GL-MT1300 openvpn config TLS handshake failed but config works on other devices

paulvin · September 15, 2022, 3:49am

I am trying to use my openvpn config on the Beryl router. The TCP connection gets established but TLS handshake keeps failing.
The router is on repeater mode using the hotel wifi. I tried using TCP port 80 and TCP port 443 but it still wont work using both the Beta 3.215 and Stable 3.211 firmware.

If i am correct the router is using openvpn version 2.5.2. I simulated the event by also installing openvpn 2.5.2 on my windows computer and TSL handshake also fails

I can confirm that the config works on a windows laptop (version 2.7.2 & 3.3.6) and an android phone on their native application connected to the Beryl router on repeater mode using the hotel wifi.

Can you help me out if there is a router/config setting that i need to change on the server/client side or a way to update the openvpn? I was hoping to connect to the vpn without installing openvpn on all my devices.

doczenith1 · September 15, 2022, 4:10am

Make sure the router is using a DNS server that is not behind the VPN. The router will need to connect to the internet and set its clock before it can make the VPN connection.

paulvin · September 15, 2022, 4:37am

i have manually set the dns servers and the router does indeed connect to the internet except im not behind the vpn.

alzhao · September 15, 2022, 10:33am

Do you mean it works now or not?

paulvin · September 15, 2022, 2:47pm

Unfortunately the vpn still doesnt connect.

alzhao · September 15, 2022, 3:18pm

Can you where to get such a config or send me a working config directly?

paulvin · September 16, 2022, 1:11am

I got the config by running the bash script from here for ubuntu

I used the config on a VM instance on Google Cloud Compute which i have deleted yesterday.
The openvpn config works on the Beryl Router if i use a different internet connection.

Here is the config

client
dev tun
proto tcp
remote --ipaddress-- 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
-----certificates ommitted-------

I will make a new VM instance and send you the config directly but unfortunately im still a new user so I cant message you yet.

alzhao · September 16, 2022, 3:43am

This seems that a problem caused by the network. But need to check further.

Leo · September 21, 2022, 3:07am

Alzhao sent me your config, I just try it, it works well in GL-MT1300 with firmware 3.211.
Maybe the hotel can block the 2.5 protocol.
How about try WireGuard, which is more simple and faster than OpenVPN.

paulvin · September 21, 2022, 3:42am

Hi Leo
I have read that WireGuard uses UDP exclusively which is blocked on the hotel wifi thats why i use TCP on port 80 and 443.
I think I have to give this up and find another solution.
Thank you for the support.