I have a Ubiquiti Edgerouter that I set up using up an OpenVPN server on using the following instructions…
I have uploaded the resultant .ovpn file and certificates to my AR750 travel router. I have have not much luck getting the two to talk.
Off the bat, I noticed they are running different versions of OpenVPN. Some stuff gets deprecated, so I had to change some stuff.
root@GL-AR750:/etc/openvpn/ovpn0# openvpn --version
OpenVPN 2.5.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1i 8 Dec 2020
oroot@ubnt:/config/auth# openvpn --version
OpenVPN 2.4.0 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.08
Because of this, I have to specify the cipher to use.
I made some progress but I am running into a TLS error… See the Ubiquiti log below…
My configs and logs are listed… I am currently testing this on my guest network so it is possible that is not an ideal setup-- but I have tried it on another network previously with some different options-- going to see if I can plug it into the neighbors house…
Any ideas?
**GL i.net log**
Wed Jun 30 11:34:29 2021 user.notice startvpn: start setting local policy
Wed Jun 30 11:34:29 2021 daemon.notice openvpn[27011]: OpenVPN 2.5.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Jun 30 11:34:29 2021 daemon.notice openvpn[27011]: library versions: OpenSSL 1.1.1i 8 Dec 2020
Wed Jun 30 11:34:29 2021 daemon.warn openvpn[27031]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jun 30 11:34:29 2021 daemon.notice openvpn[27031]: TCP/UDP: Preserving recently used remote address: [AF_INET]24.62.XXX.YY:1198
Wed Jun 30 11:34:29 2021 daemon.notice openvpn[27031]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Jun 30 11:34:29 2021 daemon.notice openvpn[27031]: UDPv4 link local (bound): [AF_INET]192.168.8.1:1194
Wed Jun 30 11:34:29 2021 daemon.notice openvpn[27031]: UDPv4 link remote: [AF_INET]24.62.XX.YY:1198
Wed Jun 30 11:34:42 2021 user.notice startvpn: can't find tun's ip, local policy failed
Wed Jun 30 11:35:08 2021 user.info : 1246: gl-vpn-client>> Stop, vpnpath=/etc/openvpn/ovpn0, serverfile=myVPN.ovpn
Wed Jun 30 11:35:08 2021 user.debug : ------ss-redir is not running!------
Ubiquti log
Jun 30 11:34:29 ubnt openvpn[1395]: 192.168.0.128:1194 TLS: Initial packet from [AF_INET]192.168.0.128:1194, sid=610439e3 9da62847
Jun 30 11:35:30 ubnt openvpn[1395]: 192.168.0.128:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 30 11:35:30 ubnt openvpn[1395]: 192.168.0.128:1194 TLS Error: TLS handshake failed
Jun 30 11:35:30 ubnt openvpn[1395]: 192.168.0.128:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
Jun 30 11:35:40 ubnt openvpn[1395]: 192.168.0.128:1194 TLS: Initial packet from [AF_INET]192.168.0.128:1194, sid=20e3f4f5 6f02f1ea
Jun 30 11:36:40 ubnt openvpn[1395]: 192.168.0.128:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 30 11:36:40 ubnt openvpn[1395]: 192.168.0.128:1194 TLS Error: TLS handshake failed
Jun 30 11:36:40 ubnt openvpn[1395]: 192.168.0.128:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
**UBIQUTI CONFIG**
@ubnt# show interfaces openvpn vtun5
hash sha256
local-port 1198
mode server
openvpn-option "--remote-cert-tls server"
server {
name-server 192.168.0.1
push-route 192.168.0.0/24
subnet 172.16.1.0/24
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/server.pem
dh-file /config/auth/dh.pem
key-file /config/auth/server.key
}
GL I.NET CONFIGURATION
On the GL i.net 750
root@GL-AR750:/etc/openvpn/ovpn0# cat myVPN.ovpn
client
dev tun
proto udp4
remote XXX.ddns.net 1198
local 192.168.8.1
float
resolv-retry infinite
#nobind
data-ciphers AES-256-CBC
cipher AES-256-CBC
auth SHA256
persist-key
persist-tun
verb 3
remote-cert-tls server
ca "/etc/openvpn/ovpn0/cert/202106072147-cacert.pem"
cert "/etc/openvpn/ovpn0/cert/202106072147-client1.pem"
key "/etc/openvpn/ovpn0/cert/202106072147-client1.key"
redirect-gateway def1
daemon
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf