while expressvpn config file contains only crt file and key file, you have to add ovpn file with this zip file when you configure it, i use vpn with version 3.010.
sometimes I have to restart the router because the vpn do not want to run, with ipvanish, no.


#13

I don’t use a VPN service. I have my own OpenVPN server running Ubuntu 18.04. I wouldn’t call me a VPN configuration expert by any means but I was able to configure the OpenVPN service and was able to connect to my home server remotely with my laptop, smartphone, tablet and the AR750 running 2.272 firmware for over 1 year now with no issues. When I upgraded to 3.010, I could no longer connect but all other systems work fine.

Here are the things I have tried.

  1. Clean install of 3.010 (both with revert firmware option and don’t not keep settings on install.)
  2. Revert back to 2.272. (Missing fonts, unusable at this point, not sure why, but I am also not really wanting to go back to 2.272, either)
  3. Generate a new opvn file. (Same result, works on every system I have except 3.010.)
  4. Use separate certificate files (in a tarball). I could not get this to work. I also don’t have a good test system to determine if the tarball is good or not.
  5. “Randomly” delete and add stuff to the .opvn file with the hopes I can clear the read error. (No success yet, many of the changes I make breaks the file on other systems as well.) I did start the OpenVPN service on AR-750 and reviewed the client generated opvn file to see differences (there are no obvious ones, the differences I have I need in order to connect my VPN server.)
  6. Switch to Wireguard VPN (for at least 3.010 maybe all systems). I’m researching this now and maybe I’ll bring this setup online and solve my problem.

In order to share my opvn file completely, I guess I’ll need to create and then kill a certificate (so you care see the entire file but not connect to my server). I’m still working Wireguard, it seems easy enough to start, but I want to ensure proper tunneling so I have more work to do.

I haven’t given up yet…


#14

Actually I just want to check after upload the oven file if the format will be changed.