Asus TM-AC1900 Router and OpenVPN set up for Blue Iris, please help?

[ProTapper]

Hello friends,


I run a Cable modem in Passthrough mode, that serves my main DHCP router in my home over the WAN/Internet port. This router is the Asus TM-AC1900. All other APs and routers in my home are basically running as APs with no ability to serve IPs.

I went ahead and was able to set up an OpenVPN connection and generate the appropriate certificate file as well. There are seemingly no errors in the router, but when I import this file in OpenVPN on my Android phone, I cannot connect to my VPN with this ominous error:



22:54:33.969 -- ----- OpenVPN Start -----

22:54:33.969 -- EVENT: CORE_THREAD_ACTIVE

22:54:33.971 -- OpenVPN core 3.git:released:662eae9a:Release android arm64 64-bit PT_PROXY

22:54:33.972 -- Frame=512/2048/512 mssfix-ctrl=1250

22:54:33.974 -- EVENT: CORE_THREAD_ERROR info='X509:arse_pem: error in cert:: error:0909006CEM routines:get_name:no start line'


Any body know what's wrong? I don't know how to validate this format, nor am I sure if this is a credentials issue (no errors indicating it) or, my router is generating garbage certificates?

Please help. Thank you!

 

[wittaj]

Are you on mobile when you are trying OpenVPN? You do not want to be trying OpenVPN when you are connected to your wifi at home LOL.

Try these steps:

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address.

OpenVPN is simple, but we make it way more difficult than it needs to be lol.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, provide DDNS name, encryption method, and create certificate. Then email that certificate to you and save the certificate on your mobile device. Then install the OpenVPN app and run it and select the certificate and then connect and you are on your home network.

This might help as well:

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...

randyshomeprojects.blogspot.com

 

[looney2ns]

Hello friends,


I run a Cable modem in Passthrough mode, that serves my main DHCP router in my home over the WAN/Internet port. This router is the Asus TM-AC1900. All other APs and routers in my home are basically running as APs with no ability to serve IPs.

I went ahead and was able to set up an OpenVPN connection and generate the appropriate certificate file as well. There are seemingly no errors in the router, but when I import this file in OpenVPN on my Android phone, I cannot connect to my VPN with this ominous error:



22:54:33.969 -- ----- OpenVPN Start -----

22:54:33.969 -- EVENT: CORE_THREAD_ACTIVE

22:54:33.971 -- OpenVPN core 3.git:released:662eae9a:Release android arm64 64-bit PT_PROXY

22:54:33.972 -- Frame=512/2048/512 mssfix-ctrl=1250

22:54:33.974 -- EVENT: CORE_THREAD_ERROR info='X509:arse_pem: error in cert:: error:0909006CEM routines:get_name:no start line'


Any body know what's wrong? I don't know how to validate this format, nor am I sure if this is a credentials issue (no errors indicating it) or, my router is generating garbage certificates?

Please help. Thank you!

Are you on your home network when you try this? It won't work on your home network you need to be on your mobile network for it to work.

 

[SouthernYankee]

turn off the wifi on your phone then test.

 

[ProTapper]

Are you on mobile when you are trying OpenVPN? You do not want to be trying OpenVPN when you are connected to your wifi at home LOL.

Try these steps:

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address.

OpenVPN is simple, but we make it way more difficult than it needs to be lol.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, provide DDNS name, encryption method, and create certificate. Then email that certificate to you and save the certificate on your mobile device. Then install the OpenVPN app and run it and select the certificate and then connect and you are on your home network.

This might help as well:

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...

randyshomeprojects.blogspot.com

Are you on your home network when you try this? It won't work on your home network you need to be on your mobile network for it to work.

turn off the wifi on your phone then test.

Thanks to all you for trying to help me. Absolutely, I was on cellular, trying to test my VPN ! But, I think there is something wrong with my certificate generation, I'm attaching the errors from OpenVPN, I could not find Google solutions either .

I followed @wittaj linked guide and made sure I had my DDNS registered and going... But it's still the same error ...

Please let me know if you guys can help. Thanks.

 

[Edcfish]

How did you export your certificate?

The way I got OpenVPN to work to connect my android phone to my pfsense router I had to export as an inline configuration and in the OpenVPN Connect format.

 

[ProTapper]

How did you export your certificate?

The way I got OpenVPN to work to connect my android phone to my pfsense router I had to export as an inline configuration and in the OpenVPN Connect format.

Thank you for your help, on the ASUS router, there is an Export button on the OpenVPN settings page. I use that directly to download the cert on my mobile file system, then use the same source and file to import the cert in the Android OpenVPN Connect app...

 

[looney2ns]

Thank you for your help, on the ASUS router, there is an Export button on the OpenVPN settings page. I use that directly to download the cert on my mobile file system, then use the same source and file to import the cert in the Android OpenVPN Connect app...

On mine, I have this:
That's all I use, if you look in the file that's generated, you can see the certificate is already included, no need to export the certificate separately.
Simply email the generated file to your phone, then import that file.

 

[ncpilot]

I spent many hours of headaches when I configured OpenVPN trying to email myself the certificate, only to figure out that my email provider was somehow messing up or blanking the attached file.

I finally had to copy the certificate file onto a flash drive, then hook that drive up to my phone and tablets, in order to get the file.

Just a possibility--check to see if your config/cert file has a size of more than a few bytes...

 

[sebastiantombs]

Way more secure to use the flash drive to transfer the certificate rather than emailing it.

 

[ProTapper]

On mine, I have this: View attachment 90876
That's all I use, if you look in the file that's generated, you can see the certificate is already included, no need to export the certificate separately.
Simply email the generated file to your phone, then import that file.

I spent many hours of headaches when I configured OpenVPN trying to email myself the certificate, only to figure out that my email provider was somehow messing up or blanking the attached file.

I finally had to copy the certificate file onto a flash drive, then hook that drive up to my phone and tablets, in order to get the file.

Just a possibility--check to see if your config/cert file has a size of more than a few bytes...

Thanks for the suggestions guys, but I'm starting to think my Asus router is not generating the file correctly? Because:

I generate the file, logged into my router via my mobile phone. I hit the Export button on my router, download to local directory for the cell phone. Then launch OpenVPN Connect, import the the ovpn file directly from that storage. Turn off WiFi and try to connect.

Do you guys see areas of corruption or contamination here? Appreciate your help!

 

[ncpilot]

Check the file size... like I said, I spent a few hours trying to trouble shoot until I realized that a single byte size file was incorrect.

You are assuming that the download to your phone was error free...

 

[ProTapper]

Check the file size... like I said, I spent a few hours trying to trouble shoot until I realized that a single byte size file was incorrect.

You are assuming that the download to your phone was error free...

Yes Sir, error free. Once I downloaded from the Desktop too... It always comes out at 1.43 kb.

 

[looney2ns]

If you open the client.opvn file with a notepad, do you see where the certificate has been inserted into the text?
It will be a bunch of jibberish.

Maybe reboot your router and try again.

 

[ProTapper]

If you open the client.opvn file with a notepad, do you see where the certificate has been inserted into the text?
It will be a bunch of jibberish.

Maybe reboot your router and try again.

Yes, I see the long key generated, but I also noticed that the certificate and key data blocks are empty...

I'm pasting contents here without the full key... Can you guys guide me where to get the certificate and key to include in the appropriate tags? I'm attaching the ovpn file here without the full key for you guys to take a peek?

 

[looney2ns]

Do you wait long enough for the router's process to finish?
Your exporting the ONVF file after you have clicked on apply at bottom of page?
You have assigned a username and a password for the openvpn prior to clicking apply.
See this:[VPN] How to set up a VPN server on ASUS router – OpenVPN | Official Support | ASUS Global

 

[ProTapper]

Do you wait long enough for the router's process to finish?
Your exporting the ONVF file after you have clicked on apply at bottom of page?
You have assigned a username and a password for the openvpn prior to clicking apply.
See this:[VPN] How to set up a VPN server on ASUS router – OpenVPN | Official Support | ASUS Global

Yes, I wait till the prompt for downloading the file comes, then accept it and then go to the file system to verify the file came out right.

Yes, I assigned a username and password before generating the file as well.

 

[ProTapper]

Can others look at your ovpn files and share the structure or what you see, especially generating from an ASUS router? Thank you!

 

[Edcfish]

In mine (from a pfsene, not an asus, router) there are long string of characters between:
<ca>
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
</ca>
<cart> -
----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
</cart>
<key>
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
</key>
and also between:
-----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1-----

 

[ProTapper]

In mine (from a pfsene, not an asus, router) there are long string of characters between:
<ca>
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
</ca>
<cart> -
----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
</cart>
<key>
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
</key>
and also between:
-----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1-----

Thank you Edcfish! Just as I expected then, the Asus is simply not generating the cert data and the keys right.

Either I need to learn how to generate an OpenVPN certificate, without the router OR, try to change router and see if the new one can.

I have an option with a TP-Link Archer, however it does not provide a baked in DDNS service like Asus... So I hope I can find one from something like no-ip that'll work, cause it only supports that and DynDNS which is no longer free... Thank you!