Hello there, this is Yuron. This time, I’m going to explain some points to note when using the ER605 as an OpenVPN client, since I ran into a problem when connecting to a Pritunl OpenVPN server built on AWS using the TP-Link ER605 as an OpenVPN client.
TOC
Tips for setting .ovpn on ER605
The OpenVPN version that can be used with the ER605 is 2.4 or earlier. In other words, the TP-Link ER605 cannot interpret the OpenVPN v2.5 syntax used in the latest version of Pritunl, v.1.20 and later, and processing stops midway.
Therefore, you will need to delete some of the .ovpn description obtained from the pritunl WEB-UI and modify the syntax before using it.
Tips for fixing .ovpn
To modify the statement of .ovpn, expand it as follows. Delete the statements marked with # and change the parts marked with (new) to the statement. Note that the ca, tls-auth, cert, and key blocks have been omitted.
#ignore-unknown-option data-ciphers
#setenv UV_ID [UVID]
#setenv UV_NAME [UVNAME]
client
dev tun
(new) proto [tcp/udp]
#dev-type tun
#remote [IPAddr] [Port] tcp-client
(new) remote [IPAddr] [Port]
tun-mtu 1500
mssfix 1200
nobind
persist-tun
(new) persist-key
cipher AES-128-CBC
#data-ciphers AES-128-GCM:AES-128-CBC
auth SHA256
verb 2
mute 3
push-peer-info
ping 10
ping-restart 60
#hand-window 70
#server-poll-timeout 4
reneg-sec 2592000
#sndbuf 393216
#rcvbuf 393216
remote-cert-tls server
comp-lzo no
tun-mtu 1500
auth-user-pass
key-direction 1
Tips if you have trouble connecting to OpenVPN
If .ovpn does not start properly and you cannot connect to the VPN server, please pay attention to the following tips to make debugging smoother.
- Check the system log on the VPN client side
- Check the connection log on the VPN server side
- If the router has a built-in OpenVPN, suspect a difference in the OpenVPN version between the server and the client
I hope you can successfully build OpenVPN.