GL-AR300M and Asus RT-AC68U

Technical Support for Routers
1

I’ve successfully uploaded the .ovpn file to my AR300M.
I’m just using default settings on both my Asus RT-AC68U and my AR300M.
I’m getting “Failed to open tun/tap interface”
“–cipher is not set”
“Previous OpenVPN version defaulted to BF-CBC as fallback”
I’m not sure where to go from here. Looking at the System Log on the router doesn’t show anything that’s helpful from what I can tell.
My OpenVPN Server port is 1194, and my RSA Encryption is 2048 bit.

From the router:

Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 TLS: Username/Password authentication succeeded for username ‘foo’
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 WARNING: ‘cipher’ is present in local config but missing in remote config, local=‘cipher BF-CBC’
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nov 19 17:41:48 vpnserver1[16644]: 174.242.139.193:12331 [client] Peer Connection Initiated with [AF_INET]174.242.139.193:12331 (via [AF_INET]my.pub.ip.rtr%vlan2)
Nov 19 17:41:48 vpnserver1[16644]: client/174.242.139.193:12331 MULTI_sva: pool returned IPv4=10.8.0.46, IPv6=(Not enabled)
Nov 19 17:41:48 vpnserver1[16644]: client/174.242.139.193:12331 MULTI: Learn: 10.8.0.46 → client/174.242.139.193:12331
Nov 19 17:41:48 vpnserver1[16644]: client/174.242.139.193:12331 MULTI: primary virtual IP for client/174.242.139.193:12331: 10.8.0.46
Nov 19 17:41:50 vpnserver1[16644]: client/174.242.139.193:12331 PUSH: Received control message: ‘PUSH_REQUEST’
Nov 19 17:41:50 vpnserver1[16644]: client/174.242.139.193:12331 send_push_reply(): safe_cap=940
Nov 19 17:41:50 vpnserver1[16644]: client/174.242.139.193:12331 SENT CONTROL [client]: ‘PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,dhcp-option DNS 192.168.1.1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.46 10.8.0.45’ (status=1)
Nov 19 17:41:55 vpnserver1[16644]: 174.242.139.193:12324 TLS: Initial packet from [AF_INET]174.242.139.193:12324 (via [AF_INET]my.pub.ip.rtr%vlan2), sid=2c298e10 f606b550
Nov 19 17:41:57 vpnserver1[16644]: 174.242.139.193:12324 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Nov 19 17:41:57 vpnserver1[16644]: 174.242.139.193:12324 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 TLS: Username/Password authentication succeeded for username ‘foo’
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 WARNING: ‘cipher’ is present in local config but missing in remote config, local=‘cipher BF-CBC’
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nov 19 17:41:58 vpnserver1[16644]: 174.242.139.193:12324 [client] Peer Connection Initiated with [AF_INET]174.242.139.193:12324 (via [AF_INET]my.pub.ip.rtr%vlan2)
Nov 19 17:41:58 vpnserver1[16644]: client/174.242.139.193:12324 MULTI_sva: pool returned IPv4=10.8.0.50, IPv6=(Not enabled)
Nov 19 17:41:58 vpnserver1[16644]: client/174.242.139.193:12324 MULTI: Learn: 10.8.0.50 → client/174.242.139.193:12324
Nov 19 17:41:58 vpnserver1[16644]: client/174.242.139.193:12324 MULTI: primary virtual IP for client/174.242.139.193:12324: 10.8.0.50
Nov 19 17:41:59 vpnserver1[16644]: client/174.242.139.193:12324 PUSH: Received control message: ‘PUSH_REQUEST’
Nov 19 17:41:59 vpnserver1[16644]: client/174.242.139.193:12324 send_push_reply(): safe_cap=940
Nov 19 17:41:59 vpnserver1[16644]: client/174.242.139.193:12324 SENT CONTROL [client]: ‘PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,dhcp-option DNS 192.168.1.1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.50 10.8.0.49’ (status=1)

2

This is the log from Asus router, right? Can you post log from GL router as well as the content of ovpn file?

Try change the cipher.