Please see config and log below for error. Any ideas how can i get vpn unlimited ovpn file to work on gl-inet. It’s working successfully on iphone and wireguard config is working as well; however, i need vpn-unlimited openvpn to work on gl-inet routers.
client
dev tun
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo no
remote-random
remote-cert-tls server
auth-nocache
route-metric 1
cipher AES-256-CBC
auth sha512
remote us.vpnunlimitedapp.com
proto udp
“Sun Aug 13 19:12:28 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down\nSun Aug 13 19:12:28 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now\nSun Aug 13 19:12:28 2023 daemon.warn ovpnclient[14275]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.\nSun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nSun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10\nSun Aug 13 19:12:28 2023 daemon.warn ovpnclient[14275]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\nSun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: TCP/UDP: Preserving recently used remote address: [AF_INET]199.115.117.81:1194\nSun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: UDP link local: (not bound)\nSun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: UDP link remote: [AF_INET]199.115.117.81:1194\nSun Aug 13 19:12:58 2023 daemon.notice ovpnclient[14275]: [UNDEF] Inactivity timeout (–ping-exit), exiting\nSun Aug 13 19:12:58 2023 daemon.notice ovpnclient[14275]: SIGTERM[soft,ping-exit] received, process exiting\nSun Aug 13 19:13:03 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down\nSun Aug 13 19:13:03 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now\nSun Aug 13 19:13:04 2023 daemon.warn ovpnclient[15752]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.\nSun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\nSun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10\nSun Aug 13 19:13:04 2023 daemon.warn ovpnclient[15752]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\nSun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: TCP/UDP: Preserving recently used remote address: [AF_INET]199.115.117.81:1194\nSun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: UDP link local: (not bound)\nSun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: UDP link remote: [AF_INET]199.115.117.81:1194\n”
Sun Aug 13 19:12:28 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down\n
Sun Aug 13 19:12:28 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now\n
Sun Aug 13 19:12:28 2023 daemon.warn ovpnclient[14275]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.\n
Sun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\n
Sun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10\n
Sun Aug 13 19:12:28 2023 daemon.warn ovpnclient[14275]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\n
Sun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: TCP/UDP: Preserving recently used remote address: [AF_INET]199.115.117.81:1194\n
Sun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: UDP link local: (not bound)\n
Sun Aug 13 19:12:28 2023 daemon.notice ovpnclient[14275]: UDP link remote: [AF_INET]199.115.117.81:1194\n
Sun Aug 13 19:12:58 2023 daemon.notice ovpnclient[14275]: [UNDEF] Inactivity timeout (–ping-exit), exiting\n
Sun Aug 13 19:12:58 2023 daemon.notice ovpnclient[14275]: SIGTERM[soft,ping-exit] received, process exiting\n
Sun Aug 13 19:13:03 2023 daemon.notice netifd: Interface ‘ovpnclient’ is now down\n
Sun Aug 13 19:13:03 2023 daemon.notice netifd: Interface ‘ovpnclient’ is setting up now\n
Sun Aug 13 19:13:04 2023 daemon.warn ovpnclient[15752]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.\n
Sun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: OpenVPN 2.5.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]\n
Sun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10\n
Sun Aug 13 19:13:04 2023 daemon.warn ovpnclient[15752]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\n
Sun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: TCP/UDP: Preserving recently used remote address: [AF_INET]199.115.117.81:1194\n
Sun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: UDP link local: (not bound)\n
Sun Aug 13 19:13:04 2023 daemon.notice ovpnclient[15752]: UDP link remote: [AF_INET]199.115.117.81:1194\n”
It looks like VPN Unlimited needs to update their OpenVPN ciphers:
Switch to WireGuard; you’ll be far happier with the performance increase.
I’m trying to get this to work in a college environment (EAP authentication). I think all UDP ports are blocked on campus network. Isn’t WireGuard UDP only?
Tell me: is OpenVPN my only option? VPN unlimited config works from iPhone OpenVPN app on college campus. It’s just that it doesn’t work on Gl-net router (on campus or off-campus). Bit confused why it’s not working.
Correct; WG is UDP only. OpenVPN can be also but most providers have UDP or TCP profiles available.
I scanned over VPN Unlimited’s site. They use OVPN by default but IDK if it’s UDP or TCP based on how you describe that hostile network & the fact it works on your phone I’d guess it’s TCP.
You may be stuck w/ OVPN via TCP unless you want to scan the campus network to confirm if UDP is blocked but that’ll probably lead to some ‘interesting’ questions when the IT dept.'s klaxons kick in.
It’s possible that OpenVPN iPhone app tries both tcp and UDP and that’s why it’s working whereas gl-inet router only specifies UDP as it’s specified in config. In other words, iPhone app might be trying both port types. I’ll go to campus in 2-3 days, I’ll delete the line in config that says port UDP and maybe gl-inet will try tcp.
There could be a difference between the versions of the compiled crypto/ciphers between the two devices/apps. IDK as I don’t use Apple products but there’s a ‘pure’ OpenVPN app available for Android that requires adding in specific profiles into it to use. If using the VPN Unlimited’s app it’s already ‘baked in’.
ProtonVPN has a ‘free’ (read: slow, but functional) tier that provides WG or OVPN+{TCP,UDP} profiles. Give that a shot; see if their OVPN profiles work.
