Hi, I am also trying to connect to vyprvpn through openvpn using a Netgear WRN3500L v2 router with tomato-Netgear-3500Lv2-K26USB-1.28.RT-N5x--121-VPN firmware (http://tomato.groov.pl/download/K26RT-N/build5x-121-EN/Netgear%20WNR3500...). I have tried everything I could think of and still can't get it to work. Can anyone still connect to vypervpn through openvpn using Tomato?
Log:
Jul 17 17:17:53 unknown daemon.notice openvpn[1200]: OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 8 2014 Jul 17 17:17:53 unknown daemon.notice openvpn[1200]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06 Jul 17 17:17:53 unknown daemon.warn openvpn[1200]: WARNING: file '/tmp/openvpn-client1-userpass.conf' is group or others accessible Jul 17 17:17:53 unknown daemon.warn openvpn[1200]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 17 17:17:53 unknown daemon.err openvpn[1200]: Cannot load CA certificate file ca.crt (no entries were read) (OpenSSL) Jul 17 17:17:53 unknown daemon.notice openvpn[1200]: Exiting due to fatal error Jul 17 17:18:56 unknown daemon.notice openvpn[1227]: OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 8 2014 Jul 17 17:18:56 unknown daemon.notice openvpn[1227]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06 Jul 17 17:18:56 unknown daemon.warn openvpn[1227]: WARNING: file '/tmp/openvpn-client1-userpass.conf' is group or others accessible Jul 17 17:18:56 unknown daemon.warn openvpn[1227]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 17 17:18:56 unknown daemon.err openvpn[1227]: Cannot load CA certificate file ca.crt (no entries were read) (OpenSSL) Jul 17 17:18:56 unknown daemon.notice openvpn[1227]: Exiting due to fatal error
when i submit the command
cat /tmp/etc/openvpn/client1/ca.crt
in the telnet client, I get exactly whatever I typed into the web GUI's "Certificate Authority" field and saved before attempting to "Start now". I don't understand why the router can't find a file it made itself using what I typed into the web GUI.
I checked the remaining nvram using "nvram show": 23388 bytes used, 9380 bytes free. I don't know why I have so little remaining nvram, but is this causing the problem?
According to the openssl site, "The operation failed because CAfile and CApath are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason." But I have no idea how to check the error stack.
This stuff is over my head, so thanks so much for reading and for any advice!
Ok, so I updated the config.ovpn file at /tmp/etc/openvpn/client1 using the "Custom Configuration" form in the web GUI with the line "ca /tmp/etc/openvpn/client1" just to make sure the lack of a full path was not causing the problem, and the new path is reflected in the error log:
Jul 17 17:40:00 unknown daemon.err openvpn[1377]: Cannot load CA certificate file /tmp/etc/openvpn/client1/ca.crt (no entries were read) (OpenSSL)
So it's attempting to read the file. I don't know how to check if the file is getting read. I assume there is a problem with the certificate I'm pasting in the web GUI. I was careful to paste excatly what was given on VYPRVPN's website at https://www.goldenfrog.com/support/vyprvpn/vpn-setup/dd-wrt/openvpn, which is embedded in the middle of init code meant for dd-wrt. I did not copy the single quotes before and after the hyphens. I made sure to get all the hyphens before BEGIN CERTIFICATE and after END CERTIFICATE. Before I pasted the certificate into the Certificate Authority web GUI textbox, I pressed delete many times and then backspace many times after clicking in the textbox to make sure there were not spaces or linebreaks, etc.
Also, to anyone who takes the trouble to try to help me, if you would private message me your paypal email, I'd be happy to donate to you to at least somewhat compensate you for going to the trouble of trying to help me with this. Not only does it help me in connecting to a VPN the way I prefer to without having to buy another router--it is quite an educational experience for me, so I'd be glad to provide some value in return in monetary form!
