GL-MT300N-V2 v.3.011 OpenVPN - #3

Technical Support for Routers
1

Greetings All

I acquired a new OpenVPN provider - Ivacy (lifetime offer ends soon) - and the router throws a WARNING:
daemon.warn openvpn[31059]: WARNING: No server certificate verification method has been enabled.

their OpenVPN config Files look like this (with the referenced certificates provided):
client
dev tun
remote au1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

I am wondering, if GL-MT300N-V2 v.3.011 actually correctly recognizes these configs or shall the certs need to be imbedded in the file as SaferVPN uses:
client
dev tun
proto udp
cipher AES-256-CBC
remote-cert-tls server
remote au1.safervpn.net 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
bracket ca bracket
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIJAOnRq4FWsZgYMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzERMA8G
A1UEChMIU2FmZXJWUE4xETAPBgNVBAsTCFNhZmVyVlBOMREwDwYDVQQDEwhTYWZl
clZQTjERMA8GA1UEKRMIU2FmZXJWUE4xIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRA
c2FmZXJ2cG4uY29tMB4XDTE3MDgzMTA5NDEyM1oXDTI3MDgyOTA5NDEyM1owgaIx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
MREwDwYDVQQKEwhTYWZlclZQTjERMA8GA1UECxMIU2FmZXJWUE4xETAPBgNVBAMT
CFNhZmVyVlBOMREwDwYDVQQpEwhTYWZlclZQTjEjMCEGCSqGSIb3DQEJARYUc3Vw
cG9ydEBzYWZlcnZwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCqNV7oJZrUqD/mBSWlKi/sGRE2y3Yphs5m/vmmS4GPrc8lyaI1idhv44MGZ0i1
XCkJFZmaVQk7NUz5npz9hcnxN3MiZd/5Kv8Vo4aQkL0xQ7euto71LIgTqbJvTJjW
kowsVVgartGK2ewfCd+KV6k5oBImlDdSnLW1pq82Kg+YcnXxdaFc8RpNWdBbdxBe
tb4k6JcoZHuk9Zq5gi5Nnhtjc6lheCRzTGZ2hslDfJ58yMpR0jTMC3Rd+G+sM0q3
/gEEEW34ckUgCb5j6Kq35LUlnuonnViBnEzFR/MTizMARFj7VYkzOpxSsxJ6Epan
JP8Zgbz81z4A822hosakl7kTAgMBAAGjggELMIIBBzAdBgNVHQ4EFgQUKSnUrJLQ
omrGvdncxKkKT7Rxrj8wgdcGA1UdIwSBzzCBzIAUKSnUrJLQomrGvdncxKkKT7Rx
rj+hgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
U2FuRnJhbmNpc2NvMREwDwYDVQQKEwhTYWZlclZQTjERMA8GA1UECxMIU2FmZXJW
UE4xETAPBgNVBAMTCFNhZmVyVlBOMREwDwYDVQQpEwhTYWZlclZQTjEjMCEGCSqG
SIb3DQEJARYUc3VwcG9ydEBzYWZlcnZwbi5jb22CCQDp0auBVrGYGDAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB704c0nixfDuJ7OiFBUmkhmDUFEIhl
D35wxlthKYRs8tBzetZEipFGdyUOwuWiuwG/BuOwuP7fPS9uP4u4EPKjA5kL/Z/V
E743q50PS4L/kT3ZFyUrcisUKajAr5Gu+o6rzA6F4+QYu26iBbKewNrrb+riF1wR
GKthc6W++Awt+oVyKtVNyS2QokuBFcSu5IiVsfGqJ8TmffvFBqKUUjWopmP+qiYR
8+0qwHing/S/C9S72ZxhM9DF3et1dXFuHf/69YL8/u36tyKMqy/JVhByAlc87cRI
tcRGaviUttBeSw4j1Y6XrycVkhn4LzizWrqrmfCikhx26MrIeWK5JxYL
-----END CERTIFICATE-----
bracket /ca bracket

2

certificate can be embedded or linked. Warning may not matter.

What else is displayed in log?

3

Safer then Ivacy? You certainly know how to pick providers!

Anyhow, back to the “problem” - Ivacy works fine with the ovpn files provided. Just ignore the log errors

4

@glitch - LoL, my choice is pure consideration of cost/quality (speed, bandwidth, geographical spread, reviews 10 Best VPN Services (2022): Security, Features + Speed and personal tests). crackberry had a lifetime 39$ promotion for ivacy and I trust those folks CrackBerry | The #1 Site for BlackBerry Users (and Abusers!) - the same directly with 20% discount was 48$+60$

