OpenVPN setup probs

[CV350]

Apologies up front for the boring thread but I am also having trouble setting up OpenVPN on my ASUS router. I have read the wiki multiple times and also followed Randys very succinct explanation but can’t seem to get it working. This should be an easy process but I can’t see whats stopping my registration. The error message I get in my router log is”warning - no upstream servers configured” (see the log below). This would seem to indicate the host server is being reached but something is not registering or blocking the client access. I have disabled the windows firewall so that shouldn’t interfere.

Some background on the system.

I am using an ASUS RT86U router which is connected by Ethernet direct to a HP SFF i5 8500 G4 desktop.

This is a dedicated BI server with nothing else on it and I recently reinstalled Windows 10 64 bit.

The router Is accessible via WAN and using DNS.

Following Randy’s guide I have chosen to setup OpenVPN on the router.

Please see the router setup shots below.

i am trying to access the host using my iPhone 6 and have downloaded the OpenVPN connect app. The open.vpn client file is linked via a droppbox link I prefer to stay away from the iTunes Link option. I am using port 1194 and filling in the same ID and password used in the OpenVPN config on the router.

The error message on my iPhone is showing: Failed to import profile.

Some thoughts:

do I need to make any adjustments to port1194?

could this be a problem with dropbox access albeit I copied a direct link?

or is it still something to do with the windows firewall?

Any help would be greatly appreciated.

thanks

the router log:

Apr 29 14:01:29 rc_service: httpd 785:notify_rc restart_openvpnd;restart_chpass;restart_samba
Apr 29 14:01:29 vpnserver1[12989]: event_wait : Interrupted system call (code=4)
Apr 29 14:01:29 vpnserver1[12989]: /sbin/route del -net 10.8.0.0 netmask 255.255.255.0
Apr 29 14:01:29 vpnserver1[12989]: Closing TUN/TAP interface
Apr 29 14:01:29 vpnserver1[12989]: /sbin/ifconfig tun21 0.0.0.0
Apr 29 14:01:29 vpnserver1[12989]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Apr 29 14:01:29 vpnserver1[12989]: SIGTERM[hard,] received, process exiting
Apr 29 14:01:30 vpnserver1[13101]: OpenVPN 2.3.2 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 10 2019
Apr 29 14:01:30 vpnserver1[13101]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Apr 29 14:01:30 vpnserver1[13101]: Diffie-Hellman initialized with 2048 bit key
Apr 29 14:01:30 vpnserver1[13101]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Apr 29 14:01:30 vpnserver1[13101]: TUN/TAP device tun21 opened
Apr 29 14:01:30 vpnserver1[13101]: TUN/TAP TX queue length set to 100
Apr 29 14:01:30 vpnserver1[13101]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 29 14:01:30 vpnserver1[13101]: /sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Apr 29 14:01:30 vpnserver1[13101]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Apr 29 14:01:30 vpnserver1[13105]: UDPv4 link local (bound): [undef]
Apr 29 14:01:30 vpnserver1[13105]: UDPv4 link remote: [undef]
Apr 29 14:01:30 vpnserver1[13105]: MULTI: multi_init called, r=256 v=256
Apr 29 14:01:30 vpnserver1[13105]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Apr 29 14:01:30 vpnserver1[13105]: Initialization Sequence Completed
Apr 29 14:01:30 Samba Server: smb daemon is stoped
Apr 29 14:01:30 dnsmasq[13128]: warning: no upstream servers configured

 

[CV350]

In the first picture above I am only downloading the “Export OpenVPN configuration file” which provides a file named “client.ovpn”. This is the file I am loading in my Dropbox and linking in the OpenVPN connect app on my phone. I am not using the “ export current certification” (server_ovpn.cert).

Am I required to do anything with the server_ovpn.cert file For an iPhone or iPad client connection?

 

[catcamstar]

Hi there,

couple of things:

• dnsmasq upstream error is a "warning" that your ASUS router is configured in (full) DHCP client setup, which means it gets its IP address from your ISP (nothing wrong with that) but also its DNS servers. Those can "change", and the VPN server warns you for that. What you can do is put some fixed IPs in the DNS (eg if you "trust" google, you put 8.8.8.8 in it).
• in your advanced settings, you specify: "ONLY USE USER/PASS COMBINATION? --> NO", which means you DO need to export the certificates from your ASUS and import those into your iPhone.

Now comes the tricky part: you have two choices to continue: either you simply export the certificates and you "try" to import them into the keychain of your iphone, OR, you google for "VPN client ovpn embedded certificates". I always go for the latter, as an .ovpn with embedded certificates is platform agnostic and even a 7-year-old can import these client configuration files without any hazzle.

Good luck!
CC

 

[CV350]

Thanks Catcamstar. I will look into the embedded certificate option which I have also seen mentioned elsewhere.

 

[catcamstar]

Thanks Catcamstar. I will look into the embedded certificate option which I have also seen mentioned elsewhere.

Example: Embedding Certificates into OpenVPN Config -> scroll down for the tls-auth examples too.

Good luck!
CC

 

[Oceanslider]

Example: Embedding Certificates into OpenVPN Config -> scroll down for the tls-auth examples too.

Good luck!
CC

I'm currently not doing this will have to check this out. Thanks.

 

[CV350]

My issues were related to using Dropbox as the link for the client file which OpenVPN Connect didn’t like for some reason.

I got this enlightenment when I ditched the iPhone and iPad for a while and achieved success in getting a connection on my laptop. It was then apparent that my road block with iOS was related to getting the client file into OpenVPN Connect using IOS.

So to solve my iOS roadblocks I sent the openvpn client file to my email address and then saved it to the files app on my iPhone. When I opened the file from “the files app” on my iPhone it gave me an option to Share/ copy the file to OpenVPN connect. Thereafter it was very simple to follow the process.

In summary sharing from the files app rather than importing from OpenVPN Connect was clearly the better option. For me iTunes was a waste of space on any of this.

I’m sure this is all very straight forward for most people but it really did my brain in.

Thanks for everyone’s inputs above. As usual with these things I learnt some more skills in the process and happy to have my secure remote access now functioning.