Open VPN stuck at connecting

joedmanuel · October 4, 2023, 2:07pm

Good Morning,

I recently purchased the Beryl AX and am trying to make the repeater work with vpn. I am able to connect to the public network internet but when I try to start the vpn then it just keeps saying connecting. I have tried several fixes from other topics but still unable to get it to work. I tried changing from global to auto and on/off ip masquerading. Can someone help/ provide suggestions please. Thank you in advance. Here is the log from this Morning:

“Wed Oct 4 08:58:18 2023 daemon.notice ovpnclient[15270]: Incoming Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication\nWed Oct 4 08:58:18 2023 daemon.notice ovpnclient[15270]: TCP/UDP: Preserving recently used remote address: [AF_INET]2.56.190.20:1194\nWed Oct 4 08:58:18 2023 daemon.notice ovpnclient[15270]: Socket Buffers: R=[212992->212992] S=[212992->212992]\nWed Oct 4 08:58:18 2023 daemon.notice ovpnclient[15270]: UDP link local: (not bound)\nWed Oct 4 08:58:18 2023 daemon.notice ovpnclient[15270]: UDP link remote: [AF_INET]2.56.190.20:1194\nWed Oct 4 08:59:19 2023 daemon.err ovpnclient[15270]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)\nWed Oct 4 08:59:19 2023 daemon.err ovpnclient[15270]: TLS Error: TLS handshake failed\nWed Oct 4 08:59:19 2023 daemon.notice ovpnclient[15270]: SIGHUP[soft,tls-error] received, process restarting\nWed Oct 4 08:59:19 2023 daemon.warn ovpnclient[15270]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.\nWed Oct 4 08:59:19 2023 daemon.notice ovpnclient[15270]: OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nWed Oct 4 08:59:19 2023 daemon.notice ovpnclient[15270]: library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10\nWed Oct 4 08:59:19 2023 daemon.notice ovpnclient[15270]: Restart pause, 5 second(s)\nWed Oct 4 08:59:24 2023 daemon.warn ovpnclient[15270]: WARNING: --ping should normally be used with --ping-restart or --ping-exit\nWed Oct 4 08:59:24 2023 daemon.warn ovpnclient[15270]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\nWed Oct 4 08:59:24 2023 daemon.not
ice ovpnclient[15270]: Outgoing Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication\nWed Oct 4 08:59:24 2023 daemon.notice ovpnclient[15270]: Incoming Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication\nWed Oct 4 08:59:24 2023 daemon.notice ovpnclient[15270]: TCP/UDP: Preserving recently used remote address: [AF_INET]2.56.190.20:1194\nWed Oct 4 08:59:24 2023 daemon.notice ovpnclient[15270]: Socket Buffers: R=[212992->212992] S=[212992->212992]\nWed Oct 4 08:59:24 2023 daemon.notice ovpnclient[15270]: UDP link local: (not bound)\nWed Oct 4 08:59:24 2023 daemon.notice ovpnclient[15270]: UDP link remote: [AF_INET]2.56.190.20:1194\n”

groentjuh · October 4, 2023, 2:14pm

Wed Oct 4 08:59:19 2023 daemon.err ovpnclient[15270]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Oct 4 08:59:19 2023 daemon.err ovpnclient[15270]: TLS Error: TLS handshake failed

OpenVPN says: The server(x.x.x.20:1194) it tried to connect too, does not respond.

So either the Beryl does not have internet to reach that VPN or that server is unreachable.

joedmanuel · October 4, 2023, 2:18pm

Thank you for the really quick response. So does that mean that the server maybe blocking my connection? I connected the Beryl to the repeater and it has a internet connection. I then connected my phone to the Beryl to test it (phone has nord vpn on) and it connects to the net. It’s actually what I’m using right now. But when I turn on the vpn on the Beryl that is when the net stops working.

groentjuh · October 4, 2023, 2:24pm

When you turn on the VPN on the Beryl, it will route all internet traffic into the VPN. However that VPN connection somehow fails establish(/fails to reach the VPN server), so therefore internet stops at that point.

So something about the VPN config is not working out or the connection gets blocked.

Your phone may use other protocols and ports that may cause it not to be blocked.

joedmanuel · October 4, 2023, 2:34pm

Thanks again. Is there a fix I can try to do or Open VPN Nord simply isn’t working out in my case and I might need a new VPN with Wireguard

groentjuh · October 4, 2023, 2:54pm

I do not know what NordVPN offers. Possibly using TCP instead of UDP helps out. Possibly Nord allows usage of a different port.

As for VPN providers, I believe there are 2 VPN providers build into the Wireguard section of GL-iNet’s gui. One of those might be easiest to work with.

joedmanuel · October 4, 2023, 3:30pm

Thank you. I’ll try that out.

Kev1 · October 4, 2023, 6:07pm

resolved by following the instructions

joedmanuel · October 5, 2023, 4:25pm

Resolved by using the built in wireguard vpn Mullvad. I think this is more incompatibility with Open VPN Nord. Thank you for your help.

CaptMrgnX · April 22, 2024, 1:26am

Fixes this issue. The username/password for Nord is NOT the same as your Nord login. You have to get the Manual VPN username/pass that is referenced in that article. I got this from another post and it fixed it right up for me. Connected in about 5 seconds.