DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
OpenVPN LAN-LAN 2927lac fw 4.2.2
- krykngt
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
26 Jan 2021 16:42 #98295
by krykngt
OpenVPN LAN-LAN 2927lac fw 4.2.2 was created by krykngt
I have been using various routers at home over the years to connect to the office as a home worker using OpenVPN. I recently purchased the 2927lac which fitted nicely as I live in a rural location with poor DSL service, but good 4G/LTE from EE and Vodafone.
But, when I tried to set up the OpenVPN to the office, the problems started.
First, importing the .ovpn file threw a load of problems with an odd "HTTP Content Error. Try again!!!!!!!!!!" message, which was not all that helpful. After finally getting the file to load, and sorting out the issues with the certs and keys being correct, I uncovered a few more gotchas.
The tls-auth issue is awkward, as the 2927 seems to simply ignore the lines in the imported ovpn file related to tls-auth other than the key itself. Turning tls-auth off on the 2927 duly fails the VPN so I must assume it is authenticating correctly. The syslog gives no hints as to what is happening, and seems to ignore the "verb 4" setting in the ovpn file.
The ciphers issue is ok for me, as I managed to get the office peeps to change the ciphers as BF_CBC is not flavour of the month at the moment. But I do think the Draytek OpenVPN should support it for those that want to use exiting OpenVPN servers which have existed for some years, and which we do not have control of.
The "pull" routes failure is fairly catastrophic as it means we have to put each route into the 2927 LAN-LAN profile manually. This means each time a route changes at the office network or routes within the corporate network, the 2927 LAN-LAN config has to be changed.
The syslog problems are also an issue as it makes it very difficult to work out what is going on. It seems to be either working or broken, with very little indication of what is actually going wrong.
The issue with the syslog saying simply " 2021-01-26 15:51:09 OpenVPN (VPN-0, x.x.x.x) Remote option is not matched" isn't all that helpful! I've been through every option I can think of and cannot fathom out which one(s) it is or whether they are missing, mismatched or missing from the server.
Please have a think about the next version of firmware and how this can be made more useable.
But, when I tried to set up the OpenVPN to the office, the problems started.
First, importing the .ovpn file threw a load of problems with an odd "HTTP Content Error. Try again!!!!!!!!!!" message, which was not all that helpful. After finally getting the file to load, and sorting out the issues with the certs and keys being correct, I uncovered a few more gotchas.
The tls-auth issue is awkward, as the 2927 seems to simply ignore the lines in the imported ovpn file related to tls-auth other than the key itself. Turning tls-auth off on the 2927 duly fails the VPN so I must assume it is authenticating correctly. The syslog gives no hints as to what is happening, and seems to ignore the "verb 4" setting in the ovpn file.
The ciphers issue is ok for me, as I managed to get the office peeps to change the ciphers as BF_CBC is not flavour of the month at the moment. But I do think the Draytek OpenVPN should support it for those that want to use exiting OpenVPN servers which have existed for some years, and which we do not have control of.
The "pull" routes failure is fairly catastrophic as it means we have to put each route into the 2927 LAN-LAN profile manually. This means each time a route changes at the office network or routes within the corporate network, the 2927 LAN-LAN config has to be changed.
The syslog problems are also an issue as it makes it very difficult to work out what is going on. It seems to be either working or broken, with very little indication of what is actually going wrong.
The issue with the syslog saying simply " 2021-01-26 15:51:09 OpenVPN (VPN-0, x.x.x.x) Remote option is not matched" isn't all that helpful! I've been through every option I can think of and cannot fathom out which one(s) it is or whether they are missing, mismatched or missing from the server.
Please have a think about the next version of firmware and how this can be made more useable.
Please Log in or Create an account to join the conversation.
- lightpathit
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
19 Mar 2021 18:00 #98838
by lightpathit
Replied by lightpathit on topic Re: OpenVPN LAN-LAN 2927lac fw 4.2.2
Hi krykngt,
We get the same HTTP Content Error. Try again!!!!" message when trying to import an .ovpn file. It's great to see that your message is the one reference on the entire internet to the issue!
How were you able to import the tls-auth key? There does not seem to be any other way than with the ovpn file or do you mean that eventually it will work? I've tried about 50 times.
Thanks for any help you can give, seems nothing from DrayTek and it has been almost 2 months.
Steve
We get the same HTTP Content Error. Try again!!!!" message when trying to import an .ovpn file. It's great to see that your message is the one reference on the entire internet to the issue!
How were you able to import the tls-auth key? There does not seem to be any other way than with the ovpn file or do you mean that eventually it will work? I've tried about 50 times.
Thanks for any help you can give, seems nothing from DrayTek and it has been almost 2 months.
Steve
Please Log in or Create an account to join the conversation.
- arundalep
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
31 Mar 2021 09:44 #98979
by arundalep
Replied by arundalep on topic Re: OpenVPN LAN-LAN 2927lac fw 4.2.2
I have just purchased a Vigor 2865 for use with an OpenVPN cloud tunnel. I have the newest firmware and get the same http error message most of the time but when it does import it doesn’t support TLS auth.
It seems the OpenVPN support is flakey at best.
Is there anyone from Draytek prepared to respond with a solution before I return the router?
It seems the OpenVPN support is flakey at best.
Is there anyone from Draytek prepared to respond with a solution before I return the router?
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
31 Mar 2021 13:06 #98985
by hornbyp
Replied by hornbyp on topic Re: OpenVPN LAN-LAN 2927lac fw 4.2.2
Please Log in or Create an account to join the conversation.
- arundalep
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
29 Mar 2023 22:00 #102358
by arundalep
Replied by arundalep on topic Re: OpenVPN LAN-LAN 2927lac fw 4.2.2
2 years later, numerous support tickets and FW 4.4.2 finally fixed this issue!
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek