Keepsolid OpenVPN

lilpenny10 · September 3, 2022, 5:40pm

Can’t connect GL-INET AR750S to openvpn client over my current wifi network. But if I hotspot my phone VPN connection works! I’ve removed any specific address in the log dumps below and replaced with “xxx” OpenVPN service is KeepSolid.

OpenVPN config file
client
dev tun
reneg-sec 0
pull-filter ignore “redirect-gateway”
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo no
remote-random
remote-cert-tls server
auth-nocache
route-metric 1
cipher AES-256-CBC
auth sha512

Error seen in admin portal
“UDP link local: (not bound)
UDP link remote: [AF_INET] xxx.xx.xxx
[UNDEF] Inactivity timeout (–ping-exit), exiting
SIGTERM[soft,ping-exit] received, process exiting”

user.info : 1247: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn0, serverfile=5E01D2EE-1451-4E87-B736-FE876C22B417_us-sf_openvpn.ovpn
Thu Sep 1 18:54:33 2022 user.debug : ------ss-redir is not running!------
Thu Sep 1 18:54:33 2022 user.info : 1324: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn0/5E01D2EE-1451-4E87-B736-FE876C22B417_us-sf_openvpn.ovpn, glconfig.openvpn.clientid=ovpn0
Thu Sep 1 18:54:35 2022 daemon.info dnsmasq[28427]: exiting on receipt of SIGTERM
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: started, version 2.80 cachesize 150
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: DNS service limited to local subnets
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq-dhcp[19369]: DHCP, IP range 192.168.7.100 – 192.168.7.249, lease time 12h
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain test
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain onion
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain localhost
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain local
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain invalid
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain bind
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using nameserver xxx.xx.xxx#53
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using nameserver 9.9.9.9#53
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: using local addresses only for domain lan
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: read /etc/hosts - 4 addresses
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq[19369]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Thu Sep 1 18:54:36 2022 daemon.info dnsmasq-dhcp[19369]: read /etc/ethers - 0 addresses
Thu Sep 1 18:54:40 2022 daemon.warn openvpn[19662]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.
Thu Sep 1 18:54:40 2022 daemon.notice openvpn[19662]: OpenVPN 2.5.2 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Sep 1 18:54:40 2022 daemon.notice openvpn[19662]: library versions: OpenSSL 1.1.1n 15 Mar 2022
Thu Sep 1 18:54:40 2022 daemon.warn openvpn[19676]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Sep 1 18:54:40 2022 daemon.notice openvpn[19676]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xx.xxx:1194
Thu Sep 1 18:54:40 2022 daemon.notice openvpn[19676]: UDP link local: (not bound)
Thu Sep 1 18:54:40 2022 daemon.notice openvpn[19676]: UDP link remote: [AF_INET]xxx.xx.xxx:1194
Thu Sep 1 18:55:10 2022 daemon.notice openvpn[19676]: [UNDEF] Inactivity timeout (–ping-exit), exiting
Thu Sep 1 18:55:10 2022 daemon.notice openvpn[19676]: SIGTERM[soft,ping-exit] received, process exiting
Thu Sep 1 18:56:08 2022 user.info : 1247: gl-vpn-client>> Stop, vpnpath=/etc/openvpn/ovpn0, serverfile=5E01D2EE-1451-4E87-B736-FE876C22B417_us-sf_openvpn.ovpn

eric · September 3, 2022, 6:34pm

Is your current WiFi network a public network? Could it be blocking UDP traffic or blocking port 1194? Does Keepsolid support OpenVPN over TCP on port 80 or 443?

lilpenny10 · September 3, 2022, 7:27pm

It is a public network. And it does force using port 1194 and TCP 443. I’m going to try their wireguard config to see if that works

eric · September 3, 2022, 8:07pm

Most places do not block TCP port 443. Can you try Keepsolid’s TCP based OpenVPN config file?

lilpenny10 · September 4, 2022, 12:20am

I don’t see any options to use TCP only

eric · September 4, 2022, 12:57am

I would check with Keepsolid support. Most VPN providers have separate .ovpn files for their TCP and UDP connections. Just get their TCP .ovpn config file and setup a new OpenVPN Configurations on your GL iNet router.

hansome · January 9, 2023, 3:49am

Please try to change the ovpn config line:

ping-exit 30

to

ping-restart 30