Error when connecting openVPN client on GL-AXT1800 to OpenVPN Server on TPLink-AC1200

Technical Support for Routers VPN, DNS, Leaks
1

Hello,

I created an Open VPN server on my TPLink-AC1200 and am trying to connect my GL-AXT1800 to it as a client. However I am getting the follow error on the GL-AXT1800 when trying to enable OpenVPN connection.

Here are my OpenVPN server settings:
Service Type: UDP (I also tried TCP)
Service Port: 1194
Client Access: Internet and Home Network
I generate the certificate and loaded the config file in the GL router

Error when trying to Start the VPN connection:

Mon Feb 19 00:49:54 2024 daemon.notice ovpnclient[7412]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Mon Feb 19 00:49:59 2024 daemon.warn ovpnclient[7412]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Feb 19 00:49:59 2024 daemon.warn ovpnclient[7412]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Feb 19 00:49:59 2024 daemon.notice ovpnclient[7412]: TCP/UDP: Preserving recently used remote address: [AF_INET]73.17.243.45:1194
Mon Feb 19 00:49:59 2024 daemon.notice ovpnclient[7412]: UDP link local: (not bound)
Mon Feb 19 00:49:59 2024 daemon.notice ovpnclient[7412]: UDP link remote: [AF_INET]73.17.243.45:1194
Mon Feb 19 00:50:02 2024 daemon.notice netifd: ovpnclient (7816): Cannot find device "ovpnclient"
Mon Feb 19 00:50:02 2024 daemon.notice netifd: Interface 'ovpnclient' is now down
Mon Feb 19 00:50:02 2024 user.notice firewall: Reloading firewall due to ifdown of ovpnclient ()
Mon Feb 19 00:57:09 2024 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Mon Feb 19 00:57:09 2024 daemon.warn ovpnclient[9740]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mon Feb 19 00:57:09 2024 daemon.warn ovpnclient[9740]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Mon Feb 19 00:57:09 2024 daemon.notice ovpnclient[9740]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Feb 19 00:57:09 2024 daemon.notice ovpnclient[9740]: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Mon Feb 19 00:57:09 2024 daemon.warn ovpnclient[9740]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Feb 19 00:57:09 2024 daemon.warn ovpnclient[9740]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Feb 19 00:57:09 2024 daemon.notice ovpnclient[9740]: TCP/UDP: Preserving recently used remote address: [AF_INET]73.17.243.45:1194
Mon Feb 19 00:57:09 2024 daemon.notice ovpnclient[9740]: UDP link local: (not bound)
Mon Feb 19 00:57:09 2024 daemon.notice ovpnclient[9740]: UDP link remote: [AF_INET]73.17.243.45:1194
Mon Feb 19 00:57:09 2024 daemon.err ovpnclient[9740]: write UDP: Operation not permitted (code=1)

Please help. Thank you.

2

Could you please post the OVPN config?

3

@admon Sure here it is below. (I removed the private key).
Also noting here that I did open up port 1194 on the router under NAT Forwarding.

OpenVPN config file:

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
persist-key
persist-tun
remote 73.17.243.45 1194

