AUTH_FAILED on Netgear R6700 VPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
View previous topic :: View next topic  
Author Message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Mon Oct 08, 2018 20:13    Post subject: AUTH_FAILED on Netgear R6700 VPN Reply with quote
Trying to run OpenVPN client on dd-wrt installed on Netgear R6700 and getting AUTH_FAILED error. Worked with VPN provider on this without a solution and am wondering if there is any info here on what may cause that. Here are details:

Router/Version: Netgear Nighthawk R6700
Firmware: DD-WRT v3.0-r37139 std (10/04/1Cool
Kernel:
Previous:
Mode/Status: Access Point/ok
Reset: yes
Issues/Errors: OpenVPN Client AUTH_FAILED

Here are log entries:

Oct 7 23:29:36 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Oct 7 23:29:36 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Oct 7 23:29:36 DD-WRT user.info : telnetd : daemon successfully stopped
Oct 7 23:29:36 DD-WRT user.info : dnsmasq : daemon successfully stopped
Oct 7 23:29:36 DD-WRT user.info : pptpd : daemon successfully stopped
Oct 7 23:29:36 DD-WRT user.info : telnetd : daemon successfully started
Oct 7 23:29:36 DD-WRT user.info : dnsmasq : daemon successfully started
Oct 7 23:29:37 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Oct 7 23:29:37 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Oct 7 23:29:37 DD-WRT user.info : syslogd : syslog daemon successfully stopped
Oct 7 17:29:37 DD-WRT syslog.info syslogd exiting
Oct 7 17:29:37 DD-WRT syslog.info syslogd started: BusyBox v1.29.3
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3383]: WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3383]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 4 2018
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3383]: library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.09
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3385]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3385]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.41.133.148:1195
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: UDPv4 link local: (not bound)
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: UDPv4 link remote: [AF_INET]45.41.133.148:1195
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: TLS: Initial packet from [AF_INET]45.41.133.148:1195, sid=74c36265 b74770b8
Oct 7 23:29:37 DD-WRT daemon.warn openvpn[3385]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: VERIFY OK: nsCertType=SERVER
Oct 7 23:29:37 DD-WRT daemon.notice openvpn[3385]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-384-2a, emailAddress=support@expressvpn.com
Oct 7 23:29:38 DD-WRT daemon.notice openvpn[3385]: NOTE: --mute triggered...
Oct 7 23:29:38 DD-WRT daemon.notice openvpn[3385]: 1 variation(s) on previous 3 message(s) suppressed by --mute
Oct 7 23:29:38 DD-WRT daemon.notice openvpn[3385]: [Server-384-2a] Peer Connection Initiated with [AF_INET]45.41.133.148:1195
Oct 7 23:29:39 DD-WRT daemon.notice openvpn[3385]: SENT CONTROL [Server-384-2a]: 'PUSH_REQUEST' (status=1)
Oct 7 23:29:39 DD-WRT daemon.notice openvpn[3385]: AUTH: Received control message: AUTH_FAILED

What should I be looking at?

If anyone has run VPN on dd-wrt installed on the R6700 could you let me know which version dd-wrt. I've reverted to Netgear firmware for now . .

TIA
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12913
Location: Netherlands
PostPosted: Tue Oct 09, 2018 7:54    Post subject: Reply with quote
AUTH_FAILED ususally means wrong credentials (username/password)
For some VPN providers you do have to generate a username/password so it is not the same as the ones you use to login to their website.

Furthermore it is important that we know to what provider you are wanting to connect and pleae post your Settings page

Edit:
It seems you are on Express VPN so just follow their tutorial: https://www.youtube.com/watch?v=1gBUpl_UdmA

If your username and password are longer then 12 characters that could be a problem and you have to use the manual method
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 14:45    Post subject: Reply with quote
egc wrote:
AUTH_FAILED ususally means wrong credentials (username/password)
For some VPN providers you do have to generate a username/password so it is not the same as the ones you use to login to their website.

Furthermore it is important that we know to what provider you are wanting to connect and pleae post your Settings page

Edit:
It seems you are on Express VPN so just follow their tutorial: https://www.youtube.com/watch?v=1gBUpl_UdmA

If your username and password are longer then 12 characters that could be a problem and you have to use the manual method


Service provider is ExpressVPN and I did work with them for several hours verifying all settings and credentials and we could not find any reason for the FAIL. That's why I'm here . . .

I was going to switch to tomato but it's not supported for the R6700 so that made me curious about whether anyone has VPN running on the R6700 and if so which version.

ahv
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12913
Location: Netherlands
PostPosted: Tue Oct 09, 2018 15:02    Post subject: Reply with quote
Your router itself has probably nothing to do with it, the version could be a problem, you are using the latest.

