Hi,
I have tried to have a connexion betweem a Flexy and a OpenVPN server on a router NetGear R7000 and another test with a DS+713 Synologie. The OpenVPN server is already configured.
AES-256-CBC and SHA256. No success to connect. I saw in the log of the Flexy, that the Flexy seems to be BF-CBC and SHA1. Warning on ‘link-mtu’ and ‘keysize’. Not compatible ? These parameters on Flexy seems not changeable. I have a customer he tried to do a connexion with a Cisco. No succes for the moment. Do you have a procedure to connect a Flexy on a router Cisco ? I did not find all the parameters that the Flexy uses for the OpenVPN, what are exactly the possibilities ? Encryption or authenfication, SHA256 or other ? Do you add more possibilities for a next firmware ? ( I would like to send all the informations and possibilities for our customer) Thank you ! Rémi
You can definitely use AES-256-CBC and SHA256 on the VPN server. Did you create a custom .ovpn file for the eWON? You will need to create an ovpn file and store it on the eWON. You will additionally need to store the certs and keys on the eWON as well.
Is that how you configured it?
Hi Jordan,
Ok nice. Yes, I have a .ovpn file from the router. How I use it with the Flexy ? I just enter manually the right port, ‘TUN’ and the ‘ca’ key in the field. The information in the .ovpn file… It seems that I don’t need the key and certificate for the ‘user’. Only the certificat CA. Thank you,
Did you receive my another ‘Reply’?
For a test, I change to SHA1 and BF-CBC…
Message :
AUTH: Received AUTH_FAILED control message
SIGTERM[soft,auth-failure] received, process exiting
Thank you,
You will need the ca certificate, client certificate and then client key file. All three files should be generated by your server. You would then need to put them into the usr directory of the eWON with the client.ovpn file. Below is an example of a working client.ovpn file.
client
dev tun
proto tcp
remote myvpnserver.com
port 8080
resolv-retry infinite
nobind
persist-key
persist-tun
keepalive 10 60
comp-lzo
verb 1
ca "ca.crt"
cert "client.crt"
key "client.key"
Finally, after updating or adding all of that you will need to tell your eWON to use a custom vpn file. You can use the file below to update the pertinent field however you will need to rename the client.ovpn to whatever your .ovpn file is named.
COMCFG VPN Update: comcfg.txt (29 Bytes)
Hi Jordan,
hooo I think that it works 
I have an IP. Good !
Definitly, use the file .ovpn is better.
I am continuing my tests next week.
I would like to know which parameters the Ewon can connect. SHA 512… SHA256… blabla
Do you have a list for all the parameters ?
Thank you !
Rémi
Excellent news!
Let me get ahold of the complete list and I will reply to this topic with that information.
Hi Jordan,
I have changed the parameters of the VPN to AES-256-CBC and SHA256. I have some errors.
I have changed the .ovpn file and the ca file on the Flexy.
Can you explain ? What we do now ?
WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1542’, remote=‘link-mtu 1570’
WARNING: ‘cipher’ is used inconsistently, local=‘cipher BF-CBC’, remote=‘cipher AES-256-CBC’
WARNING: ‘auth’ is used inconsistently, local=‘auth SHA1’, remote=‘auth SHA256’
WARNING: ‘keysize’ is used inconsistently, local=‘keysize 128’, remote=‘keysize 256’
Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.9)
TUN/TAP device tun0 opened
ifconfig tun0 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
/opt/ewon/bin/openvpn/ovpn-up tun0 1500 1542 10.8.0.10 10.8.0.9 init
Initialization Sequence Completed
Authenticate/Decrypt packet error: packet HMAC authentication failed
Thank you !
Can you please upload your client file so I can take a look at it? I will ensure it is kept private.
Hi Jordan, OK
Can you please update your comcfg.txt file with this one? I believe there was a typo on my end. Please ensure to confirm the vpncfg file name is accurate.
comcfg.txt (31 Bytes)
Hi Jordan,
One error :
Options error: You must define TUN/TAP device (–dev)
I use ‘TUN’ …
Thank you
Hi Jordan,
yes, first line. I send you the file ON the flexy, usr folder.
In the comcfg IN the Flexy :
CBDDnsPass:#1//8=
VPNCfgFile:/usr/VPNConfig.ovpn¶
VPNP2PIpMode:0
Thank you,
That is quite strange. Can you try forcing TUN from the VPN configuration settings inside of the Flexy UI?
Hi Jordan,
Yes I tried.
I found the problem, it was this character in your file => ¶
“VPNCfgFile:/usr/VPNConfig.ovpn¶”
I fix it, now I have this error :
Options error: Unrecognized option or missing parameter(s) in /var/run/OpenVPN-GgJFJu:16: script-security (2.0.9)
Thank you,
Can you remove the line labeled: script-security 2 from your client ovpn file? That parameter is unsupported here.
Hi Jordan,
I deleted this line.
New error :
Options error: Unrecognized option or missing parameter(s) in /var/run/OpenVPN-uaz4mI:28: (2.0.9)
It is the line of :
I tried to delete… no succes.
humm
Would you be able to provide me a Teamviewer connection to review your configuration? If this was previously working something has changed in your client.ovpn file.