-----BEGIN CERTIFICATE-----
MIIDpTCCAw6gAwIBAgIJAKtAAIdfVfAYMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJDTjELMAkGA1UECBMCR0QxETAPBgNVBAcTCFNoZW5aaGVuMRAwDgYDVQQK
EwdUUC1MaW5rMRIwEAYDVQQLEwlTT0hPLUkxOE4xEzARBgNVBAMTClRQLUxpbmsg
Q0ExEDAOBgNVBCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCXh4eHhAeHh4eDAe
Fw0yNDAyMTkwNTM1MDZaFw0zNDAyMTYwNTM1MDZaMIGUMQswCQYDVQQGEwJDTjEL
MAkGA1UECBMCR0QxETAPBgNVBAcTCFNoZW5aaGVuMRAwDgYDVQQKEwdUUC1MaW5r
MRIwEAYDVQQLEwlTT0hPLUkxOE4xEzARBgNVBAMTClRQLUxpbmsgQ0ExEDAOBgNV
BCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCXh4eHhAeHh4eDCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAxFoiYIz0Uhbp1xnIzraimgu9vCsoScoyQ5hIJM6a
IogY8pb/Fb+f8ps3PBfYUeWU3qfMdbyoH8D+6mwLfwAPRyF0HiGwKJ0r28FMfO8s
Kl5PY1uNf7/QwmI7JL0147EbwP536ieQSpNywlbZCgjmbwZXZVMNErq8UTcYL2Au
nCUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQUC7+/mH2DC5xg+ijFLVLBhOOKGyswgckG
A1UdIwSBwTCBvoAUC7+/mH2DC5xg+ijFLVLBhOOKGyuhgZqkgZcwgZQxCzAJBgNV
BAYTAkNOMQswCQYDVQQIEwJHRDERMA8GA1UEBxMIU2hlblpoZW4xEDAOBgNVBAoT
B1RQLUxpbmsxEjAQBgNVBAsTCVNPSE8tSTE4TjETMBEGA1UEAxMKVFAtTGluayBD
QTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJeHh4eEB4eHh4ggkA
q0AAh19V8BgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBiB+n2ZKb6
RLxVcBSMXXnzhWv06eqoyPCYlQHL16P3p5lbb7NnUNkzuu/hDxgrTVBDLtWlIS0y
srrNTzPIasbf+n/Y6+qhbkF5emSPF1Ar9aTUIeGn1TuA4LgGvt7qPd8w0ZVH6ZNv
53m+jHVtQqNFAbKLeIjW6G2ISkRMtWTrJQ==
-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----
MIID6TCCA1KgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCQ04x
CzAJBgNVBAgTAkdEMREwDwYDVQQHEwhTaGVuWmhlbjEQMA4GA1UEChMHVFAtTGlu
azESMBAGA1UECxMJU09ITy1JMThOMRMwEQYDVQQDEwpUUC1MaW5rIENBMRAwDgYD
VQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcNAQkBFgl4eHh4QHh4eHgwHhcNMjQwMjE5
MDUzOTM1WhcNMzQwMjE2MDUzOTM1WjCBkDELMAkGA1UEBhMCQ04xCzAJBgNVBAgT
AkdEMREwDwYDVQQHEwhTaGVuWmhlbjEQMA4GA1UEChMHVFAtTGluazESMBAGA1UE
CxMJU09ITy1JMThOMQ8wDQYDVQQDEwZjbGllbnQxEDAOBgNVBCkTB0Vhc3lSU0Ex
GDAWBgkqhkiG9w0BCQEWCXh4eHhAeHh4eDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA2xx/7sd8M1vePMa0/TiWHY3R5esi5YP44SQdcPuhk/YpdHR4pTd7wTxm
09duPSrPJT4PW6/aEy0o3zbWmeKpZI111XA//DUT63CFCuGcni+s847OZVdExfLp
DVS0uxWhiGIyb3xYBQDTyZQVfjt8TItNMYdSNos0HzCBeUPA0pECAwEAAaOCAUsw
ggFHMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfbA006Rc0LSeVXmc44mW+7QWsJowgckG
A1UdIwSBwTCBvoAUC7+/mH2DC5xg+ijFLVLBhOOKGyuhgZqkgZcwgZQxCzAJBgNV
BAYTAkNOMQswCQYDVQQIEwJHRDERMA8GA1UEBxMIU2hlblpoZW4xEDAOBgNVBAoT
B1RQLUxpbmsxEjAQBgNVBAsTCVNPSE8tSTE4TjETMBEGA1UEAxMKVFAtTGluayBD
QTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJeHh4eEB4eHh4ggkA
q0AAh19V8BgwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqG
SIb3DQEBCwUAA4GBAIAdBvtj0X6YzHMwkdZKc5modNGZHAbVQNtjEGogczC/Q6nh
VtX12O/P59XNxkeKuE3LNti8D2LK6rmD2AfKdb8mCrxVb5LspugNSpzuS7PpwvF9
XgjxuOQhRLmIt/TrI1nJ7AZe5hzsI2y8F2gZkFgtovzFt6fh4erijbAzbAAj
-----END CERTIFICATE-----


-----BEGIN PRIVATE KEY-----
xxxxx
-----END PRIVATE KEY-----

4

Are you sure that your port UDP/1194 is reachable from the internet on server-side?

5

It appears that the port is NOT reachable. On my PC that is on the WLAN via my TPlink router, I ran powershell and tested two ports, 80 and 1194. 80 was a success, and 1194 was a fail. How do I make the port reachable?
image

6

Depends on your network.

If there is a router before your router you need port forwarding.

7

I only have my router, the TPlink which is connected to the internet.

8

You need to double check your TP link then.
Port forwarding should not be enabled if it’s the OVPN server.

9

I am facing similar issue with latest firmware, older firmware seem working fine.

Managed to workaround this issue by changing dev name to ovpnclient
Eg:
dev tun

Change to

dev ovpnclient