Openvpn firmware for testing

alzhao · December 1, 2016, 4:44pm

@V4n1X, if you ovpn file has only one server configured, it should always connect to the same server. You may need to have “ping-restart” value in the file. If you have many servers in one ovpn file and configured randomly select server, it may be difficult to ask it to connect to the same server.

mike-s · December 2, 2016, 7:10am

I just purchased the micro router, upgraded the firmware to version 2.24 and managed to get it working with SlickVPN.

However, I did have a problem that took many hours to track down. The VPN was disconnecting after about 45-60mins when the server was asking to re-authenticate.

The error message was as follows:

ERROR: could not read Auth username from stdin

After spending a long time searching for the causes of this error and making numerous adjusts to the ovpn file, without success, I finally discovered what was causing the problem.

There is a bug in the web interface when uploading the opvn files. It appends the following lines to the opvn config:

daemon
auth-nocache

The problem is the “auth-nocache” parameter must not be used when “auth-user-pass <filename>” is specified.

To fix this I had to manually edit the ovpn files to comment out the offending parameter after they had been uploaded to the device.

To help others that might be experiencing this same issue you can edit the files by performing the following:

Use secure shell to log into the router (In Windows I used Git Bash that is installed with Git). When in the prompt type: ssh root@<your-router-ip>
Navigate to the directory with the openvpn config files: cd /etc/openvpn
List the files to find your ovpn config: ls
Now to edit the file I used vim (Caution: vim is not very user friendly) vim <filename.ovpn>
Scroll the cursor up and down using the up/down arrow keys, place the cursor in front of the text "auth-nocache"
Press the INS key (This puts vim into insert mode)
Press the # key (This will insert the hash character, the line should now look like "#auth-nocache")
Press the ESC key to exit insert mode
now type the following to save your changes and exit vim: :wq
Now reconnect to openvpn
If you get DNS resolution problems you need to either reboot or restart the network. To restart the network type the following: /etc/init.d/network restart

I hope that helps others.

Regards,

Mike

mobile · December 15, 2016, 1:49am

PureVPN does not work on GL-AR300M when using these config files from their website: https://s3-us-west-1.amazonaws.com/heartbleed/linux/linux-files.zip. Router gives a warning ‘No server certification verification method has been enabled.’ and fails to connect.

alzhao · December 19, 2016, 10:14am

@mobile, what appears after the “warning” message?

axebro · December 19, 2016, 10:22am

@ Mike S,

Thank you! this saved me a ton of agita.

@alzhao - i didn’t see a change log foe to 2.24

cdl1971 · December 19, 2016, 9:16pm

Thank you @Mike S, this looks to have solved my disconnecting problem too.

This is the error I was getting :

Status
OpenVpn is not started

Last log
/usr/sbin/ip route del 176.227.205.119/32 /usr/sbin/ip route del 0.0.0.0/1
/usr/sbin/ip route del 128.0.0.0/1 Closing TUN/TAP interface /usr/sbin/ip addr del dev tun0 10.1.0.55/24

Removing auth-nocache has worked so far

Now to fix the DNS Leak

GL.iNet 6416 Firmware 2.24

amprsanduk · December 31, 2016, 7:03pm

Mike, just wanted to chime in and thank you for posting this! Hopefully a future firmware (2.25?) will not append the auth-nocache line to .ovpn files.

To others: for what it’s worth, I’m using NordVPN and not seeing any DNS leak problems (on ipchicken.com, or others)

phils · January 9, 2017, 4:31am

I tried Mike’s suggestion and commented out the auth-nocache line in my PIA .ovpn files. This resolved my initial error, but I’m still unable to establish a connection. Here is what the log is saying:

Mon Jan 9 04:26:21 2017 daemon.notice openvpn[5146]: UDPv4 link local: [undef]
Mon Jan 9 04:26:21 2017 daemon.notice openvpn[5146]: UDPv4 link remote: [AF_INET]209.95.50.104:1198
Mon Jan 9 04:26:21 2017 daemon.warn openvpn[5146]: CRL: cannot read: [[INLINE]]
Mon Jan 9 04:26:21 2017 daemon.err openvpn[5146]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Mon Jan 9 04:26:21 2017 daemon.err openvpn[5146]: TLS Error: TLS object -> incoming plaintext read error
Mon Jan 9 04:26:21 2017 daemon.err openvpn[5146]: TLS Error: TLS handshake failed
Mon Jan 9 04:26:21 2017 daemon.notice openvpn[5146]: SIGUSR1[soft,tls-error] received, process restarting
Mon Jan 9 04:26:23 2017 daemon.notice openvpn[5146]: Attempting to establish TCP connection with [AF_INET]209.95.50.57:502 [nonblock]
Mon Jan 9 04:26:24 2017 daemon.notice openvpn[5146]: TCP connection established with [AF_INET]209.95.50.57:502
Mon Jan 9 04:26:24 2017 daemon.notice openvpn[5146]: TCPv4_CLIENT link local: [undef]
Mon Jan 9 04:26:24 2017 daemon.notice openvpn[5146]: TCPv4_CLIENT link remote: [AF_INET]209.95.50.57:502
Mon Jan 9 04:26:24 2017 daemon.warn openvpn[5146]: CRL: cannot read: [[INLINE]]
Mon Jan 9 04:26:24 2017 daemon.err openvpn[5146]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Mon Jan 9 04:26:24 2017 daemon.err openvpn[5146]: TLS Error: TLS object -> incoming plaintext read error
Mon Jan 9 04:26:24 2017 daemon.err openvpn[5146]: TLS Error: TLS handshake failed
Mon Jan 9 04:26:24 2017 daemon.err openvpn[5146]: Fatal TLS error (check_tls_errors_co), restarting
Mon Jan 9 04:26:24 2017 daemon.notice openvpn[5146]: SIGUSR1[soft,tls-error] received, process restarting

Any ideas? I’m attempting to do all this through the web UI, and I’ve see that cause strange errors for other things (installing packages).

