Hello, I have just bought a GL.iNet GL-MT1300 (Beryl) router but I can’t use it to connect to my OpenVPN server.
I get these from the router logs (SSH - logread)
Sat Dec 17 23:53:20 2022 daemon.notice openvpn[25004]: OpenVPN 2.5.2 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Dec 17 23:53:20 2022 daemon.notice openvpn[25004]: library versions: OpenSSL 1.1.1n 15 Mar 2022
Sat Dec 17 23:53:20 2022 daemon.notice openvpn[25004]: Restart pause, 2 second(s)
Sat Dec 17 23:53:22 2022 daemon.warn openvpn[25004]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1603,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1603,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: TCP/UDP: Preserving recently used remote address: [AF_INET6]GLOBAL_IPV6_IP:1194
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Attempting to establish TCP connection with [AF_INET6]GLOBAL_IPV6_IP:1194 [nonblock]
Sat Dec 17 23:53:22 2022 daemon.err openvpn[25004]: TCP: connect to [AF_INET6]GLOBAL_IPV6_IP:1194 failed: Permission denied
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: SIGHUP[connection failed(soft),init_instance] received, process restarting
Sat Dec 17 23:53:22 2022 daemon.warn openvpn[25004]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: OpenVPN 2.5.2 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: library versions: OpenSSL 1.1.1n 15 Mar 2022
Sat Dec 17 23:53:22 2022 daemon.notice openvpn[25004]: Restart pause, 2 second(s)
I have updated the firmware to the latest available version 3.215 but the error messages are the same.
The OpenVPN client configuration I send to the router is:
client
dev tun-ipv6
proto udp6
remote GLOBAL_IPV6_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 4
<ca>
DATA
</ca>
<cert>
DATA
</cert>
<key>
DATA
</key>
<tls-crypt>
DATA
</tls-crypt>
server is running OpenVPN 2.5.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2022
library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.08
server config:
port 1194
proto tcp6
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option DNS6 2001:4860:4860::8888"
push "dhcp-option DNS6 2001:4860:4860::8844"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 4
log-append /var/log/openvpn.log
crl-verify crl.pem
The server doesn’t get any traffic so it shows no logs.
If I connect from my computer directly using OpenVPN Connect it works, so I am pretty sure this is some issue with the router’s OpenVPN client or related config.
Is the router able to connect to OpenVPN servers over IPv6? Is there something wrong in my configuration?
Any help would be appreciated as this is the main use case for this router, so if it doesn’t work I will have to return it.
Thanks