OpenVPN Flint2 - Errors

I'm trying to connect to PrivadoVPN using the config files from the vendor. The config files work correctly in another router, but the Flint2 just hangs during connection and constantly returns this error:

... can't open '/tmp/run/ovpn_resolved_ip': No such file or directory

Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Zone 'ovpnclient'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Populating IPv6 mangle table
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Rule 'process_mark'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Rule 'wan_in_conn_mark'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Rule 'lan_in_conn_mark_restore'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Rule 'out_conn_mark_restore'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Zone 'lan'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Zone 'wan'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Zone 'guest'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Zone 'ovpnclient'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Set tcp_ecn to off
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Set tcp_syncookies to on
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Set tcp_window_scaling to on
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Running script '/etc/firewall.nat6'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Running script '/etc/firewall.vpn_server_policy.sh'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Running script '/var/etc/gls2s.include'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): ! Skipping due to path error: No such file or directory
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): * Running script '/usr/bin/gl_block.sh'
Thu May 23 11:23:28 2024 daemon.notice netifd: ovpnclient (25938): cat: can't open '/tmp/run/ovpn_resolved_ip': No such file or directory

Hi :wave:t2:

none of this messages are errors. Just normal log noise.
Aren't there any other log lines?

Thank you...
Sure, but it seems to just keep repeating itself...

Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Set tcp_syncookies to on
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Set tcp_window_scaling to on
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Running script '/etc/firewall.nat6'
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Running script '/etc/firewall.vpn_server_policy.sh'
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Running script '/var/etc/gls2s.include'
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): ! Skipping due to path error: No such file or directory
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): * Running script '/usr/bin/gl_block.sh'
Thu May 23 11:36:10 2024 daemon.notice netifd: ovpnclient (7362): cat: can't open '/tmp/run/ovpn_resolved_ip': No such file or directory
Thu May 23 11:36:15 2024 daemon.notice netifd: Interface 'ovpnclient' is now down
Thu May 23 11:36:15 2024 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Thu May 23 11:36:15 2024 daemon.warn ovpnclient[7489]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
Thu May 23 11:36:15 2024 daemon.warn ovpnclient[7489]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: TCP/UDP: Preserving recently used remote address: [AF_INET]81.171.60.15:1194
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: UDP link local: (not bound)
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: UDP link remote: [AF_INET]81.171.60.15:1194
Thu May 23 11:36:15 2024 daemon.notice ovpnclient[7489]: TLS: Initial packet from [AF_INET]81.171.60.15:1194, sid=5303b933 1c2e8197
Thu May 23 11:38:43 2024 daemon.notice netifd: ovpnclient (12401): cat: can't open '/tmp/run/ovpn_resolved_ip': No such file or directory
Thu May 23 11:38:47 2024 daemon.notice netifd: Interface 'ovpnclient' is now down
Thu May 23 11:38:47 2024 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Thu May 23 11:38:48 2024 daemon.warn ovpnclient[12528]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
Thu May 23 11:38:48 2024 daemon.warn ovpnclient[12528]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: TCP/UDP: Preserving recently used remote address: [AF_INET]81.171.60.15:1194
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: UDP link local: (not bound)
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: UDP link remote: [AF_INET]81.171.60.15:1194
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: TLS: Initial packet from [AF_INET]81.171.60.15:1194, sid=484c7261 69d4e209
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: VERIFY OK: depth=1, CN=Privado
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: VERIFY KU OK
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: Validating certificate extended key usage
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: VERIFY EKU OK
Thu May 23 11:38:48 2024 daemon.notice ovpnclient[12528]: VERIFY OK: depth=0, CN=dfw-056.vpn.privado.io
Thu May 23 11:38:49 2024 daemon.notice ovpnclient[12528]: Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Thu May 23 11:38:49 2024 daemon.notice ovpnclient[12528]: [dfw-056.vpn.privado.io] Peer Connection Initiated with [AF_INET]81.171.60.15:1194

This line tells us that the connection is up and running, imho.

Can you ping something?

Thank you, no. It does not connect, and the control panel stays...
"The client is starting please wait"

May you try a different configuration file?

Thank you, I've tried several direct from the vendor. I slightly modified one that works fine on the Inseego, but similarly hangs like the default Privado config....

client
dev tun
proto udp

remote dfw-055.vpn.privado.io 1194
remote dfw-056.vpn.privado.io 1194
remote dfw-059.vpn.privado.io 1194
remote dfw-060.vpn.privado.io 1194
remote dfw-061.vpn.privado.io 1194
remote dfw-062.vpn.privado.io 1194
remote dfw-063.vpn.privado.io 1194

resolv-retry infinite
remote-random
nobind
persist-key
persist-tun
persist-remote-ip

tls-client

#block-outside-dns
#route-ipv6 ::/0
#route 0.0.0.0 0.0.0.0 vpn_gateway
#route-delay 3

#added from Nord
pull
fast-io

if you're using openvpn versions later than 2.5 uncomment the following:

data-ciphers AES-256-CBC

data-ciphers-fallback AES-256-CBC

openvpn versions <= 2.5 use the following default settings:

auth SHA256
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA

remote-cert-tls server
auth-user-pass
verb 3

-----BEGIN CERTIFICATE----- MIIFKDCCAxCgAwIBAgIJAMtrmqZxIV/OMA0GCSqGSIb3DQEBDQUAMBIxEDAOBgNV BAMMB1ByaXZhZG8wHhcNMjAwMTA4MjEyODQ1WhcNMzUwMTA5MjEyODQ1WjASMRAw DgYDVQQDDAdQcml2YWRvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA xPwOgiwNJzZTnKIXwAB0TSu/Lu2qt2U2I8obtQjwhi/7OrfmbmYykSdro70al2XP hnwAGGdCxW6LDnp0UN/IOhD11mgBPo14f5CLkBQjSJ6VN5miPbvK746LsNZl9H8r QGvDuPo4CG9BfPZMiDRGlsMxij/jztzgT1gmuxQ7WHfFRcNzBas1dHa9hV/d3TU6 /t47x4SE/ljdcCtJiu7Zn6ODKQoys3mB7Luz2ngqUJWvkqsg+E4+3eJ0M8Hlbn5T PaRJBID7DAdYo6Vs6xGCYr981ThFcmoIQ10js10yANrrfGAzd03b3TnLAgko0uQM HjliMZL6L8sWOPHxyxJI0us88SFh4UgcFyRHKHPKux7w24SxAlZUYoUcTHp9VjG5 XvDKYxzgV2RdM4ulBGbQRQ3y3/CyddsyQYMvA55Ets0LfPaBvDIcct70iXijGsdv lX1du3ArGpG7Vaje/RU4nbbGT6HYRdt5YyZfof288ukMOSj20nVcmS+c/4tqsxSe rRb1aq5LOi1IemSkTMeC5gCbexk+L1vl7NT/58sxjGmu5bXwnvev/lIItfi2AlIT rfUSEv19iDMKkeshwn/+sFJBMWYyluP+yJ56yR+MWoXvLlSWphLDTqq19yx3BZn0 P1tgbXoR0g8PTdJFcz8z3RIb7myVLYulV1oGG/3rka0CAwEAAaOBgDB+MB0GA1Ud DgQWBBTFtJkZCVDuDAD6k5bJzefjJdO3DTBCBgNVHSMEOzA5gBTFtJkZCVDuDAD6 k5bJzefjJdO3DaEWpBQwEjEQMA4GA1UEAwwHUHJpdmFkb4IJAMtrmqZxIV/OMAwG A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBDQUAA4ICAQB7MUSX MeBb9wlSv4sUaT1JHEwE26nlBw+TKmezfuPU5pBlY0LYr6qQZY95DHqsRJ7ByUzG UrGo17dNGXlcuNc6TAaQQEDRPo6y+LVh2TWMk15TUMI+MkqryJtCret7xGvDigKY MJgBy58HN3RAVr1B7cL9youwzLgc2Y/NcFKvnQJKeiIYAJ7g0CcnJiQvgZTS7xdw kEBXfsngmUCIG320DLPEL+Ze0HiUrxwWljMRya6i40AeH3Zu2i532xX1wV5+cjA4 RJWIKg6ri/Q54iFGtZrA9/nc6y9uoQHkmz8cGyVUmJxFzMrrIICVqUtVRxLhkTMe 4UzwRWTBeGgtW4tS0yq1QonAKfOyjgRw/CeY55D2UGvnAFZdTadtYXS4Alu2P9zd woEk3fzHiVmDjqfJVr5wz9383aABUFrPI3nz6ed/Z6LZflKh1k+DUDEp8NxU4klU ULWsSOKoa5zGX51G8cdHxwQLImXvtGuN5eSR8jCTgxFZhdps/xes4KkyfIz9FMYG 748M+uOTgKITf4zdJ9BAyiQaOufVQZ8WjhWzWk9YHec9VqPkzpWNGkVjiRI5ewuX wZzZ164tMv2hikBXSuUCnFz37/ZNwGlDi0oBdDszCk2GxccdFHHaCSmpjU5MrdJ+ 5IhtTKGeTx+US2hTIVHQFIO99DmacxSYvLNcSQ== -----END CERTIFICATE-----

ARRRGGGHHH, somehow I missed this in the log...

Thu May 23 14:04:49 2024 daemon.notice ovpnclient[21424]: AUTH: Received control message: AUTH_FAILED

Fixed password and all is good!