Author
Message
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Mon Oct 08, 2018 20:13 Post subject: AUTH_FAILED on Netgear R6700 VPN
Trying to run OpenVPN client on dd-wrt installed on Netgear R6700 and getting AUTH_FAILED error. Worked with VPN provider on this without a solution and am wondering if there is any info here on what may cause that. Here are details:
Router/Version: Netgear Nighthawk R6700
Firmware: DD-WRT v3.0-r37139 std (10/04/1
Kernel:
Previous:
Mode/Status: Access Point/ok
Reset: yes
Issues/Errors: OpenVPN Client AUTH_FAILED
Here are log entries:
Oct 7 23:29:36 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Oct 7 23:29:36 DD-WRT user.info : telnetd : daemon successfully stopped
Oct 7 23:29:36 DD-WRT user.info : dnsmasq : daemon successfully stopped
Oct 7 23:29:36 DD-WRT user.info : pptpd : daemon successfully stopped
Oct 7 23:29:36 DD-WRT user.info : telnetd : daemon successfully started
Oct 7 23:29:36 DD-WRT user.info : dnsmasq : daemon successfully started
Oct 7 23:29:37 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Oct 7 23:29:37 DD-WRT user.info : syslogd : syslog daemon successfully stopped
Oct 7 17:29:37 DD-WRT syslog.info syslogd exiting
Oct 7 17:29:37 DD-WRT syslog.info syslogd started: BusyBox v1.29.3
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3383]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 4 2018
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3383]: library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.09
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3385]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3385]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.41.133.148:1195
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: UDPv4 link local: (not bound)
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: UDPv4 link remote: [AF_INET]45.41.133.148:1195
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: TLS: Initial packet from [AF_INET]45.41.133.148:1195, sid=74c36265 b74770b8
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3385]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: VERIFY OK: nsCertType=SERVER
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-384-2a, emailAddress=support@expressvpn.com
Oct 7 23:29:38 DD-WRT daemon.notice openvpn[3385]: NOTE: --mute triggered...
Oct 7 23:29:38 DD-WRT daemon.notice openvpn[3385]: 1 variation(s) on previous 3 message(s) suppressed by --mute
Oct 7 23:29:38 DD-WRT daemon.notice openvpn[3385]: [Server-384-2a] Peer Connection Initiated with [AF_INET]45.41.133.148:1195
Oct 7 23:29:39 DD-WRT daemon.notice openvpn[3385]: SENT CONTROL [Server-384-2a]: 'PUSH_REQUEST' (status=1)
Oct 7 23:29:39 DD-WRT daemon.notice openvpn[3385]: AUTH: Received control message: AUTH_FAILED
What should I be looking at?
If anyone has run VPN on dd-wrt installed on the R6700 could you let me know which version dd-wrt. I've reverted to Netgear firmware for now . .
TIA
Back to top
Sponsor
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 14:45 Post subject:
egc wrote: AUTH_FAILED ususally means wrong credentials (username/password)
For some VPN providers you do have to generate a username/password so it is not the same as the ones you use to login to their website.
Furthermore it is important that we know to what provider you are wanting to connect and pleae post your Settings page
Edit:
It seems you are on Express VPN so just follow their tutorial: https://www.youtube.com/watch?v=1gBUpl_UdmA
If your username and password are longer then 12 characters that could be a problem and you have to use the manual method
Service provider is ExpressVPN and I did work with them for several hours verifying all settings and credentials and we could not find any reason for the FAIL. That's why I'm here . . .
I was going to switch to tomato but it's not supported for the R6700 so that made me curious about whether anyone has VPN running on the R6700 and if so which version.
ahv
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Posted: Tue Oct 09, 2018 15:02 Post subject:
Your router itself has probably nothing to do with it, the version could be a problem, you are using the latest.
You could try a version from Kong: http://www.desipro.de/ddwrt/K3-AC-Arm/TEST/
Be aware the R6700 has a v1 version and a v3 version which are different!
Before flashing reset to defaults, upload new version, telnet to your router and do: put your settings in manually
Be sure to follow the video I posted in the previous post to setup or use express VPN guide
As said if your username and password are really long that could be a problem and you have to set them manually (i.e. in a separate password file you make on startup) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 15:12 Post subject:
egc wrote: Your router itself has probably nothing to do with it, the version could be a problem, you are using the latest.
You could try a version from Kong: http://www.desipro.de/ddwrt/K3-AC-Arm/TEST/
Be aware the R6700 has a v1 version and a v3 version which are different!
Before flashing reset to defaults, upload new version, telnet to your router and do: put your settings in manually
Be sure to follow the video I posted in the previous post to setup or use express VPN guide
As said if your username and password are really long that could be a problem and you have to set them manually (i.e. in a separate password file you make on startup)
I'll try again to get kong version - got 404 errors yesterday???
The R6700 is a version 1
The username and password are over 12 characters - over 20!
How do I set that up with a password file??
Thanks;
ahv
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 15:22 Post subject:
egc wrote: Be sure to follow the video I posted in the previous post to setup or use express VPN guide
I did follow the ExpressVPN website which is the same as the Utube video. All the text entries were done with cut/paste. Only difference is AUTH_FAILED . . .
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 16:46 Post subject:
egc wrote: Do not use the Username/Password from the GUI leave it empty
Go to Administration/Commands and enter:
Code: echo username > /tmp/auth.conf
echo password >> /tmp/auth.conf
where you of course set the username and password you got from ExpressVPN.
Save Startup
In the Additional Config VPN options add:
Code: auth-user-pass /tmp/auth.conf
Finally reboot router
Clarification: Do I enable user pass authentication and leave the username and password fields empty OR do I disable user / pass auth?
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 17:46 Post subject:
[Correction]
Short version: can't connect - I'm checking errors
Long version:
Loaded Kong version: dd-wrt.K3_R6700.chk
Router reports (Status ; Router):
Router Model: Netgear R7000 <- ??
Firmware Version: DD-WRT v3.0-r36070M (05/31/1
/tmp/auth.conf exists and is correct (verified by telnet to router)
Client config attached as png image
more to come . . . (sorry - dumb error on my part)
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 19:40 Post subject:
egc wrote: Do not use the Username/Password from the GUI leave it empty
Go to Administration/Commands and enter:
Code: echo username > /tmp/auth.conf
echo password >> /tmp/auth.conf
where you of course set the username and password you got from ExpressVPN.
Save Startup
In the Additional Config VPN options add:
Code: auth-user-pass /tmp/auth.conf
Finally reboot router
Is the auth.conf file in the form:
username myusername
password mypassword
OR
myusername
mypassword
Also: file was lost on reboot so should this be stored as a startup script or as a custom script?
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 20:05 Post subject:
CONNECTED_SUCCESS !!
Thanks. I will mention to expressVPN the need for a name password file when they are long . .
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Tue Oct 09, 2018 20:29 Post subject:
How can the /tmp/auth.conf file be kept during a reboot of the router? Appears to me it is lost on reboot/power off.
ahv
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Back to top
ahv DD-WRT Novice Joined: 07 Oct 2018 Posts: 14
Posted: Wed Oct 10, 2018 14:58 Post subject:
egc wrote: That is why you have to press "Save Startup" When you entered the commands in Administration/Commands.
The commands are then saved in NVRAM and executed on startup so that at startup the file is recreated
I had to add
chmod 640 /tmp/auth.conf
I did the same with the cert and key files.
It's working now.
Thanks
Back to top