VPN help please

[emsufer]

I have asus router that I set up the vpn. I'm using an iphone to try and connect but it is unsuccessful. I'm getting "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" on the router log and on the openvpn connect: 'mbed TLS: SSL read error : SLL Prosse\\cessing of the ServerKeyExchange handshake message failed". I disabled the firewall for a few minutes but it nothing. I used Randy : OpenVPN on a Asus router to setup the router. any help would be appreciated.

 

[Terk]

I can see how the VPN option would be more secure than the stunnel option but does it require that you connect the VPN manually each time you want to open your mobile app when you aren't on your home network?

 

[emsufer]

I think that is what is needed for the vpn client. Connect every time. However I’m getting nowhere with help here. Will have to find a way to get it going.

 

[awsum140]

Try looking through this thread - VPN Primer for Noobs

 

[Terk]

I found the official response from David at IOS 10.0.1 has removes PPTP VPN. Now what? | FlexRadio Systems Community even though it was in response to another product. I happen to have an Asus router so steps 1 - 12 were all I needed. Once I get my other devices updated I'll remove the ssl forwarded port I had in place. The nice thing about ASUS routers (others may have this too?) is the router registers your external IP with their service at asuscomm.com so if it changes your VPN should continue to work.

 

[Terk]

Those of you that use VPN, do you leave it up all the time? Since switching my phone to use the internal ip only the Geofencing fails each time, I'm guessing because the app cannot update the server?

 

[emsufer]

I found the official response from David at IOS 10.0.1 has removes PPTP VPN. Now what? | FlexRadio Systems Community even though it was in response to another product. I happen to have an Asus router so steps 1 - 12 were all I needed. Once I get my other devices updated I'll remove the ssl forwarded port I had in place. The nice thing about ASUS routers (others may have this too?) is the router registers your external IP with their service at asuscomm.com so if it changes your VPN should continue to work.

Thanks. I’ll take a look and see if this helps. Much appreciated.

 

[58chev]

@emsufer

here are my VPN setting from ASUS RT-AC66U_B1 running Merlin Sorry Haven't tried on an iPhone.
Exported the client1.ovpn and imported it on my Androind phone and all works well.

I am using the download OpenVPN app, is that what you are using or the default VPN app?

 

[58chev]

Those of you that use VPN, do you leave it up all the time? Since switching my phone to use the internal ip only the Geofencing fails each time, I'm guessing because the app cannot update the server?

Me, I just use it occasionally when I want to look at my cameras or if surfing from a local coffee shop.

 

[Terk]

@emsufer

here are my VPN setting from ASUS RT-AC66U_B1 running Merlin Sorry Haven't tried on an iPhone.
Exported the client1.ovpn and imported it on my Androind phone and all works well.

I am using the download OpenVPN app, is that what you are using or the default VPN app?

View attachment 27572

I'm using the same OpenVPN store app

 

[emsufer]

Me, I just use it occasionally when I want to look at my cameras or if surfing from a local coffee shop.

I’m using the OpenVPN connect app. Here are the settings. Is there supposed to be a certificate stored in the app under the symbol.

 

[emsufer]

I have also tried from an android device and ipad. Don't understand what i'm doing wrong.

 

[58chev]

Yes, under the symbol, it should show your ????????. asuscomm.com link to your OpenVPN Server.

Maybe try to rebuild your client1.ovpn file and re import into the client app.

 

[Terk]

You exported the file from your router and imported it into the openvpn app correct?

 

[emsufer]

You exported the file from your router and imported it into the openvpn app correct?

Yes. I did the settings saved it, them export the file. I email it to myself and open the file in the app.

 

[Terk]

Were your openvpn client says "External certificate profile" mine says "Standard profile" but I don't see why as your settings are very close to mine, Although your definitely on a different firmware than I am, I'm at the latest my router supports.

 

[emsufer]

I’m using Merlin build on the Asus. But it’s the 376.xx firmware and I see there is more recent updated firmware at 384.xx. I will try to flash the upgrade and see if this remedy’s the problem.

 

[Terk]

Also click were it says YourName.asuscomm.com/client1 (5) as you may have multiple imported profiles, if so try deleting all and re-import your latest export to make sure its using the correct settings, even a small change in the vpn server settings can make the client no longer connect without re-exporting/importing the current connection profile. I'm on the stock firmware, never tried the Merlin firmware.

 

[DognamedTank]

I’m using Merlin build on the Asus. But it’s the 376.xx firmware and I see there is more recent updated firmware at 384.xx. I will try to flash the upgrade and see if this remedy’s the problem.

The "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" took me a little while to get straightened out on my router, as I am using a Merlin build as well.
On some of the Merlin builds, you need to provide your own certificate/keys. On the router VPN Settings, click on the "Content modification of Keys and Certificates" to see if there are any certificates/keys that you need to provide.
The OpenVPN server download includes the program needed to establish your own Certificate authority and certificates with the needed the public and private keys. You can then copy and paste them into the VPN settings and the config file.

 

[58chev]

I’m using Merlin build on the Asus. But it’s the 376.xx firmware and I see there is more recent updated firmware at 384.xx. I will try to flash the upgrade and see if this remedy’s the problem.

I'm running the latest Merlin with no issues (384.4_0)
I will email myself the file and dump it on a iPhone but can only test tomorrow on a different network as my iPhone does not have a SIM.
Have you taken a look over here ?

The "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" took me a little while to get straightened out on my router, as I am using a Merlin build as well.
On some of the Merlin builds, you need to provide your own certificate/keys. On the router VPN Settings, click on the "Content modification of Keys and Certificates" to see if there are any certificates/keys that you need to provide.
The OpenVPN server download includes the program needed to establish your own Certificate authority and certificates with the needed the public and private keys. You can then copy and paste them into the VPN settings and the config file.

I never had to modify any of the keys on my Router running the latest Merlin.