Using Sonic VPN on router (Velop)

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
6 posts Page 1 of 1
by mbratton » Mon Jun 04, 2018 1:30 pm
I recently changed over to a Linksys Velop system, partially because it has support for VPN tunneling and I'd like for all devices on my network to run over the Sonic VPN -- even Apple TVs, HomePods, IOT devices, TVs, etc.

Upon doing further research it looks like the OpenVPN implementation is too basic to be supported at a network level and is only available for certain clients.

Does anyone know if there's another Sonic VPN offering that would support a standard PPTP/IPSec/L2TP tunnel? Or some mythical router/access point that can be used as an OpenVPN client rather than server?
by ngufra » Mon Jun 04, 2018 2:18 pm
I am using an asus router running merlin firmware and am having success with the openvpn server.
Not tried but it can behave as a vpn client too.
https://github.com/RMerl/asuswrt-merlin ... erlin's-fw

https://www.vpnuniversity.com/tutorial/ ... rs-asuswrt
by mbratton » Mon Jun 04, 2018 3:47 pm
Thanks for the tip. Looks like I'll have to return the Velop in favor of some Asus stuff.
by mbratton » Tue Jun 05, 2018 8:44 pm
Got the ASUS routers that support OpenVPN client. And followed your links to set it up.

Looks like it's failing in a loop:

Code: Select all

Jun  5 20:42:00 rc_service: httpd 246:notify_rc restart_vpncall
Jun  5 20:42:01 vpnclient5[2917]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 27 2018
Jun  5 20:42:01 vpnclient5[2917]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun  5 20:42:01 vpnclient5[2917]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Jun  5 20:42:01 vpnclient5[2917]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun  5 20:42:01 vpnclient5[2917]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun  5 20:42:01 vpnclient5[2917]: Socket Buffers: R=[122880->200000] S=[122880->200000]
Jun  5 20:42:01 vpnclient5[2918]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jun  5 20:42:01 vpnclient5[2918]: UDPv4 link local: [undef]
Jun  5 20:42:01 vpnclient5[2918]: UDPv4 link remote: [AF_INET]209.148.113.36:1194
Jun  5 20:42:01 vpnclient5[2918]: TLS: Initial packet from [AF_INET]209.148.113.36:1194, sid=479298b1 647111c0
Jun  5 20:42:01 vpnclient5[2918]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun  5 20:43:01 vpnclient5[2918]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun  5 20:43:01 vpnclient5[2918]: TLS Error: TLS handshake failed
Any ideas?
No problems using the same username/pass/.ovpn combo on other machines on the same network.
by guest » Wed Jun 06, 2018 9:01 pm
Without knowing much about your network a couple things come to mind... Does your modem have routing/firewall functionality that the Asus sits behind? Check that the modem is in bridge mode or equivalent to eliminate double NAT. Try testing your tunnel over TCP to see if it still times out.

Also a good idea to use the latest Merlin firmware (and perform full reset post-flash) if you're not already: https://asuswrt.lostrealm.ca/changelog-382

Before I moved to pfSense I had a Netgear R7000 with a Merlin fork and never had an issue.

Good luck.
by enginethatcould » Sun Jul 15, 2018 3:12 pm
This failure in MerlinWRT usually happens because the OpenVPN version is incompatible with the one used by the server. Try an older or newer version of Merlin.
6 posts Page 1 of 1

Who is online

In total there are 29 users online :: 2 registered, 0 hidden and 27 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Ahrefs [Bot], Semrush [Bot] and 27 guests