RAK gateway OpenVPN configuration for Pritunl

On the TTN Slack someone recommended using Pritunl (https://pritunl.com/) as a server for OpenVPN clients. This allows proper management via a web interface of VPN users.

I tried configuring the OpenVPN client on my RAK gateway to connect to the Pritunl server. I’ve tried both setting the configuration via LuCi, as well as via the terminal. At the moment it does not seem that the VPN connect. I also do not see any mentions of OpenVPN in the logfile.

It would be nice if a tutorial can be written to show how to configure the OpenVPN client to connect to a Pritunl server, as this sounds like a common use case.


Wed Feb 12 09:42:34 2020 daemon.err openvpn(pritunl_ssh_gateway)[1675]: TLS Error: TLS key negotiation failed to occur within 70 seconds (check your network connectivity)
Wed Feb 12 09:42:34 2020 daemon.err openvpn(pritunl_ssh_gateway)[1675]: TLS Error: TLS handshake failed
Wed Feb 12 09:42:34 2020 daemon.notice openvpn(pritunl_ssh_gateway)[1675]: SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 12 09:42:36 2020 daemon.notice openvpn(pritunl_ssh_gateway)[1675]: UDPv4 link local: [undef]
Wed Feb 12 09:42:36 2020 daemon.notice openvpn(pritunl_ssh_gateway)[1675]: UDPv4 link remote: [AF_INET]35.206.188.178:16330

Wed Feb 12 09:42:43 2020 daemon.err openvpn(pritunl_ssh_gateway)[1675]: event_wait : Interrupted system call (code=4)
Wed Feb 12 09:42:43 2020 daemon.notice openvpn(pritunl_ssh_gateway)[1675]: SIGTERM[hard,] received, process exiting

Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: OpenVPN 2.3.6 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan  8 2020
Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.08
Wed Feb 12 09:42:49 2020 daemon.warn openvpn(pritunl_ssh_gateway)[2986]: WARNING: file '/etc/openvpn/cbid.openvpn.pritunl_ssh_gateway.key' is group or others accessible
Wed Feb 12 09:42:49 2020 daemon.warn openvpn(pritunl_ssh_gateway)[2986]: WARNING: file '/etc/openvpn/cbid.openvpn.pritunl_ssh_gateway.tls_auth.key' is group or others accessible
Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: Control Channel Authentication: using '/etc/openvpn/cbid.openvpn.pritunl_ssh_gateway.tls_auth.key' as a OpenVPN static key file
Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: UDPv4 link local: [undef]
Wed Feb 12 09:42:49 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: UDPv4 link remote: [AF_INET]35.206.188.178:16330


Wed Feb 12 09:43:59 2020 daemon.err openvpn(pritunl_ssh_gateway)[2986]: TLS Error: TLS key negotiation failed to occur within 70 seconds (check your network connectivity)
Wed Feb 12 09:43:59 2020 daemon.err openvpn(pritunl_ssh_gateway)[2986]: TLS Error: TLS handshake failed
Wed Feb 12 09:43:59 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 12 09:44:01 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: UDPv4 link local: [undef]
Wed Feb 12 09:44:01 2020 daemon.notice openvpn(pritunl_ssh_gateway)[2986]: UDPv4 link remote: [AF_INET]35.206.188.178:16330

I actually managed to solve this.

/etc/config/openvpn should contain an entry that looks like this:

config openvpn 'pritunl_ssh_gateway'
        option config '/etc/openvpn/UsersConfigDownloadedFromPritunl.ovpn'
        option enabled '1'

And then copy the contents of the config file you donwloaded into /etc/openvpn/UsersConfigDownloadedFromPritunl.ovpn

Hi:
There is a beta version that supports custom openvpn tunnel configuration via WEB Console.
You can input the configuration directly in web console. Also can upload files like cert/key.
You can send a e-mail to me if you want to try this. [email protected]

You can get the last firmware there -
https://downloads.rakwireless.com/en/LoRa/DIY-Gateway-RAK7249/Firmware/RAK7249_Latest_Firmware.zip