Verify error depth 1 error certificate is not yet valid

kedenya: OpenVpn Newbie; Posts: 9; Joined: Sat Feb 25, 2012 2:44 pm

VERIFY ERROR: depth=1, error=certificate is not yet valid

Hello

Today i setup open vpn in my vps

all working
but after try run at client
i got error

Code: Select all

Fri May 04 18:50:09 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri May 04 18:50:11 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May 04 18:50:11 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 04 18:50:11 2012 LZO compression initialized
Fri May 04 18:50:11 2012 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 9000)
Fri May 04 18:50:11 2012 Control Channel MTU parms [ L:9074 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri May 04 18:50:11 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri May 04 18:50:11 2012 Data Channel MTU parms [ L:9074 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri May 04 18:50:11 2012 Local Options hash (VER=V4): '65ac4753'
Fri May 04 18:50:11 2012 Expected Remote Options hash (VER=V4): 'f8f0200c'
Fri May 04 18:50:11 2012 UDPv4 link local: [undef]
Fri May 04 18:50:11 2012 UDPv4 link remote: 173.213.110.73:137
Fri May 04 18:50:12 2012 TLS: Initial packet from 173.213.110.73:137, sid=d74fb2d8 bb46b84c
Fri May 04 18:50:12 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 04 18:50:15 2012 VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=zzzzzzz/name=changeme/emailAddress=mail@host.domain
Fri May 04 18:50:15 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri May 04 18:50:15 2012 TLS Error: TLS object -> incoming plaintext read error
Fri May 04 18:50:15 2012 TLS Error: TLS handshake failed
Fri May 04 18:50:15 2012 TCP/UDP: Closing socket
Fri May 04 18:50:15 2012 SIGUSR1[soft,tls-error] received, process restarting
Fri May 04 18:50:15 2012 Restart pause, 2 second(s)
Fri May 04 18:50:17 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May 04 18:50:17 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 04 18:50:17 2012 Re-using SSL/TLS context
Fri May 04 18:50:17 2012 LZO compression initialized
Fri May 04 18:50:17 2012 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 9000)
Fri May 04 18:50:17 2012 Control Channel MTU parms [ L:9074 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri May 04 18:50:17 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri May 04 18:50:17 2012 Data Channel MTU parms [ L:9074 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri May 04 18:50:17 2012 Local Options hash (VER=V4): '65ac4753'
Fri May 04 18:50:17 2012 Expected Remote Options hash (VER=V4): 'f8f0200c'
Fri May 04 18:50:17 2012 UDPv4 link local: [undef]
Fri May 04 18:50:17 2012 UDPv4 link remote: 173.213.110.73:137
Fri May 04 18:50:17 2012 TCP/UDP: Closing socket
Fri May 04 18:50:17 2012 SIGTERM[hard,] received, process exiting

and show popup
«Unable to connect because your certificate is not yet valid. Check that your system time is correct.»

I try setup server again
still same

Help plz

maikcat: Forum Team; Posts: 4200; Joined: Wed Jan 12, 2011 9:23 am; Location: Athens,Greece; Contact:

Re: VERIFY ERROR: depth=1, error=certificate is not yet vali

Post

by maikcat » Fri May 04, 2012 11:30 am

check your certificates from-until validity fields & server/client time.

Michael.

Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

«objects in mirror are losing»

kedenya: OpenVpn Newbie; Posts: 9; Joined: Sat Feb 25, 2012 2:44 pm

Re: VERIFY ERROR: depth=1, error=certificate is not yet vali

Post

by kedenya » Fri May 04, 2012 11:34 am

Thank you maikcat

Sorry me newbie

How to check my certificates validity or not
and how to check server/client time?

janjust: Forum Team; Posts: 2703; Joined: Fri Aug 20, 2010 2:57 pm; Location: Amsterdam; Contact:

Re: VERIFY ERROR: depth=1, error=certificate is not yet vali

Post

by janjust » Fri May 04, 2012 11:51 am

Code: Select all

openssl verify -CAfile <ca.crt>  cert1.pem cert2.pem .....

or

Code: Select all

openssl x509 -CAfile <ca.crt> -dates -noout -in cert1.pem

kedenya: OpenVpn Newbie; Posts: 9; Joined: Sat Feb 25, 2012 2:44 pm

Re: VERIFY ERROR: depth=1, error=certificate is not yet vali

Post

by kedenya » Fri May 04, 2012 11:58 am

Code: Select all

[root@server51 keys]# openssl verify -CAfile <ca.crt>  cert1.pem cert2.pem .....
Error loading file cert2.pem
3122:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('cert2.pem','r')
3122:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
3122:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
recognized usages:
        sslclient       SSL client
        sslserver       SSL server
        nssslserver     Netscape SSL server
        smimesign       S/MIME signing
        smimeencrypt    S/MIME encryption
        crlsign         CRL signing
        any             Any Purpose
        ocsphelper      OCSP helper
[root@server51 keys]# openssl x509 -CAfile <ca.crt> -dates -noout -in cert1.pem
unknown option -CAfile
usage: x509 args

I get this

maikcat: Forum Team; Posts: 4200; Joined: Wed Jan 12, 2011 9:23 am; Location: Athens,Greece; Contact:

Re: VERIFY ERROR: depth=1, error=certificate is not yet vali

Post

by maikcat » Fri May 04, 2012 12:09 pm

if you using windows

find the certificate file (.crt extention) and double click to open it

in general tab bottom part you will find when your cert is valid…

Michael.

Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

«objects in mirror are losing»

kedenya: OpenVpn Newbie; Posts: 9; Joined: Sat Feb 25, 2012 2:44 pm

Re: VERIFY ERROR: depth=1, error=certificate is not yet vali

Post

by kedenya » Fri May 04, 2012 12:16 pm

Thank you

i see

Valid from 05/ 05/ 2012 to 03/ 05/ 2022

how to change 05/ 05/ 2012 to this time, 03 or 04

Источник

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.

Already on GitHub?
Sign in
to your account

Closed

ambross opened this issue

Jun 3, 2016

· 9 comments

Comments

After setting up openvpn if I go to initiate openvpn I get this error message. still trying to connect my vpn but it is not working.

Sat Jun 4 05:03:01 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Sat Jun 4 05:03:01 2016 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jun 4 05:03:01 2016 Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Sat Jun 4 05:03:01 2016 Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Sat Jun 4 05:03:01 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 4 05:03:01 2016 UDPv4 link local: [undef]
Sat Jun 4 05:03:01 2016 UDPv4 link remote: [AF_INET]
Sat Jun 4 05:03:01 2016 TLS: Initial packet from [AF_INET], sid=c3664dac ea1d79b2
Sat Jun 4 05:03:03 2016 VERIFY ERROR: depth=1, error=certificate is not yet valid: CN=ChangeMe
Sat Jun 4 05:03:03 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jun 4 05:03:03 2016 TLS Error: TLS object -> incoming plaintext read error
Sat Jun 4 05:03:03 2016 TLS Error: TLS handshake failed
Sat Jun 4 05:03:03 2016 SIGUSR1[soft,tls-error] received, process restarting
Sat Jun 4 05:03:03 2016 Restart pause, 2 second(s)

Fix the time/date in your server or client, this isn’t a issue with the script.

Hi thanks for quick response! Can you please give me any simple example how can I fix this?

Just set the correct time and date in both your client and server systems, it has nothing to do with OpenVPN or this script.

I also got this error — interestingly enough the problem was that the server was on PST while my laptop (client) was on GMT+1. Changing the laptop to PST solved the issue.

openvpn server:

remove openvpn;
Fix the time/date with date -s;
bash openvpn-install.sh again

Fix the time/date in your server or client, this isn’t a issue with the script.

that right.thank man!

Thank you. In my case, my client’s (Windows 10) time was not correct.

that works for me too, thanks

Источник

Сгенерил все по мануалу на openvpn.net.
Сгенерировал ключи на СА, на сервер, Диффи-Халмана, на клиент. Ключи на клиент скопировал на клиентскую машину. Обе под Altlinux 4.01.
Сервер запускается нормально, но при подключении клиента пишет:

Oct 7 16:04:54 pool openvpn[4745]: MULTI: multi_create_instance called Oct 7 16:04:54 pool openvpn[4745]: Re-using SSL/TLS context Oct 7 16:04:54 pool openvpn[4745]: LZO compression initialized Oct 7 16:04:54 pool openvpn[4745]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Oct 7 16:04:54 pool openvpn[4745]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Oct 7 16:04:54 pool openvpn[4745]: Local Options hash (VER=V4): 'c0103fa8' Oct 7 16:04:54 pool openvpn[4745]: Expected Remote Options hash (VER=V4): '69109d17' Oct 7 16:04:54 pool openvpn[4745]: TCP connection established with 172.16.0.2:40089 Oct 7 16:04:54 pool openvpn[4745]: TCPv4_SERVER link local: [undef] Oct 7 16:04:54 pool openvpn[4745]: TCPv4_SERVER link remote: 172.16.0.2:40089 Oct 7 16:04:54 pool openvpn[4745]: 172.16.0.2:40089 TLS: Initial packet from 172.16.0.2:40089, sid=ca04a77a 3cfe1ece Oct 7 16:04:54 pool openvpn[4745]: 172.16.0.2:40089 Connection reset, restarting [-1] Oct 7 16:04:54 pool openvpn[4745]: 172.16.0.2:40089 SIGUSR1[soft,connection-reset] received, client-instance restarting Oct 7 16:04:54 pool openvpn[4745]: TCP/UDP: Closing socket
При этом у клиента:

