RT-N66U and Sonic's OpenVPN server

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
2 posts Page 1 of 1
by dzemke » Sat Jun 22, 2019 5:35 pm
Hello,

I'd like to connect my ASUS RT-N66U router to the Sonic.net VPN so that the NSA can't see what kind of cat toys I'm buying on Amazon.

I downloaded the client-locked client.ovpn file, uploaded it to the router via the web interface (most recent, stock firmware), added my username (only, apparently there's a cert in the config that alleviates the necessity of a password). It doesn't work. Logged into the CLI to check the syslog and saw this set of messages looping over and over again:

Jun 22 17:33:17 vpnclient5[5350]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 22 17:33:17 vpnclient5[5350]: Socket Buffers: R=[87380->200000] S=[16384->200000]
Jun 22 17:33:17 vpnclient5[5350]: Attempting to establish TCP connection with [AF_INET]209.148.113.36:443 [nonblock]
Jun 22 17:33:18 vpnclient5[5350]: TCP connection established with [AF_INET]209.148.113.36:443
Jun 22 17:33:18 vpnclient5[5350]: TCPv4_CLIENT link local: [undef]
Jun 22 17:33:18 vpnclient5[5350]: TCPv4_CLIENT link remote: [AF_INET]209.148.113.36:443
Jun 22 17:33:18 vpnclient5[5350]: TLS: Initial packet from [AF_INET]209.148.113.36:443, sid=32aada19 5f30f5b9
Jun 22 17:33:18 vpnclient5[5350]: Connection reset, restarting [0]
Jun 22 17:33:18 vpnclient5[5350]: SIGUSR1[soft,connection-reset] received, process restarting
Jun 22 17:33:18 vpnclient5[5350]: Restart pause, 5 second(s)

Wondering if anyone can help out with suggestions? I can provide more info if it'll help.

Thanks!
by js9erfan » Sun Jun 23, 2019 10:31 am
Lots of good info here but after looking at a screenshot of the RT-N66U's OpenVPN client config page your settings should look like this:

Code: Select all

Service state:  on
Start with WAN:  yes
Interface type:  tun
Protocol: UDP
Server address and port:  ovpn.sonic.net  1194
Firewall:  automatic
Authorization mode:  TLS (click 'content modification of keys and certs and make sure the CA, cert, private/client key and TLS Auth/OpenVPN static key are copied over and in the right fields)
Username:  dzemke (or whatever the correct Sonic username is)
Password:  your Sonic password (required)
Username/password auth only:  no
Auth digest:  Sha1
Create NAT on tunnel:  yes
Global log verbosity:  3
Accept DNS configuration: exclusive
Encryption cipher:  AES-128-CBC
Verify server certificate:  yes
Custom configuration:

Code: Select all

setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
If your router is running OpenVPN v2.4+ you can add the following line to custom configuration so the AES-128-GCM cipher will be used over the less secure CBC:

Code: Select all

ncp-ciphers AES-128-GCM:AES-128-CBC
If you still get errors then post the entire VPN client connection log.
2 posts Page 1 of 1

Who is online

In total there are 31 users online :: 1 registered, 0 hidden and 30 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot] and 30 guests