Reply
New Member
Posts: 30
Registered: ‎10-08-2013
Kudos: 1

OpenVPN issues with 1.3

I was looking forward to using the .opvn file with 1.3 for my OpenVPN tunnel, but I couldn't seem to get it working. The command line in the blgo announcing 1.3 would consistenly fail.  I tried just manually entering it into the config file directly and uploading it, but that didn't work either.  I also couldn't get it working using my old config setup that worked in 1.2, for some reason.

Had to go back to 1.2 Man Sad

Here is my .opvn file (provided by my VPN service)

client
dev tun
proto udp
remote us-east.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass secret.txt
comp-lzo
verb 1
reneg-sec 0

If anyone else runs into similar trouble trying to get a config file like this working under 1.3 and figures it out, please share Man Happy

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: OpenVPN issues with 1.3

Where did you put the .ovpn file, and where did you put the "ca.crt" file, which is referenced by the .ovpn file? Also what is the command you tried, and what's the failure? You can copy-and-paste the command sequence and output here so that people can take a look.

New Member
Posts: 30
Registered: ‎10-08-2013
Kudos: 1

Re: OpenVPN issues with 1.3


@UBNT-ancheng wrote:

Where did you put the .ovpn file, and where did you put the "ca.crt" file, which is referenced by the .ovpn file? Also what is the command you tried, and what's the failure? You can copy-and-paste the command sequence and output here so that people can take a look.


I put the ovpn file in config/auth.   I tried it just in /config as well but nothing changed.  The ca.crt file is in the same directory as the ovpn file.

Here is the command sequence and output:

[edit]
admin@ubnt# set interfaces openvpn vtun0 config-file /config/auth/US_East.ovpn  
[edit]                                                                          
admin@ubnt# commit                                                              
[ interfaces openvpn vtun0 ]                                                    
OpenVPN configuration error: Failed to start OpenVPN tunnel.                    
                                                                                
Commit failed                                                                   
[edit]            

 Hope that helps! 

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: OpenVPN issues with 1.3

You can check the log file (/var/log/messages) to see if there's any error messages output when it fails to start the OpenVPN process.

New Member
Posts: 30
Registered: ‎10-08-2013
Kudos: 1

Re: OpenVPN issues with 1.3


@UBNT-ancheng wrote:

You can check the log file (/var/log/messages) to see if there's any error messages output when it fails to start the OpenVPN process.


Ok, that's helpful....here's the log:

Oct 17 03:48:31 ubnt openvpn[1461]: OpenVPN 2.2.1 mips-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar  3 2012
Oct 17 03:48:31 ubnt openvpn[1461]: WARNING: cannot stat file 'secret.txt': No such file or directory (errno=2)
Oct 17 03:48:31 ubnt openvpn[1461]: Error opening 'Auth' auth file: secret.txt: No such file or directory (errno=2)
Oct 17 03:48:31 ubnt openvpn[1461]: Exiting

 So it looks like my ovpn file is referencing the location of the secret.txt file incorrectly? How should I do it where they're in the same directory?

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: OpenVPN issues with 1.3

You can try putting the full path in the ovpn file, for example:

auth-user-pass /config/auth/secret.txt
New Member
Posts: 30
Registered: ‎10-08-2013
Kudos: 1

Re: OpenVPN issues with 1.3


@UBNT-ancheng wrote:

You can try putting the full path in the ovpn file, for example:

auth-user-pass /config/auth/secret.txt

I had just done that...sorry for the noob issue!

Now my issue is that the vtun0 tunnel is created, but it doesn't appear to DO anything.  Previously the dashboard would show traffic over the tunnel, even "0's" if the tunnel wasn't configured properly or something.  Now everthing is blank other than the name "vtun0".  And I am not connecting out over the tunnel.

So I can now create the tunnel using the ovpn file (apparently), but the tunnel doesn't work like it did under 1.2.

Any thoughts?

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: OpenVPN issues with 1.3

Is the .ovpn file equivalent to the config that worked with 1.2? Also check the log to see if there's any issues when the connection is established. You might want to change the "verb 1" to "verb 5" to see more information.

New Member
Posts: 30
Registered: ‎10-08-2013
Kudos: 1

Re: OpenVPN issues with 1.3


@UBNT-ancheng wrote:

Is the .ovpn file equivalent to the config that worked with 1.2? Also check the log to see if there's any issues when the connection is established. You might want to change the "verb 1" to "verb 5" to see more information.


It is not, but if I put in what I had in 1.2 the tunnel doesn't create at all.

I did switch to verb 5 and it looks like the tunnel is forming.

I see occasional message which make me think it's a DNS issue.  Do I have to do something special with DNS settings where using a VPN service like this?  

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: OpenVPN issues with 1.3

Could you post the log messages at "verb 5" so that people can take a look? Also, what is the output of "show ip route" and "ip addr" after the tunnel is established?

New Member
Posts: 30
Registered: ‎10-08-2013
Kudos: 1

Re: OpenVPN issues with 1.3

I figured out what the issue was.

In the .ovpn config file provided by the VPN service, it had the parameter "dev tun"

For whatever reason, the router was treating "tun" as both the type (tun vs. tap) and the NAME of the tunnel.  So while I was creating "vtun0", half of the log was showing a tunnel called "vtun0", and half was showing either just "tun" or "tun0".

I fixed the problem by changing the line in the config file to "dev-type tun"

Hope that helps someone else some day Man Happy

Thanks ancheng for all your assistance.  Skimming the log files with verb 5 was what led me to the solution.

Highlighted
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: OpenVPN issues with 1.3

Ah yes if "dev tun" is in the ovpn file it will override the device name as mentioned in an earlier thread. Good to know it's working for you now!

Reply