Thanks,
Phil

alzhao · January 9, 2017, 10:08am

Please try firmware v2.243 from GL.iNet download center

It will be released as v2.25 soon.

axebro · January 9, 2017, 10:26am

@alfie,

Will the OpenVPN version be updated to latest?

Also - anyway to disable the DDns?

alzhao · January 9, 2017, 10:30am

Openvpn is updated in 2.3.10 already in the newest firmware.

DDNS can be turned off easily by disabling WAN access in “Access Control” page.

axebro · January 9, 2017, 10:44am

@alfie

thanks … I thought that was the case about two versions ago… but today, I saw that DDNS was still updating im on 2.23, even though I’d turned off the WWAN access. I haven’t tried the 2.243 yet.

One other suggestion, on the readme / listing, you should have a note for those that have the NAND version that it should be the first firmware to use.

phils · January 9, 2017, 11:06am

Thanks Alzhao, I updated the firmware to 2.243 as suggested and the problem remains.

Sun Jan 8 22:01:05 2017 daemon.notice openvpn[4046]: Attempting to establish TCP connection with [AF_INET]162.216.46.41:502 [nonblock]
Sun Jan 8 22:01:06 2017 daemon.notice openvpn[4046]: TCP connection established with [AF_INET]162.216.46.41:502
Sun Jan 8 22:01:06 2017 daemon.notice openvpn[4046]: TCPv4_CLIENT link local: [undef]
Sun Jan 8 22:01:06 2017 daemon.notice openvpn[4046]: TCPv4_CLIENT link remote: [AF_INET]162.216.46.41:502
Sun Jan 8 22:01:06 2017 daemon.warn openvpn[4046]: CRL: cannot read: [[INLINE]]
Sun Jan 8 22:01:06 2017 daemon.err openvpn[4046]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Sun Jan 8 22:01:06 2017 daemon.err openvpn[4046]: TLS Error: TLS object -> incoming plaintext read error
Sun Jan 8 22:01:06 2017 daemon.err openvpn[4046]: TLS Error: TLS handshake failed
Sun Jan 8 22:01:06 2017 daemon.err openvpn[4046]: Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 8 22:01:06 2017 daemon.notice openvpn[4046]: SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 8 22:01:11 2017 daemon.notice openvpn[4046]: UDPv4 link local: [undef]
Sun Jan 8 22:01:11 2017 daemon.notice openvpn[4046]: UDPv4 link remote: [AF_INET]162.216.46.72:1198
Sun Jan 8 22:01:12 2017 daemon.warn openvpn[4046]: CRL: cannot read: [[INLINE]]
Sun Jan 8 22:01:12 2017 daemon.err openvpn[4046]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Sun Jan 8 22:01:12 2017 daemon.err openvpn[4046]: TLS Error: TLS object -> incoming plaintext read error
Sun Jan 8 22:01:12 2017 daemon.err openvpn[4046]: TLS Error: TLS handshake failed
Sun Jan 8 22:01:12 2017 daemon.notice openvpn[4046]: SIGUSR1[soft,tls-error] received, process restarting

alzhao · January 9, 2017, 11:08am

@PhilS, did you purge the config from the router and reupload the files?

I bought a PIA account for 1 month and tested it is OK for this purpose.

phils · January 9, 2017, 11:25am

Hi Alzhao, I had not purged and re-uploaded, sorry. I tried that though, and I’m still experiencing the same problem. I believe that you had PIA working (as do other people), but for some reason I still have issues.

I appreciate any other suggestions you may have.

mw1 · January 9, 2017, 11:42am

alzhao · January 10, 2017, 5:24pm

@PhilS, is there any way you can send me your ovpn file for a check. Yes I need username and password. If you can change to a temporary one so that I can test that would be great. Otherwise, just send me your ovpn file so that I can compile with mine.

phils · January 10, 2017, 10:26pm

Hello Alzhao

I must apologize as I’ve discovered my error and all works well now. Apparently I was using IOS specific ovpn files instead of the general purpose files required. Once I uploaded the zip files from https://www.privateinternetaccess.com/openvpn/openvpn.zip I was able to make it work.

Thanks for the excellent support and amazing products!

electronicsguy · July 18, 2017, 3:19pm

Latest report from my side:

Using AR150 v2.261

The following free VPNs work (using OpenVPN config files, no others settings need to be changed):

Thank you community for your help!

alzhao · July 21, 2017, 5:33pm

Thanks both @PhilS and @electronicsguy