AXT1800 - Unable to connect to IPVanish via OpenVPN

I received my AXT1800 device the other day and I’m having trouble connecting to IPVanish. The router’s firmware is 4.0.0, release3, 2022-06-03 18:19:56(UTC+08:00).

I downloaded IPV’s OpenVPN config files and removed all of them except for ‘ca.ipvanish.com.crt’ and the ovpn files for the nearest IPVanish POP. Those were uploaded to the router successfully and without any errors. My username and password are entered in. The following is what I’m seeing in the log file. I also tried connecting without removing any of the ovpn files from the zipped config but I’m getting the same errors. TIA for your assistance!

OpenVPN Log

Fri Jul  8 17:55:17 2022 daemon.notice ovpnclient[724]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Jul  8 17:55:17 2022 daemon.warn ovpnclient[724]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul  8 17:55:17 2022 daemon.err ovpnclient[724]: OpenSSL: error:02001002:system library:fopen:No such file or directory
Fri Jul  8 17:55:17 2022 daemon.err ovpnclient[724]: OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Fri Jul  8 17:55:17 2022 daemon.err ovpnclient[724]: Cannot load CA certificate file ca.ipvanish.com.crt (no entries were read)
Fri Jul  8 17:55:17 2022 daemon.notice ovpnclient[724]: Exiting due to fatal error
Fri Jul  8 17:55:22 2022 daemon.notice netifd: Interface 'ovpnclient' is now down
Fri Jul  8 17:55:22 2022 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Fri Jul  8 17:55:23 2022 daemon.warn ovpnclient[1135]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Jul  8 17:55:23 2022 daemon.warn ovpnclient[1135]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Fri Jul  8 17:55:23 2022 daemon.warn ovpnclient[1135]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Fri Jul  8 17:55:23 2022 daemon.notice ovpnclient[1135]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Jul  8 17:55:23 2022 daemon.notice ovpnclient[1135]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Jul  8 17:55:23 2022 daemon.warn ovpnclient[1135]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul  8 17:55:23 2022 daemon.err ovpnclient[1135]: OpenSSL: error:02001002:system library:fopen:No such file or directory
Fri Jul  8 17:55:23 2022 daemon.err ovpnclient[1135]: OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Fri Jul  8 17:55:23 2022 daemon.err ovpnclient[1135]: Cannot load CA certificate file ca.ipvanish.com.crt (no entries were read)
Fri Jul  8 17:55:23 2022 daemon.notice ovpnclient[1135]: Exiting due to fatal error```

It looks like your configuration file need other separated files for CA and authentication something, modify the configuration file to put all file contents(certificate…etc.) in one .OVPN file should be ok, I guess.

It looks like the configuration can’t find the ca.ipvanish.com.crt file. Is it in the same directory as the configuration file. What do the instructions say about the placement of the files.

You might be able to update the configuration to include the full path of the file.

Yeah the ca.ipvanish.com.crt file is zipped and uploaded with the ovpn files. It seems as though the router isn’t finding this directory and that’s what throwing out the errors. I use to work for IPV and I haven’t seen these errors before.

Fri Jul  8 17:55:23 2022 daemon.err ovpnclient[1135]: OpenSSL: error:02001002:system library:fopen:No such file or directory
Fri Jul  8 17:55:23 2022 daemon.err ovpnclient[1135]: OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Fri Jul  8 17:55:23 2022 daemon.err ovpnclient[1135]: Cannot load CA certificate file ca.ipvanish.com.crt (no entries were read)
Fri Jul  8 17:55:23 2022 daemon.notice ovpnclient[1135]: Exiting due to fatal error```

I use Mullvad VPN, I have encountered the same problem you got.

Mullvad provides couple formats of OVPN file generated, I chose Windows format in the first time, then they provide CA and Auth files separated, then I encountered the problem you have now.

The second time I learn that I must choose OVPN format for “Android”, then the generated file include CA certificate is in ONE file, then I uploaded it to Slate AX and it works.

If your VPN provider doesn’t provide the option of “Android” kind of OVPN configuration file, I think you can fiddle around the configuration syntax to combine CA in your OVPN file to make it work.

P.S: my OVPN file has CA embedded in the last part which it looks like this…

<ca>
-----BEGIN CERTIFICATE-----
blahblahblahblahblahblahblahblahqXN9GHI0MA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
VQQGEwJTRTERMA8GA1UECAwIR290YWxhbmQxEzARBgNVBAcMCkdvdGhlbmJ1cmcx
-----END CERTIFICATE-----
</ca>

FYI.

1 Like

This is a bug that the router didn’t fix the path of the cert etc. Fixing this one.

1 Like

Thanks for the workaround! I included the CA cert inline at the end of the ovpn file and connected to IPVanish successfully. It looks like this is a bug that is being fixed but this works fine for now.

1 Like