AUTH_FAILED on OpenVPN even when no User/Pass is Set

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
starchas3r_
DD-WRT Novice


Joined: 26 May 2019
Posts: 3

PostPosted: Sun May 26, 2019 17:26    Post subject: AUTH_FAILED on OpenVPN even when no User/Pass is Set Reply with quote
Long time lurker, first time poster.

Getting AUTH_FAILED errors when my laptop tries (from outside the network, of course) to connect to my DD-WRT router with Open VPN enabled. Tried looking at egc's guide at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795&postdays=0&postorder=asc&start=30, but all I found that was relevant was this:
Quote:
AUTH_FAILED error means that the OpenVPN server requires a username/password, but it either wasn't provided, or perhaps was mistyped. If you're using a current dd-wrt build, there should be a "User Pass Authentication" option. Enable it and provide the username/password given to you by the OpenVPN provider.


Thing is, I'm my own "provider" here and I never set up a user/pass policy, instead having certs and keys for authentication. I also don't have the "User Pass Authentication" option in my build, so I'm not even sure where to go to turn that off if it's somehow on.

Configs and logs below. Anything obvious I'm missing here?

Server Stats:
Router: Linksys Wireless-N Broadband
Model: WRT160N V3
Firmware: DD-WRT v3.0-r36698 vpn-small (08/22/1Cool
Note: I'd use the newer 37305 build, but the vpn-small version returns 404 errors on the DD-WRT site when I try and download it. So I'm stuck making due with what I got.

Client Stats:
Computer: Macbook Pro Late 2013 model
OS: OS X Mojave 10.14.5
Open VPN Client Software: Tunnelblick 3.7.9 (Build 5320)

Server Config (Dump from openvpn.conf)
Code:
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto udp4
cipher aes-256-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
fast-io
tun-mtu 1500
mtu-disc yes
server 192.168.1.0 255.255.255.0
dev tun2

Note: I tried disabling auth sha256 on both client and server configs, but that changed nothing.

Client Config:
Code:
client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher AES-256-CBC
auth sha256
verb 3


Connection Logs from Server:
Code:
May 26 12:32:48 DD-WRT user.info syslog: openvpn : OpenVPN daemon (Server) starting/restarting...
May 26 12:32:48 DD-WRT daemon.warn openvpn[5509]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
May 26 12:32:48 DD-WRT daemon.notice openvpn[5509]: OpenVPN 2.4.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 22 2018
May 26 12:32:48 DD-WRT daemon.notice openvpn[5509]: library versions: OpenSSL 1.1.0i 14 Aug 2018, LZO 2.09
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: Diffie-Hellman initialized with 2048 bit key
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: TUN/TAP device tun2 opened
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: TUN/TAP TX queue length set to 100
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: /sbin/ifconfig tun2 192.168.1.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
May 26 12:32:48 DD-WRT daemon.warn openvpn[5510]: WARNING: Failed running command (--route-up): external program exited with error status: 2
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: Socket Buffers: R=[114688->114688] S=[114688->114688]
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: UDPv4 link local (bound): [AF_INET][undef]:1194
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: UDPv4 link remote: [AF_UNSPEC]
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: MULTI: multi_init called, r=256 v=256
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: IFCONFIG POOL: base=192.168.1.2 size=252, ipv6=0
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: ifconfig_pool_read(), in='client1,192.168.1.2', TODO: IPv6
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: succeeded -> ifconfig_pool_set()
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: IFCONFIG POOL LIST
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: client1,192.168.1.2
May 26 12:32:48 DD-WRT daemon.notice openvpn[5510]: Initialization Sequence Completed
May 26 12:34:56 DD-WRT daemon.err httpd[800]: Request Error Code 408: No request appeared within a reasonable time period.
May 26 12:36:04 DD-WRT daemon.err httpd[800]: Request Error Code 408: No request appeared within a reasonable time period.
May 26 12:36:19 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:6761, sid=e8945fb7 41389c35
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 VERIFY OK: depth=1, CN=home
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 VERIFY OK: depth=0, CN=client1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_VER=2.4.7
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_PLAT=mac
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_PROTO=2
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_NCP=2
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_LZ4=1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_LZ4v2=1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_LZO=1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_COMP_STUB=1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_COMP_STUBv2=1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_TCPNL=1
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5320_3.7.9__build_5320)"
May 26 12:36:20 DD-WRT daemon.warn openvpn[5510]: XX.XX.XX.XX:6761 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1557'
May 26 12:36:20 DD-WRT daemon.warn openvpn[5510]: XX.XX.XX.XX:6761 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
May 26 12:36:20 DD-WRT daemon.warn openvpn[5510]: XX.XX.XX.XX:6761 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:6761 [client1] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:6761
May 26 12:36:20 DD-WRT daemon.notice openvpn[5510]: client1/XX.XX.XX.XX:6761 MULTI_sva: pool returned IPv4=192.168.1.2, IPv6=(Not enabled)
May 26 12:36:20 DD-WRT daemon.warn openvpn[5510]: client1/XX.XX.XX.XX:6761 WARNING: Failed running command (--client-connect): external program exited with error status: 2
May 26 12:36:21 DD-WRT daemon.notice openvpn[5510]: client1/XX.XX.XX.XX:6761 PUSH: Received control message: 'PUSH_REQUEST'
May 26 12:36:21 DD-WRT daemon.notice openvpn[5510]: client1/XX.XX.XX.XX:6761 Delayed exit in 5 seconds
May 26 12:36:21 DD-WRT daemon.notice openvpn[5510]: client1/XX.XX.XX.XX:6761 SENT CONTROL [client1]: 'AUTH_FAILED' (status=1)
May 26 12:36:25 DD-WRT daemon.notice openvpn[5510]: XX.XX.XX.XX:53409 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:53409, sid=a0597cad 18d6deff
May 26 12:36:26 DD-WRT daemon.notice openvpn[5510]: client1/XX.XX.XX.XX:6761 SIGTERM[soft,delayed-exit] received, client-instance exiting


