OpenVPN Client not working

arch113 · October 17, 2023, 5:58pm

When I try to connect to my home VPN (OPNsense Firewall), doesnt seem to work, the indicator stays Yellow, and I get no network traffic.

Importong the same config to my laptop’s OpenVPn GUI works jsut fine.

Moedl:GL-SFT1200
Firmware:3.216

.OPVN file:
dev tun
persist-tun
persist-key
data-ciphers-fallback AES-256-GCM
auth SHA3-512
client
resolv-retry infinite
remote fake.net 1194 udp4
lport 0
verify-x509-name “C=US, ST=MY, L=CITY, O=ARCH113, emailAddress=arch113@yahoo.com, CN=ARCH113-VPN” subject
remote-cert-tls server
cryptoapicert “SUBJ:ARCH113.Travel”
auth-user-pass
compress lzo
ca ARCH113_VPN_ARCH113_Travel.crt
tls-auth ARCH113_VPN_ARCH113_Travel-tls.key 1

System Log:
Tue Oct 17 12:31:01 2023 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Tue Oct 17 12:31:01 2023 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: started, version 2.80 cachesize 150
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: DNS service limited to local subnets
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq-dhcp[2866]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain test
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain onion
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain localhost
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain local
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain invalid
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain bind
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain lan
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: reading /tmp/resolv.conf.auto
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain test
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain onion
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain localhost
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain local
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain invalid
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain bind
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using local addresses only for domain lan
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using nameserver 192.168.70.201#53
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: using nameserver 192.168.70.203#53
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: read /etc/hosts - 4 addresses
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq[2866]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Oct 17 12:31:01 2023 daemon.info dnsmasq-dhcp[2866]: read /etc/ethers - 0 addresses
Tue Oct 17 12:31:02 2023 daemon.notice netifd: VLAN ‘eth0.2’ link is down
Tue Oct 17 12:31:02 2023 daemon.notice netifd: Interface ‘wan’ has link connectivity loss
Tue Oct 17 12:31:02 2023 daemon.notice netifd: wan (14883): udhcpc: read error: Network is down, reopening socket
Tue Oct 17 12:31:02 2023 daemon.notice netifd: wan (14883): udhcpc: received SIGTERM
Tue Oct 17 12:31:03 2023 user.notice relay: Reloading relay due to ifup-failed of wan ()
Tue Oct 17 12:31:03 2023 daemon.notice netifd: VLAN ‘eth0.2’ link is up
Tue Oct 17 12:31:03 2023 daemon.notice netifd: Interface ‘wan’ has link connectivity
Tue Oct 17 12:31:03 2023 daemon.notice netifd: Interface ‘wan’ is setting up now
Tue Oct 17 12:31:03 2023 kern.warn kernel: [ 3201.511902] [hnat info]wan ip changed, vldclean
Tue Oct 17 12:31:03 2023 daemon.notice netifd: wan (3130): udhcpc: started, v1.29.3
Tue Oct 17 12:31:03 2023 daemon.notice netifd: wan (3130): udhcpc: sending discover
Tue Oct 17 12:31:06 2023 daemon.notice netifd: wan (3130): udhcpc: sending discover
Tue Oct 17 12:31:10 2023 daemon.notice netifd: wan (3130): udhcpc: sending discover
Tue Oct 17 12:31:20 2023 user.info : 1249: gl-vpn-client>> Stop, vpnpath=/etc/openvpn/ovpn0, serverfile=ARCH113_VPN_ARCH113_Travel.ovpn
Tue Oct 17 12:31:20 2023 user.debug : ------ss-redir is not running!------
Tue Oct 17 12:31:20 2023 daemon.info dnsmasq[2866]: exiting on receipt of SIGTERM
Tue Oct 17 12:31:21 2023 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Tue Oct 17 12:31:21 2023 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: started, version 2.80 cachesize 150
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: DNS service limited to local subnets
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq-dhcp[4210]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain test
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain onion
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain localhost
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain local
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain invalid
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain bind
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain lan
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: reading /tmp/resolv.conf.auto
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain test
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain onion
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain localhost
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain local
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain invalid
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain bind
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using local addresses only for domain lan
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using nameserver 192.168.70.201#53
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: using nameserver 192.168.70.203#53
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: read /etc/hosts - 4 addresses
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq[4210]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Oct 17 12:31:21 2023 daemon.info dnsmasq-dhcp[4210]: read /etc/ethers - 0 addresses

arch113 · October 23, 2023, 9:12pm

Anyone? Its the main reason I bought the product, I want it to connect to my home VPN.

alzhao · October 23, 2023, 9:24pm

Does the router has Internet withtout vpn?

The log didn’t show much about vpn.

Your vpn profile seems very complicated. Can you export ovpn for Linux, not windows from your vpn service provider?

The vpn has some extra file e.g. crt and key file linked. Did you upload these files together with the ovpn file to the router?

arch113 · October 24, 2023, 1:58pm

Yes, the router has internet without VPN

I am the service provider, I run OpnSense at my home with OpenVPN setup, I use the the router for travel. I use the Openvpn exporter, doesn’t have a option for Windows vs Linux.

Yes, the cert and key is imported with the ovpn file, i was able to WinSCP into the router and see the files.
As for the log not showing much, is there another one I can post, if so where?

alzhao · October 24, 2023, 6:46pm

Can you generate a config for me to test? That will be much faster.

You can send the confirm to support at glinet.biz, citing this thread.

arch113 · October 25, 2023, 4:16pm

ovpn config is listed in my original message, otherwise not sure about letting you into my home network.

Is there another log we can look into? I have WinSCP access.

arch113 · October 31, 2023, 4:54pm

Guess no other logs? I do have it working on one non-windows machine, it works on a Chromebook.

hansome · November 2, 2023, 7:00am

Some options is not compatible, please edit config file, remove options:

cryptoapicert "SUBJ:ARCH113.Travel"
compress lzo
data-ciphers-fallback AES-256-GCM

and change

auth SHA3-512

to

auth SHA256

arch113 · November 14, 2023, 6:16pm

I changed the settings on the server side, exported the client settings and imported into the router, still doesnt work. below in the new .ovpn file:

dev tun
persist-tun
persist-key
data-ciphers-fallback AES-256-GCM
auth SHA256
client
resolv-retry infinite
remote WORK.com 1194 udp4
lport 0
verify-x509-name “C=US, ST=KS, L=WICHITA, O=WORK, emailAddress=me@work.com, CN=WORK-VPN” subject
remote-cert-tls server
auth-user-pass
pkcs12 WORK_VPN_WORK_Travel.p12
tls-crypt WORK_VPN_WORK_Travel-tls.key

hansome · November 15, 2023, 1:40am

You can improve log verbose level on both server and client side to inspect what’s going on.
Maybe the target port is accessible or any parameter negotiation failure. Add line:

verb 9

to ovpn config file.