Question
[Help Needed] Setting up OpenVPN on DD-WRT Router
Dears,
I’ve used this script:
https://github.com/Nyr/openvpn-install
To install an OpenVPN server on my DigitalOcean VPS/Droplet
However I had some rough time getting this to work on my DD-WRT Router:
DD-WRT v3.0-r28788 std (01/13/16)
Router: Linksys WRT1200AC
I’m getting error:
TLS Handshake Failed
I just can’t figure out the correct settings and I would really appreciate it if you give me some help or tell me at least where to search
P.S.: My OpenVPN file works perfectly on Tunnelblick on Mac so I’m sure that there’s nothing wrong with my server installation
My OpenVPN file:
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 46.101.222.212 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[XXXXXXXXX]
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ChangeMe
Validity
Not Before: Dec 7 07:17:46 2016 GMT
Not After : Dec 5 07:17:46 2026 GMT
Subject: CN=client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e2:77:66:d0:5b:84:1d:c5:cd:1f:15:db:67:e9:
67:70:18:1f:44:ce:be:e2:27:ae:53:e8:2b:75:7e:
23:48:c5:3d:c2:af:4d:51:cf:c9:2e:99:00:72:85:
e2:2e:d3:0f:56:06:dc:24:3a:85:5f:05:a7:12:ae:
a1:3d:66:14:ab:83:ef:dc:5c:d7:61:59:97:f3:73:
e8:6f:08:36:3d:2f:07:7a:00:bc:ed:4c:1b:f0:fe:
4e:c3:80:91:3d:ae:2f:9f:f4:93:41:09:37:20:18:
83:9c:33:f1:68:22:e7:2c:b2:19:59:c0:a6:ca:ca:
8e:4f:02:8e:16:8f:4c:47:36:ef:56:7b:8f:e4:52:
d2:88:3c:2d:d1:00:7a:ca:ee:e9:b5:59:11:79:5d:
24:d3:e2:a9:fa:88:34:70:1e:b2:92:f0:88:0b:7d:
b1:a3:84:f1:a9:05:c7:cc:9b:29:55:c6:1a:5c:ef:
40:50:65:e0:07:0c:ee:ce:91:00:87:33:39:2a:1f:
3c:fd:29:41:77:14:c3:ea:25:88:b1:84:75:8d:9b:
98:24:f8:ec:60:fa:71:cc:ef:0d:46:f0:be:dd:b4:
82:5e:01:ff:8e:0a:de:ce:aa:50:3a:74:3b:79:12:
41:1c:05:ae:2b:67:a8:83:c0:ae:49:8c:04:c8:c2:
24:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
26:EB:C5:D6:DF:E3:2B:33:D0:70:66:02:7A:84:93:8F:76:2F:95:81
X509v3 Authority Key Identifier:
keyid:BF:F6:38:8F:C6:E1:8F:15:C4:0A:E7:9E:50:49:48:D4:BA:93:39:20
DirName:/CN=ChangeMe
serial:ED:A1:36:6E:60:F6:C9:13
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
c6:52:64:97:ba:dd:1a:9c:7e:78:0e:12:b8:93:3b:ba:6f:6a:
89:d3:3f:a9:e8:54:80:b4:0d:5a:37:6d:ff:02:82:17:1a:10:
fd:fb:69:e0:a7:67:55:1b:cd:c8:19:61:ec:c7:69:b8:d0:46:
40:29:e5:e6:a6:3a:77:12:75:c5:0d:59:a5:67:02:18:1e:66:
dd:61:01:c7:d2:9b:0d:a3:5e:cd:49:14:2b:c3:79:45:14:23:
78:f4:78:e4:96:70:f7:f2:e5:f8:1a:31:16:9d:04:bb:52:cf:
bc:e4:e2:1c:1c:e6:a2:5f:2d:b1:8d:b9:71:4a:da:08:25:f3:
f3:46:98:8f:28:11:ce:dc:63:9d:d8:4a:43:19:52:6f:bf:fc:
38:e6:31:9c:d7:40:e7:0f:1a:45:75:71:e3:16:0b:81:fe:bb:
00:aa:be:31:dc:45:2c:65:07:00:67:97:6e:ad:7f:a2:80:20:
82:98:59:c4:5b:7b:15:0d:88:60:14:75:e2:ec:5e:1b:c2:d4:
2d:99:d8:04:d2:b3:e5:52:6a:9f:d9:d0:a1:d4:28:e1:29:b5:
8c:3e:ad:b2:04:a7:78:8b:5d:2a:ae:2e:d7:a4:20:c6:e3:3d:
c6:56:33:3c:80:84:ef:83:ff:70:02:7b:ab:95:9c:1b:3a:c3:
fe:fb:0c:41
-----BEGIN CERTIFICATE-----
[XXXXXXXX]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[XXXXXXXXXX]
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[XXXXXXXX]
-----END OpenVPN Static key V1-----
</tls-auth>
An image which shows my current config:
http://static.msaleh.me/ddwrt.jpg
My error log:
20161212 11:09:16 I OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 13 2016
20161212 11:09:16 I library versions: OpenSSL 1.0.2e 3 Dec 2015 LZO 2.09
20161212 11:09:16 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20161212 11:09:16 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20161212 11:09:16 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20161212 11:09:16 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
20161212 11:09:16 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file
20161212 11:09:16 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20161212 11:09:16 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20161212 11:09:16 Socket Buffers: R=[180224->131072] S=[180224->131072]
20161212 11:09:16 I UDPv4 link local: [undef]
20161212 11:09:16 I UDPv4 link remote: [AF_INET]46.101.222.212:443
20161212 11:09:16 TLS: Initial packet from [AF_INET]46.101.222.212:443 sid=99851032 d5ab07b6
20161212 11:09:16 VERIFY OK: depth=1 CN=ChangeMe
20161212 11:09:16 VERIFY nsCertType ERROR: CN=server require nsCertType=SERVER
20161212 11:09:16 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20161212 11:09:16 N TLS Error: TLS object -> incoming plaintext read error
20161212 11:09:16 N TLS Error: TLS handshake failed
20161212 11:09:16 I SIGUSR1[soft tls-error] received process restarting
20161212 11:09:16 Restart pause 2 second(s)
20161212 11:09:18 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20161212 11:09:18 Socket Buffers: R=[180224->131072] S=[180224->131072]
20161212 11:09:18 I UDPv4 link local: [undef]
20161212 11:09:18 I UDPv4 link remote: [AF_INET]46.101.222.212:443
20161212 11:09:20 TLS: Initial packet from [AF_INET]46.101.222.212:443 sid=89e2422e ef2a8c8c
20161212 11:09:20 VERIFY OK: depth=1 CN=ChangeMe
20161212 11:09:20 VERIFY nsCertType ERROR: CN=server require nsCertType=SERVER
20161212 11:09:20 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20161212 11:09:20 N TLS Error: TLS object -> incoming plaintext read error
20161212 11:09:20 N TLS Error: TLS handshake failed
20161212 11:09:20 I SIGUSR1[soft tls-error] received process restarting
20161212 11:09:20 Restart pause 2 second(s)
20161212 11:09:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20161212 11:09:21 D MANAGEMENT: CMD 'state'
20161212 11:09:21 MANAGEMENT: Client disconnected
20161212 11:09:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20161212 11:09:21 D MANAGEMENT: CMD 'state'
20161212 11:09:21 MANAGEMENT: Client disconnected
20161212 11:09:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20161212 11:09:21 D MANAGEMENT: CMD 'state'
20161212 11:09:21 MANAGEMENT: Client disconnected
20161212 11:09:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20161212 11:09:21 D MANAGEMENT: CMD 'status 2'
20161212 11:09:21 MANAGEMENT: Client disconnected
20161212 11:09:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20161212 11:09:21 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00
I’m not really sure if it’s fine to post this question :)
If it’s not then I apologize and please delete it
But really I would appreciate any help
Thanks.
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×