Posted: Tue Aug 09, 2016 22:42 Post subject: [Solved] Asus RT-AC68U - OpenVPN - Port 1194 not opened?
First things first, it's originally a T-Mobile TM-AC1900 router, flashed to RT-AC68U firmware via downgrading the TM firmware and loading on a DD-WRT firmware, then upgrading to the current version:
DD-WRT v3.0-r29621 std (05/10/16)
I setup OpenVPN over the weekend, but it didn't work Monday morning from the office. I tried a different how-to/guide, and it still didn't work Tuesday morning. The internet path at work is not hiding behind any firewalls/routers to cause issues. This afternoon I ran nMap against my home DNS name, and port 1194 did not appear open. I used a web-based nMap tool, and specifically scanned port 1194, and that web-based tool said the port was closed, as well. Now that I'm back home, I plan to review the OpenVPN log files, to see if anything happened here, but I don't think I'm going to see anything. Is there some reason (firmware? bug? my ignorance?) that the port as specified on the OpenVPN screen would NOT be open? All I can think of is that the OpenVPN daemon crashed and wasn't restarted successfully.
Anyone have any other ideas or suggestions? All ideas are appreciated. Even seemingly stupid ones, because those are usually the answer.
More information: It appears the OpenVPN daemon is not running. And I can't seem to find a log file anywhere. Seems that netcat cannot push anything to localhost port 14. The script /etc/openvpnlog.sh fails when I try to execute the same netcat command in a puTTY window:
Okay, enabled syslog, and found that openvpn doesn't care for something in my config:
Aug 10 00:56:45 2106D user.info : openvpn : OpenVPN daemon (Server) starting/restarting...
Aug 10 00:56:45 2106D daemon.err openvpn[32092]: Options error: --server directive network/netmask combination is invalid
Aug 10 00:56:45 2106D daemon.warn openvpn[32092]: Use --help for more information.
Looks like it's time to review my VPN network config values. Yup, it was the netmask it didn't like. Changed that value and now it appears to start successfully. _________________ 2x Asus RT-AC68U
I was still having trouble connecting from work this morning. When I returned home, I found the following messages in the OpenVPN log:
TLS Error: cannot locate HMAC in incoming packet from [AF_INET]
It turns out my client file did not contain the following necessary line to match my OpenVPN server configuration:
auth SHA512
Once I added that to the client configuration file tonight and double-checked the VPN server GUI specified the authorization method, everything connects perfectly. _________________ 2x Asus RT-AC68U