I acquired a new OpenVPN provider - Ivacy (lifetime offer ends soon) - and the router throws a WARNING: daemon.warn openvpn[31059]: WARNING: No server certificate verification method has been enabled.
their OpenVPN config Files look like this (with the referenced certificates provided): client dev tun remote au1-ovpn-udp.ivacy.net 53 proto udp nobind persist-key persist-tun tls-auth Wdc.key 1 ca ca.crt cipher AES-256-CBC comp-lzo verb 1 mute 20 float route-method exe route-delay 2 auth-user-pass auth-retry interact explicit-exit-notify 2 ifconfig-nowarn auth-nocache
I am wondering, if GL-MT300N-V2 v.3.011 actually correctly recognizes these configs or shall the certs need to be imbedded in the file as SaferVPN uses: client dev tun proto udp cipher AES-256-CBC remote-cert-tls server remote au1.safervpn.net 1194 # - Your server IP and OpenVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun auth-user-pass comp-lzo verb 3 bracket ca bracket -----BEGIN CERTIFICATE----- MIIE1jCCA76gAwIBAgIJAOnRq4FWsZgYMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzERMA8G A1UEChMIU2FmZXJWUE4xETAPBgNVBAsTCFNhZmVyVlBOMREwDwYDVQQDEwhTYWZl clZQTjERMA8GA1UEKRMIU2FmZXJWUE4xIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRA c2FmZXJ2cG4uY29tMB4XDTE3MDgzMTA5NDEyM1oXDTI3MDgyOTA5NDEyM1owgaIx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv MREwDwYDVQQKEwhTYWZlclZQTjERMA8GA1UECxMIU2FmZXJWUE4xETAPBgNVBAMT CFNhZmVyVlBOMREwDwYDVQQpEwhTYWZlclZQTjEjMCEGCSqGSIb3DQEJARYUc3Vw cG9ydEBzYWZlcnZwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCqNV7oJZrUqD/mBSWlKi/sGRE2y3Yphs5m/vmmS4GPrc8lyaI1idhv44MGZ0i1 XCkJFZmaVQk7NUz5npz9hcnxN3MiZd/5Kv8Vo4aQkL0xQ7euto71LIgTqbJvTJjW kowsVVgartGK2ewfCd+KV6k5oBImlDdSnLW1pq82Kg+YcnXxdaFc8RpNWdBbdxBe tb4k6JcoZHuk9Zq5gi5Nnhtjc6lheCRzTGZ2hslDfJ58yMpR0jTMC3Rd+G+sM0q3 /gEEEW34ckUgCb5j6Kq35LUlnuonnViBnEzFR/MTizMARFj7VYkzOpxSsxJ6Epan JP8Zgbz81z4A822hosakl7kTAgMBAAGjggELMIIBBzAdBgNVHQ4EFgQUKSnUrJLQ omrGvdncxKkKT7Rxrj8wgdcGA1UdIwSBzzCBzIAUKSnUrJLQomrGvdncxKkKT7Rx rj+hgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM U2FuRnJhbmNpc2NvMREwDwYDVQQKEwhTYWZlclZQTjERMA8GA1UECxMIU2FmZXJW UE4xETAPBgNVBAMTCFNhZmVyVlBOMREwDwYDVQQpEwhTYWZlclZQTjEjMCEGCSqG SIb3DQEJARYUc3VwcG9ydEBzYWZlcnZwbi5jb22CCQDp0auBVrGYGDAMBgNVHRME BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB704c0nixfDuJ7OiFBUmkhmDUFEIhl D35wxlthKYRs8tBzetZEipFGdyUOwuWiuwG/BuOwuP7fPS9uP4u4EPKjA5kL/Z/V E743q50PS4L/kT3ZFyUrcisUKajAr5Gu+o6rzA6F4+QYu26iBbKewNrrb+riF1wR GKthc6W++Awt+oVyKtVNyS2QokuBFcSu5IiVsfGqJ8TmffvFBqKUUjWopmP+qiYR 8+0qwHing/S/C9S72ZxhM9DF3et1dXFuHf/69YL8/u36tyKMqy/JVhByAlc87cRI tcRGaviUttBeSw4j1Y6XrycVkhn4LzizWrqrmfCikhx26MrIeWK5JxYL -----END CERTIFICATE----- bracket /ca bracket
@alzhao - this is my connection log
Sat Jan 19 05:11:58 2019 user.info : 1267: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn1, serverfile=United Kingdom-London-UDP.ovpn
Sat Jan 19 05:11:58 2019 user.info : 1341: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn1/United Kingdom-London-UDP.ovpn, glconfig.openvpn.clientid=ovpn1
Sat Jan 19 05:12:00 2019 daemon.info dnsmasq[20986]: exiting on receipt of SIGTERM
Sat Jan 19 05:12:00 2019 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sat Jan 19 05:12:00 2019 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: started, version 2.80test2 cachesize 150
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: DNS service limited to local subnets
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq-dhcp[22513]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain test
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain onion
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain localhost
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain local
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain invalid
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain bind
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using nameserver 8.8.8.8#53
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using nameserver 9.9.9.9#53
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: using local addresses only for domain lan
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: read /etc/hosts - 4 addresses
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq[22513]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Sat Jan 19 05:12:01 2019 daemon.info dnsmasq-dhcp[22513]: read /etc/ethers - 0 addresses
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22651]: OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22651]: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Sat Jan 19 05:12:04 2019 daemon.warn openvpn[22655]: WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
Sat Jan 19 05:12:04 2019 daemon.warn openvpn[22655]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22655]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.243.235.5:53
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22655]: UDP link local: (not bound)
Sat Jan 19 05:12:04 2019 daemon.notice openvpn[22655]: UDP link remote: [AF_INET]46.243.235.5:53
Sat Jan 19 05:12:07 2019 daemon.notice netifd: Network device ‘ra0’ link is down
Sat Jan 19 05:12:09 2019 daemon.notice netifd: Network device ‘ra0’ link is up
Sat Jan 19 05:12:09 2019 daemon.notice netifd: wan (20972): udhcpc: received SIGTERM
Sat Jan 19 05:12:09 2019 daemon.notice netifd: Interface ‘wan’ is now down
Sat Jan 19 05:12:09 2019 daemon.notice netifd: Interface ‘wan’ is setting up now
Sat Jan 19 05:12:11 2019 daemon.notice netifd: Network device ‘ra0’ link is down
Sat Jan 19 05:12:11 2019 daemon.notice netifd: wan (22768): udhcpc: started, v1.28.3
Sat Jan 19 05:12:13 2019 daemon.notice netifd: Network device ‘ra0’ link is up
Sat Jan 19 05:12:13 2019 daemon.notice netifd: wan (22768): udhcpc: sending discover
Sat Jan 19 05:12:13 2019 daemon.info dnsmasq-dhcp[22513]: DHCPREQUEST(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:13 2019 daemon.info dnsmasq-dhcp[22513]: DHCPACK(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:17 2019 daemon.notice netifd: Network device ‘ra0’ link is down
Sat Jan 19 05:12:17 2019 daemon.notice netifd: wan (22768): udhcpc: sending discover
Sat Jan 19 05:12:19 2019 daemon.notice netifd: Network device ‘ra0’ link is up
Sat Jan 19 05:12:20 2019 daemon.notice netifd: wan (22768): udhcpc: sending discover
Sat Jan 19 05:12:21 2019 daemon.err openvpn[22655]: write UDP: Network unreachable (code=128)
Sat Jan 19 05:12:23 2019 daemon.err openvpn[22655]: write UDP: Network unreachable (code=128)
Sat Jan 19 05:12:23 2019 daemon.notice netifd: wan (22768): udhcpc: sending select for 192.168.1.166
Sat Jan 19 05:12:23 2019 daemon.notice netifd: wan (22768): udhcpc: lease of 192.168.1.166 obtained, lease time 864000
Sat Jan 19 05:12:23 2019 daemon.notice netifd: Interface ‘wan’ is now up
Sat Jan 19 05:12:24 2019 daemon.info dnsmasq-dhcp[22513]: DHCPREQUEST(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:24 2019 daemon.info dnsmasq-dhcp[22513]: DHCPACK(br-lan) 192.168.8.170 00:0f:00:00:00:00
Sat Jan 19 05:12:27 2019 daemon.notice openvpn[22655]: [Secure-Server] Peer Connection Initiated with [AF_INET]46.243.235.5:53
Sat Jan 19 05:12:29 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ is enabled
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ is enabled
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Network device ‘tun0’ link is up
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ has link connectivity
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ is setting up now
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: TUN/TAP device tun0 opened
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘VPN_client’ is now up
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: /sbin/ifconfig tun0 46.243.235.239 netmask 255.255.255.192 mtu 1500 broadcast 46.243.235.255
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ has link connectivity
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ is setting up now
Sat Jan 19 05:12:43 2019 daemon.notice netifd: Interface ‘ovpn’ is now up
Sat Jan 19 05:12:43 2019 daemon.notice openvpn[22655]: /etc/openvpn/update-resolv-conf tun0 1500 1558 46.243.235.239 255.255.255.192 init
Sat Jan 19 05:12:43 2019 daemon.info dnsmasq[22513]: exiting on receipt of SIGTERM
Sat Jan 19 05:12:44 2019 daemon.info odhcpd[1462]: Using a RA lifetime of 0 seconds on br-lan
Sat Jan 19 05:12:44 2019 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sat Jan 19 05:12:44 2019 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: started, version 2.80test2 cachesize 150
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: DNS service limited to local subnets
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq-dhcp[23945]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain test
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain onion
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain localhost
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain local
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain invalid
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain bind
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using nameserver 8.8.8.8#53
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using nameserver 9.9.9.9#53
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: using local addresses only for domain lan
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: read /etc/hosts - 4 addresses
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq[23945]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Sat Jan 19 05:12:46 2019 daemon.info dnsmasq-dhcp[23945]: read /etc/ethers - 0 addresses
Sat Jan 19 05:12:48 2019 user.notice firewall: Reloading firewall due to ifup of ovpn (tun0)
Sat Jan 19 05:12:49 2019 user.notice firewall: Reloading firewall due to ifup of ovpn (tun0)
Sat Jan 19 05:12:51 2019 user.notice root: check route success
Sat Jan 19 05:12:51 2019 daemon.notice openvpn[22655]: Initialization Sequence Completed
@glitch what do you think is the reason for long time initiation? their config file specifies UDP:53 - that shall be opened and be fast as it is DNS port & UDP. any thoughts?
BTW - i now have done more tests with their clients: my broadband and 4G providers are definitely filter VPN traffic and affect how either of the Safer (apart of their own difficulties) and Ivacy work.