NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
XR500 Custom Hybrid AWS VPN not working
I can connect to my vpn with the .ovpn files generated from the AWS debian 10 buster linux server with or without password(made 2 .ovpn accounts, one with pass, one without) on both a pc and mac.
After pasting in the .ovpn file in the XR500 Hybrid VPN custom field, with no username or password, and click connect, I get this error:
Wed Jul 29 16:13:06 2020 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 16 2019
Wed Jul 29 16:13:06 2020 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.06
Wed Jul 29 16:13:06 2020 ERROR: username from Auth authfile '/tmp/lua_J1lnA6' is empty
Wed Jul 29 16:13:06 2020 Exiting due to fatal error
If I use a username and password, I get this error:
Wed Jul 29 16:15:19 2020 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 16 2019
Wed Jul 29 16:15:19 2020 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.06
Wed Jul 29 16:15:19 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jul 29 16:15:19 2020 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Jul 29 16:15:19 2020 Exiting due to fatal error
I've tried 2 different OpenVPN install scripts,with all defauld options, both give the same error as above:
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh ; chmod +x openvpn-install.sh ; ./openvpn-install.sh
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
15 Replies
- Could you provide one of the ovpn files you're using please and we'll take a look.
.ovpn with user and pass:
client
proto udp
explicit-exit-notify
remote <VPN IP> <PORT>
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_rdKGYtqAmhMbmhTW name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIB2DCCAX2gAwIBAgIUOsSCkzpVhqaeUySDjnsZD7vx9nkwCgYIKoZIzj0EAwIw
HjEcMBoGA1UEAwwTY25fT2NSVHZYWWkwaE45Uk1MZTAeFw0yMDA3MjkxOTIwNTNa
Fw0zMDA3MjcxOTIwNTNaMB4xHDAaBgNVBAMME2NuX09jUlR2WFlpMGhOOVJNTGUw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9LXZFzmJQAyfW8StZsqanpwif1Ogt
LeWNDWkpkVzfcGlSPPx9VRk0CC++DRKGQMP9FTOgaK8903l2Z5GCCPtDo4GYMIGV
MB0GA1UdDgQWBBQ82TQHtC81Y+WU8zcQ18EoSMU07DBZBgNVHSMEUjBQgBQ82TQH
tC81Y+WU8zcQ18EoSMU07KEipCAwHjEcMBoGA1UEAwwTY25fT2NSVHZYWWkwaE45
Uk1MZYIUOsSCkzpVhqaeUySDjnsZD7vx9nkwDAYDVR0TBAUwAwEB/zALBgNVHQ8E
BAMCAQYwCgYIKoZIzj0EAwIDSQAwRgIhAIQYKPezgKgt0KdEQTV0JZgVm/GyO6RR
wvyI9a1RLaDLAiEAxs8Xu7flAhXyb8YkN//2Giw7egHH2uXax1gbA2oAFsE=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIB0zCCAXqgAwIBAgIRALEeH/HYMlAtQfuzRmbA/pAwCgYIKoZIzj0EAwIwHjEc
MBoGA1UEAwwTY25fT2NSVHZYWWkwaE45Uk1MZTAeFw0yMDA3MjkxOTIxMTFaFw0y
MjExMDExOTIxMTFaMAwxCjAIBgNVBAMMAWIwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAT5jC5lR4yrihQD9n1rCkSGujQF3k3hKnmlUj5KDjMQve8DO8mkVAae6r2q
0kbUwWex+etWnW/qPcNT9s1pXBr1o4GqMIGnMAkGA1UdEwQCMAAwHQYDVR0OBBYE
FE8nswyecw42NcwGUeI6I8U40sNUMFkGA1UdIwRSMFCAFDzZNAe0LzVj5ZTzNxDX
wShIxTTsoSKkIDAeMRwwGgYDVQQDDBNjbl9PY1JUdlhZaTBoTjlSTUxlghQ6xIKT
OlWGpp5TJIOOexkPu/H2eTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
B4AwCgYIKoZIzj0EAwIDRwAwRAIgfOLUOvAAyZdo44G5XwaUjS0QFtysPWFmlAE8
O2z65vQCIEmYFsdNVK0EijKz7GnPcPmL6wZS1JPblvz8JW9n3yqA
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAheNNSTHzY53QICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIQOtxHjZomHIEgZA9amDCcaMUExqT
ktus72eaOPv/pst+XlBEXJrKOi2cSF2VQDX5c0ojVkdE73djKefDKOPBpHyRVari
cMM49kDiSdCF+Xc7VesqM7tM1EHLIpFHggDUz5LA7D97TkHYmLmA9A7zJE3vWcy4
0EvTVyyzrGwCuu10xyTCJz7+kSFu7RwWxvdC7ErGgIqQhDh89dY=
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9981e4a0bca3ba15221fa2398796e820
22eef89f94ae7e13eff7f2e7fd1d3d67
ee1e984a8c6873e143f26c2e2aa8c4cd
0405cf8cd30093b9289f029adecd1aa6
3e3a7c18a94315a99edbfc5a56c3ffc3
9e940ac0299a4c9ef0a095ad64b2bebe
6c98dcbf18ea7bcb02cc0324b0fd8051
f670d78abda8d957a2e9c71afd33c028
0be4fac80cba92b6a4c69531bf4a50e6
50305eae8766ab2b9e87f5fb9f709e8f
6778947f9a5c5d11c0546dff7b8999e4
4c52695dfe448a61d3f436bbca7c5885
b812174e12bff5aaaf6dcbeea79d31e9
c6524dfbe056e0f99da19de6620c67c4
27320dbd7acc794cfa4f300fafdd8a2d
4310048d1eaf795b8a187b988789f69c
-----END OpenVPN Static key V1-----
</tls-crypt>- Thank you, while I look over this do you know which OpenVPN version this will be using?
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