@alzhao - this is my connection log
Sat Jan 19 05:11:58 2019 user.info : 1267: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn1, serverfile=United Kingdom-London-UDP.ovpn
Sat Jan 19 05:11:58 2019 user.info : 1341: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn1/United Kingdom-London-UDP.ovpn, glconfig.openvpn.clientid=ovpn1
Sat Jan 19 05:12:00 2019 daemon.info dnsmasq[20986]: exiting on receipt of SIGTERM
Sat Jan 19 05:12:00 2019 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sat Jan 19 05:12:00 2019 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: started, version 2.80test2 cachesize 150
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: DNS service limited to local subnets
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq-dhcp[22513]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain test
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain onion
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain localhost
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain local
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain invalid
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain bind
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using nameserver 8.8.8.8#53
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using nameserver 9.9.9.9#53
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain lan
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: read /etc/hosts - 4 addresses
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq-dhcp[22513]: read /etc/ethers - 0 addresses
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22651]: OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22651]: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Sat Jan 19 05:12:04 2019 daemon.warn openvpn[22655]: WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
Sat Jan 19 05:12:04 2019 daemon.warn openvpn[22655]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22655]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.243.235.5:53
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22655]: UDP link local: (not bound)
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22655]: UDP link remote: [AF_INET]46.243.235.5:53
Sat Jan 19 05:12:07 2019 daemon.notice netifd: Network device ‘ra0’ link is down
Sat Jan 19 05:12:09 2019 daemon.notice netifd: Network device ‘ra0’ link is up
Sat Jan 19 05:12:09 2019 daemon.notice netifd: wan (20972): udhcpc: received SIGTERM
Sat Jan 19 05:12:09 2019 daemon.notice netifd: Interface ‘wan’ is now down
Sat Jan 19 05:12:09 2019 daemon.notice netifd: Interface ‘wan’ is setting up now
Sat Jan 19 05:12:11 2019 daemon.notice netifd: Network device ‘ra0’ link is down
Sat Jan 19 05:12:11 2019 daemon.notice netifd: wan (22768): udhcpc: started, v1.28.3
Sat Jan 19 05:12:13 2019 daemon.notice netifd: Network device ‘ra0’ link is up
Sat Jan 19 05:12:13 2019 daemon.notice netifd: wan (22768): udhcpc: sending discover
Sat Jan 19 05:12:13 2019 daemon.info dnsmasq-dhcp[22513]: DHCPREQUEST(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:13 2019 daemon.info dnsmasq-dhcp[22513]: DHCPACK(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:17 2019 daemon.notice netifd: Network device ‘ra0’ link is down
Sat Jan 19 05:12:17 2019 daemon.notice netifd: wan (22768): udhcpc: sending discover
Sat Jan 19 05:12:19 2019 daemon.notice netifd: Network device ‘ra0’ link is up
Sat Jan 19 05:12:20 2019 daemon.notice netifd: wan (22768): udhcpc: sending discover
Sat Jan 19 05:12:21 2019 daemon.err openvpn[22655]: write UDP: Network unreachable (code=128)
Sat Jan 19 05:12:23 2019 daemon.err openvpn[22655]: write UDP: Network unreachable (code=128)
Sat Jan 19 05:12:23 2019 daemon.notice netifd: wan (22768): udhcpc: sending select for 192.168.1.166
Sat Jan 19 05:12:23 2019 daemon.notice netifd: wan (22768): udhcpc: lease of 192.168.1.166 obtained, lease time 864000
Sat Jan 19 05:12:23 2019 daemon.notice netifd: Interface ‘wan’ is now up
Sat Jan 19 05:12:24 2019 daemon.info dnsmasq-dhcp[22513]: DHCPREQUEST(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:24 2019 daemon.info dnsmasq-dhcp[22513]: DHCPACK(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:27 2019 daemon.notice openvpn[22655]: [Secure-Server] Peer Connection Initiated with [AF_INET]46.243.235.5:53
Sat Jan 19 05:12:29 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ is enabled
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ is enabled
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Network device ‘tun0’ link is up
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ has link connectivity
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ is setting up now
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: TUN/TAP device tun0 opened
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ is now up
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: /sbin/ifconfig tun0 46.243.235.239 netmask 255.255.255.192 mtu 1500 broadcast 46.243.235.255
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ has link connectivity
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ is setting up now
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ is now up
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: /etc/openvpn/update-resolv-conf tun0 1500 1558 46.243.235.239 255.255.255.192 init
Sat Jan 19 05:12:43 2019 daemon.info dnsmasq[22513]: exiting on receipt of SIGTERM
Sat Jan 19 05:12:44 2019 daemon.info odhcpd[1462]: Using a RA lifetime of 0 seconds on br-lan
Sat Jan 19 05:12:44 2019 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sat Jan 19 05:12:44 2019 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: started, version 2.80test2 cachesize 150
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: DNS service limited to local subnets
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq-dhcp[23945]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain test
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain onion
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain localhost
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain local
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain invalid
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain bind
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using nameserver 8.8.8.8#53
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using nameserver 9.9.9.9#53
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain lan
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: read /etc/hosts - 4 addresses
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq-dhcp[23945]: read /etc/ethers - 0 addresses
Sat Jan 19 05:12:48 2019 user.notice firewall: Reloading firewall due to ifup of ovpn (tun0)
Sat Jan 19 05:12:49 2019 user.notice firewall: Reloading firewall due to ifup of ovpn (tun0)
Sat Jan 19 05:12:51 2019 user.notice root: check route success
Sat Jan 19 05:12:51 2019 daemon.notice openvpn[22655]: Initialization Sequence Completed

5

From the logs seem it is connected finally, isn’t it?

6

@alzhao - yes, indeed. however, the connection to establish takes longer with Ivacy than with Safer

7

That’s just the Ivacy (Pure) servers for you - you’ll have to live with it

8

@glitch would you, please, elaborate? did you meant the connection time establishment - yes, I guess nothing I can do. or did you mean anything else?

BTW, I am now trying to get my money back from Safe - apparently they implicitly admitted some issues with their infrastructure

9

Yes, it takes time to connect to their servers but it works OK (most of the time).

Thanks for reporting back on Safer - I suspected all along that the problem was with them.

1 Like
10

@glitch what do you think is the reason for long time initiation? their config file specifies UDP:53 - that shall be opened and be fast as it is DNS port & UDP. any thoughts?

BTW - i now have done more tests with their clients: my broadband and 4G providers are definitely filter VPN traffic and affect how either of the Safer (apart of their own difficulties) and Ivacy work.