OpenWrt Forum Archive

Topic: OpenVPN client does not connect

The content of this topic has been archived on 6 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
paolo_nl
30 Aug 2017, 19:45

I have setup a openvpn server on a raspberry pi . I have made several config files for different users. When I try and use these config files on android (openvpn app by Arne Schwabe) the connection is made well.

On a windows laptop and OpenVPN client (by OpenVPN) the connection is made well.

I did change the udp port to 1195 on my openvpn server

On my GL.iNet GL-AR300m travel router (running openWRT  15.05) however i cannot make the connection to the server with the .ovpn file provided.

I'll get this error:

OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache. Exiting due to fatal error

any thoughts?

(Last edited by paolo_nl on 30 Aug 2017, 19:53)

Post #2
eduperez
30 Aug 2017, 21:19

Have you even read the error message? You used a password for the private key, and now the client needs someone to pass him such key, but it cannot do that because of how you are calling it.

Post #3
paolo_nl
31 Aug 2017, 07:49

I did, but I don 't onderstand where I can edit it. I assume somewhere in openwrt and not in the .ovpn file?

Post #4
eduperez
31 Aug 2017, 08:29

If you are going to have a client running on a machine without user interaction, it does not make much sense to use a password-protected private key, does it? How are you going to pass the key to the router each time? And if you put it in a file inside the router, anyone who gains access to the private key will also have access to the password.

Post #5
paolo_nl
31 Aug 2017, 15:50

In the documentation of the gl.inet router it states that when a password is required I should get a popup box where I can enter it. Is it possible to use this .ovpn file in this openwrt setup? I can't get to the openvpn server to make a new .ovpn config file without a password now.

Post #6
ulmwind
31 Aug 2017, 20:11

What type of authentication do you use? If you use login-password authentication, you should provide them in separate file. Does your .ovpn file contain string "auth-user-pass"?

Post #7
paolo_nl
5 Sep 2017, 18:23

just a password. In the other clients (windows and android) i get a password box when i try to connect. I just checked the .ovpn file and i can't find the string "auth-user-pass" .

This is my .ovpn file where the keys en ip address are replaced by XXX

client
dev tun
proto udp
remote X.X.X.X 1195
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXX-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
XXX
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
XXXX
-----END OpenVPN Static key V1-----
</tls-auth>

Post #8
ulmwind
19 Sep 2017, 18:25

It is strange, that it requires login and password, because there is user key in file. Try to add string 'auth-user-pass', and see result.

The discussion might have continued from here.