Feb 7 15:26:05 host openvpn[15595]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Feb 7 15:26:05 host openvpn[15595]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 7 15:26:05 host openvpn[15595]: Re-using SSL/TLS context Feb 7 15:26:05 host openvpn[15595]: LZO compression initialized Feb 7 15:26:05 host openvpn[15595]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Feb 7 15:26:05 host openvpn[15595]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Feb 7 15:26:05 host openvpn[15595]: Local Options hash (VER=V4): '69109d17' Feb 7 15:26:05 host openvpn[15595]: Expected Remote Options hash (VER=V4): 'c0103fa8' Feb 7 15:26:05 host openvpn[15595]: Attempting to establish TCP connection with 172.16.0.1:1194 Feb 7 15:26:05 host openvpn[15595]: TCP connection established with 172.16.0.1:1194 Feb 7 15:26:05 host openvpn[15595]: TCPv4_CLIENT link local: [undef] Feb 7 15:26:05 host openvpn[15595]: TCPv4_CLIENT link remote: 172.16.0.1:1194 Feb 7 15:26:05 host openvpn[15595]: TLS: Initial packet from 172.16.0.1:1194, sid=ee77b7f2 891994f5 Feb 7 15:26:05 host openvpn[15595]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=RU/ST=Kh/L=Vanino/O=ADM/OU=IKTiOS/CN=pool/emailAddress=Null Feb 7 15:26:05 host openvpn[15595]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Feb 7 15:26:05 host openvpn[15595]: TLS Error: TLS object -> incoming plaintext read error Feb 7 15:26:05 host openvpn[15595]: TLS Error: TLS handshake failed Feb 7 15:26:05 host openvpn[15595]: Fatal TLS error (check_tls_errors_co), restarting Feb 7 15:26:05 host openvpn[15595]: TCP/UDP: Closing socket Feb 7 15:26:05 host openvpn[15595]: SIGUSR1[soft,tls-error] received, process restarting Feb 7 15:26:05 host openvpn[15595]: Restart pause, 5 second(s)
Конфиг сервера:

local 172.16.0.1 port 1194 proto tcp dev tun


ca   /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/pool.crt
key  /etc/openvpn/keys/pool.key  # This file should be kept secret!
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Конфиг клиента:

client dev tun proto tcp remote 172.16.0.1 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/GKH.crt key /etc/openvpn/keys/GKH.key comp-lzo verb 3
Сертификаты на клиентскую машину скопированы при помощи scp. Права стоят правильные, как на сервере.

Источник

This topic has been deleted. Only users with topic management privileges can see it.

I am trying to configure users to get connection to my office, but no matter how I do it I get the error


Mon Apr 25 11:07:01 2016 OpenVPN 2.3.2 x86_64-mandriva-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Feb  9 2014
Mon Apr 25 11:07:01 2016 WARNING: file 'key.key' is group or others accessible
Mon Apr 25 11:07:01 2016 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.X:1194 [nonblock]
Mon Apr 25 11:07:02 2016 TCP connection established with [AF_INET]XXX.XXX.XXX.X:1194
Mon Apr 25 11:07:02 2016 TCPv4_CLIENT link local (bound): [undef]
Mon Apr 25 11:07:02 2016 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.X:1194
Mon Apr 25 11:07:02 2016 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=CO, ST=bogota, L=bogota, O=mdc, emailAddress=info@mdc.com.co, CN=internal-ca
Mon Apr 25 11:07:02 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Apr 25 11:07:02 2016 TLS Error: TLS object -> incoming plaintext read error
Mon Apr 25 11:07:02 2016 TLS Error: TLS handshake failed
Mon Apr 25 11:07:02 2016 Fatal TLS error (check_tls_errors_co), restarting
Mon Apr 25 11:07:02 2016 SIGUSR1[soft,tls-error] received, process restarting
^CMon Apr 25 11:07:04 2016 SIGINT[hard,init_instance] received, process exiting

I am not using TLS, but the shared key export tool, include the line tls-auth ta.key no matter what so I disable it on the client config file. If I use tls on the server config settings doesn’t work either. This has never happened to me before I have been using it for a long time but now I am creating a new server so I downloaded the latest version and then upgraded to 2.3.

