Hi,
my GL-AR300M does not successfully connect to my QNAP NAS running an openVPN server.
This is my config.ovpn:
client
dev tun
script-security 3
remote XXX.XXX.XXX.XXX 80
resolv-retry infinite
nobind
auth-user-pass
reneg-sec 0
cipher AES-256-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo
proto tcp
openVPN outputs this:
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25152]: OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25152]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Thu Nov 16 09:00:19 2017 daemon.warn openvpn[25153]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: LZO compression initializing
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: calc_options_string_link_mtu: link-mtu 1624 -> 1560
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: calc_options_string_link_mtu: link-mtu 1624 -> 1560
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:80
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Nov 16 09:00:19 2017 daemon.notice openvpn[25153]: Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:80 [nonblock]
Thu Nov 16 09:00:20 2017 daemon.notice openvpn[25153]: TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:80
Thu Nov 16 09:00:20 2017 daemon.notice openvpn[25153]: TCP_CLIENT link local: (not bound)
Thu Nov 16 09:00:20 2017 daemon.notice openvpn[25153]: TCP_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:80
Thu Nov 16 09:00:20 2017 daemon.notice openvpn[25153]: TCP_CLIENT WRITE [14] to [AF_INET]XXX.XXX.XXX.XXX:80: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Nov 16 09:00:22 2017 daemon.notice openvpn[25153]: TCP_CLIENT WRITE [14] to [AF_INET]XXX.XXX.XXX.XXX:80: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Nov 16 09:00:26 2017 daemon.notice openvpn[25153]: TCP_CLIENT WRITE [14] to [AF_INET]XXX.XXX.XXX.XXX:80: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Nov 16 09:00:34 2017 daemon.notice openvpn[25153]: TCP_CLIENT WRITE [14] to [AF_INET]XXX.XXX.XXX.XXX:80: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Nov 16 09:00:50 2017 daemon.notice openvpn[25153]: TCP_CLIENT WRITE [14] to [AF_INET]XXX.XXX.XXX.XXX:80: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Nov 16 09:01:01 2017 daemon.err openvpn[25153]: event_wait : Interrupted system call (code=4)
Thu Nov 16 09:01:01 2017 daemon.notice openvpn[25153]: TCP/UDP: Closing socket
Thu Nov 16 09:01:01 2017 daemon.notice openvpn[25153]: SIGTERM[hard,] received, process exiting
Note that the TCP connection is established, maybe a TLS-auth issue?
Connecting to my NAS with an Android openVPN client works.
Any Ideas?
(IP of server replaced by XXX.XXX.XXX.XXX for privacy reasons)