Zyxel Armor G5 - OpenVPN client doesn't work

insy
insy Posts: 1
edited July 2021 in Home Router
I have a .ovpn file with all needed settings which normally works when I connect via Tunnelblick on my laptop.
On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.

Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?

Here is my .ovpn settings:
dev tun
proto udp
remote *** 20000
remote *** 20000
connect-timeout 10
client
nobind
tls-client
remote-cert-tls server
ping 10
ping-restart 60
ping-timer-rem
persist-key
persist-tun
verb 1
script-security 2
route-delay 5
auth-user-pass
auth-nocache
<ca>
***
</ca>
<cert>
***
</cert>
<key>
***
</key>

All Replies

  • tonygibbs16
    tonygibbs16 Posts: 950  Guru Member
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited July 2021
    Hello @insy

    There is some information in the user guide at ftp://ftp.zyxel.com/ARMOR_G5_(NBG7815)/user_guide/ARMOR%20G5%20(NBG7815)_v1.0%20ed2.pdf that might be useful.

    Looking at my OpenVPN book from 2006 by Markus Feilner, and its tips on debugging, I guess that you are wanting the Armor G5 to be the OpenVPN client?

    Thinking of the basics, can your Armor G5 ping and route to the OpenVPN server you are trying to connect to?

    If yes, then is the Armor G5 set-up to initialise the tunnel when you connect from a particular LAN interface, see section 8.3.3 and figure 29 of the user guide?
        - the OpenVPN tunnel probably only comes up on demand when some host is connecting through the Armor G5 so that the Armor G5 thinks that the tunnel needs to come up.

    Can you get a Wireshark or tcpdump trace of the OpenVPN connection to see if it is trying to make a connection to the OpenVPN server or not?

    Can you get a Wireshark or tcpdump of your OpenVPN connection using tunnelblick to compare against?

    Are you able to get a log file on the OpenVPN server you are trying to connect to, in order to see if the Armor G5 is trying to make a connection or not?

    I hope that this is helpful.

    Kind regards,
         Tony
  • Scorpione
    Scorpione Posts: 34  Freshman Member
    First Comment Friend Collector Second Anniversary
    insy said:
    I have a .ovpn file with all needed settings which normally works when I connect via Tunnelblick on my laptop.
    On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
    I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.

    Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?

    Here is my .ovpn settings:
    dev tun
    proto udp
    remote *** 20000
    remote *** 20000
    connect-timeout 10
    client
    nobind
    tls-client
    remote-cert-tls server
    ping 10
    ping-restart 60
    ping-timer-rem
    persist-key
    persist-tun
    verb 1
    script-security 2
    route-delay 5
    auth-user-pass
    auth-nocache
    <ca>
    ***
    </ca>
    <cert>
    ***
    </cert>
    <key>
    ***
    </key>
    client

    proto udp
    remote  6179
    resolv-retry infinite
    nobind

    dev tun

    persist-key
    persist-tun

    topology subnet

    auth-nocache

    auth SHA256
    auth-nocache
    cipher AES-256-CBC

    tls-client
    tls-version-min 1.2
    tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

    remote-cert-tls server

    fast-io
    mssfix 1390
    #txqueuelen 1000

    sndbuf 1048576
    rcvbuf 1048576

    keepalive 10 20

    verb 4

    <ca>
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    </ca>

    <cert>
    Certificate:
        
        Signature Algorithm: sha256WithRSAEncryption
     
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN PRIVATE KEY-----

    -----END PRIVATE KEY-----
    </key>
  • Podo
    Podo Posts: 28  Freshman Member
    What is the target OpenVPN server? Is it another Armor device?
  • lked
    lked Posts: 1
    First Anniversary
    A have the same problem. OpenVPN client doesn't work. And I cannot understand anything, because no logs at all :(
  • okimarukas
    okimarukas Posts: 92  Ally Member
    First Answer First Comment Friend Collector Second Anniversary
    edited August 2022
    Do you mean your G5 set as the server, however, the clients cannot build up an open VPN tunnel.
    If you set G5 as an Open VPN server, need to add a user account first and you can export the file and import .ovpn file on your mobile.

Consumer Product Help Center