Can't configure OVPN through UDP

jcoelho · July 20, 2023, 2:34pm

Hi all!

I hope you are doing well. I’ve been trying to configure OpenVPN via UDP on my GL-AX1800 router but haven’t been able to do it. It works fine with TCP though.

I’ve tried the .ovpn files hosted on the Ivacy website and also the ones provided at gl-inet.com to no avail. Here’s the error messages I’m getting with both:

Files hosted by Ivacy:
Fri Jul 21 00:08:11 2023 daemon.err ovpnclient[1790]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/ovpnclient/ovpnclient:9: scramble (2.5.3)
Fri Jul 21 00:08:11 2023 daemon.warn ovpnclient[1790]: Use --help for more information.
Fri Jul 21 00:08:11 2023 daemon.notice netifd: ovpnclient (1791): sh: can’t kill pid 8911: No such process
Fri Jul 21 00:08:11 2023 daemon.notice netifd: ovpnclient (1791): Cannot find device “ovpnclient”
Fri Jul 21 00:08:11 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down
Fri Jul 21 00:08:11 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now
Fri Jul 21 00:08:11 2023 daemon.err ovpnclient[1843]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/ovpnclient/ovpnclient:9: scramble (2.5.3)
Fri Jul 21 00:08:11 2023 daemon.warn ovpnclient[1843]: Use --help for more information.
Fri Jul 21 00:08:11 2023 daemon.notice netifd: ovpnclient (1844): sh: can’t kill pid 8911: No such process
Fri Jul 21 00:08:11 2023 daemon.notice netifd: ovpnclient (1844): Cannot find device “ovpnclient”
Fri Jul 21 00:08:11 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down
Fri Jul 21 00:08:11 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now
Fri Jul 21 00:08:11 2023 daemon.err ovpnclient[1878]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/ovpnclient/ovpnclient:9: scramble (2.5.3)
Fri Jul 21 00:08:11 2023 daemon.warn ovpnclient[1878]: Use --help for more information.
Fri Jul 21 00:08:11 2023 daemon.notice netifd: ovpnclient (1883): sh: can’t kill pid 8911: No such process
Fri Jul 21 00:08:11 2023 daemon.notice netifd: ovpnclient (1883): Cannot find device “ovpnclient”
Fri Jul 21 00:08:11 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down
Fri Jul 21 00:08:11 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now
Fri Jul 21 00:08:11 2023 daemon.err ovpnclient[1949]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/ovpnclient/ovpnclient:9: scramble (2.5.3)
Fri Jul 21 00:08:11 2023 daemon.warn ovpnclient[1949]: Use --help for more information.

Files hosted by gl-inet.com:
Fri Jul 21 00:02:00 2023 daemon.notice netifd: ovpnclient (11195): sh: can’t kill pid 16918: No such process
Fri Jul 21 00:02:00 2023 daemon.notice netifd: ovpnclient (11195): Cannot find device “ovpnclient”
Fri Jul 21 00:02:00 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down
Fri Jul 21 00:02:00 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now
Fri Jul 21 00:02:01 2023 daemon.warn ovpnclient[11228]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
Fri Jul 21 00:02:01 2023 daemon.warn ovpnclient[11228]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.
Fri Jul 21 00:02:01 2023 daemon.err ovpnclient[11228]: Cannot pre-load keyfile (Wdc.key)
Fri Jul 21 00:02:01 2023 daemon.notice ovpnclient[11228]: Exiting due to fatal error
Fri Jul 21 00:02:01 2023 daemon.notice netifd: ovpnclient (11234): sh: can’t kill pid 16918: No such process
Fri Jul 21 00:02:01 2023 daemon.notice netifd: ovpnclient (11234): Cannot find device “ovpnclient”
Fri Jul 21 00:02:01 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down
Fri Jul 21 00:02:01 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now
Fri Jul 21 00:02:01 2023 daemon.warn ovpnclient[11289]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
Fri Jul 21 00:02:01 2023 daemon.warn ovpnclient[11289]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.
Fri Jul 21 00:02:01 2023 daemon.err ovpnclient[11289]: Cannot pre-load keyfile (Wdc.key)
Fri Jul 21 00:02:01 2023 daemon.notice ovpnclient[11289]: Exiting due to fatal error
Fri Jul 21 00:02:01 2023 daemon.notice netifd: ovpnclient (11298): sh: can’t kill pid 16918: No such process
Fri Jul 21 00:02:01 2023 daemon.notice netifd: ovpnclient (11298): Cannot find device “ovpnclient”
Fri Jul 21 00:02:01 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down
Fri Jul 21 00:02:01 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now

Have any of you experienced this and have any advise?

Thanks a lot in advance.

bring.fringe18 · July 20, 2023, 3:26pm

So do you have to use OVPN if you can use UDP? WireGuard only uses UDP. It stomps all over the performance of OVPN so badly it’s not even a fair competition.

I’d try to hunt down the cause of this. It may be related to not letting the ovpnclient interface being properly set up.

… but really, look into WireGuard.

jcoelho · July 20, 2023, 9:34pm

Thanks for your reply bring.fringe18. My VPN provider is Ivacy and, apparently, they don’t support Wireguard on routers yet, only OpenVPN.

Thanks.

bring.fringe18 · July 20, 2023, 9:51pm

Can you get their .ovpn profile to run on another device like a mobile phone? That might be a good way to have a ‘known good’ setup before digging further into Flint.

(Aside: Proton VPN offers a free tier using WG profiles. It’s not the greatest for raw speed on that tier but it would give you an idea how easy it is to set up WG. It really is ‘the bee’s knees.’)

ahhydri · October 27, 2023, 7:29am

I have the same issue did you find any suitable solution ?

jcoelho · October 27, 2023, 8:33am

Hi ahhydri,

Not really, I was investigating about wireguard and decided to switch from Ivacy to surfshark and I’m happy with the service so far.

ahhydri · October 27, 2023, 11:45am

I guess current openvpn version on GL devices doesnt support scramble option

so just remove the scramble line in your ovpn file it should work.

it works for me.