Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

ASUS router stock firmware OpenVPN working.

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.

Topic Author
DiveIT
Posts: 1
Joined: Sat Mar 04, 2017 8:02 am

ASUS router stock firmware OpenVPN working.

Postby DiveIT » Sat Mar 04, 2017 8:25 am

I have an ASUS RT-AC68U and could not get the OpenVPN client to work and I finally got it going and wanted to share until they fix it. The username field is limited to 64 characters so the whole SHA512 will not fit.If you right click on the field and select inspect element you can manually change this so it will save and connect.
Change:

Code: Select all

<input type="text" maxlength="64" name="vpnc_openvpn_username" value="" class="input_32_table" style="float:left;" autocomplete="off" autocorrect="off" autocapitalize="off">

To:

Code: Select all

<input type="text" maxlength="128" name="vpnc_openvpn_username" value="" class="input_32_table" style="float:left;" autocomplete="off" autocorrect="off" autocapitalize="off">

If you are having issues here is the basic HOWTO for the ASUS Router.

Open VPN Client and create a new connection.

Convert your key to the SHA-512 (https://cryptostorm.is/sha512.html)
So your username would be something like: c41d9dfe789b8881c165e50f035aad1f286f88f2b33d97d10c198a4df37ae16f756f8a6b3520f2899eb19c321ef357e3fccaf6af627527c10b7cce9af7be4dc9

in Import ovpn, click browse, select file and import.
Your ovpn file should resemble this:
client

Code: Select all

dev tun
resolv-retry 16
remote linux-useast.cryptostorm.net 443 tcp
remote linux-useast.cryptostorm.nu 443 tcp
remote linux-useast.cryptostorm.org 443 tcp
remote linux-useast.cstorm.pw 443 tcp
nobind
comp-lzo
down-pre
reneg-sec 0
hand-window 17
verb 4
auth-user-pass
ns-cert-type server
auth SHA512
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-client
key-method 2

Click Import the CA file or edit the .ovpn file manually.
Browse to the CS CA cert and select upload.

Click ok, and activate, Make sure you have your sha-512 as the username and leave the password blank

 ! Message from: parityboy
Edited for better formatting

User avatar

df
Site Admin
Posts: 404
Joined: Thu Jan 01, 1970 5:00 am

Re: ASUS router stock firmware OpenVPN working.

Postby df » Tue Jun 26, 2018 3:44 pm

A quick side note, the Asuswrt-Merlin firmware available at https://asuswrt.lostrealm.ca/ supports most ASUS routers and includes a newer version of OpenVPN (plus a bunch of other neat features).
The HTML used for the username field has a max of 255 characters, so no need to modify anything if you're using Asuswrt-Merlin.


COFLgrl

Re: ASUS router stock firmware OpenVPN working.

Postby COFLgrl » Tue Oct 09, 2018 12:04 pm

Hi, I am running Asuswrt-Merlin 384.7 and I am getting the following in my log:

httpd: nvram_check fail: nvram vpn_client_username over length (128 > 64)
ovpn-client1[8736]: ERROR: username from Auth authfile 'up' is empty
ovpn-client1[8736]: Exiting due to fatal error

Any ideas on what I need to do to get it to take my username?

thanks in advance

User avatar

parityboy
Site Admin
Posts: 1281
Joined: Wed Feb 05, 2014 3:47 am

Re: ASUS router stock firmware OpenVPN working.

Postby parityboy » Tue Oct 09, 2018 4:38 pm

COFLgrl wrote:Hi, I am running Asuswrt-Merlin 384.7 and I am getting the following in my log:

httpd: nvram_check fail: nvram vpn_client_username over length (128 > 64)
ovpn-client1[8736]: ERROR: username from Auth authfile 'up' is empty
ovpn-client1[8736]: Exiting due to fatal error

Any ideas on what I need to do to get it to take my username?

thanks in advance


Sounds like the username field patch didn't make its way through all the layers of relevant code. Only work around I can think of is to use the un-hashed token as the username, at least until they fix this.


cryptomon
Posts: 24
Joined: Fri Feb 23, 2018 7:32 am

Re: ASUS router stock firmware OpenVPN working.

Postby cryptomon » Sun Oct 14, 2018 5:46 am

An interesting topic that I also queried here..
viewtopic.php?p=18499#p18499

Although I haven't yet tried the suggestion of modifying the "Inspect Element" by the original poster of this topic, this is a reply I got which also looks like an alternative approach...

ebpf-ftw wrote:Very late but it seems not to have been mentioned. I've not used used merlin but have used close variants, so ymmv, but I suspect this'll work.

Enable jffs
https://github.com/RMerl/asuswrt-merlin/wiki/Jffs

log into your router with ssh (if unfamiliar there are many guides),and create a text file on the jffs partition - first line your hashed token, 2nd a password.


cd jffs/
vi filename
press i
type your things
press esc, then :wq then enter
exit


add the following line to your openvpn config, in the advanced tab on the ovpn page via your browser

auth-user-pass /jffs/filename

start openvpn.


cryptomon
Posts: 24
Joined: Fri Feb 23, 2018 7:32 am

Re: ASUS router stock firmware OpenVPN working.

Postby cryptomon » Tue Oct 16, 2018 4:34 am

cryptomon wrote:the suggestion of modifying the "Inspect Element"

ebpf-ftw wrote:Very late but it seems not to have been mentioned.


I've now looked at both these ideas but couldn't get either to work.

User avatar

df
Site Admin
Posts: 404
Joined: Thu Jan 01, 1970 5:00 am

Re: ASUS router stock firmware OpenVPN working.

Postby df » Mon Oct 29, 2018 6:16 pm

My ASUS router also runs Asuswrt-Merlin version 384.7
The HTML for the VPN settings page does indeed have a max length of 255, but if you enter anything that long it'll just revert back to whatever shorter username was previously there (if any).

The solution that worked for me was to disable "Username/Password Authentication" on that OpenVPN client settings page, then in the "Custom Configuration" section near the bottom add:

auth-user-pass /jffs/creds

Then, create that /jffs/creds file by logging into the router via SSH/Telnet and issuing the commands:

echo TOKENHASH > /jffs/creds

Replacing TOKENHASH with your token's SHA512 hash. Some devices complain if you don't also add a second line containing a random string for the password, but this version doesn't complain about that so shouldn't be needed.
After that you should be able to turn on the OpenVPN client without any errors, and since that 'creds' file is on /jffs it should stick around after reboots.


cryptomon
Posts: 24
Joined: Fri Feb 23, 2018 7:32 am

Re: ASUS router stock firmware OpenVPN working.

Postby cryptomon » Tue Nov 13, 2018 12:07 pm

Wow, I got that to work now using the custom section at the base of the VPN config page to redirect to the /jffs file as you suggested. Thanks.


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 5 guests

Login