Any ideas?

so you want road warriors to connect to your pfsense machine running openvpn.. did you run through the wizard.. Getting a openvpn server up and running is really a hand full of clicks.. Wizard walks you through the process.

More than likely you have the wrong cert setup.

Your clients are using a very old version of openvpn btw… 2.3.2 was like 2013..

Hello,

you must check your CA, it must be a server certification and the other one a user certification.

Running through the wizard pretty much makes it impossible to mess up… You create the CA, then the server cert, etc..

It does not work with the wizard either, so it’s kind of weird…

No one read/notice this error?

VERIFY ERROR: depth=1, error=certificate is not yet valid:

Check your certificates, date, time.

Your clients have the wrong certs from your openvpn config then? As I mentioned before your clients are quite OLD.. 2.3.2 is very OLD client…

How are you configuring the client?? Do you have access to your key file?

«11:07:01 2016 WARNING: file ‘key.key’ is group or others accessible»

The certs dates are


Valid From: Thu, 28 Apr 2016 12:59:10 -0500
Valid Until: Sun, 26 Apr 2026 12:59:10 -0500

I download the Viscosity files from the client export and run «openvpn config.conf» as I have been doing before. :'(

You start this thread on April 25, 2016, 06:09:56 pm and your certificate is
Valid From: Thu, 28 Apr 2016 12:59:10 -0500

Maybe today you will be lucky

«error=certificate is not yet valid»

good catch.. So your time on your pfsense is OFF would seem, if you ran through the wizard and created those dates..

Dude I have erased and created the certs a lot, the last time was today….

The log message you posted…. never mind.

I also see version 2.3.2 eurephia version, try the latest if possible, dude

guys, i have recorded what I do to configure so please check out here and tell me what I am doing wrong.

Youtube Video

I tried watching that.. its horrific… Why don’t you just take some screen shots, and post them?? Vs that up and down, its so freaking blurry can not even tell what your doing..

Why are you trying to use the viscosity config in a linux client?

Almost 3 years…

Sorry to all, but my problem was not the version… I had my timezone set to «Universal», so the error=certificate is not yet valid was the mismatch between the server and my computer’s time

Both versions of openvpn 2.3.2 and 2.3.10 now work fine.

Thank you to all you people.

One last question, where do I put a label to the post as resolved?

Go to your first posted message and click «Modify», change the title to add «[Solved]».

Being in different timezones is not a problem.. But having the wrong time while your in a timezone sure going to have a problem

Why you should always sync off ntp Which set your time correct for the timezone your in..

But you still have a really OLD client, why would you not updated that… But maybe its because your running on a linux distro that last update was what 2011?

Источник

View previous topic :: View next topic

Author

Message

CCLAUDIO
DD-WRT Novice

Joined: 07 Nov 2018
Posts: 4

Posted: Wed Nov 07, 2018 21:26 Post subject: OPEN VPN WITH IPVANISH VPN

Hello, Im trying to configure an open VPN with Ipvanish vpn, But I have an error message, I think this is happend because my local time, But Im not be able to change with ntp.

This is the error code I have,

Dec 31 19:00:15 Central daemon.warn openvpn[850]: WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this

Dec 31 19:00:15 Central daemon.err openvpn[850]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com

Dec 31 19:00:15 Central daemon.err openvpn[850]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)

Dec 31 19:00:15 Central daemon.err openvpn[850]: TLS_ERROR: BIO read tls_read_plaintext error

Dec 31 19:00:15 Central daemon.notice openvpn[850]: NOTE: —mute triggered…

Dec 31 19:00:15 Central daemon.notice openvpn[850]: 2 variation(s) on previous 3 message(s) suppressed by —mute

Dec 31 19:00:15 Central daemon.err openvpn[850]: Fatal TLS error (check_tls_errors_co), restarting

Dec 31 19:00:15 Central daemon.notice openvpn[850]: SIGUSR1[soft,tls-error] received, process restarting

Dec 31 19:00:15 Central daemon.notice openvpn[850]: Restart pause, 5 second(s)

Dec 31 19:00:20 Central daemon.warn openvpn[850]: NOTE: the current —script-security setting may allow this configuration to call user-defined scripts

