GL-MT300N-V2 (Mango) OpenVPN problem

viktor51 · October 30, 2020, 1:54pm

Hello,

I am using GL-MT300N-V2 (Mango) with latest stable firmware 3.102

I have a problem by enabling VPN client, I am using a custom OpenVPN .ovpn config file:

When I load the .ovpn file and then I click on “Connect” button, the dot icon on the left of " OpenVPN Client" becomes yellow and connection does not work (I can’t access any website). So I SSH tot he router and then I see there is a file vpn_exception in /tmp/:

root@GL-MT300N-V2:/tmp# cat vpn_exception
VPN client failed to connect. This may be because of wrong configuration, unsupported parameters or terminated by the server.
Please choose another VPN profile or abort the connection.

Can someone help me to make the OpenVPN client work fine?

The OpenVPN server is from a Scaleway VPS and works fine with OpenVPN Client on a Windows 10.

Thank you!

alzhao · October 30, 2020, 2:18pm

OpenVPN for Linux and windows should be different.

You can just post your ovpn config here. Just remove your credentials.

viktor51 · October 30, 2020, 2:31pm

You can find my ovpn config in the pastebin link, I am pasting it below:

client
nobind
dev tun
redirect-gateway def1
auth-nocache
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<cert>
Certificate:
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<dh>
-----BEGIN DH PARAMETERS-----
...
-----END DH PARAMETERS-----
</dh>
remote-cert-tls server
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
<connection>
  remote XX.XX.XX.XX 29980 udp
</connection>
<connection>
  remote XX.XX.XX.XX 41411 tcp-client
</connection>

alzhao · October 30, 2020, 3:13pm

remote XX.XX.XX.XX 29980 udp remote XX.XX.XX.XX 41411 tcp-client

These are not supported format.

Can your change the above to

remote XX.XX.XX.XX 29980 udp

Only reserve the 2nd line.

Anyway if you can make format for Linux that would be good.

viktor51 · October 30, 2020, 3:23pm

I removed all the <connection> groups and just added this (as you suggested):

remote XX.XX.XX.XX 29980 udp

Now it works perfectly! So looks like it doesn’t support the <connection> groups.

Only as information, here are details about connections groups:

<connection>

Define a client connection profile. Client connection profiles are groups of OpenVPN options that describe how to connect to a given OpenVPN server. Client connection profiles are specified within an OpenVPN configuration file, and each profile is bracketed by <connection> and </connection>. An OpenVPN client will try each connection profile sequentially until it achieves a successful connection.

So here is my final and working ovpn config (may help others):

client
nobind
dev tun
redirect-gateway def1
auth-nocache
<key>
...
</key>
<cert>
...
</cert>
<ca>
...
</ca>
<dh>
...
</dh>
remote-cert-tls server
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
key-direction 1
<tls-auth>
...
</tls-auth>
remote XX.XX.XX.XX 29980 udp

Thank you for the quick help!