Unable to use OpenVPN on AirLink ES450

GX/ES, LS, RV, MP, MG and oMG series related topics

Unable to use OpenVPN on AirLink ES450

Postby bbronosky » Fri May 12, 2017 5:44 am

I have gotten everything set up to the point that AceManager > Status > VPN shows connected and /etc/openvpn/openvpn-status.log on my server show a connection. However, I can't get any traffic to go anywhere (public or private) with the VPN enabled. If I disable the VPN and reboot, I can reach the public web.

I would appreciate any suggestions. This is my first day of ownership of this thing and I have a deadline of Monday. Right now I'm tempted to return this thing and use a Raspberry Pi with an LTE USB dongle. That would take me all of 2 hours, but people like things to be "Enterprise".
bbronosky
 
Posts: 6
Joined: Mon May 08, 2017 1:31 pm
Has thanked: 0 time
Have thanks: 0 time

Re: Unable to use OpenVPN on AirLink ES450

Postby bbronosky » Fri May 19, 2017 4:26 pm

I discovered a combination of 2 problems:
1. The "VPN > VPN 1 > Advanced" section has these defaults:
tun-mtu 1500
fragment 1300
mssfix 1400

Unless you have specified fragment and mssfix on your OpenVPN server, you must change them to 0. If you change your server config to specify them, it will prevent everyone with existing ovpn configs from being able to send/receive packets even though they will be able to connect without errors.

2. I created a test docker container from https://hub.docker.com/r/kylemanna/openvpn/ However, because the ES450 includes the deprecated "ns-cert-type server" in their client config, I am unable to connect.

Luckily, my production VPN server is old and includes the "nsCertType=server" option in its certificate, so to connect I only had to set:
fragment 0
mssfix 0

It would have saved me 126 hours of work if only I could read the openvpn.conf file the client was using. Not having access to the underlying Linux on this device is unacceptable.
bbronosky
 
Posts: 6
Joined: Mon May 08, 2017 1:31 pm
Has thanked: 0 time
Have thanks: 0 time


Return to AirLink gateways and routers

Who is online

Users browsing this forum: No registered users and 1 guest