Can someone have experience configuring open vpn and can help me please,

Back to top

Sponsor

CCLAUDIO
DD-WRT Novice

Joined: 07 Nov 2018
Posts: 4

Posted: Thu Nov 08, 2018 4:34 Post subject: Can not established openvpn

Hi, please if you can help me, I solve the ntp issue, but at the end, when I think it will work, I have this issue and the router drop all my network

Nov 7 23:11:24 Central daemon.notice openvpn[1028]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.21.26.1

Nov 7 23:11:24 Central daemon.notice openvpn[1028]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.21.26.1

Nov 7 23:11:24 Central daemon.warn openvpn[1028]: WARNING: Failed running command (—route-up): external program exited with error status: 2

Nov 7 23:11:24 Central daemon.notice openvpn[1028]: Initialization Sequence Completed

Nov 7 23:11:28 Central user.debug syslog: ttraff: data collection started

Thanks in advanced

[quote=»jxm»]Look at the date and time on your log file entries… Dec 31, 19:00. That is 1st January UTC with a time zone offset of 5 hours..

OpenVPN uses certificates for security, and certificate verification fails if the system time is not reasonably accurate. The second line in the log file tells the story…. the ipvanish certificate is not yet valid…. because the certificate date is years into the future when compared to the date on your router. You will never get OpenVPN to work until you get the time right on the router.

Log on to your router GUI and check the date and time in the right top corner of the window. If it is not correct, go to the Setup tab and delete everything from the the Server/IP Name field in the Time Settings. Save and Apply the settings and reboot your router. It should synchronize its time from the default NTP pool configured in the router defaults, and your VPN client should then work.

Cheers.[/quote]

Back to top

CCLAUDIO
DD-WRT Novice

Joined: 07 Nov 2018
Posts: 4

Posted: Thu Nov 08, 2018 5:00 Post subject:
[quote=»jxm»]If you go to the Status / VPN tab, do you see the VPN Client log? If so, post that. Cheers[/quote] There’s nothing on status vpn, The lines are blanks, the errors I can see are on the syslog

Back to top

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11273
Location: Netherlands

Posted: Thu Nov 08, 2018 18:44 Post subject:

Are you using the IPVanish script frome here: http://files.ipvanish.com/OpenVPN_Script.txt

to setup ?

_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.

Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399

Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Back to top

CCLAUDIO
DD-WRT Novice

Joined: 07 Nov 2018
Posts: 4

Posted: Fri Nov 09, 2018 2:46 Post subject:
[quote=»egc»]Are you using the IPVanish script frome here: http://files.ipvanish.com/OpenVPN_Script.txt to setup ?[/quote] Nop Im using this guide https://support.ipvanish.com/hc/en-us/articles/115002080733-DD-WRT-v3-Router-Setup

Back to top

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11273
Location: Netherlands

Posted: Sat Nov 10, 2018 9:13 Post subject:

Besides posting the things @jxm asked for, also let us know your router model and build.

The error you are seeing:

Code:

Failed running command (—route-up): external program exited with error status: 2

can be seen if the route-up script was created externally, but that is not the case it is created by DDWWRT, so really weird.

Note: the IPVanish guide you are using, seems OK for a recent build

_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.

Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399

Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Back to top

hebeda
DD-WRT User

Joined: 18 Sep 2006
Posts: 435
Location: Leipzig, Germany

Posted: Sat Nov 10, 2018 15:05 Post subject:

copy&paste from here:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=307531&postdays=0&postorder=asc&start=15

Server IP/Name: (pick your server)

Port: 1194 (or you can use 443)

Tunnel Device: UDP (or you can use TCP)

Encryption Cipher: AES-256-CBC

Hash Algorithm: SHA256

Username: (your username)

Passsword: (your password)

Advanced Options: Enable

TLS Cipher: None

LZO Compression: Yes

NAT: Enable

Firewall Protection: Enable

IP Address: (leave blank)

Subnet Mask: (leave blank)

Tunnel MTU setting: 1500

Tunnel UDP Fragment: (leave blank)

Tunnel UDP MSS-Fix: Disable

nsCertType verification: (leave unchecked)

Additional Config (add the below code in the box)

remote-cert-tls server

tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA

persist-remote-ip

keysize 256

CA Cert (get it from IPVanish’s Website when you log in)

Now Save then Apply and Done.

its all working perfect with the builds +2017 on any device which is openvpn capable

Back to top

Display posts from previous:

Page 1 of 1

Источник