Zyxel Armor G5 - OpenVPN client doesn't work

insy
insy Posts: 1
edited July 12 in Home Router
I have a .ovpn file with all needed settings which normally works when I connect via Tunnelblick on my laptop.
On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.

Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?

Here is my .ovpn settings:
dev tun
proto udp
remote *** 20000
remote *** 20000
connect-timeout 10
client
nobind
tls-client
remote-cert-tls server
ping 10
ping-restart 60
ping-timer-rem
persist-key
persist-tun
verb 1
script-security 2
route-delay 5
auth-user-pass
auth-nocache
<ca>
***
</ca>
<cert>
***
</cert>
<key>
***
</key>

All Replies

  • tonygibbs16
    tonygibbs16 Posts: 255  Master Member
    edited July 13
    Hello @insy

    There is some information in the user guide at ftp://ftp.zyxel.com/ARMOR_G5_(NBG7815)/user_guide/ARMOR%20G5%20(NBG7815)_v1.0%20ed2.pdf that might be useful.

    Looking at my OpenVPN book from 2006 by Markus Feilner, and its tips on debugging, I guess that you are wanting the Armor G5 to be the OpenVPN client?

    Thinking of the basics, can your Armor G5 ping and route to the OpenVPN server you are trying to connect to?

    If yes, then is the Armor G5 set-up to initialise the tunnel when you connect from a particular LAN interface, see section 8.3.3 and figure 29 of the user guide?
        - the OpenVPN tunnel probably only comes up on demand when some host is connecting through the Armor G5 so that the Armor G5 thinks that the tunnel needs to come up.

    Can you get a Wireshark or tcpdump trace of the OpenVPN connection to see if it is trying to make a connection to the OpenVPN server or not?

    Can you get a Wireshark or tcpdump of your OpenVPN connection using tunnelblick to compare against?

    Are you able to get a log file on the OpenVPN server you are trying to connect to, in order to see if the Armor G5 is trying to make a connection or not?

    I hope that this is helpful.

    Kind regards,
         Tony
  • Scorpione
    Scorpione Posts: 31  Freshman Member
    insy said:
    I have a .ovpn file with all needed settings which normally works when I connect via Tunnelblick on my laptop.
    On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
    I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.

    Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?

    Here is my .ovpn settings:
    dev tun
    proto udp
    remote *** 20000
    remote *** 20000
    connect-timeout 10
    client
    nobind
    tls-client
    remote-cert-tls server
    ping 10
    ping-restart 60
    ping-timer-rem
    persist-key
    persist-tun
    verb 1
    script-security 2
    route-delay 5
    auth-user-pass
    auth-nocache
    <ca>
    ***
    </ca>
    <cert>
    ***
    </cert>
    <key>
    ***
    </key>
    client

    proto udp
    remote  6179
    resolv-retry infinite
    nobind

    dev tun

    persist-key
    persist-tun

    topology subnet

    auth-nocache

    auth SHA256
    auth-nocache
    cipher AES-256-CBC

    tls-client
    tls-version-min 1.2
    tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

    remote-cert-tls server

    fast-io
    mssfix 1390
    #txqueuelen 1000

    sndbuf 1048576
    rcvbuf 1048576

    keepalive 10 20

    verb 4

    <ca>
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    </ca>

    <cert>
    Certificate:
        
        Signature Algorithm: sha256WithRSAEncryption
     
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN PRIVATE KEY-----

    -----END PRIVATE KEY-----
    </key>
  • Podo
    Podo Posts: 18  Freshman Member
    What is the target OpenVPN server? Is it another Armor device?