I’ve been trying to setup an OpenVPN connection from my Raspberry Pi 2 running Rasplex 0.7.0 to my ASUS RT-AC68U and I keep getting a connection failed. Is there anyone who has gotten this to work? I have multiple mobile users and a site2site working with this router already. I’m not sure what I’m overlooking here.
Anyone gotten this setup to work for them?
@benjaminwolf said:
I’ve been trying to setup an OpenVPN connection from my Raspberry Pi 2 running Rasplex 0.7.0 to my ASUS RT-AC68U and I keep getting a connection failed. Is there anyone who has gotten this to work? I have multiple mobile users and a site2site working with this router already. I’m not sure what I’m overlooking here.Anyone gotten this setup to work for them?
Have a look at this https://help.my-private-network.co.uk/support/solutions/articles/6000005536-openelec-pptp-setup-on-raspberry-pi-2 its for OpenELEC but the procedure is the same in Rasplex, go to System Settings->Network.
Regards
Appreciate the effort @NedtheNerd, but I’m using OpenVPN and it’s already deployed. Unfortunately, I cannot switch to PPTP without switching all my other clients. 2 of which are site2site VPNs that connect whole remote networks to me.
@benjaminwolf said:
Appreciate the effort NedtheNerd, but I’m using OpenVPN and it’s already deployed. Unfortunately, I cannot switch to PPTP without switching all my other clients. 2 of which are site2site VPNs that connect whole remote networks to me.
Sorry, my mistake, may be worth having a read here http://openelec.tv/forum/69-network/66714-openvpn-solution-butchered-together-solution-open
Regards
Thanks @NedtheNerd
I’ve ssh’d in and was able to start the openvpn client with my config file, however I’m getting a TLS error over and over. Appears to be an issue with the OpenElec OpenVPN deployment with 0.0.7 as I have a windows client OpenVPN, iPhone, and iPad all connected using this same VPN server from the same remote wireless network.
Wed Aug 19 03:20:37 2015 OpenVPN 2.3.7 armv7ve-openelec-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [IPv6] built on Jun 16 2015
Wed Aug 19 03:20:37 2015 library versions: LibreSSL 2.1.7, LZO 2.08
Enter Auth Username:MYUSERNAME4OPENVPN
Enter Auth Password:
Wed Aug 19 03:20:44 2015 UDPv4 link local: [undef]
Wed Aug 19 03:20:44 2015 UDPv4 link remote: [AF_INET]SERVER_IP_ADDRESS:1194
Wed Aug 19 03:20:44 2015 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Wed Aug 19 03:20:44 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:1408D06E:SSL routines:SSL3_GET_KEY_EXCHANGE:bad dh p length
Wed Aug 19 03:20:44 2015 TLS Error: TLS object -> incoming plaintext read error
Wed Aug 19 03:20:44 2015 TLS Error: TLS handshake failed
Wed Aug 19 03:20:44 2015 SIGUSR1[soft,tls-error] received, process restarting
I may try installing just openelec and see if I can connect.
@NedtheNerd
Thanks for all your help. Looks like this is a Rasplex issue. The following test was done using Raspberry Pi 2 with the same client.ovpn file as a configuration on the same remote network.
Using OpenElec 5.0.8, I was able to SSH and connect OpenVPN successfully using the same client config file. Rasplex 0.7.0 gives the same TLS error above.
OpenElec 5.0.8
OpenELEC (official) Version: 5.0.8
OpenELEC:~ # openvpn /storage/vpnconfig/client.ovpn
Sat Aug 22 22:30:14 2015 OpenVPN 2.3.5 armv7ve-openelec-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [IPv6] built on Mar 31 2015
Sat Aug 22 22:30:14 2015 library versions: LibreSSL 2.1, LZO 2.08
Sat Aug 22 22:30:14 2015 WARNING: file ‘/storage/vpnconfig/streetcred.txt’ is group or others accessible
Sat Aug 22 22:30:14 2015 UDPv4 link local: [undef]
Sat Aug 22 22:30:14 2015 UDPv4 link remote: [AF_INET]MY_ROUTER_IP_ADDRESS:1194
Sat Aug 22 22:30:14 2015 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Sat Aug 22 22:30:21 2015 [RT-AC68U] Peer Connection Initiated with [AF_INET]MY_ROUTER_IP_ADDRESS:1194
Sat Aug 22 22:30:23 2015 TUN/TAP device tun0 opened
Sat Aug 22 22:30:23 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Aug 22 22:30:23 2015 /sbin/ip link set dev tun0 up mtu 1500
Sat Aug 22 22:30:23 2015 /sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
Sat Aug 22 22:30:23 2015 Initialization Sequence Completed
^Z[1]+ Stopped openvpn /storage/vpnconfig/client.ovpn
And the Rasplex Error below:
Rasplex 0.7.0
RasPlex:~ # openvpn /storage/vpnconfig/client.ovpn
Sat Aug 22 23:02:23 2015 OpenVPN 2.3.7 armv7ve-openelec-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [IPv6] built on Jun 16 2015
Sat Aug 22 23:02:23 2015 library versions: LibreSSL 2.1.7, LZO 2.08
Sat Aug 22 23:02:23 2015 WARNING: file ‘/storage/vpnconfig/streetcred.txt’ is group or others accessible
Sat Aug 22 23:02:23 2015 UDPv4 link local: [undef]
Sat Aug 22 23:02:23 2015 UDPv4 link remote: [AF_INET]MY_ROUTER_IP_ADDRESS:1194
Sat Aug 22 23:02:23 2015 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Sat Aug 22 23:02:23 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:1408D06E:SSL routines:SSL3_GET_KEY_EXCHANGE:bad dh p length
Sat Aug 22 23:02:23 2015 TLS Error: TLS object → incoming plaintext read error
Sat Aug 22 23:02:23 2015 TLS Error: TLS handshake failed
Sat Aug 22 23:02:23 2015 SIGUSR1[soft,tls-error] received, process restarting
^Z[1]+ Stopped openvpn /storage/vpnconfig/client.ovpn
Does this need to go to the Rasplex team? Seems like the OpenVPN portion of the OpenElec wasn’t ported correctly, or the Rasplex 0.7.0 is using a version of OpenElec that had a bug in it?
@benjaminwolf said:
Thanks for all your help. Looks like this is a Rasplex issue. The following test was done using Raspberry Pi 2 with the same client.ovpn file as a configuration on the same remote network.
Thanks for the info, this needs an issue raising, please refer to How to report a bug · RasPlex/RasPlex Wiki · GitHub and paste the info you supplied into it, together with the recommended additional info.
Many thanks for persevering with this.
Regards
Just in case someone ran into this same problem, turned out the stock Asus RT-AC68U firmware has an older version of the OpenVPN server with a weak Diffie-Hellman key. Best solution is to switch to the enhanced merlin firmware. Best thing I’ve done to that router since I purchased it.
Kwiboo over at the Rasplex Issues page pointed out the logjam issue to me. Worth a read if someone’s reading this in the same boat.