PS: I just learned that the CA is supposed to have a return after -----BEGIN CERTIFICATE-----, before -----END CERTIFICATE-----, and after every 64 characters in between. For some reason the one embeded in the code on vyprvpn's website has spaces instead. So I went back and changed it in notepad so that I had the following:
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIJANd2Uwt7SabsMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
VQQGEwJLWTEUMBIGA1UECBMLR3JhbmRDYXltYW4xEzARBgNVBAcTCkdlb3JnZVRv
d24xFzAVBgNVBAoTDkdvbGRlbkZyb2ctSW5jMRowGAYDVQQDExFHb2xkZW5Gcm9n
LUluYyBDQTEjMCEGCSqGSIb3DQEJARYUYWRtaW5AZ29sZGVuZnJvZy5jb20wHhcN
MTAwNDA5MjExOTIxWhcNMjAwNDA2MjExOTIxWjCBkjELMAkGA1UEBhMCS1kxFDAS
BgNVBAgTC0dyYW5kQ2F5bWFuMRMwEQYDVQQHEwpHZW9yZ2VUb3duMRcwFQYDVQQK
Ew5Hb2xkZW5Gcm9nLUluYzEaMBgGA1UEAxMRR29sZGVuRnJvZy1JbmMgQ0ExIzAh
BgkqhkiG9w0BCQEWFGFkbWluQGdvbGRlbmZyb2cuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA37JesfCwOj69el0AmqwXyiUJ2Bm+q0+eR9hYZEk7
pVoj5dF9RrKirZyCM/9zEvON5z4pZMYjhpzrq6eiLu3j1xV6lX73Hg0dcflweM5i
qxFAHCwEFIiMpPwOgLV399sfHCuda11boIPE4SRooxUPEju908AGg/i+egntvvR2
d7pnZl2SCJ1sxlbeAAkYjX6EXmIBFyJdmry1y05BtpdTgPmTlJ0cMj7DlU+2gehP
ss/q6YYRAhrKtlZwxeunc+RD04ieah+boYU0CBZinK2ERRuAjx3hbCE4b0S6eizr
QmSuGFNu6Ghx+E1xasyl1Tz/fHgHl3P93Jf0tFov7uuygQIDAQABo4H6MIH3MB0G
A1UdDgQWBBTh9HiMh5RnRVIt/ktXddiGkDkXBTCBxwYDVR0jBIG/MIG8gBTh9HiM
h5RnRVIt/ktXddiGkDkXBaGBmKSBlTCBkjELMAkGA1UEBhMCS1kxFDASBgNVBAgT
C0dyYW5kQ2F5bWFuMRMwEQYDVQQHEwpHZW9yZ2VUb3duMRcwFQYDVQQKEw5Hb2xk
ZW5Gcm9nLUluYzEaMBgGA1UEAxMRR29sZGVuRnJvZy1JbmMgQ0ExIzAhBgkqhkiG
9w0BCQEWFGFkbWluQGdvbGRlbmZyb2cuY29tggkA13ZTC3tJpuwwDAYDVR0TBAUw
AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAwihrN0QNE19RRvGywBvsYDmzmM5G8ta5
8yB+02Mzbm0KuVxnPJaoVy4L4WocAnqLeKfmpYWUid1MPwDPtwtQ00U7QmRBRNLU
hS6Bth1wXtuDvkRoHgymSvg1+wonJNpv/VquNgwt7XbC9oOjVEd9lbUd+ttxzboI
8P1ci6+I861PylA0DOv9j5bbn1oE0hP8wDv3bTklEa612zzEVnnfgw+ErVnkrnk8
8fTiv6NZtHgUOllMq7ymlV7ut+BPp20rjBdOCNn2Q7dNCKIkI45qkwHtXjzFXIxz
Gq3tLVeC54g7XZIc7X0S9avgAE7h9SuRYmsSzvLTtiP1obMCHB5ebQ==
-----END CERTIFICATE-----
Now when I try to connect, it works for a little bit longer after i press the "Start Now" button than before but still refuses to connect. But now the error log has the line "Cannot load CA certificate file /tmp/etc/openvpn/client1/ca.crt (no entries were read): error:0906D064:lib(9):func(109):reason(100)"
And now it works. That was the problem.
Recent comments