RUT241 Fails to connect to VPN

Dear support,

I’m struggling to make RUT241 connect to the existing VPN server. Firmware 7.10.4

This is the modem log

Fri Nov 15 12:54:28 2024 daemon.warn openvpn(Client)[8033]: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-Client.conf:13: block-outside-dns (2.6.9)
Fri Nov 15 12:54:29 2024 daemon.warn openvpn(Client)[8033]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: OpenVPN 2.6.9 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: DCO version: N/A
Fri Nov 15 12:54:29 2024 daemon.warn openvpn(Client)[8033]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: TCP/UDP: Preserving recently used remote address: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link local: (not bound)
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link remote: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:55:29 2024 daemon.err openvpn(Client)[8033]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 15 12:55:29 2024 daemon.err openvpn(Client)[8033]: TLS Error: TLS handshake failed
Fri Nov 15 12:55:29 2024 daemon.notice openvpn(Client)[8033]: SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 15 12:55:29 2024 daemon.notice openvpn(Client)[8033]: Restart pause, 1 second(s)
Fri Nov 15 12:55:30 2024 daemon.warn openvpn(Client)[8033]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: TCP/UDP: Preserving recently used remote address: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link local: (not bound)
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link remote: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:56:26 2024 daemon.err openvpn(Client)[8033]: event_wait : Interrupted system call (fd=-1,code=4)
Fri Nov 15 12:56:26 2024 daemon.notice openvpn(Client)[8033]: SIGTERM[hard,] received, process exiting
Fri Nov 15 12:56:26 2024 daemon.warn openvpn(Client)[8343]: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-Client.conf:13: block-outside-dns (2.6.9)
Fri Nov 15 12:56:26 2024 daemon.warn openvpn(Client)[8343]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Fri Nov 15 12:56:26 2024 daemon.err openvpn(Client)[8343]: Options error: --tls-auth and --tls-crypt are mutually exclusive
Fri Nov 15 12:56:26 2024 daemon.warn openvpn(Client)[8343]: Use --help for more information.
Fri Nov 15 12:56:31 2024 daemon.warn openvpn(Client)[8410]: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-Client.conf:13: block-outside-dns (2.6.9)
Fri Nov 15 12:56:31 2024 daemon.warn openvpn(Client)[8410]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Fri Nov 15 12:56:31 2024 daemon.err openvpn(Client)[8410]: Options error: --tls-auth and --tls-crypt are mutually exclusive
Fri Nov 15 12:56:31 2024 daemon.warn openvpn(Client)[8410]: Use --help for more information.

Hello,

Thank you for reaching out.

Here are a few things to check and consider:

  1. Verify the Server’s Address and Port:
    Ensure the server’s address and port in the client configuration are correct and match the server’s settings.
  2. Check for Firewall or Network Restrictions:
    Confirm there are no firewalls or network rules blocking UDP traffic on the specified port.
  3. Match TLS Options Between Server and Client:
  • Verify that the server configuration matches the client’s TLS options.
  • Use only one of the two options: tls-auth or tls-crypt.
  • If the server uses tls-crypt, remove tls-auth from the client configuration (or vice versa).

Additionally, if possible, could you check the logs on the server side? These may provide more insights into the issue.

Best Regards,