You could try a version from Kong: http://www.desipro.de/ddwrt/K3-AC-Arm/TEST/
Be aware the R6700 has a v1 version and a v3 version which are different!

Before flashing reset to defaults, upload new version, telnet to your router and do:
Code:
erase nvram
put your settings in manually

Be sure to follow the video I posted in the previous post to setup or use express VPN guide

As said if your username and password are really long that could be a problem and you have to set them manually (i.e. in a separate password file you make on startup)
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 15:12    Post subject: Reply with quote
egc wrote:
Your router itself has probably nothing to do with it, the version could be a problem, you are using the latest.

You could try a version from Kong: http://www.desipro.de/ddwrt/K3-AC-Arm/TEST/
Be aware the R6700 has a v1 version and a v3 version which are different!

Before flashing reset to defaults, upload new version, telnet to your router and do:
Code:
erase nvram
put your settings in manually

Be sure to follow the video I posted in the previous post to setup or use express VPN guide

As said if your username and password are really long that could be a problem and you have to set them manually (i.e. in a separate password file you make on startup)


I'll try again to get kong version - got 404 errors yesterday???

The R6700 is a version 1

The username and password are over 12 characters - over 20!

How do I set that up with a password file??

Thanks;

ahv
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 15:22    Post subject: Reply with quote
egc wrote:
Be sure to follow the video I posted in the previous post to setup or use express VPN guide



I did follow the ExpressVPN website which is the same as the Utube video. All the text entries were done with cut/paste. Only difference is AUTH_FAILED . . .
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12913
Location: Netherlands
PostPosted: Tue Oct 09, 2018 15:23    Post subject: Reply with quote
Do not use the Username/Password from the GUI leave it empty

Go to Administration/Commands and enter:
Code:
echo username > /tmp/auth.conf
echo password >> /tmp/auth.conf


where you of course set the username and password you got from ExpressVPN.
Save Startup

In the Additional Config VPN options add:
Code:
auth-user-pass /tmp/auth.conf


Finally reboot router
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 16:46    Post subject: Reply with quote
egc wrote:
Do not use the Username/Password from the GUI leave it empty

Go to Administration/Commands and enter:
Code:
echo username > /tmp/auth.conf
echo password >> /tmp/auth.conf


where you of course set the username and password you got from ExpressVPN.
Save Startup

In the Additional Config VPN options add:
Code:
auth-user-pass /tmp/auth.conf


Finally reboot router


Clarification: Do I enable user pass authentication and leave the username and password fields empty OR do I disable user / pass auth?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12913
Location: Netherlands
PostPosted: Tue Oct 09, 2018 16:50    Post subject: Reply with quote
Disable
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 17:46    Post subject: Reply with quote
egc wrote:
Disable


[Correction]

Short version: can't connect - I'm checking errors

Long version:

Loaded Kong version: dd-wrt.K3_R6700.chk

Router reports (Status ; Router):
Router Model: Netgear R7000 <- ??
Firmware Version: DD-WRT v3.0-r36070M (05/31/1Cool

/tmp/auth.conf exists and is correct (verified by telnet to router)

Client config attached as png image

more to come . . . (sorry - dumb error on my part)
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 19:40    Post subject: Reply with quote
egc wrote:
Do not use the Username/Password from the GUI leave it empty

Go to Administration/Commands and enter:
Code:
echo username > /tmp/auth.conf
echo password >> /tmp/auth.conf


where you of course set the username and password you got from ExpressVPN.
Save Startup

In the Additional Config VPN options add:
Code:
auth-user-pass /tmp/auth.conf


Finally reboot router


Is the auth.conf file in the form:

username myusername
password mypassword

OR

myusername
mypassword

Also: file was lost on reboot so should this be stored as a startup script or as a custom script?
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 20:05    Post subject: Reply with quote
CONNECTED_SUCCESS !!

Thanks. I will mention to expressVPN the need for a name password file when they are long . .
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Tue Oct 09, 2018 20:29    Post subject: Reply with quote
How can the /tmp/auth.conf file be kept during a reboot of the router? Appears to me it is lost on reboot/power off.

ahv
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12913
Location: Netherlands
PostPosted: Wed Oct 10, 2018 10:08    Post subject: Reply with quote
That is why you have to press "Save Startup" When you entered the commands in Administration/Commands.

The commands are then saved in NVRAM and executed on startup so that at startup the file is recreated
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ahv
DD-WRT Novice


Joined: 07 Oct 2018
Posts: 14
PostPosted: Wed Oct 10, 2018 14:58    Post subject: Reply with quote
egc wrote:
That is why you have to press "Save Startup" When you entered the commands in Administration/Commands.

The commands are then saved in NVRAM and executed on startup so that at startup the file is recreated


I had to add

chmod 640 /tmp/auth.conf

I did the same with the cert and key files.

It's working now.

Thanks
Back to top View user's profile Send private message
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum