Cannot connect from DD-WRT to AWS VPN server

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
dmitrytoda
DD-WRT Novice


Joined: 09 May 2022
Posts: 16

PostPosted: Fri Aug 05, 2022 17:16    Post subject: Cannot connect from DD-WRT to AWS VPN server Reply with quote
I have a Linksys WRT3200 ACM with DD-WRT v3.0-r48432 std (03/01/22) installed.
I also have my own OpenVPN server in Digital Ocean (DO) to which I connect from the router and it works just fine. However DO IP address is in some black lists and many services (e.g. my online banking) refuse to work with it. So I decided to spin up another VPN server in AWS.

I used so-called AWS Client VPN, configured everything in AWS and downloaded a *.ovpn config file which works just fine when I connect with a OpenVPN client from my Windows laptop, so I am sure that all the certificates are in order, all the config is correct on the server side and the *.ovpn file is fine. However when I try to connect from the router, it does not work.

Attached are:
1. router settings (for all the ciphers, I looked into (much more detailed) OpenVPN Windows client logs and copy-pasted them as well as I could) and router VPN connection log
2. *.ovpn file that works fine with OpenVPN Windows client
3. logs of a successful connection to AWS server from OpenVPN Win client using that *.ovpn file

Any suggestions on troubleshooting?
Sponsor
dmitrytoda
DD-WRT Novice


Joined: 09 May 2022
Posts: 16

PostPosted: Fri Aug 05, 2022 17:21    Post subject: Reply with quote
Output of
grep -i openvpn /var/log/messages
cat /tmp/openvpncl/openvpn.conf
as suggested by egc
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Aug 05, 2022 18:01    Post subject: Reply with quote
Is Syslogd enabled (on Services/Services page)?

If not enable it and retry:
grep -i openvpn /var/log/messages

Things to try:
Fragment: 1250
Enable MSSFIX

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
dmitrytoda
DD-WRT Novice


Joined: 09 May 2022
Posts: 16

PostPosted: Fri Aug 05, 2022 19:09    Post subject: Reply with quote
It was disabled, I have enabled it now and voilà
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Aug 06, 2022 6:39    Post subject: Reply with quote
OK now at least we can see the error:

TLS Error: TLS key negotiation failed to occur within 60 seconds

Server is not reachable i.e. you have a network connection error (unless you are using TLS-crypt which is not setup correctly):
• Check server address/DDNS
• Check DDNS,
• Check port,
• Check Port Forward if server is not on the primary router.
• Check /disable firewall
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked.
• Older DDWRT version block UDP ports when SFE is enabled, so when in doubt disable SFE

Are you having any routes or firewall rules added to the router?

Furthermore your tun mtu is to high lower it from 1500 to 1400 (1400 is the recent default).

Other things to try is to use TCP4 instead of UDP4 as tunnel protocol (you have to change that on the server too)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum