Firmware 8+ OpenVPN

I recently updated my firmware and purchased an OpenVPN WAN License (oder AE05536105). I was able to install the feature add on to my BR1 MK2 Max Router. However after I upload my .ovpn file from my VPN provider and configure with credentials and click save and apply, I cannot connect. The OpenVPN WAN spins and continually errors out with the message - “.ovpn” File has Error. I’ve tried to amend the .ovpn file in a number of ways, but have not been able to make it work. Below is an example of the .ovpn file I am uploading exactly. Any help getting this feature to work is much appreciated. TIA

client
dev tun
proto udp
remote chi-a01.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name chi-a01.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA

Please remove “comp-lzo” in ovpn file and try again as this option already deprecated:
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--comp-lzo

Hi Kenny and thank you for the suggestion. I tried removing the line in question as I found that suggestion on another open forum question where someone had a similar problem. This did not resolve the issue for me (nor them I believe). I tried again just a few moments ago for good measure and I am still seeing the spinning icon with the message “.ovpn” File has Error. Do you have any other ideas? Thanks in advance.

@Mattbo1130, please submit a ticket and attention to me. Please help to turn on Remote Assistance on your device for us to check.

Thanks.

Hi and thanks for following up. I already opened a support ticket (# 21030173). Would you like me to open another one or is there a way you can take this one over in order to avoid creating a duplicate ticket? Thanks in advance.

I will follow up with you in ticket# 21030173.

After working with support who was able to remotely troubleshoot, I was able to successfully update an .ovpn file and get the VPN client / OpenVPN WAN 1 connected and working! I will detail the fix below in case it can help others. There were 2 main changes to my .ovpn (as posted above) file that were needed to get this working.

  1. Apparently there is a line that is no longer used / supported but is common in many .ovpn file.
    This line needs to be removed. The offending line is - comp-lzo
  2. The “ca” or certificate authority line was referencing a certain certificate which came separately. My file needed to be amended to include this certificate. So the line ca.ipvanish.com.crt was removed and added at the bottom in an XML tag format at the bottom like this -
    -----BEGIN CERTIFICATE-----
    MIIErTCCA5WgAwIBAgIJAMYKzSS8uPKDMA0GCSqGSIb3DQEBDQUAMIGVMQswCQYD…
    -----END CERTIFICATE-----

The full example of the file with some lines of the certificate removed are below:

client
dev tun
proto udp
remote chi-a21.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
verify-x509-name chi-a21.ipvanish.com name
auth-user-pass
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
<ca>
-----BEGIN CERTIFICATE-----
MIIErTCCA5WgAwIBAgIJAMYKzSS8uPKDMA0GCSqGSIb3DQEBDQUAMIGVMQswCQYD
-----END CERTIFICATE-----
</ca>

2 Likes