That should clear the key box and there should not be a tls-auth line and you can insert the tls-crypt manually. To clear the variable, telnet to your router and do: So to show what is in (probably blank lines) The nvram variable of the tls-auth key is: So logic dictate that your tls-auth key box is not empty.Ĭheck and dlelete everything in the box and there should not be a tls-auth line. If the tls auth key box is empty there should not be a line with tls-auth (indeed tls-auth and tls-crypt do not go together) That said you should be able to do it manually the way described in the guide with the build you are on. To start, I added the button to choose between tls-auth and tls-crypt in the latest build so you can consider upgrading (builds after 41304) Edit GUI windows in vi/emacs/whatever on a linux computer: Īlways glad to try to help a valued forum member.Multiple DNSCrypt providers using latest list.Here's hoping their support is all that it's cracked up to be!Ĥ Linksys WRT1900ACSv2 routers on 49081, 2 on 48141: VLANs, VAPs, NAS, client mode, OpenVPN client (AirVPN), DDNS, wireguard servers and clients (AzireVPN), three DNSCrypt DNS providers (incl Quad9) via VPN clients. So perhaps it's appropriate to avoid exerting much energy on the second question until I hear back from them and sort things out at that level. Looks like it's going to take a consult with AirVPN, as that isn't playing either. Many thanks in advance for having a look.Įdit: I'm backing off temporarily from tls-crypt and trying to get the connection working with tls-auth. (2) Assuming that for now I simply automate the editing and openvpn restart into Startup Commands (I've been known to do much worse ), is there anything obviously wrong with the nf above? (Once we clear away the obvious at the dd-wrt level, I'll contact AirVPN support to continue sorting things out, on the assumption that I'm doing something here that doesn't work for their system.) I'm not seeing the solution to this conundrum there. (1) Is there a GUI-only way to specify tls-crypt, given that I am on 40784 on this router and so don't yet have a simple GUI button to select it? I have looked over your guide's p17 material on the dd-wrt openvpn client, but that seems tailored to connecting to a dd-wrt server set up according to the rest of that document. The last three lines come from Additional Config. For the record, here is the (edited, per the above), nf: So it's clear I am still doing something horribly wrong. The log is showing repeated message groups like this, with the restart delay doubling each time:Ģ0191022 14:59:31 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)Ģ0191022 14:59:31 N TLS Error: TLS handshake failedĢ0191022 14:59:31 I SIGUSR1 received process restartingĢ0191022 14:59:31 Restart pause 160 second(s) Openvpn -config /tmp/openvpncl/nf -route-up /tmp/openvpncl/route-up.sh -route-pre-down /tmp/openvpncl/route-down.sh -daemon I am now experimenting in the CLI with modifying the nf file by hand to replacing the offending tls-auth line with tls-crypt ta.key while, in addition, moving the actual key (obtained from AirVPN's configurator specifically for a tls-crypt configuration) to the named file and restarting openvpn with this: Simply putting the key in Additional Config between and and leaving the TLS Auth Key window empty does not work, because the nf file still ends up with a tls-auth /tmp/openvpncl/ta.key 1 line, with ta.key containing only two blank lines, and this leads to an error message in the log to the effect that tls-auth and tls-crypt cannot be used simultaneously. One major new bit is that I'm now trying to set up the openvpn client to use tls-crypt. Hello experimenting with moving from NordVPN to AirVPN so am configuring for the latter by adjusting a long-working vpn setup. So no need to specify the key direction (the 1 at the end) You cannot use tls-auth and tls-crypt at the same time! When using a DDWRT OpenVPN client, paste the key in the Addtitional Config like described for the server Specifying the keydir with tls-crypt is not necessary, that is handled automatically For example:įor the client OVPN configuration file add: If you are using tls-crypt, it must be pasted in Additional. It uses the same static key as described in the tls-auth section Instead of working with tls-auth you can work with tls-crypt (starting with OpenVPN 2.4), this encrypts the OpenVPN at the start of the setup process and therefore hides that it is an OpenVPN connection. For now you can set the key in the additional configįrom the OpenVPN setup guide (which is recommended reading for everyone and not because I wrote it )
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |