AirVPN Tomato configuration step-by-step guide

[Fendera 0]

This doesnt work for me, I CAN connect but it shows my normal IP. I did everything step by step from your gude... I'm using a Asus RT AC56U with latest Tomato by Shibby. What did I overlooked?

[hayalk 0]

To get this working for RT-N16 I had to set the advanced configurations as follows: 
Note: all my certificates are hosted in jffs
 

resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
ca "/jffs/Client/ca.crt"
cert "/jffs/Client/user.crt"
key "/jffs/Client/user.key"
tls-auth "/jffs/Client/ta.key" 1

[RAA1811 0]

I just installed the new FreshTomato 2019.3 FW and I cannot for the love of God figure out this OpenVPN thing. Can someone please help me configure it. The guide that is attached in How To is not current anymore and after doing every permutation and combination I still cant get my VPN working. Following is my log:

Dec  5 23:59:38 unknown daemon.notice openvpn[10743]: pre-compress bytes,0
Dec  5 23:59:38 unknown daemon.notice openvpn[10743]: post-compress bytes,0
Dec  5 23:59:38 unknown daemon.notice openvpn[10743]: pre-decompress bytes,0
Dec  6 00:00:00 unknown syslog.info root: -- MARK --
Dec  6 00:00:14 unknown daemon.err openvpn[10743]: event_wait : Interrupted system call (code=4)
Dec  6 00:00:14 unknown daemon.notice openvpn[10743]: SIGTERM[hard,] received, process exiting
Dec  6 00:00:15 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Dec  6 00:00:15 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Dec  6 00:00:15 unknown daemon.notice openvpn[10792]: OpenVPN 2.4.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 19 2019
Dec  6 00:00:15 unknown daemon.notice openvpn[10792]: library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.10
Dec  6 00:00:15 unknown daemon.warn openvpn[10793]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.132.93:1194
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: UDP link local: (not bound)
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: UDP link remote: [AF_INET]37.120.132.93:1194
Dec  6 00:00:20 unknown daemon.err openvpn[10793]: event_wait : Interrupted system call (code=4)
Dec  6 00:00:20 unknown daemon.notice openvpn[10793]: SIGTERM[hard,] received, process exiting
Dec  6 00:01:35 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Dec  6 00:01:35 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Dec  6 00:01:35 unknown daemon.notice openvpn[10844]: OpenVPN 2.4.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 19 2019
Dec  6 00:01:35 unknown daemon.notice openvpn[10844]: library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.10
Dec  6 00:01:35 unknown daemon.warn openvpn[10845]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.132.93:1194
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: UDP link local: (not bound)
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: UDP link remote: [AF_INET]37.120.132.93:1194
Dec  6 00:01:40 unknown daemon.err openvpn[10845]: event_wait : Interrupted system call (code=4)
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: OpenVPN STATISTICS
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: Updated,Fri Dec  6 00:01:40 2019
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TUN/TAP read bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TUN/TAP write bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TCP/UDP read bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TCP/UDP write bytes,84
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: Auth read bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: pre-compress bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: post-compress bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: pre-decompress bytes,0
Dec  6 00:02:35 unknown daemon.err openvpn[10845]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec  6 00:02:35 unknown daemon.err openvpn[10845]: TLS Error: TLS handshake failed
Dec  6 00:02:35 unknown daemon.notice openvpn[10845]: SIGUSR1[soft,tls-error] received, process restarting
Dec  6 00:02:35 unknown daemon.notice openvpn[10845]: Restart pause, 5 second(s)
Dec  6 00:02:40 unknown daemon.warn openvpn[10845]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: TCP/UDP: Preserving recently used remote address: [AF_INET]193.37.254.29:1194
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: UDP link local: (not bound)
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: UDP link remote: [AF_INET]193.37.254.29:1194

Any help will be appreciated. 

[Flx 76]

On 12/5/2019 at 6:04 PM, RAA1811 said:

I just installed the new FreshTomato 2019.3 FW and I cannot for the love of God figure out this OpenVPN thing. Can someone please help me configure it. The guide that is attached in How To is not current anymore and after doing every permutation and combination I still cant get my VPN working. Following is my log:

You are not the only one that hit the wall. Yesterday I tested the Freshtomato Beta version-->https://freshtomato.org/downloads/beta/ on my router. It does not have a problem connecting when tls-auth option is selected.
One dilema and I cannot figure out why it cannot connect TCP/UDP with/when tls-crypt(Encrypt Channel)?
----------------------------------------------------------------
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.202:2018
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: Socket Buffers: R=[112640->112640] S=[112640->112640]
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: UDP link local: (not bound)
----------------------------------------------------------------
 

[Flx 76]

3 hours ago, Flx said:

One dilema and I cannot figure out why it cannot connect TCP/UDP with/when tls-crypt(Encrypt Channel)?

Got it. remote IP(AirVPN server) defined or set were for entry2(tls-auth) not entry3(tls-crypt).