Connection Logs from Tunnelblick:
Code:
2019-05-26 12:36:18.497478 *Tunnelblick: macOS 10.14.5; Tunnelblick 3.7.9 (build 5320); prior version 3.7.8 (build 5180)
2019-05-26 12:36:18.791243 *Tunnelblick: Attempting connection with home using shadow copy; Set nameserver = 769; monitoring connection
2019-05-26 12:36:18.792004 *Tunnelblick: openvpnstart start home.tblk 50451 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.7-openssl-1.0.2r
2019-05-26 12:36:18.829729 *Tunnelblick: openvpnstart starting OpenVPN
2019-05-26 12:36:19.048550 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 22 2019
2019-05-26 12:36:19.048734 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.10
2019-05-26 12:36:19.050963 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:50451
2019-05-26 12:36:19.051063 Need hold release from management interface, waiting...
2019-05-26 12:36:19.418182 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-Shome.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.50451.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/xxxx/home.tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5320 3.7.9 (build 5320)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/xxxx/home.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/xxxx/home.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/xxxx/home.tblk/Contents/Resources
          --management 127.0.0.1 50451 /Library/Application Support/Tunnelblick/hikjneihmecgifpdnonolmgejmbiobmloljonikm.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2019-05-26 12:36:19.432890 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50451
2019-05-26 12:36:19.473894 MANAGEMENT: CMD 'pid'
2019-05-26 12:36:19.473962 MANAGEMENT: CMD 'auth-retry interact'
2019-05-26 12:36:19.474010 MANAGEMENT: CMD 'state on'
2019-05-26 12:36:19.474190 MANAGEMENT: CMD 'state'
2019-05-26 12:36:19.474272 MANAGEMENT: CMD 'bytecount 1'
2019-05-26 12:36:19.477786 *Tunnelblick: Established communication with OpenVPN
2019-05-26 12:36:19.480321 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-05-26 12:36:19.489506 MANAGEMENT: CMD 'hold release'
2019-05-26 12:36:19.494346 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-05-26 12:36:19.501419 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 12:36:19.501533 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-05-26 12:36:19.501565 UDP link local: (not bound)
2019-05-26 12:36:19.501591 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 12:36:19.501841 MANAGEMENT: >STATE:1558888579,WAIT,,,,,,
2019-05-26 12:36:19.564370 MANAGEMENT: >STATE:1558888579,AUTH,,,,,,
2019-05-26 12:36:19.564424 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=b9adb9fb b86da0a1
2019-05-26 12:36:20.239404 VERIFY OK: depth=1, CN=home
2019-05-26 12:36:20.284762 VERIFY KU OK
2019-05-26 12:36:20.287317 Validating certificate extended key usage
2019-05-26 12:36:20.288643 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-05-26 12:36:20.288684 VERIFY EKU OK
2019-05-26 12:36:20.288705 VERIFY OK: depth=0, CN=server
2019-05-26 12:36:20.603618 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1570'
2019-05-26 12:36:20.603752 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
2019-05-26 12:36:20.603890 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2019-05-26 12:36:20.604066 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-05-26 12:36:20.604120 [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
2019-05-26 12:36:21.716459 MANAGEMENT: >STATE:1558888581,GET_CONFIG,,,,,,
2019-05-26 12:36:21.716715 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2019-05-26 12:36:21.803188 AUTH: Received control message: AUTH_FAILED
2019-05-26 12:36:21.805147 SIGUSR1[soft,auth-failure] received, process restarting
2019-05-26 12:36:21.806963 MANAGEMENT: >STATE:1558888581,RECONNECTING,auth-failure,,,,,
2019-05-26 12:36:25.226429 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization
2019-05-26 12:36:25.373659 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2019-05-26 12:36:25.375416 *Tunnelblick: Disconnecting using 'kill'
2019-05-26 12:36:25.531661 MANAGEMENT: CMD 'hold release'
2019-05-26 12:36:25.531889 MANAGEMENT: CMD 'hold release'
2019-05-26 12:36:25.531946 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-05-26 12:36:25.532066 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 12:36:25.532118 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-05-26 12:36:25.532142 UDP link local: (not bound)
2019-05-26 12:36:25.532165 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 12:36:25.532208 MANAGEMENT: >STATE:1558888585,WAIT,,,,,,
2019-05-26 12:36:25.590280 event_wait : Interrupted system call (code=4)
2019-05-26 12:36:25.591898 SIGTERM[hard,] received, process exiting
2019-05-26 12:36:25.591948 MANAGEMENT: >STATE:1558888585,EXITING,SIGTERM,,,,,
2019-05-26 12:36:26.118452 *Tunnelblick: No 'post-disconnect.sh' script to execute
2019-05-26 12:36:26.257910 *Tunnelblick: Expected disconnection occurred.
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Sun May 26, 2019 18:03    Post subject: Reply with quote
It's NOT failing because of any need for username/password. It's failing because of the following.

Code:
2019-05-26 12:36:20.603752 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'


You have the auth directive (Hash Algorithm in the GUI) set differently between the OpenVPN client and server. They need to match!

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5136
Location: Akershus, Norway

PostPosted: Sun May 26, 2019 18:14    Post subject: Reply with quote
ftp://ftp.dd-wrt.com/betas/2019/
starchas3r_
DD-WRT Novice


Joined: 26 May 2019
Posts: 3

PostPosted: Sun May 26, 2019 18:54    Post subject: Reply with quote
Quote:
ftp://ftp.dd-wrt.com/betas/2019/


Thanks, Per Yngve Berg, but even when I try the FTP, I'm not finding the 37305 build of openvpn_small. I just find the generic mini for my router in that build (would that still lack openvpn?)

ftp://ftp.dd-wrt.com/betas/2018/10-10-2018-r37305/broadcom_K26/

Quote:
It's NOT failing because of any need for username/password. It's failing because of the following.

Code:
2019-05-26 12:36:20.603752 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'


You have the auth directive (Hash Algorithm in the GUI) set differently between the OpenVPN client and server. They need to match!


Yeah, looks like I removed that directive during my latest test. My bad. I've put it back in and that warning is gone, but I still get the AUTH_FAILED error.

Config:
Code:

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher AES-256-CBC
auth sha256
verb 3


Log:
Code:
2019-05-26 14:27:04.533562 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-Shome--dev.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.58434.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5320 3.7.9 (build 5320)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources
          --management 127.0.0.1 58434 /Library/Application Support/Tunnelblick/hikjneihmecgifpdnonolmgejmbiobmloljonikm.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2019-05-26 14:27:04.546400 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:58434
2019-05-26 14:27:04.596683 MANAGEMENT: CMD 'pid'
2019-05-26 14:27:04.597409 *Tunnelblick: Established communication with OpenVPN
2019-05-26 14:27:04.604507 MANAGEMENT: CMD 'auth-retry interact'
2019-05-26 14:27:04.604665 MANAGEMENT: CMD 'state on'
2019-05-26 14:27:04.604823 MANAGEMENT: CMD 'state'
2019-05-26 14:27:04.608839 MANAGEMENT: CMD 'bytecount 1'
2019-05-26 14:27:04.628995 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-05-26 14:27:04.635367 MANAGEMENT: CMD 'hold release'
2019-05-26 14:27:04.636293 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-05-26 14:27:04.688341 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 14:27:04.688431 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-05-26 14:27:04.688704 UDP link local: (not bound)
2019-05-26 14:27:04.688751 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 14:27:04.689487 MANAGEMENT: >STATE:1558895224,WAIT,,,,,,
2019-05-26 14:27:04.759262 MANAGEMENT: >STATE:1558895224,AUTH,,,,,,
2019-05-26 14:27:04.759479 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=2d5815e8 347bfa45
2019-05-26 14:27:05.412653 VERIFY OK: depth=1, CN=home
2019-05-26 14:27:05.538071 VERIFY KU OK
2019-05-26 14:27:05.538135 Validating certificate extended key usage
2019-05-26 14:27:05.538158 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-05-26 14:27:05.538176 VERIFY EKU OK
2019-05-26 14:27:05.538191 VERIFY OK: depth=0, CN=server
2019-05-26 14:27:05.897517 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570'
2019-05-26 14:27:05.897653 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2019-05-26 14:27:05.897946 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-05-26 14:27:05.898122 [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
2019-05-26 14:27:07.035885 MANAGEMENT: >STATE:1558895227,GET_CONFIG,,,,,,
2019-05-26 14:27:07.036100 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2019-05-26 14:27:07.099826 AUTH: Received control message: AUTH_FAILED
2019-05-26 14:27:07.101870 SIGUSR1[soft,auth-failure] received, process restarting
2019-05-26 14:27:07.101928 MANAGEMENT: >STATE:1558895227,RECONNECTING,auth-failure,,,,,
2019-05-26 14:27:13.390886 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization
2019-05-26 14:27:13.699242 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2019-05-26 14:27:13.700383 *Tunnelblick: Disconnecting using 'kill'
2019-05-26 14:27:13.888106 SIGTERM[hard,init_instance] received, process exiting
2019-05-26 14:27:13.890034 MANAGEMENT: >STATE:1558895233,EXITING,init_instance,,,,,
2019-05-26 14:27:14.299356 *Tunnelblick: No 'post-disconnect.sh' script to execute
2019-05-26 14:27:14.452724 *Tunnelblick: Expected disconnection occurred.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5136
Location: Akershus, Norway

PostPosted: Sun May 26, 2019 19:16    Post subject: Reply with quote
Better to use a 3.x build

ftp://ftp.dd-wrt.com/betas/2019/05-25-2019-r39855/broadcom_K3X/dd-wrt.v24-39855_NEWD-2_K3.x_mega_wrt160nv3.bin
starchas3r_
DD-WRT Novice


Joined: 26 May 2019
Posts: 3

PostPosted: Sun May 26, 2019 19:24    Post subject: Reply with quote
Quote:
Better to use a 3.x build

ftp://ftp.dd-wrt.com/betas/2019/05-25-2019-r39855/broadcom_K3X/dd-wrt.v24-39855_NEWD-2_K3.x_mega_wrt160nv3.bin


Happy to give it a try! Do the Mega builds have OpenVPN right out of the box, or will I need a separate build for that like I did the Mini?

Also, if I'm going from a Mini to a Mega, should I use the Upgrade dialog in the web interface, or should I be taking a more manual approach?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5136
Location: Akershus, Norway

PostPosted: Sun May 26, 2019 19:48    Post subject: Reply with quote
Yes it contains OpenVPN.

https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT150N_%26_WRT160N#WRT160Nv3_Instructions
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Sun May 26, 2019 20:44    Post subject: Reply with quote
Same type of situation.

Code:
2019-05-26 14:27:05.897653 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'


These have to match. One side is using compression, and the other is not. So they can't communicate.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh


Last edited by eibgrad on Sun May 26, 2019 20:55; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3794
Location: Netherlands

PostPosted: Sun May 26, 2019 20:45    Post subject: Reply with quote
K2.6 builds are broken for a long time.
Busybox problem, you can not execute external scripts.

K3.x is the one you should try

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum