Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 5383 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to connect asuswrt (openwrt) using OpenVPN ?

miodzicho

Hi all

I would like to achieve OpenVPN connection between existing remote asuswrt router and Sophos XG.

What I did so far, is importing my own certificates to use with site-to-site configuration. Changed protocol to UDP.

 

On asuswrt it looks like :

May 20 08:11:51 openvpn-cli[7253]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 20 08:11:51 openvpn-cli[7253]: Re-using SSL/TLS context
May 20 08:11:51 openvpn-cli[7253]: LZO compression initializing
May 20 08:11:51 openvpn-cli[7253]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
May 20 08:11:51 openvpn-cli[7253]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
May 20 08:11:51 openvpn-cli[7253]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client'
May 20 08:11:51 openvpn-cli[7253]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-server'
May 20 08:11:51 openvpn-cli[7253]: TCP/UDP: Preserving recently used remote address: [AF_INET]removed:8443
May 20 08:11:51 openvpn-cli[7253]: Socket Buffers: R=[155648->155648] S=[155648->155648]
May 20 08:11:51 openvpn-cli[7253]: UDP link local: (not bound)
May 20 08:11:51 openvpn-cli[7253]: UDP link remote: [AF_INET]removed:8443
May 20 08:11:51 openvpn-cli[7253]: TLS: Initial packet from [AF_INET]removed:8443, sid=ca10591c 13d0a083
May 20 08:11:51 openvpn-cli[7253]: VERIFY OK: depth=1, C=DE, ST=BA, L=Munich, xxxxxxxxxxxxxxxxxxxxx
May 20 08:11:51 openvpn-cli[7253]: VERIFY KU OK
May 20 08:11:51 openvpn-cli[7253]: Validating certificate extended key usage
May 20 08:11:51 openvpn-cli[7253]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 20 08:11:51 openvpn-cli[7253]: VERIFY EKU OK
May 20 08:11:51 openvpn-cli[7253]: VERIFY OK: depth=0, C=DE, ST=BA, L=Munich, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
May 20 08:12:51 openvpn-cli[7253]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 20 08:12:51 openvpn-cli[7253]: TLS Error: TLS handshake failed
May 20 08:12:51 openvpn-cli[7253]: TCP/UDP: Closing socket

 

I do have CA cert, user cert and key installed, also in OpenVPN extended config I do have auth-user-pass /opt/var/openvpn.usr, in file I have username and password taken from .apc file.

But not going further.

I need to have working tunnel between two networks, remote and Sophos XG side. Only options I have is PPTP, L2TP (w/o IPSec) and OpenVPN. DId anyone succeeded with OpenVPN at all ?



This thread was automatically locked due to age.
Parents Reply Children