ANSWERED Please help! OpenVPN on DD-WRT not working

[PHenry 0]

I carefully followed the official guide to setup AirVPN on my DD-WRT router (Netgear R7000), but it just won't work. Had it working with my previous VPN provider. I've consulted multiple troubleshooting guides, tried different ports, redownloaded my keys and certs multiple times, tried different Additional Configuration lines... nothing seems to fix the issue. See screenshots for current configuration and for the DD-WRT VPN Status screen's log output.

What am I doing wrong?

[SurprisedItWorks 49]

My main dd-wrt router is doing fine with a config like yours but using port 443, TLS Cipher "none" so that it negotiates a best choice, and Compression "disabled" though your "no" should work as well. You might want to go with these choices at least until all is working. I'm especially leery about your port number.

I have had issues on newer dd-wrt builds with my older routers with smaller memories that are still using OpenSSL 1.1.1* versions. My newer, larger router with some OpenSSL 3.x.x version does fine. Apparently the newer OpenSSL is too big for the available flash ram on some older routers. The problem manifested as a TLS authentication failure, but build 57200 (some six months old now) was fine. The problem only appeared somewhat later. 

[SurprisedItWorks 49]

Ah!  I missed something important!  Your server should be us3 or us4 since you are aiming to use tls-crypt!

Be sure your config file with keys/certs was generated for OpenVPN UDP with TLS v1.2. It's some way down the protocol table in the configurator, not at the top.

Edited ... by SurprisedItWorks
additional info

[PHenry 0]

Thank you for the response. I will try turning off TLS Cipher.

I recently updated the DD-WRT build, so I'm fairly certain that is fine, but I'll double check.

For the server and port, I did have it set to us3 and port 443, but had the same issue, so I was trying something different, but it made no difference. I will go back to us3.

As for the port, I do have servers on my network (I have a PBR set up on my router so only one of my Proxmox servers is going through the VPN), so I was thinking that I shouldn't use such a common port in case it messes with my server operations. Maybe it doesn't make a difference, but since AirVPN does allow for other ports, I thought I would change it just to avoid any possible issues with that.

Perhaps just for troubleshooting purposes, I should change it back to 443 until I get everything sorted out.

I will report back on the results of this attempt.

[SurprisedItWorks 49]

Do be sure you are using a TLS key obtained from an Air config for which you chose a protocol showing "tls-crypt ,tls1.2" on the right, because the TLS keys produced for tls-auth (us and us2) and tls-crypt (us3 and us4) are not compatible.  Switching your server to us2 while leaving everything else set for tls-crypt makes no sense and cannot ever work.

[PHenry 0]

Nothing I tried was working at all, so I went back to the refreshed guide and found your last post at the very bottom and I simply made every field (except my PBR) identical to what you have there... and it worked! Your screenname describes my reaction perfectly. Thank you 1,000 times.

For anyone else that stumbles upon this same issue, click on the link below and scroll all the way down to the bottom and look at SurprisedItWorks' final comment: