Zyxel Armor G5 - OpenVPN client doesn't work
insy
Posts: 1
I have a .ovpn file with all needed settings which normally works when I connect via Tunnelblick on my laptop.
On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.
Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?
Here is my .ovpn settings:
On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.
Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?
Here is my .ovpn settings:
dev tun
proto udp
remote *** 20000
remote *** 20000
connect-timeout 10
client
nobind
tls-client
remote-cert-tls server
ping 10
ping-restart 60
ping-timer-rem
persist-key
persist-tun
verb 1
script-security 2
route-delay 5
auth-user-pass
auth-nocache
<ca>
***
</ca>
<cert>
***
</cert>
<key>
***
</key>
0
All Replies
-
Hello @insy
There is some information in the user guide at ftp://ftp.zyxel.com/ARMOR_G5_(NBG7815)/user_guide/ARMOR%20G5%20(NBG7815)_v1.0%20ed2.pdf that might be useful.
Looking at my OpenVPN book from 2006 by Markus Feilner, and its tips on debugging, I guess that you are wanting the Armor G5 to be the OpenVPN client?
Thinking of the basics, can your Armor G5 ping and route to the OpenVPN server you are trying to connect to?
If yes, then is the Armor G5 set-up to initialise the tunnel when you connect from a particular LAN interface, see section 8.3.3 and figure 29 of the user guide?
- the OpenVPN tunnel probably only comes up on demand when some host is connecting through the Armor G5 so that the Armor G5 thinks that the tunnel needs to come up.
Can you get a Wireshark or tcpdump trace of the OpenVPN connection to see if it is trying to make a connection to the OpenVPN server or not?
Can you get a Wireshark or tcpdump of your OpenVPN connection using tunnelblick to compare against?
Are you able to get a log file on the OpenVPN server you are trying to connect to, in order to see if the Armor G5 is trying to make a connection or not?
I hope that this is helpful.
Kind regards,
Tony0 -
insy said:I have a .ovpn file with all needed settings which normally works when I connect via Tunnelblick on my laptop.
On the OpenVPN Client page I added a new rule with my username, password and this .ovpn file and tried to connect, but it doesn't work - there are no any IP in Connected IP column.
I tried to find a way to debug this problem, but there are no any logs or other information on the GUI pages.
Is there any way to debug this problem? And Maybe I need to adopt my .ovpn file?
Here is my .ovpn settings:dev tunproto udpremote *** 20000remote *** 20000connect-timeout 10clientnobindtls-clientremote-cert-tls serverping 10ping-restart 60ping-timer-rempersist-keypersist-tunverb 1script-security 2route-delay 5auth-user-passauth-nocache<ca>***</ca><cert>***</cert><key>***</key>
proto udp
remote 6179
resolv-retry infinite
nobind
dev tun
persist-key
persist-tun
topology subnet
auth-nocache
auth SHA256
auth-nocache
cipher AES-256-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
remote-cert-tls server
fast-io
mssfix 1390
#txqueuelen 1000
sndbuf 1048576
rcvbuf 1048576
keepalive 10 20
verb 4
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Signature Algorithm: sha256WithRSAEncryption
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
0 -
What is the target OpenVPN server? Is it another Armor device?0
-
A have the same problem. OpenVPN client doesn't work. And I cannot understand anything, because no logs at all
0 -
Do you mean your G5 set as the server, however, the clients cannot build up an open VPN tunnel.
If you set G5 as an Open VPN server, need to add a user account first and you can export the file and import .ovpn file on your mobile.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight