RUT241 Fails to connect to VPN

Dear support,

I’m struggling to make RUT241 connect to the existing VPN server. Firmware 7.10.4

This is the modem log

Fri Nov 15 12:54:28 2024 daemon.warn openvpn(Client)[8033]: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-Client.conf:13: block-outside-dns (2.6.9)
Fri Nov 15 12:54:29 2024 daemon.warn openvpn(Client)[8033]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: OpenVPN 2.6.9 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: DCO version: N/A
Fri Nov 15 12:54:29 2024 daemon.warn openvpn(Client)[8033]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: TCP/UDP: Preserving recently used remote address: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link local: (not bound)
Fri Nov 15 12:54:29 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link remote: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:55:29 2024 daemon.err openvpn(Client)[8033]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 15 12:55:29 2024 daemon.err openvpn(Client)[8033]: TLS Error: TLS handshake failed
Fri Nov 15 12:55:29 2024 daemon.notice openvpn(Client)[8033]: SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 15 12:55:29 2024 daemon.notice openvpn(Client)[8033]: Restart pause, 1 second(s)
Fri Nov 15 12:55:30 2024 daemon.warn openvpn(Client)[8033]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: TCP/UDP: Preserving recently used remote address: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link local: (not bound)
Fri Nov 15 12:55:30 2024 daemon.notice openvpn(Client)[8033]: UDPv4 link remote: [AF_INET]96.125.132.222:4994
Fri Nov 15 12:56:26 2024 daemon.err openvpn(Client)[8033]: event_wait : Interrupted system call (fd=-1,code=4)
Fri Nov 15 12:56:26 2024 daemon.notice openvpn(Client)[8033]: SIGTERM[hard,] received, process exiting
Fri Nov 15 12:56:26 2024 daemon.warn openvpn(Client)[8343]: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-Client.conf:13: block-outside-dns (2.6.9)
Fri Nov 15 12:56:26 2024 daemon.warn openvpn(Client)[8343]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Fri Nov 15 12:56:26 2024 daemon.err openvpn(Client)[8343]: Options error: --tls-auth and --tls-crypt are mutually exclusive
Fri Nov 15 12:56:26 2024 daemon.warn openvpn(Client)[8343]: Use --help for more information.
Fri Nov 15 12:56:31 2024 daemon.warn openvpn(Client)[8410]: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-Client.conf:13: block-outside-dns (2.6.9)
Fri Nov 15 12:56:31 2024 daemon.warn openvpn(Client)[8410]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Fri Nov 15 12:56:31 2024 daemon.err openvpn(Client)[8410]: Options error: --tls-auth and --tls-crypt are mutually exclusive
Fri Nov 15 12:56:31 2024 daemon.warn openvpn(Client)[8410]: Use --help for more information.

Hello,

Thank you for reaching out.

Here are a few things to check and consider:

  1. Verify the Server’s Address and Port:
    Ensure the server’s address and port in the client configuration are correct and match the server’s settings.
  2. Check for Firewall or Network Restrictions:
    Confirm there are no firewalls or network rules blocking UDP traffic on the specified port.
  3. Match TLS Options Between Server and Client:
  • Verify that the server configuration matches the client’s TLS options.
  • Use only one of the two options: tls-auth or tls-crypt.
  • If the server uses tls-crypt, remove tls-auth from the client configuration (or vice versa).

Additionally, if possible, could you check the logs on the server side? These may provide more insights into the issue.

Best Regards,

This topic was automatically closed after 60 days. New replies are no longer allowed.