Troubleshooting connectivity OpenVPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
ddnoobguy
DD-WRT Novice


Joined: 21 Jun 2022
Posts: 10

PostPosted: Tue Jun 21, 2022 22:16    Post subject: Troubleshooting connectivity OpenVPN Reply with quote
I don't really understand why it can't verify the key, maybe it's expired?
I honestly don't know what to do.

Attaching images of the setup and logs.
TP-Link WR1043ND V2
DD-WRT v3.0-r44715 std
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue Jun 21, 2022 23:04    Post subject: Reply with quote
Looks like you created the private key w/ a passphrase, when that's NOT what you want for configuring the OpenVPN server. It has no means to ask you for the passphrase at runtime, so it errors out.
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
ddnoobguy
DD-WRT Novice


Joined: 21 Jun 2022
Posts: 10

PostPosted: Wed Jun 22, 2022 0:43    Post subject: Reply with quote
eibgrad wrote:
Looks like you created the private key w/ a passphrase, when that's NOT what you want for configuring the OpenVPN server. It has no means to ask you for the passphrase at runtime, so it errors out.


That is not the one I created tho. It looks like it's a key that came in the OpenVPN server file. It's key.pem and I didn't transfer the certificate files onto the router drive, I copy/pasted the cert text into the inputs of the OpenVPN settings. Also I'm sure I created all the keys without passwords.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Jun 22, 2022 2:55    Post subject: Reply with quote
ddnoobguy wrote:
eibgrad wrote:
Looks like you created the private key w/ a passphrase, when that's NOT what you want for configuring the OpenVPN server. It has no means to ask you for the passphrase at runtime, so it errors out.


That is not the one I created tho. It looks like it's a key that came in the OpenVPN server file. It's key.pem and I didn't transfer the certificate files onto the router drive, I copy/pasted the cert text into the inputs of the OpenVPN settings. Also I'm sure I created all the keys without passwords.


The fact you copied the file's contents to the relevant field in the GUI does NOT mean it's NOT protected by a passphrase. It's NOT the file that's passphrase protected, but the contents itself is encrypted w/ a passphrase. It's done this way to remove any dependence on the file system for controlling permissions.

All that said, it would be next to impossible to NOT know you added a passphrase since you'd be prompted to add one at the time of key creation. Also, the contents of the file would probably indicate it was encrypted in the header.

I just don't understand why the syslog is indicating the lack of a password (passphrase). Double check you copied the correct files from EasyRSA to the correct fields of the GUI.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Jun 22, 2022 6:07    Post subject: Reply with quote
Like @eibgrad said when you make the keys/certs be sure to add "nopass" e.g.:
./easyrsa gen-req <myserver> nopass

The correct procedure is outlined in the DDWRT OpenVPN Server Setup Guide, see:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
( a sticky in this forum)

Furthermore before you do anything, you should upgrade to a recent build, your build is very old, outdated and has security issues.

Recent build is 49268 (49289 is just out and running on my EA6900)
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

*After* upgrade reset to defaults and put settings in manually, never restore from a backup (to different build)

Also after update clear browser cache with CTRL + F5.

Many changes especially in OpenVPN

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Wed Jun 22, 2022 9:09    Post subject: Reply with quote
1043v2 in VPN client mode with CPU@720Mhz delivers 10Mbit over VPN...with chachapoly ... and router CPU is very maxed...

in VPN server mode...its very likely to be very overwhelmed...well..depends on its use... Embarassed

Luckily 1043v2 supports Wireguard too, so you can try this instead, as it will perform a touch better, i guess...never tried it... Rolling Eyes

If your goal is WAN remote access only...you can fairly use SSh over WAN...easy peasy... Cool
-SSh access with 3072Bit key with password for the key
-disable the ssh password login option..
-choose random port away form the first 1024 ports...

sorry to be off topic...Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum