OpenVPN (ProtonVPN) Running But Not Functioning

Topics related to VPN's
Forum rules
Use the SEARCH function for related issues PRIOR to posting for assistance.
Post Reply
fmjnax
Posts: 1
Joined: Fri Aug 28, 2020 8:09 am
Has thanked: 0
Been thanked: 0

OpenVPN (ProtonVPN) Running But Not Functioning

Post by fmjnax »

I have a WE826-T2 with an MC7455. I am using WiFiX-WE826GO with GoldenOrb_2020-05-16. I am feeding this to a TP-Link Archer C3150 (though I am hard-wired to the 826 for debugging/setup purposes).

I have set up the OpenVPN, using ProtonVPN built-in, service and have it started successfully. The system log looks ok as far as I can tell (posted below). However, I get no IP change on the client. The client still has internet but it still uses my ISP IP and not the VPN IP (thus I am not behind the VPN).

I am still learning the ins-and-outs of networking with this router setup so maybe I'm just missing something? Any thoughts or ideas?

Code: Select all

Fri Aug 28 08:14:34 2020 daemon.err uhttpd[1770]: uci: Entry not found
Fri Aug 28 08:14:34 2020 user.notice OpenVPN : : Add Instance ProtonVPN /var/etc openvpn-ProtonVPN.conf
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.187.175.145:1194
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: UDP link local: (not bound)
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: UDP link remote: [AF_INET]89.187.175.145:1194
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: TLS: Initial packet from [AF_INET]89.187.175.145:1194, sid=fdb93db2 b680b740
Fri Aug 28 08:14:34 2020 daemon.warn openvpn(ProtonVPN)[29090]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Fri Aug 28 08:14:34 2020 daemon.notice openvpn(ProtonVPN)[29090]: VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: VERIFY KU OK
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: Validating certificate extended key usage
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: VERIFY EKU OK
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: VERIFY OK: depth=0, CN=us-tx-10.protonvpn.com
Fri Aug 28 08:14:35 2020 daemon.warn openvpn(ProtonVPN)[29090]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1634'
Fri Aug 28 08:14:35 2020 daemon.warn openvpn(ProtonVPN)[29090]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Aug 28 08:14:35 2020 daemon.notice openvpn(ProtonVPN)[29090]: [us-tx-10.protonvpn.com] Peer Connection Initiated with [AF_INET]89.187.175.145:1194
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: SENT CONTROL [us-tx-10.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.20.0.1,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.20.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.20.0.2 255.255.0.0,peer-id 262145,cipher AES-256-GCM'
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: timers and/or timeouts modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: explicit notify parm(s) modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: compression parms modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: --ifconfig/up options modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: route options modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: route-related options modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: peer-id set
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: adjusting link_mtu to 1625
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: OPTIONS IMPORT: data channel crypto options modified
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Aug 28 08:14:36 2020 daemon.notice netifd: Interface 'VPN' is enabled
Fri Aug 28 08:14:36 2020 daemon.notice netifd: Network device 'tun0' link is up
Fri Aug 28 08:14:36 2020 daemon.notice netifd: Interface 'VPN' has link connectivity
Fri Aug 28 08:14:36 2020 daemon.notice netifd: Interface 'VPN' is setting up now
Fri Aug 28 08:14:36 2020 daemon.notice openvpn(ProtonVPN)[29090]: TUN/TAP device tun0 opened
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: TUN/TAP TX queue length set to 100
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Aug 28 08:14:37 2020 daemon.notice netifd: Interface 'VPN' is now up
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: /sbin/ifconfig tun0 10.20.0.2 netmask 255.255.0.0 mtu 1500 broadcast 10.20.255.255
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: /sbin/route add -net 89.187.175.145 netmask 255.255.255.255 gw 25.94.15.10
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.20.0.1
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.20.0.1
Fri Aug 28 08:14:37 2020 daemon.notice openvpn(ProtonVPN)[29090]: Initialization Sequence Completed
Fri Aug 28 08:14:37 2020 user.notice URL-DEBUG: hotplug (iface): action='ifup' interface='VPN'
Fri Aug 28 08:14:39 2020 user.notice firewall: Reloading firewall due to ifup of VPN (tun0)
consciencecon
Posts: 5
Joined: Wed Jan 16, 2019 1:09 pm
Has thanked: 3 times
Been thanked: 1 time

Re: OpenVPN (ProtonVPN) Running But Not Functioning

Post by consciencecon »

Im having the same issue. Did you find an answer? I can manually add the interface IP and routes but it doesnt make a difference. I see the the same as you in my logs, but afterwards I see (pasted below) and then after that the VPN interface comes back online, but the interface Ip and routes are not there.

Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Invalid argument
Thu Oct 1 16:12:41 2020 daemon.err uhttpd[766]: uci: Entry not found
Thu Oct 1 16:12:41 2020 daemon.notice netifd: Interface 'VPN' is now down
Thu Oct 1 16:12:41 2020 daemon.notice netifd: Interface 'VPN' is disabled
Thu Oct 1 16:12:41 2020 daemon.err openvpn(ProtonFree3)[1172]: write to TUN/TAP : I/O error (code=5)
Thu Oct 1 16:12:41 2020 daemon.err openvpn(ProtonFree3)[1172]: write to TUN/TAP : I/O error (code=5)
Thu Oct 1 16:12:41 2020 daemon.notice netifd: Network device 'tun0' link is down
Thu Oct 1 16:12:41 2020 daemon.notice netifd: Interface 'VPN' has link connectivity loss
User avatar
terryjett
Posts: 404
Joined: Tue Sep 24, 2019 10:42 pm
Location: Far Side
Has thanked: 104 times
Been thanked: 91 times
Contact:

Re: OpenVPN (ProtonVPN) Running But Not Functioning

Post by terryjett »

Exact same issue and cannot find info on solving?

Used the downloaded config file from protonvps and all seems setup.

Seems like the issue may be "Network device 'tun0". Not sure what interface to choose for the we826?
xdavidx
Posts: 303
Joined: Tue May 28, 2019 4:04 pm
Has thanked: 24 times
Been thanked: 14 times

Re: OpenVPN (ProtonVPN) Running But Not Functioning

Post by xdavidx »

In case anyone else ends up at this thread, I was facing what I think is the same issue. I was trying to get expresspvn working in client mode on:

Hostname WiFiX
Model WE1326v5
Architecture MediaTek MT7621 ver:1 eco:3
Firmware Version GoldenOrb_2019-04-09
Kernel Version 4.14.63

I was able to use the ovpn file created by expressvpn and load it in the Services->OpenVPN screen after creating an instance line and editing it.

Image

I created a local file (on my pc) with the expressvpn username on the first line and password on the second line (this is the username and password generated by expressvpn, not the username and password used to log into the account). I used the Choose File option to load that file. After seeing the full path where it was placed, I edited my local ovpn file and changed the following line:

auth-user-pass /etc/luci-uploads/cbid.openvpn.ExpressVPN.auth_user_pass

I then saved and uploaded the ovpn file, again using the Choose File option for the config file.

I then hit the Save & Apply button.

Back on the OpenVPN list screen, I was then able to start the client connection successfully:

Image

This didn't allow my LAN traffic to be routed through the VPN tunnel, however. This can be checked by using one of the many sites that show you your IP address. In my case, expressvpn has their own page. It will show a red ip address if it isn't secure and green if it is. It will also show your ISP if it isn't secure (AT&T in my case), or the ExpressVPN location chosen for the config file if it is secure (https://www.expressvpn.com/what-is-my-ip).

I finally found that I needed to go to Network->Interfaces, pick my VPN interface (if you don't have one, you'll have to create one...I don't know if I created it in the past or if it was there by default). Edit that VPN interface entry. Go to the Firewall Settings tab and "Assign firewall-zone" from the default "VPN:" to "wan:". That has all the zones in it, by default.

Image

Save & Apply again.

I then went back into the Services->OpenVPN screen and stopped and started the VPN client connection. After this, my LAN machines were tunneled through the VPN.

One thing to note: I assumed this little router wouldn't be able to keep up past a certain speed, using the OpenVPN protocol. In my case, with this 2 core machine, I'm able to get up to around 10-11 Mbps download speed before the router load goes above 2 (2 cores), and the speed is capped. Without the VPN running, I was getting over 30 Mbps. You can see your router load in the Status->Realtime Graphs screen, in the Load tab:

Image

OpenVPN isn't a very efficient protocol. ExpressVPN doesn't support Wireguard (they have a proprietary lightweight protocol called Lightway). If you have wireguard available with your VPN, you'll get more network speed out of your router CPU using that. The version of GoldenOrb/WiFix I have doesn't have that option. I'd need to install some extra packages or install a new version of the firmware. I am only doing this to do some testing, so it is temporary, and I don't need full speed for my purposes.

Hope this helps someone!
David
You do not have the required permissions to view the files attached to this post.
User avatar
BillA
Posts: 1230
Joined: Sun Dec 01, 2019 6:46 pm
Location: USA
Has thanked: 219 times
Been thanked: 327 times
Contact:

Re: OpenVPN (ProtonVPN) Running But Not Functioning

Post by BillA »

xdavidx wrote: Tue Oct 17, 2023 6:22 pm In case anyone else ends up at this thread, I was facing what I think is the same issue. I was trying to get expresspvn working in client mode on:

Hostname WiFiX
Model WE1326v5
Architecture MediaTek MT7621 ver:1 eco:3
Firmware Version GoldenOrb_2019-04-09
Kernel Version 4.14.63

I was able to use the ovpn file created by expressvpn and load it in the Services->OpenVPN screen after creating an instance line and editing it.


The latest GoldenOrb firmware has WireGuard built in, making setup really easy.
Post Reply

Return to “VPN”