Jump to content
Not connected, Your IP: 3.144.82.128
Baraka

AirVPN Tomato configuration step-by-step guide

Recommended Posts

This doesnt work for me, I CAN connect but it shows my normal IP. I did everything step by step from your gude... I'm using a Asus RT AC56U with latest Tomato by Shibby. What did I overlooked?

Share this post


Link to post

To get this working for RT-N16 I had to set the advanced configurations as follows: 
Note: all my certificates are hosted in jffs
 

resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
ca "/jffs/Client/ca.crt"
cert "/jffs/Client/user.crt"
key "/jffs/Client/user.key"
tls-auth "/jffs/Client/ta.key" 1

Share this post


Link to post

I just installed the new FreshTomato 2019.3 FW and I cannot for the love of God figure out this OpenVPN thing. Can someone please help me configure it. The guide that is attached in How To is not current anymore and after doing every permutation and combination I still cant get my VPN working. Following is my log:

Dec  5 23:59:38 unknown daemon.notice openvpn[10743]: pre-compress bytes,0
Dec  5 23:59:38 unknown daemon.notice openvpn[10743]: post-compress bytes,0
Dec  5 23:59:38 unknown daemon.notice openvpn[10743]: pre-decompress bytes,0
Dec  6 00:00:00 unknown syslog.info root: -- MARK --
Dec  6 00:00:14 unknown daemon.err openvpn[10743]: event_wait : Interrupted system call (code=4)
Dec  6 00:00:14 unknown daemon.notice openvpn[10743]: SIGTERM[hard,] received, process exiting
Dec  6 00:00:15 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Dec  6 00:00:15 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Dec  6 00:00:15 unknown daemon.notice openvpn[10792]: OpenVPN 2.4.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 19 2019
Dec  6 00:00:15 unknown daemon.notice openvpn[10792]: library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.10
Dec  6 00:00:15 unknown daemon.warn openvpn[10793]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.132.93:1194
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: UDP link local: (not bound)
Dec  6 00:00:15 unknown daemon.notice openvpn[10793]: UDP link remote: [AF_INET]37.120.132.93:1194
Dec  6 00:00:20 unknown daemon.err openvpn[10793]: event_wait : Interrupted system call (code=4)
Dec  6 00:00:20 unknown daemon.notice openvpn[10793]: SIGTERM[hard,] received, process exiting
Dec  6 00:01:35 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Dec  6 00:01:35 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Dec  6 00:01:35 unknown daemon.notice openvpn[10844]: OpenVPN 2.4.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 19 2019
Dec  6 00:01:35 unknown daemon.notice openvpn[10844]: library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.10
Dec  6 00:01:35 unknown daemon.warn openvpn[10845]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.132.93:1194
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: UDP link local: (not bound)
Dec  6 00:01:35 unknown daemon.notice openvpn[10845]: UDP link remote: [AF_INET]37.120.132.93:1194
Dec  6 00:01:40 unknown daemon.err openvpn[10845]: event_wait : Interrupted system call (code=4)
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: OpenVPN STATISTICS
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: Updated,Fri Dec  6 00:01:40 2019
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TUN/TAP read bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TUN/TAP write bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TCP/UDP read bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: TCP/UDP write bytes,84
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: Auth read bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: pre-compress bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: post-compress bytes,0
Dec  6 00:01:40 unknown daemon.notice openvpn[10845]: pre-decompress bytes,0
Dec  6 00:02:35 unknown daemon.err openvpn[10845]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec  6 00:02:35 unknown daemon.err openvpn[10845]: TLS Error: TLS handshake failed
Dec  6 00:02:35 unknown daemon.notice openvpn[10845]: SIGUSR1[soft,tls-error] received, process restarting
Dec  6 00:02:35 unknown daemon.notice openvpn[10845]: Restart pause, 5 second(s)
Dec  6 00:02:40 unknown daemon.warn openvpn[10845]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: TCP/UDP: Preserving recently used remote address: [AF_INET]193.37.254.29:1194
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: UDP link local: (not bound)
Dec  6 00:02:40 unknown daemon.notice openvpn[10845]: UDP link remote: [AF_INET]193.37.254.29:1194
Any help will be appreciated. 

Share this post


Link to post
On 12/5/2019 at 6:04 PM, RAA1811 said:

I just installed the new FreshTomato 2019.3 FW and I cannot for the love of God figure out this OpenVPN thing. Can someone please help me configure it. The guide that is attached in How To is not current anymore and after doing every permutation and combination I still cant get my VPN working. Following is my log:

You are not the only one that hit the wall. Yesterday I tested the Freshtomato Beta version-->https://freshtomato.org/downloads/beta/ on my router. It does not have a problem connecting when tls-auth option is selected.
One dilema and I cannot figure out why it cannot connect TCP/UDP with/when tls-crypt(Encrypt Channel)?
----------------------------------------------------------------
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.202:2018
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: Socket Buffers: R=[112640->112640] S=[112640->112640]
Jun 30 03:46:41 unknown daemon.notice openvpn[12722]: UDP link local: (not bound)
----------------------------------------------------------------
 

Share this post


Link to post
3 hours ago, Flx said:

One dilema and I cannot figure out why it cannot connect TCP/UDP with/when tls-crypt(Encrypt Channel)?

Got it. remote IP(AirVPN server) defined or set were for entry2(tls-auth) not entry3(tls-crypt).



 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...